您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

使用 Terraform 计划部署 Google Cloud Platform 的 Ubuntu 实例,并将其连接到 Azure ArcUse a Terraform plan to deploy a Google Cloud Platform Ubuntu instance and connect it to Azure Arc

本文提供了有关使用提供的 Terraform 计划部署 GOOGLE CLOUD PLATFORM (GCP) 实例并将其连接为启用了 Azure Arc 的服务器资源的指南。This article provides guidance for using the provided Terraform plan to deploy Google Cloud Platform (GCP) instance and connect it as an Azure Arc enabled server resource.

先决条件Prerequisites

  1. 克隆 Azure Arc Jumpstart 存储库。Clone the Azure Arc Jumpstart repository.

    git clone https://github.com/microsoft/azure_arc.git
    
  2. 安装或 Azure CLI 更新到版本2.7 及更高版本Install or update Azure CLI to version 2.7 and above. 使用以下命令检查当前安装的版本。Use the following command to check your current installed version.

    az --version
    
  3. 生成 ssh 密钥 (或使用现有 ssh 密钥) Generate SSH key (or use existing SSH key)

  4. 创建免费的 Google Cloud Platform 帐户Create free Google Cloud Platform account

  5. 安装 Terraform >= 0.12Install Terraform >= 0.12

  6. 创建 Azure 服务主体。Create an Azure service principal.

    若要将 GCP 虚拟机连接到 Azure Arc,需要具有 "参与者" 角色分配的 Azure 服务主体。To connect the GCP virtual machine to Azure Arc, an Azure service principal assigned with the Contributor role is required. 若要创建它,请登录到 Azure 帐户,并运行以下命令。To create it, sign in to your Azure account and run the following command. 你还可以在 Azure Cloud Shell中运行此命令。You can also run this command in Azure Cloud Shell.

    az login
    az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor
    

    例如:For example:

    az ad sp create-for-rbac -n "http://AzureArcGCP" --role contributor
    

    输出应如下所示:Output should look like this:

    {
      "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "displayName": "AzureArcGCP",
      "name": "http://AzureArcGCP",
      "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    备注

    我们强烈建议你将服务主体的范围限定为特定的 Azure 订阅和资源组We highly recommend that you scope the service principal to a specific Azure subscription and resource group.

创建新的 GCP 项目Create a new GCP project

  1. 浏览到 GOOGLE API 控制台 并通过 google 帐户登录。Browse to the Google API console and sign-in with your Google account. 登录后,创建一个名为的 新项目 Azure Arc demoOnce logged in, create a new project named Azure Arc demo. 创建该项目后,请务必复制项目 ID,因为它通常不同于项目名称。After creating it, be sure to copy down the project ID since it's usually different then the project name.

    GCP 控制台中的 "新建项目" 页面的第一个屏幕截图。

    GCP 控制台中的 "新建项目" 页的第二个屏幕截图。

  2. 创建新项目并在页面顶部的下拉列表中选择该项目后,必须为项目启用计算引擎 API 访问权限。Once the new project is created and selected in the dropdown at the top of the page, you must enable Compute Engine API access for the project. 单击 " 启用 api 和服务 ",然后搜索 计算引擎Click on + Enable APIs and Services and search for compute engine. 然后选择 " 启用 " 以启用 API 访问。Then select Enable to enable API access.

    GCP 控制台中的第一个屏幕截图 * * 计算引擎 API * *。

    GCP 控制台中的第二个屏幕快照 * * 计算引擎 API * *。

  3. 接下来,设置服务帐户密钥,Terraform 将使用该密钥在 GCP 项目中创建和管理资源。Next, set up a service account key, which Terraform will use to create and manage resources in your GCP project. 中转到 " 创建服务帐户密钥" 页Go to the create service account key page. 从下拉列表中选择 " 新建服务帐户 ",为其指定一个名称,选择 "项目",然后选择 "所有者" 作为角色 "JSON",然后选择 " 创建"。Select New Service Account from the dropdown, give it a name, select project then owner as the role, JSON as the key type, and select Create. 这会下载包含 Terraform 管理资源所需的所有凭据的 JSON 文件。This downloads a JSON file with all the credentials that will be needed for Terraform to manage the resources. 将下载的 JSON 文件复制到 azure_arc_servers_jumpstart/gcp/ubuntu/terraform 目录。Copy the downloaded JSON file to the azure_arc_servers_jumpstart/gcp/ubuntu/terraform directory.

    如何在 GCP 控制台中创建服务帐户的屏幕截图。

  4. 最后,确保你的 SSH 密钥可用于 ~/.ssh 和命名为 id_rsa.pubid_rsaFinally, make sure your SSH keys are available in ~/.ssh and named id_rsa.pub and id_rsa. 如果你按照上面的 ssh-ssh-keygen 指南创建你的密钥,则应该已正确设置此项。If you followed the ssh-keygen guide above to create your key then this should already be setup correctly. 如果没有,则可能需要修改 main.tf 才能使用具有不同路径的密钥。If not, you may need to modify main.tf to use a key with a different path.

部署Deployment

在执行 Terraform 计划之前,必须导出将由计划使用的环境变量。Before executing the Terraform plan, you must export the environment variables which will be used by the plan. 这些变量基于刚才创建的 Azure 服务主体、Azure 订阅和租户,以及 GCP 项目名称。These variables are based on the Azure service principal you've just created, your Azure subscription and tenant, and the GCP project name.

  1. 使用命令检索 Azure 订阅 ID 和租户 ID az account listRetrieve your Azure subscription ID and tenant ID using the az account list command.

