您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

教程:使用 Ansible 通过 Azure 应用程序网关管理 Web 流量Tutorial: Manage web traffic with Azure Application Gateway using Ansible

重要

运行本文中的示例 playbook 需要 Ansible 2.7(或更高版本)。Ansible 2.7 (or later) is required to run the sample playbooks in this article.

Azure 应用程序网关是一种 Web 流量负载均衡器,可用于管理 Web 应用程序的流量。Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. 传统负载均衡器根据源 IP 地址和端口将流量路由到目标 IP 地址和端口。Based on the source IP address and port, traditional load balancers route traffic to a destination IP address and port. 应用程序网关提供更精细的控制级别,可根据 URL 路由流量。Application Gateway gives you a finer level of control where traffic can be routed based on the URL. 例如,可进行如下定义:如果 images 是 URL 的路径,则将流量路由到为映像配置的特定服务器集(称为池)。For example, you could define that if images is URL's path, traffic is routed to a specific set of servers (known as a pool) configured for images.

在本教程中,Ansible 用于:In this tutorial, Ansible is used to:

  • 设置网络Set up a network
  • 使用 HTTPD 映像创建两个 Azure 容器实例Create two Azure container instances with HTTPD images
  • 创建一个应用程序网关,该网关适用于服务器池中的 Azure 容器实例Create an application gateway that works with the Azure container instances in the server pool

先决条件Prerequisites

  • Azure 订阅:如果还没有 Azure 订阅,可以在开始前创建一个 免费帐户Azure subscription: If you don't have an Azure subscription, create a free account before you begin.

创建资源组Create a resource group

本部分中的 playbook 代码将创建一个 Azure 资源组。The playbook code in this section creates an Azure resource group. 资源组是配置 Azure 资源的逻辑容器。A resource group is a logical container in which Azure resources are configured.

将以下 playbook 保存为 rg.ymlSave the following playbook as rg.yml:

- hosts: localhost
  vars:
    resource_group: myResourceGroup
    location: eastus 
  tasks:
    - name: Create a resource group
      azure_rm_resourcegroup:
        name: "{{ resource_group }}"
        location: "{{ location }}"

运行 playbook 之前,请参阅以下说明:Before running the playbook, see the following notes:

  • 该资源组名为 myResourceGroupThe resource group name is myResourceGroup. 本教程中的所有示例都使用此值。This value is used throughout the tutorial.
  • eastus 位置创建资源组。The resource group is created in the eastus location.

使用 ansible-playbook 命令运行 playbook:Run the playbook using the ansible-playbook command:

ansible-playbook rg.yml

创建网络资源Create network resources

本部分中的 playbook 代码创建了一个虚拟网络,使应用程序网关能够与其他资源进行通信。The playbook code in this section creates a virtual network to enable the application gateway to communicate with other resources.

将以下 playbook 保存为 vnet_create.ymlSave the following playbook as vnet_create.yml:

- hosts: localhost
  vars:
    resource_group: myResourceGroup
    location: eastus 
    vnet_name: myVNet 
    subnet_name: myAGSubnet 
    publicip_name: myAGPublicIPAddress
    publicip_domain: mydomain
  tasks:
    - name: Create a virtual network
      azure_rm_virtualnetwork:
        name: "{{ vnet_name }}"
        resource_group: "{{ resource_group }}"
        address_prefixes_cidr:
            - 10.1.0.0/16
            - 172.100.0.0/16
        dns_servers:
            - 127.0.0.1
            - 127.0.0.2

    - name: Create a subnet
      azure_rm_subnet:
        name: "{{ subnet_name }}"
        virtual_network_name: "{{ vnet_name }}"
        resource_group: "{{ resource_group }}"
        address_prefix_cidr: 10.1.0.0/24

    - name: Create a public IP address
      azure_rm_publicipaddress:
        resource_group: "{{ resource_group }}" 
        allocation_method: Dynamic
        name: "{{ publicip_name }}"
        domain_name_label: "{{ publicip_domain }}"

运行 playbook 之前,请参阅以下说明:Before running the playbook, see the following notes:

  • vars 部分包含用于创建网络资源的值。The vars section contains the values that are used to create the network resources.
  • 需要为特定环境更改这些值。You'll need to change these values for your specific environment.

