使用 Terraform 在 Azure 中建立中樞虛擬網路設備
Terraform 可讓您定義、預覽和部署雲端基礎結構。 使用 Terraform 時,您可以使用 HCL 語法來建立設定檔。 HCL 語法可讓您指定雲端提供者 (例如 Azure) 和構成雲端基礎結構的元素。 建立設定檔之後,您可以建立執行計畫,讓您先預覽基礎結構變更,之後再部署。 驗證變更之後,您可以套用執行計畫來部署基礎結構。
VPN 裝置是提供內部部署網路外部連線的裝置。 VPN 裝置可能是硬體裝置或軟體解決方案。 軟體解決方案的其中一個範例是 Windows Server 2012 中的路由和遠端訪問服務 (RRAS)。 如需 VPN 設備的詳細資訊,請參閱關於站對站連線的 VPN 裝置 VPN 閘道。
Azure 支援 要從中選取的各種網路虛擬設備。 在本文中,會使用Ubuntu映像。 若要深入瞭解 Azure 中支援的各種裝置解決方案,請參閱 網路設備首頁。
在本文中,您將學會如何:
- 在中樞輪輻拓撲中實作中樞 VNet
- 建立中樞網路虛擬機,做為設備
- 使用 CustomScript 擴充功能啟用路由
- 建立中樞和輪輻網關路由表
1.設定您的環境
- Azure 訂用帳戶:如果您沒有 Azure 訂用帳戶,請在開始前建立免費帳戶。
設定 Terraform:如果您尚未這麼做,請使用下列其中一個選項來設定 Terraform:
在 Azure 中使用 Terraform 建立中樞和輪輻混合式網路拓撲。
在 Azure 中使用 Terraform 建立內部部署虛擬網路。
在 Azure 中使用 Terraform 建立中樞虛擬網路。
2.實作 Terraform 程式代碼
將本系列第一篇文章中建立的範例目錄設為目前目錄。
建立名為
hub-nva.tf的檔案,並插入下列程式碼:locals { prefix-hub-nva = "hub-nva" hub-nva-location = "eastus" hub-nva-resource-group = "hub-nva-rg" } resource "azurerm_resource_group" "hub-nva-rg" { name = "${local.prefix-hub-nva}-rg" location = local.hub-nva-location tags = { environment = local.prefix-hub-nva } } resource "azurerm_network_interface" "hub-nva-nic" { name = "${local.prefix-hub-nva}-nic" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name enable_ip_forwarding = true ip_configuration { name = local.prefix-hub-nva subnet_id = azurerm_subnet.hub-dmz.id private_ip_address_allocation = "Static" private_ip_address = "10.0.0.36" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_virtual_machine" "hub-nva-vm" { name = "${local.prefix-hub-nva}-vm" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name network_interface_ids = [azurerm_network_interface.hub-nva-nic.id] vm_size = var.vmsize storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${local.prefix-hub-nva}-vm" admin_username = var.username admin_password = var.password } os_profile_linux_config { disable_password_authentication = false } tags = { environment = local.prefix-hub-nva } } resource "azurerm_virtual_machine_extension" "enable-routes" { name = "enable-iptables-routes" virtual_machine_id = azurerm_virtual_machine.hub-nva-vm.id publisher = "Microsoft.Azure.Extensions" type = "CustomScript" type_handler_version = "2.0" settings = <<SETTINGS { "fileUris": [ "https://raw.githubusercontent.com/mspnp/reference-architectures/master/scripts/linux/enable-ip-forwarding.sh" ], "commandToExecute": "bash enable-ip-forwarding.sh" } SETTINGS tags = { environment = local.prefix-hub-nva } } resource "azurerm_route_table" "hub-gateway-rt" { name = "hub-gateway-rt" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name disable_bgp_route_propagation = false route { name = "toHub" address_prefix = "10.0.0.0/16" next_hop_type = "VnetLocal" } route { name = "toSpoke1" address_prefix = "10.1.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.0.0.36" } route { name = "toSpoke2" address_prefix = "10.2.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.0.0.36" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_subnet_route_table_association" "hub-gateway-rt-hub-vnet-gateway-subnet" { subnet_id = azurerm_subnet.hub-gateway-subnet.id route_table_id = azurerm_route_table.hub-gateway-rt.id depends_on = [azurerm_subnet.hub-gateway-subnet] } resource "azurerm_route_table" "spoke1-rt" { name = "spoke1-rt" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name disable_bgp_route_propagation = false route { name = "toSpoke2" address_prefix = "10.2.0.0/16" next_hop_type = "VirtualAppliance" next_hop_in_ip_address = "10.0.0.36" } route { name = "default" address_prefix = "0.0.0.0/0" next_hop_type = "vnetlocal" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-mgmt" { subnet_id = azurerm_subnet.spoke1-mgmt.id route_table_id = azurerm_route_table.spoke1-rt.id depends_on = [azurerm_subnet.spoke1-mgmt] } resource "azurerm_subnet_route_table_association" "spoke1-rt-spoke1-vnet-workload" { subnet_id = azurerm_subnet.spoke1-workload.id route_table_id = azurerm_route_table.spoke1-rt.id depends_on = [azurerm_subnet.spoke1-workload] } resource "azurerm_route_table" "spoke2-rt" { name = "spoke2-rt" location = azurerm_resource_group.hub-nva-rg.location resource_group_name = azurerm_resource_group.hub-nva-rg.name disable_bgp_route_propagation = false route { name = "toSpoke1" address_prefix = "10.1.0.0/16" next_hop_in_ip_address = "10.0.0.36" next_hop_type = "VirtualAppliance" } route { name = "default" address_prefix = "0.0.0.0/0" next_hop_type = "vnetlocal" } tags = { environment = local.prefix-hub-nva } } resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-mgmt" { subnet_id = azurerm_subnet.spoke2-mgmt.id route_table_id = azurerm_route_table.spoke2-rt.id depends_on = [azurerm_subnet.spoke2-mgmt] } resource "azurerm_subnet_route_table_association" "spoke2-rt-spoke2-vnet-workload" { subnet_id = azurerm_subnet.spoke2-workload.id route_table_id = azurerm_route_table.spoke2-rt.id depends_on = [azurerm_subnet.spoke2-workload] }
對 Azure 上的 Terraform 進行疑難排解
針對在 Azure 上使用 Terraform 時的常見問題進行疑難排解
下一步
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應