  2. Terraform 计划在 Microsoft Azure 和 Google Cloud Platform 中都创建了资源。The Terraform plan creates resources in both Microsoft Azure and Google Cloud Platform. 然后,它在 GCP 虚拟机上执行脚本,以安装 Azure Arc 代理和所有必要的项目。It then executes a script on a GCP virtual machine to install the Azure Arc agent and all necessary artifacts. 此脚本需要某些有关 GCP 和 Azure 环境的信息。This script requires certain information about your GCP and Azure environments. scripts/vars.sh用适当的值编辑和更新每个变量。Edit scripts/vars.sh and update each of the variables with the appropriate values.

    • TF_VAR_subscription_id= 你的 Azure 订阅 IDTF_VAR_subscription_id= your Azure subscription ID
    • TF_VAR_client_id = 你的 Azure 服务主体应用程序 IDTF_VAR_client_id = your Azure service principal application ID
    • TF_VAR_client_secret = 你的 Azure 服务主体密码TF_VAR_client_secret = your Azure service principal password
    • TF_VAR_tenant_id = 你的 Azure 租户 IDTF_VAR_tenant_id = your Azure tenant ID
    • TF_VAR_gcp_project_id = GCP 项目 IDTF_VAR_gcp_project_id = GCP project ID
    • TF_VAR_gcp_credentials_filename = GCP 凭据 JSON filenameTF_VAR_gcp_credentials_filename = GCP credentials JSON filename
  3. 在 CLI 中,导航到克隆的存储库的 azure_arc_servers_jumpstart/gcp/ubuntu/terraform 目录。From CLI, navigate to the azure_arc_servers_jumpstart/gcp/ubuntu/terraform directory of the cloned repo.

  4. 使用 source 命令导出你编辑的环境变量,如下 scripts/vars.sh 所示。Export the environment variables you edited by running scripts/vars.sh with the source command as shown below. Terraform 要求对其进行设置,以便计划正确执行。Terraform requires these to be set for the plan to execute properly. 请注意,在 Terraform 部署过程中,此脚本还会在 GCP 虚拟机上以远程方式自动执行。Note that this script will also be automatically executed remotely on the GCP virtual machine as part of the Terraform deployment.

    source ./scripts/vars.sh
    
  5. 运行 terraform init 命令,该命令将下载 Terraform AzureRM 提供程序。Run the terraform init command which will download the Terraform AzureRM provider.

    "Terraform init" 命令的屏幕截图。

  6. 接下来,运行 terraform apply --auto-approve 命令并等待计划完成。Next, run the terraform apply --auto-approve command and wait for the plan to finish. 完成后,将会在新的资源组中部署 GCP Ubuntu VM,并将其作为新的启用了 Azure Arc 的服务器连接。Upon completion, you will have a GCP Ubuntu VM deployed and connected as a new Azure Arc enabled server inside a new resource group.

  7. 打开 Azure 门户并导航到 arc-gcp-demo 资源组。Open the Azure portal and navigate to the arc-gcp-demo resource group. 在 GCP 中创建的虚拟机将显示为资源。The virtual machine created in GCP will be visible as a resource.

    Azure 门户中启用了 Azure Arc 的服务器的屏幕截图。

半自动部署 (可选) Semi-automated deployment (optional)

正如您可能已经注意到的,运行的最后一步是将 VM 注册为启用了新的 Azure Arc 服务器资源。As you may have noticed, the last step of the run is to register the VM as a new Azure Arc enabled server resource.

运行 "azcmagent connect" 命令的屏幕截图。

如果要演示/控制实际注册过程,请执行以下操作:If you want to demo/control the actual registration process, do the following:

  1. install_arc_agent.sh.tmpl 脚本模板中,注释掉 run connect command 部分并保存文件。In the install_arc_agent.sh.tmpl script template, comment out the run connect command section and save the file.

    屏幕截图显示 "main.tf" 被注释掉,以禁用自动载入 Azure Arc 代理。

  2. 通过运行获取 GCP VM 的公共 IP terraform outputGet the public IP of the GCP VM by running terraform output.

    Terraform 输出的屏幕截图。

  3. 使用的 SSH VM, ssh arcadmin@xx.xx.xx.xx 其中 xx.xx.xx.xx 是主机 IP。SSH the VM using the ssh arcadmin@xx.xx.xx.xx where xx.xx.xx.xx is the host IP.

    连接到 GCP 服务器的 SSH 密钥的屏幕截图。

  4. 导出所有环境变量 vars.shExport all the environment variables in vars.sh

    使用 "vars.sh" 导出环境变量的屏幕截图。

  5. 运行以下命令:Run the following command:

    azcmagent connect --service-principal-id $TF_VAR_client_id --service-principal-secret $TF_VAR_client_secret --resource-group "Azure Arc gcp-demo" --tenant-id $TF_VAR_tenant_id --location "westus2" --subscription-id $TF_VAR_subscription_id
    

    已成功完成 "azcmagent connect" 命令的屏幕截图。

  6. 完成后,VM 将注册到 Azure Arc,并通过 Azure 门户在资源组中可见。When complete, your VM will be registered with Azure Arc and visible in the resource group via the Azure portal.

删除部署Delete the deployment

若要删除在此演示中创建的所有资源,请使用 terraform destroy --auto-approve 命令,如下所示。To delete all the resources you created as part of this demo use the terraform destroy --auto-approve command as shown below.

"Terraform 销毁" 命令的屏幕截图。

或者,可以直接从 GCP 控制台删除 GCP VM。Alternatively, you can delete the GCP VM directly from GCP console.

显示如何从 GCP 控制台中删除虚拟机的屏幕截图。