使用 ansible-playbook 命令运行 playbook:Run the playbook using the ansible-playbook command:

ansible-playbook vnet_create.yml

创建服务器Create servers

本部分中的 playbook 代码创建两个具有 HTTPD 映像的 Azure 容器实例,用作应用程序网关的 Web 服务器。The playbook code in this section creates two Azure container instances with HTTPD images to be used as web servers for the application gateway.

将以下 playbook 保存为 aci_create.ymlSave the following playbook as aci_create.yml:

- hosts: localhost
  vars:
    resource_group: myResourceGroup
    location: eastus 
    aci_1_name: myACI1
    aci_2_name: myACI2
  tasks:
    - name: Create a container with httpd image 
      azure_rm_containerinstance:
        resource_group: "{{ resource_group }}"
        name: "{{ aci_1_name }}"
        os_type: linux
        ip_address: public
        location: "{{ location }}"
        ports:
          - 80
        containers:
          - name: mycontainer
            image: httpd
            memory: 1.5
            ports:
              - 80

    - name: Create another container with httpd image 
      azure_rm_containerinstance:
        resource_group: "{{ resource_group }}"
        name: "{{ aci_2_name }}"
        os_type: linux
        ip_address: public
        location: "{{ location }}"
        ports:
          - 80
        containers:
          - name: mycontainer
            image: httpd
            memory: 1.5
            ports:
              - 80

使用 ansible-playbook 命令运行 playbook:Run the playbook using the ansible-playbook command:

ansible-playbook aci_create.yml

创建应用程序网关Create the application gateway

本部分中的 playbook 代码创建名为 myAppGateway 的应用程序网关。The playbook code in this section creates an application gateway named myAppGateway.

将以下 playbook 保存为 appgw_create.ymlSave the following playbook as appgw_create.yml:

- hosts: localhost
  connection: local
  vars:
    resource_group: myResourceGroup
    vnet_name: myVNet
    subnet_name: myAGSubnet
    location: eastus
    publicip_name: myAGPublicIPAddress
    appgw_name: myAppGateway
    aci_1_name: myACI1
    aci_2_name: myACI2
  tasks:
    - name: Get info of Subnet
      azure_rm_resource_facts:
        api_version: '2018-08-01'
        resource_group: "{{ resource_group }}"
        provider: network
        resource_type: virtualnetworks
        resource_name: "{{ vnet_name }}"
        subresource:
          - type: subnets
            name: "{{ subnet_name }}"
      register: subnet

    - name: Get info of backend server 2
      azure_rm_resource_facts:
        api_version: '2018-04-01'
        resource_group: "{{ resource_group }}"
        provider: containerinstance
        resource_type: containergroups
        resource_name: "{{ aci_1_name }}"
      register: aci_1_output
    - name: Get info of backend server 2
      azure_rm_resource_facts:
        api_version: '2018-04-01'
        resource_group: "{{ resource_group }}"
        provider: containerinstance
        resource_type: containergroups
        resource_name: "{{ aci_2_name }}"
      register: aci_2_output

