แก้ไข

แชร์ผ่าน


Tutorial: Configure Azure virtual network peering using Ansible

Important

Ansible 2.8 (or later) is required to run the sample playbooks in this article.

Virtual network (VNet) peering allows you to seamlessly connect two Azure virtual networks. Once peered, the two virtual networks appear as one for connectivity purposes.

Traffic is routed between VMs in the same virtual network through private IP addresses. Similarly, traffic between VMs in a peered virtual network is routed through the Microsoft backbone infrastructure. As a result, VMs in different virtual networks can communicate with each other.

In this article, you learn how to:

  • Create two virtual networks
  • Peer the two virtual networks
  • Delete the peering between the two networks

Prerequisites

  • Azure subscription: If you don't have an Azure subscription, create a free account before you begin.

Create two resource groups

A resource group is a logical container in which Azure resources are deployed and managed.

The sample playbook code in this section is used to:

  • Create two resource groups
  - name: Create a resource group
    azure_rm_resourcegroup:
      name: "{{ resource_group }}"
      location: "{{ location }}"
  - name: Create secondary resource group
    azure_rm_resourcegroup:
      name: "{{ resource_group_secondary }}"
      location: "{{ location }}"

Create the first virtual network

The sample playbook code in this section is used to:

  • Create a virtual network
  • Create a subnet within the virtual network
  - name: Create first virtual network
    azure_rm_virtualnetwork:
      resource_group: "{{ resource_group }}"
      name: "{{ vnet_name1 }}"
      address_prefixes: "10.0.0.0/16"
  - name: Add subnet
    azure_rm_subnet:
      resource_group: "{{ resource_group }}"
      name: "{{ vnet_name1 }}"
      address_prefix: "10.0.0.0/24"
      virtual_network: "{{ vnet_name1 }}"

Create the second virtual network

The sample playbook code in this section is used to:

  • Create a virtual network
  • Create a subnet within the virtual network
  - name: Create second virtual network
    azure_rm_virtualnetwork:
      resource_group: "{{ resource_group_secondary }}"
      name: "{{ vnet_name2 }}"
      address_prefixes: "10.1.0.0/16"
  - name: Add subnet
    azure_rm_subnet:
      resource_group: "{{ resource_group }}"
      name: "{{ vnet_name2 }}"
      address_prefix: "10.1.0.0/24"
      virtual_network: "{{ vnet_name2 }}"

Peer the two virtual networks

The sample playbook code in this section is used to:

  • Initialize virtual-network peering
  • Peer two previously created virtual networks
  - name: Initial vnet peering
    azure_rm_virtualnetworkpeering:
      resource_group: "{{ resource_group }}"
      name: "{{ peering_name }}"
      virtual_network: "{{ vnet_name1 }}"
      remote_virtual_network:
        resource_group: "{{ resource_group_secondary }}"
        name: "{{ vnet_name2 }}"
      allow_virtual_network_access: true
      allow_forwarded_traffic: true

  - name: Connect vnet peering
    azure_rm_virtualnetworkpeering:
      resource_group: "{{ resource_group_secondary }}"
      name: "{{ peering_name }}"
      virtual_network: "{{ vnet_name2 }}"
      remote_virtual_network:
        resource_group: "{{ resource_group }}"
        name: "{{ vnet_name1 }}"
      allow_virtual_network_access: true
      allow_forwarded_traffic: true

Delete the virtual network peering

The sample playbook code in this section is used to:

  • Delete the peering between the two previously created virtual networks
  - name: Delete vnet peering
    azure_rm_virtualnetworkpeering:
      resource_group: "{{ resource_group }}"
      name: "{{ peering_name }}"
      virtual_network: "{{ vnet_name1 }}"
      state: absent

Get the sample playbook

There are two ways to get the complete sample playbook:

  • Download the playbook and save it to vnet_peering.yml.
  • Create a new file named vnet_peering.yml and copy the following contents into it:
- hosts: localhost
  tasks:
    - name: Prepare random postfix
      set_fact:
        rpfx: "{{ 1000 | random }}"
      run_once: yes

