Esercitazione: Creare una rete virtuale locale in Azure con TerraformTutorial: Create on-premises virtual network in Azure using Terraform

In questa esercitazione viene illustrato come implementare una rete locale usando una rete virtuale di Azure.This tutorial shows how to implement an on-premises network using an Azure virtual network (VNet). Una rete virtuale di Azure può essere sostituita dalla propria rete virtuale privata.An Azure VNet could be replaced by your own private virtual network. A tale scopo, mappare gli indirizzi IP appropriati nelle subnet.To do so, map the appropriate IP addresses in the subnets.

Vengono illustrate le attività seguenti:The following tasks are explained:

  • Usare HCL (HashiCorp Language) per implementare la rete virtuale locale nella topologia hub-spokeUse HCL (HashiCorp Language) to implement an on-premises VNet in hub-spoke topology
  • Usare Terraform per creare risorse per l'appliance di rete hubUse Terraform to create hub network appliance resources
  • Usare Terraform per creare una macchina virtuale localeUse Terraform to create on-premises virtual machine
  • Usare Terraform per creare un gateway di rete virtuale privata localeUse Terraform to create on-premises virtual private network gateway

PrerequisitiPrerequisites

  1. Creare una topologia di rete hub-spoke ibrida con Terraform in Azure.Create a hub and spoke hybrid network topology with Terraform in Azure.

Creare la struttura di directoryCreate the directory structure

Per simulare una rete locale, creare una rete virtuale di Azure.To simulate an on-premises network, create an Azure virtual network. La rete virtuale demo sostituisce una rete privata locale reale.The demo VNet takes the place of an actual private on-premises network. Per eseguire la stessa operazione con la rete locale esistente, mappare indirizzi IP appropriati nelle subnet.To do the same with your existing on-premises network, map appropriate IP addresses in the subnets.

  1. Accedere al portale di Azure.Browse to the Azure portal.

  2. Aprire Azure Cloud Shell.Open Azure Cloud Shell. Se in precedenza non è stato selezionato un ambiente, selezionare Bash come ambiente.If you didn't select an environment previously, select Bash as your environment.

    Prompt di Cloud Shell

  3. Passare alla directory clouddrive.Change directories to the clouddrive directory.

    cd clouddrive
    
  4. Passare alla nuova directory:Change directories to the new directory:

    cd hub-spoke
    

Dichiarare la rete virtuale localeDeclare the on-premises VNet

Creare il file di configurazione Terraform che dichiara una rete virtuale locale.Create the Terraform configuration file that declares an on-premises VNet.

  1. In Cloud Shell aprire un nuovo file denominato on-prem.tf.In Cloud Shell, open a new file named on-prem.tf.

    code on-prem.tf
    
  2. Incollare il codice seguente nell'editor:Paste the following code into the editor:

    locals {
      onprem-location       = "SouthCentralUS"
      onprem-resource-group = "onprem-vnet-rg"
      prefix-onprem         = "onprem"
    }
    
    resource "azurerm_resource_group" "onprem-vnet-rg" {
      name     = local.onprem-resource-group
      location = local.onprem-location
    }
    
    resource "azurerm_virtual_network" "onprem-vnet" {
      name                = "onprem-vnet"
      location            = azurerm_resource_group.onprem-vnet-rg.location
      resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
      address_space       = ["192.168.0.0/16"]
    
      tags {
        environment = local.prefix-onprem
      }
    }
    
    resource "azurerm_subnet" "onprem-gateway-subnet" {
      name                 = "GatewaySubnet"
      resource_group_name  = azurerm_resource_group.onprem-vnet-rg.name
      virtual_network_name = azurerm_virtual_network.onprem-vnet.name
      address_prefix       = "192.168.255.224/27"
    }
    
    resource "azurerm_subnet" "onprem-mgmt" {
      name                 = "mgmt"
      resource_group_name  = azurerm_resource_group.onprem-vnet-rg.name
      virtual_network_name = azurerm_virtual_network.onprem-vnet.name
      address_prefix       = "192.168.1.128/25"
    }
    