    - name: Create instance of Application Gateway
      azure_rm_appgateway:
        resource_group: "{{ resource_group }}"
        name: "{{ appgw_name }}"
        sku:
          name: standard_small
          tier: standard
          capacity: 2
        gateway_ip_configurations:
          - subnet:
              id: "{{ subnet.response[0].id }}"
            name: appGatewayIP
        frontend_ip_configurations:
          - public_ip_address: "{{ publicip_name }}"
            name: appGatewayFrontendIP
        frontend_ports:
          - port: 80
            name: appGatewayFrontendPort
        backend_address_pools:
          - backend_addresses:
              - ip_address: "{{ aci_1_output.response[0].properties.ipAddress.ip }}"
              - ip_address: "{{ aci_2_output.response[0].properties.ipAddress.ip }}"
            name: appGatewayBackendPool
        backend_http_settings_collection:
          - port: 80
            protocol: http
            cookie_based_affinity: enabled
            name: appGatewayBackendHttpSettings
        http_listeners:
          - frontend_ip_configuration: appGatewayFrontendIP
            frontend_port: appGatewayFrontendPort
            name: appGatewayHttpListener
        request_routing_rules:
          - rule_type: Basic
            backend_address_pool: appGatewayBackendPool
            backend_http_settings: appGatewayBackendHttpSettings
            http_listener: appGatewayHttpListener
            name: rule1

运行 playbook 之前,请参阅以下说明:Before running the playbook, see the following notes:

  • appGatewayIPgateway_ip_configurations 块中定义。appGatewayIP is defined in the gateway_ip_configurations block. 子网引用是网关的 IP 配置所必需的。A subnet reference is required for IP configuration of the gateway.
  • appGatewayBackendPoolbackend_address_pools 块中定义。appGatewayBackendPool is defined in the backend_address_pools block. 应用程序网关必须至少具有一个后端地址池。An application gateway must have at least one back-end address pool.
  • appGatewayBackendHttpSettingsbackend_http_settings_collection 块中定义。appGatewayBackendHttpSettings is defined in the backend_http_settings_collection block. 它指定将端口 80 和 HTTP 协议用于通信。It specifies that port 80 and an HTTP protocol are used for communication.
  • appGatewayHttpListenerbackend_http_settings_collection 块中定义。appGatewayHttpListener is defined in the backend_http_settings_collection block. 它是与 appGatewayBackendPool 关联的默认侦听器。It's the default listener associated with appGatewayBackendPool.
  • appGatewayFrontendIPfrontend_ip_configurations 块中定义。appGatewayFrontendIP is defined in the frontend_ip_configurations block. 它将 myAGPublicIPAddress 分配到 appGatewayHttpListener。It assigns myAGPublicIPAddress to appGatewayHttpListener.
  • rule1request_routing_rules 块中定义。rule1 is defined in the request_routing_rules block. 它是与 appGatewayHttpListener 关联的默认路由规则。It's the default routing rule associated with appGatewayHttpListener.

使用 ansible-playbook 命令运行 playbook:Run the playbook using the ansible-playbook command:

ansible-playbook appgw_create.yml

创建应用程序网关可能需要几分钟时间。It might take several minutes for the application gateway to be created.

测试应用程序网关Test the application gateway

  1. 创建资源组部分中指定位置。In the Create a resource group section, you specify a location. 请注意它的值。Note its value.

  2. 创建网络资源部分中指定域。In the Create network resources section, you specify the domain. 请注意它的值。Note its value.

  3. 对于测试 URL,将以下模式替换为位置和域:http://<domain>.<location>.cloudapp.azure.comFor the test URL by replacing the following pattern with the location and domain: http://<domain>.<location>.cloudapp.azure.com.

  4. 浏览到测试 URL。Browse to the test URL.

  5. 如果看到以下页面,则说明应用程序网关正在按预期工作。If you see the following page, the application gateway is working as expected.

    成功测试正在工作的应用程序网关

清理资源Clean up resources

如果不再需要本教程中创建的资源,请将其删除。When no longer needed, delete the resources created in this article.

将以下代码保存为 cleanup.ymlSave the following code as cleanup.yml:

- hosts: localhost
  vars:
    resource_group: myResourceGroup
  tasks:
    - name: Delete a resource group
      azure_rm_resourcegroup:
        name: "{{ resource_group }}"
        state: absent

使用 ansible-playbook 命令运行 playbook:Run the playbook using the ansible-playbook command:

ansible-playbook cleanup.yml

后续步骤Next steps