- name: Connect virtual networks with virtual network peering
  hosts: localhost
  connection: local
  vars:
    resource_group: "{{ resource_group_name }}"
    resource_group_secondary: "{{ resource_group_name }}2"
    vnet_name1: "myVnet{{ rpfx }}"
    vnet_name2: "myVnet{{ rpfx }}2"
    peering_name: peer1
    location: eastus2
  tasks:
  - name: Create a resource group
    azure_rm_resourcegroup:
      name: "{{ resource_group }}"
      location: "{{ location }}"
  - name: Create secondary resource group
    azure_rm_resourcegroup:
      name: "{{ resource_group_secondary }}"
      location: "{{ location }}"
  - name: Create first virtual network
    azure_rm_virtualnetwork:
      resource_group: "{{ resource_group }}"
      name: "{{ vnet_name1 }}"
      address_prefixes: "10.0.0.0/16"
  - name: Add subnet
    azure_rm_subnet:
      resource_group: "{{ resource_group }}"
      name: "{{ vnet_name1 }}"
      address_prefix: "10.0.0.0/24"
      virtual_network: "{{ vnet_name1 }}"
  - name: Create second virtual network
    azure_rm_virtualnetwork:
      resource_group: "{{ resource_group_secondary }}"
      name: "{{ vnet_name2 }}"
      address_prefixes: "10.1.0.0/16"
  - name: Add subnet
    azure_rm_subnet:
      resource_group: "{{ resource_group }}"
      name: "{{ vnet_name2 }}"
      address_prefix: "10.1.0.0/24"
      virtual_network: "{{ vnet_name2 }}"
  - name: Initial vnet peering
    azure_rm_virtualnetworkpeering:
      resource_group: "{{ resource_group }}"
      name: "{{ peering_name }}"
      virtual_network: "{{ vnet_name1 }}"
      remote_virtual_network:
        resource_group: "{{ resource_group_secondary }}"
        name: "{{ vnet_name2 }}"
      allow_virtual_network_access: true
      allow_forwarded_traffic: true

  - name: Connect vnet peering
    azure_rm_virtualnetworkpeering:
      resource_group: "{{ resource_group_secondary }}"
      name: "{{ peering_name }}"
      virtual_network: "{{ vnet_name2 }}"
      remote_virtual_network:
        resource_group: "{{ resource_group }}"
        name: "{{ vnet_name1 }}"
      allow_virtual_network_access: true
      allow_forwarded_traffic: true

  - name: Delete vnet peering
    azure_rm_virtualnetworkpeering:
      resource_group: "{{ resource_group }}"
      name: "{{ peering_name }}"
      virtual_network: "{{ vnet_name1 }}"
      state: absent

Run the sample playbook

The sample playbook code in this section is used to test various features shown throughout this tutorial.

Here are some key notes to consider when working with the sample playbook:

  • In the vars section, replace the {{ resource_group_name }} placeholder with the name of your resource group.

Run the playbook using the ansible-playbook command:

ansible-playbook vnet_peering.yml

After running the playbook, you see output similar to the following results:

PLAY [localhost] 

TASK [Gathering Facts] 
ok: [localhost]

TASK [Prepare random postfix] 
ok: [localhost]

PLAY [Connect virtual networks with virtual network peering] 

TASK [Gathering Facts] 
ok: [localhost]

TASK [Create a resource group] 
changed: [localhost]

TASK [Create secondary resource group] 
changed: [localhost]

TASK [Create first virtual network] 
changed: [localhost]

TASK [Add subnet] 
changed: [localhost]

TASK [Create second virtual network] 
changed: [localhost]

TASK [Add subnet] 
changed: [localhost]

TASK [Initial vnet peering] 
changed: [localhost]

TASK [Connect vnet peering] 
changed: [localhost]

TASK [Delete vnet peering] 
changed: [localhost]

PLAY RECAP 
localhost                  : ok=12   changed=9    unreachable=0    failed=0    skipped=0   rescued=0    ignored=0

Clean up resources

When no longer needed, delete the resources created in this article.

The sample playbook code in this section is used to:

  • Delete the two resources groups created earlier

Save the following playbook as cleanup.yml:

- hosts: localhost	
  vars:	
    resource_group: "{{ resource_group_name-1 }}"	
    resource_group_secondary: "{{ resource_group_name-2 }}"	
  tasks:	
    - name: Delete a resource group	
      azure_rm_resourcegroup:	
        name: "{{ resource_group }}"	
        force_delete_nonempty: yes	
        state: absent	
    - name: Delete a resource group	
      azure_rm_resourcegroup:	
        name: "{{ resource_group_secondary }}"	
        force_delete_nonempty: yes	
        state: absent	

Here are some key notes to consider when working with the sample playbook:

  • Replace the {{ resource_group_name-1 }} placeholder with the name of the first resource group created.
  • Replace the {{ resource_group_name-2 }} placeholder with the name of the second resource group created.
  • All resources within the two specified resource groups will be deleted.

Run the playbook using the ansible-playbook command:

ansible-playbook cleanup.yml	

Next steps