使用Azure虛擬機和託管磁盤(使用ARM部署模型),我最近遇到了以下我想解決的問題:爲了從測試目的的託管磁盤獲取生產數據,我想克隆將生產數據磁盤從「生產訂閱」轉換爲「開發訂閱」中的託管磁盤,在那裏我可以安全地使用數據。如何將Azure託管磁盤克隆到其他訂閱中?
我們正在討論很多數據(200 GB +),因此實際的「複製」過程需要太多的時間。我希望能夠在半小時內自動化事物並提供新的環境。
克隆訂閱中的託管磁盤(鑑於它位於同一區域)非常簡單而且快速,我只需要指定一個--source命令即az disk create命令。這顯然不適用於所有訂閱,至少是因爲開發訂閱的登錄用戶/服務主體無法訪問生產訂閱資源。
我迄今爲止嘗試:
az disk grant-access來檢索SAS的URI管理的磁盤;這件事情不被接受爲--source用於az disk create雖然(它說VHD SAS鏈路會的工作,雖然...)任何想法?
我這樣做:
$RG = "youresourcegroup"
$Location = "West US 2"
$StorageAccName = "yourstorage"
$SkuName = "Standard_LRS"
$Containername = "images"
$Destdiskname = 「yorblob.vhd」
$SourceSASurl = "https://yoursaasurl"
Login-AzureRmAccount
New-AzureRmResourceGroup -Name $RG -Location $Location
New-AzureRmStorageAccount -ResourceGroupName $RG -Name $StorageAccName -SkuName $SkuName -kind Storage -Location $Location
$Storageacccountkey = Get-AzureRmStorageAccountKey -ResourceGroupName $RG -Name $StorageAccName
$Storagectx = New-AzureStorageContext -StorageAccountName $StorageAccName -StorageAccountKey $Storageacccountkey[0].Value
$Targetcontainer = New-AzureStorageContainer -Name $Containername -Context $storagectx -Permission Blob
$sourceSASurl = $mdiskURL.AccessSAS
$ops = Start-AzureStorageBlobCopy -AbsoluteUri $SourceSASurl -DestBlob $Destdiskname -DestContainer $Containername -DestContext $Storagectx
Get-AzureStorageBlobCopyState -Container $Containername -Blob $Destdiskname -Context $Storagectx -WaitForComplete
在此之後,你將有管理的磁盤的拷貝在存儲爲普通的blob您的訂閱。
要小心,您應該從Production訂閱中獲取SAS URL,但在腳本中您應該登錄到開發訂閱。
接下來,您可以轉到Azure門戶並將blob轉換爲託管磁盤。
轉到Azure的門戶網站 - >更多服務 - >磁盤或直接瀏覽此網址https://portal.azure.com/#create/Microsoft.ManagedDisk-ARM
點擊+添加
選擇源作爲存儲BLOB
選擇你的vhd使用源blob字段。
這是我寫的腳本,用於將每個虛擬機的所有託管磁盤從一個訂閱遷移到另一個訂閱。我希望這可以幫助你。
# This script will get ALL VMs in a subscription and then migrate the disks
if the VM has managed disks
# Created by Joey Brakefield -- @kfprugger & https://www.linkedin.com/in/joeybrakefield/
#set global variables
$sourceSubscriptionId='6a1b5e5e-df06-4608-a7a2-6984f7abacd8'
select-azurermsubscription -subscriptionid $sourceSubscriptionId
$vms = get-azurermvm
$targetSubscriptionId='929e0340-bf36-45a2-8347-47f86b4715de'
#looping logic for each of the VMs that have managed disks
foreach ($vm in $vms) {
select-azurermsubscription -subscriptionid $sourceSubscriptionId
$vmrg = get-azurermresourcegroup -name $vm.ResourceGroupName
$vmname = $vm.name
Write-Host = "Working with: " $vmname " in " $vmrg -foregroundcolor Green
Write-Host ""
#This command will only target managed disks because unmanaged use the storage account locations rather than the /disks provider URIs
if (Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name})
{
#Sanity Check
#Read-host "Look correct? If not, CTRL-C to Break"
$manageddisk = Get-AzureRmDisk | ? {$_.OwnerId -like "/subscriptions/"+$sourceSubscriptionId +"/resourceGroups/"+$vmrg.resourcegroupname+"/providers/Microsoft.Compute/virtualMachines/"+$vm.name}
Select-AzureRmSubscription -SubscriptionId $targetSubscriptionId
#check to see if RG exists in the new CSP/Subscription
Get-AzureRmResourceGroup -Name $vmrg.resourcegroupname -ev notPresent -ea 0
write-host "Checking to see if"$vmrg.resourcegroupname"exists in subscriptionid"$targetSubscriptionId -foregroundcolor Cyan
Write-Host ""
if ($notPresent)
{
new-azurermresourcegroup -name $vmrg.resourcegroupname -location $vmrg.location
"Resource Group " + $vmrg.resourcegroupname + " has been created"
} else {"Resource Group " + $vmrg.resourcegroupname + " already exists"}
# Move the disks after all checks are done
foreach ($disk in $managedDisk){
$managedDiskName = $disk.Name
$targetResourceGroupName = $vmrg.resourcegroupname
$diskConfig = New-AzureRmDiskConfig -SourceResourceId $disk.Id -Location $disk.Location -CreateOption Copy
New-AzureRmDisk -Disk $diskConfig -DiskName $Disk.Name -ResourceGroupName $targetResourceGroupName}
}
}
可以使用下面的命令在天青CLI -
# Source storage account name
STORAGE1=sourcestorage
#Security key of the source storage account
STORAGEKEY1= SampleKey0qNzttE/EX3hHfcFIzkQQmqXklRU2Z2uANICw==
#Container containing the source VHD
CONTAINER1=sourcevhds
# Name of VHD to be copied (name only, not full url)
DISK=DiskToBeCopied.vhd
#Specify the above properties for target
STORAGE2=targetstorage
STORAGEKEY2= SampleKeyAb6FYP3EqFVEcN2cc5wO QHzXvdc7Gzh1qRt0FXKq6w==
CONTAINER2= targetvhds
設定上述參數後,在天青CLI執行以下命令 -
azure storage blob copy start --account-name $STORAGE1 --account-key $STORAGEKEY1 --source-container $CONTAINER1 --source-blob $Disk --dest-account-name $STORAGE2 --dest-account-key $STORAGEKEY2 --dest-container $CONTAINER2
井,授予訪問權限給用戶? – 4c74356b41
當有問題的用戶是服務負責人時,必須嘗試是否有效。懷疑它,因爲那些屬於訂閱afaik。 – donmartin
我很驚訝sas uri無法通過訂閱工作 - 當您嘗試運行cmd時磁盤在線嗎?您可以在多個潛在客戶中授予SP許可權(至少在同一個承租人中,不知道是否在整個承租人身上)。另一個選擇是嘗試模板部署。 –