我试图在Azure上构建一个云设置,其中数据库在虚拟机内运行,Docker容器需要连接到数据库。
我的设置到目前为止:
$resourceGroup="my-rg"
$registryName="mycontainerregistry"
$image="mydockerimage"
$containerName="test-container"
$servicePrincipalPull="sp-container-registry-pull"
$servicePrincipalPush="sp-container-registry-push"
$dnsNameLabel="mydockerimage"
$vnetName="vmVNET"
$vnetVmSubnet="vmSubnet"
$vnetNameContainer="containerVNET"
$vnetSubnetContainer="containerSubnet"
$vmIp="10.0.0.4"
$privateNet="10.0.0.0"
$privateNetContainer="10.0.1.0"
$vmDataDisk="oradata01"
$vmmName="MyVirtualMachine"
$netSecurityGroup="myNSG"
$vmSize="Standard_DS2_v2"
$whiteListIPAddresses="my public IPs"
$loginServer="$registryName.azurecr.io"
$imageTag="$loginServer/$image`:v1"
# login to Azure
az login
az group create --name $resourceGroup --location northeurope
az network vnet create --name $vnetName --resource-group $resourceGroup --address-prefix 10.0.0.0/16 --subnet-name $vnetVmSubnet --subnet-prefixes 10.0.0.0/24
az vm create --name $vmName --resource-group $resourceGroup --image Oracle:oracle-database-19-3:oracle-database-19-0904:latest --size $vmSize --admin-username azureuser --generate-ssh-keys --private-ip-address $vmIp --public-ip-address-allocation static --public-ip-address-dns-name $vmName --vnet $vnetName --vnet-address-prefix $privateNet/16 --subnet $vnetVmSubnet --subnet-address-prefix $privateNet/24
az vm disk attach --name $vmDataDisk --new --resource-group $resourceGroup --size-gb 64 --sku StandardSSD_LRS --vm-name $vmName
az network nsg create --resource-group $resourceGroup --name $netSecurityGroup
az network nsg rule create --resource-group $resourceGroup --nsg-name $netSecurityGroup --name allow-oracle --protocol tcp --priority 1001 --destination-port-range 1521 --source-address-prefixes $whiteListIPAddresses
az network nsg rule create --resource-group $resourceGroup --nsg-name $netSecurityGroup --name allow-oracle-EM --protocol tcp --priority 1002 --destination-port-range 5502 --source-address-prefixes $whiteListIPAddresses
az network nsg rule create --resource-group $resourceGroup --nsg-name $netSecurityGroup --name allow-SSH --protocol tcp --priority 1003 --destination-port-range 22 --source-address-prefixes $whiteListIPAddresses
$publicIP=(az network public-ip show --resource-group $resourceGroup --name vmoracle19cPublicIP --query "ipAddress" --output tsv)
Write-Host "Access $vmName on public address $publicIP"
# create container registry
az acr create --resource-group $resourceGroup --name $registryName --sku Basic
# get the container registry resource identifyer
$resourceID=(az acr show --resource-group $resourceGroup --name $registryName --query id --output tsv)
# Create the service principal with rights scoped to the registry.
# Default permissions are for docker pull access. Modify the '--role'
# argument value as desired:
# acrpull: pull only
# acrpush: push and pull
# owner: push, pull, and assign roles
$spPushPassword=(az ad sp create-for-rbac --name $servicePrincipalPush --scopes $resourceID --role acrpush --query "password" --output tsv)
$spPushUserName=(az ad sp list --display-name $servicePrincipalPush --query "[].appId" --output tsv)
# login to Azure container registry
az acr login --name $registryName --username $spPushUserName --password $spPushPassword
# tag the local image
docker tag $image $imageTag
# push the image to Azure container registry
docker push $imageTag
# list the container registry contents, just for show
az acr repository list --name $registryName --output table
# Create the service principal with rights scoped to the registry.
# Default permissions are for docker pull access. Modify the '--role'
# argument value as desired:
# acrpull: pull only
# acrpush: push and pull
# owner: push, pull, and assign roles
$spPullPassword=$(az ad sp create-for-rbac --name $servicePrincipalPull --scopes $resourceID --role acrpull --query "password" --output tsv)
$spPullUserName=$(az ad sp list --display-name $servicePrincipalPull --query "[].appId" --output tsv)
az network vnet subnet create --resource-group $resourceGroup --vnet-name $vnetName --name $vnetSubnetContainer --address-prefixes $privateNetContainer/24 --network-security-group $netSecurityGroup
az network vnet create --name $vnetNameContainer --resource-group $resourceGroup --address-prefix $privateNet/16 --subnet-name $vnetSubnetContainer --subnet-prefixes $privateNetContainer/24
az container create --resource-group $resourceGroup --name importcontainer --image $imageTag --registry-login-server $loginServer --registry-username $spPullUserName --registry-password $spPullPassword --ip-address Private --vnet $vnetNameContainer --vnet-address-prefix $privateNet/16 --subnet $vnetSubnetContainer --subnet-address-prefix $privateNetContainer/24字符串
我以为我可以为VM和容器重用同一个VNET,但这会在行中显示错误“(SubnetDelegationsCannotChangeWhenSubnetUsedByResource)子网的委托.不能从[]更改为[Microsoft.ContainerInstance/containerGroups],因为它正被资源使用. VMNic/ipbands/ipbands vm
因此,我继续在同一个www.example.com范围内创建了一个单独的VNET,但子网为10.0.1.0/24。10.0.0.0/16
容器似乎无法访问VM内的数据库。
我做错了什么?
1条答案
按热度按时间6l7fqoea1#
我不太清楚为什么这在一开始就不起作用,但我找到了一个有效的解决方案。
现在,我将创建VNET和容器子网,然后再将其分配给VM
字符串
现在,我可以从一个正在运行的容器访问数据库了。