如何从 Azure 批量访问 Azure 数据库?
[英]How to access Azure Database from Azure Batch?
问题描述
I have a Java process inside a Docker container inside an Azure Batch Task.
我在 Azure 批处理任务内的 Docker 容器内有一个 Java 进程。
The Java process is trying to simply establish a JDBC database connection to the Azure Database for MySQL service. Java 进程试图简单地建立一个 JDBC 数据库连接到 Azure 数据库的 Z637AZ9404B4514DC7637AZ9404ACABB977DC7 服务。
The connection error includes 'Client with IP address '52.224..(etc)' is not allowed to connect to this MySQL server.'连接错误包括“不允许使用 IP 地址 '52.224..(etc)' 的客户端连接到此 MySQL 服务器。”
Therefore, I am attempting to learn how to give Azure Batch tasks the ability to connect to Azure Database for MySQL.因此,我正在尝试学习如何让 Azure 批处理任务能够连接到 Azure 数据库的 MySQL。 I cannot find any documentation that seems to address this challenge.我找不到任何似乎可以解决这一挑战的文档。
I can see that Azure Database for MySQL contains IP-based firewall settings - but do not know how this would be used to allow access from Azure Batch tasks.我可以看到 MySQL 的 Azure 数据库包含基于 IP 的防火墙设置 - 但不知道这将如何用于允许从 Azure 批处理任务访问。 Since Azure Batch procures the Virtual Machine - I will have no idea what the IP address is ahead of time in order to add it to database firewall rules.由于 Azure Batch 采购了虚拟机 - 我不知道 IP 地址是什么,以便将其添加到数据库防火墙规则中。 I also don't want add a range of IP addresses that gives other Azure accounts connectivity to this database,我也不想添加一系列 IP 地址,让其他 Azure 帐户连接到该数据库,
In AWS, this problem is handled with role-based access to the database.在 AWS 中,这个问题是通过对数据库的基于角色的访问来处理的。 Each AWS Batch instance is assignable to a role with access to whatever AWS resources it needs.每个 AWS Batch 实例都可以分配给一个角色,该角色可以访问它需要的任何 AWS 资源。
I have found no helpful documentation to solve this problem with Azure Batch in a similar way and MS Support has not been helpful - providing me a list of all possible Azure IP addresses - presumably to add to our firewall rules (impractical and insecure). I have found no helpful documentation to solve this problem with Azure Batch in a similar way and MS Support has not been helpful - providing me a list of all possible Azure IP addresses - presumably to add to our firewall rules (impractical and insecure).
Thanks in advance for any help!提前感谢您的帮助!
2 个解决方案
解决方案1
1 2020-08-12 16:38:04
There are two ways to accomplish this:有两种方法可以做到这一点:
- The most straightforward way is to use virtual network service endpoint for the MySQL DB ( example via Azure Portal ) and use the same virtual network (typically in a different subnet) for the Azure Batch Pool Compute Nodes .最直接的方法是为 MySQL DB 使用虚拟网络服务端点( 例如通过 Azure 门户),并为Z3A580F142203677F1F35BC308988 批处理 Batch使用相同的虚拟网络(通常在不同的子网中)。
- You can bring your own ARM-based Public IP addresses for an Azure Batch Pool and use those Public IP Addresses within the IP filtering/ACLs on the MySQL DB . You can bring your own ARM-based Public IP addresses for an Azure Batch Pool and use those Public IP Addresses within the IP filtering/ACLs on the MySQL DB .
解决方案2
1 2020-08-16 19:00:50
In Azure Portal, created a Private Endpoint Connection for the database, which includes assignment of a private IP address.在 Azure 门户中,为数据库创建了一个私有端点连接,其中包括一个私有 IP 地址的分配。 Azure Batch configuration can then reference the private IP of the database in the JDBC connection - assuming Batch Pool is referencing the same subnet. Azure 然后批处理配置可以引用 JDBC 连接中数据库的私有 IP - 假设批处理池引用相同的子网。
https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.