    resource "azurerm_public_ip" "onprem-pip" {
        name                         = "${local.prefix-onprem}-pip"
        location            = azurerm_resource_group.onprem-vnet-rg.location
        resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
        allocation_method   = "Dynamic"
    
        tags {
            environment = local.prefix-onprem
        }
    }
    
    resource "azurerm_network_interface" "onprem-nic" {
      name                 = "${local.prefix-onprem}-nic"
      location             = azurerm_resource_group.onprem-vnet-rg.location
      resource_group_name  = azurerm_resource_group.onprem-vnet-rg.name
      enable_ip_forwarding = true
    
      ip_configuration {
        name                          = local.prefix-onprem
        subnet_id                     = azurerm_subnet.onprem-mgmt.id
        private_ip_address_allocation = "Dynamic"
        public_ip_address_id          = azurerm_public_ip.onprem-pip.id
      }
    }
    
    # Create Network Security Group and rule
    resource "azurerm_network_security_group" "onprem-nsg" {
        name                = "${local.prefix-onprem}-nsg"
        location            = azurerm_resource_group.onprem-vnet-rg.location
        resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
    
        security_rule {
            name                       = "SSH"
            priority                   = 1001
            direction                  = "Inbound"
            access                     = "Allow"
            protocol                   = "Tcp"
            source_port_range          = "*"
            destination_port_range     = "22"
          source_address_prefix      = "*"
            destination_address_prefix = "*"
        }
    
        tags {
            environment = "onprem"
        }
    }
    
    resource "azurerm_subnet_network_security_group_association" "mgmt-nsg-association" {
      subnet_id                 = azurerm_subnet.onprem-mgmt.id
      network_security_group_id = azurerm_network_security_group.onprem-nsg.id
    }
    
    resource "azurerm_virtual_machine" "onprem-vm" {
      name                  = "${local.prefix-onprem}-vm"
      location              = azurerm_resource_group.onprem-vnet-rg.location
      resource_group_name   = azurerm_resource_group.onprem-vnet-rg.name
      network_interface_ids = [azurerm_network_interface.onprem-nic.id]
      vm_size               = var.vmsize
    
      storage_image_reference {
        publisher = "Canonical"
        offer     = "UbuntuServer"
        sku       = "16.04-LTS"
        version   = "latest"
      }
    
      storage_os_disk {
        name              = "myosdisk1"
        caching           = "ReadWrite"
        create_option     = "FromImage"
        managed_disk_type = "Standard_LRS"
      }
    
      os_profile {
        computer_name  = "${local.prefix-onprem}-vm"
        admin_username = var.username
        admin_password = var.password
      }
    
      os_profile_linux_config {
        disable_password_authentication = false
      }
    
      tags {
        environment = local.prefix-onprem
      }
    }
    
    resource "azurerm_public_ip" "onprem-vpn-gateway1-pip" {
      name                = "${local.prefix-onprem}-vpn-gateway1-pip"
      location            = azurerm_resource_group.onprem-vnet-rg.location
      resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
    
      allocation_method = "Dynamic"
    }
    
    resource "azurerm_virtual_network_gateway" "onprem-vpn-gateway" {
      name                = "onprem-vpn-gateway1"
      location            = azurerm_resource_group.onprem-vnet-rg.location
      resource_group_name = azurerm_resource_group.onprem-vnet-rg.name
    
      type     = "Vpn"
      vpn_type = "RouteBased"
    
      active_active = false
      enable_bgp    = false
      sku           = "VpnGw1"
    
      ip_configuration {
        name                          = "vnetGatewayConfig"
        public_ip_address_id          = azurerm_public_ip.onprem-vpn-gateway1-pip.id
        private_ip_address_allocation = "Dynamic"
        subnet_id                     = azurerm_subnet.onprem-gateway-subnet.id
      }
      depends_on = ["azurerm_public_ip.onprem-vpn-gateway1-pip"]
    
    }
    
  3. Salvare il file e uscire dall'editor.Save the file and exit the editor.

Passaggi successiviNext steps