您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

使用 Terraform 计划部署 Google Cloud Platform 的 Windows 实例,并将其连接到 Azure ArcUse a Terraform plan to deploy a Google Cloud Platform Windows instance and connect it to Azure Arc

本文提供了有关使用提供的 Terraform 计划部署 WINDOWS Server GCP 实例并将其连接为启用了 Azure Arc 的服务器资源的指南。This article provides guidance for using the provided Terraform plan to deploy a Windows Server GCP instance and connect it as an Azure Arc enabled server resource.

先决条件Prerequisites

  1. 克隆 Azure Arc Jumpstart 存储库。Clone the Azure Arc Jumpstart repository.

    git clone https://github.com/microsoft/azure_arc.git
    
  2. 安装或 Azure CLI 更新到版本2.7 及更高版本Install or update Azure CLI to version 2.7 and above. 使用以下命令检查当前安装的版本。Use the following command to check your current installed version.

    az --version
    
  3. 安装 Terraform >= 0.12Install Terraform >= 0.12

  4. 启用计费的 Google Cloud 帐户: 创建免费试用帐户Google Cloud account with billing enabled: Create a free trial account. 若要创建 Windows Server 虚拟机,你必须升级你的帐户以启用计费。To create Windows Server virtual machines, you must upgraded your account to enable billing. 从菜单中选择 " 计费 ",并选择右下角的 " 升级 "。Select Billing from the menu and then select Upgrade at the lower right.

    第一个屏幕截图,显示如何对 GCP 帐户启用计费。

    第二个屏幕截图,显示如何对 GCP 帐户启用计费。

    第三个屏幕截图,显示如何对 GCP 帐户启用计费。

    免责声明: 若要防止意外收费,请遵循本文末尾的 "删除部署" 部分。Disclaimer: To prevent unexpected charges, follow the "delete the deployment" section at the end of this article.

  5. 创建 Azure 服务主体。Create an Azure service principal.

    若要将 GCP 虚拟机连接到 Azure Arc,需要具有 "参与者" 角色分配的 Azure 服务主体。To connect the GCP virtual machine to Azure Arc, an Azure service principal assigned with the Contributor role is required. 若要创建它,请登录到 Azure 帐户,并运行以下命令。To create it, sign in to your Azure account and run the following command. 你还可以在 Azure Cloud Shell中运行此命令。You can also run this command in Azure Cloud Shell.

    az login
    az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor
    

    例如:For example:

    az ad sp create-for-rbac -n "http://AzureArcGCP" --role contributor
    

    输出应如下所示:Output should look like this:

    {
      "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "displayName": "AzureArcGCP",
      "name": "http://AzureArcGCP",
      "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    备注

    我们强烈建议你将服务主体的范围限定为特定的 Azure 订阅和资源组We highly recommend that you scope the service principal to a specific Azure subscription and resource group.

创建新的 GCP 项目Create a new GCP project

  1. 浏览到 GOOGLE API 控制台 并通过 google 帐户登录。Browse to the Google API console and sign-in with your Google account. 登录后,创建一个名为的 新项目 Azure Arc demoOnce logged in, create a new project named Azure Arc demo. 创建该项目后,请务必复制该项目 ID,因为它与项目名称通常不同。After creating it, be sure to copy the project ID since it's usually different from the project name.

    GCP 控制台中的 "新建项目" 页面的第一个屏幕截图。

    GCP 控制台中的 "新建项目" 页的第二个屏幕截图。

  2. 创建新项目并在页面顶部的下拉列表中选择该项目后,必须为项目启用计算引擎 API 访问权限。Once the new project is created and selected in the dropdown at the top of the page, you must enable compute engine API access for the project. 单击 " 启用 api 和服务 ",然后搜索 计算引擎Click on + Enable APIs and Services and search for compute engine. 然后选择 " 启用 " 以启用 API 访问。Then select Enable to enable API access.

    GCP 控制台中的第一个屏幕截图 * * 计算引擎 API * *。

    GCP 控制台中的第二个屏幕快照 * * 计算引擎 API * *。

  3. 接下来,设置服务帐户密钥,Terraform 将使用该密钥在 GCP 项目中创建和管理资源。Next, set up a service account key, which Terraform will use to create and manage resources in your GCP project. 中转到 " 创建服务帐户密钥" 页Go to the create service account key page. 从下拉列表中选择 " 新建服务帐户 ",为其指定一个名称,选择 "项目",然后选择 "所有者" 作为角色 "JSON",然后选择 " 创建"。Select New Service Account from the dropdown, give it a name, select project then owner as the role, JSON as the key type, and select Create. 这会下载包含 Terraform 管理资源所需的所有凭据的 JSON 文件。This downloads a JSON file with all the credentials needed for Terraform to manage the resources. 将下载的 JSON 文件复制到 azure_arc_servers_jumpstart/gcp/windows/terraform 目录。Copy the downloaded JSON file to the azure_arc_servers_jumpstart/gcp/windows/terraform directory.

    如何在 GCP 控制台中创建服务帐户的屏幕截图。

部署Deployment

执行 Terraform 计划之前,必须先设置并导出计划将使用的环境变量。Before executing the Terraform plan, you must set and then export the environment variables which will be used by the plan. 这些变量基于刚才创建的 Azure 服务主体、Azure 订阅和租户,以及 GCP 项目名称。These variables are based on the Azure service principal you've just created, your Azure subscription and tenant, and the GCP project name.

  1. 使用命令检索 Azure 订阅 ID 和租户 ID az account listRetrieve your Azure subscription ID and tenant ID using the az account list command.

  2. Terraform 计划在 Microsoft Azure 和 Google Cloud Platform 中都创建了资源。The Terraform plan creates resources in both Microsoft Azure and Google Cloud Platform. 然后,它在 GCP 虚拟机上执行脚本,以安装 Azure Arc 代理和所有必要的项目。It then executes a script on a GCP virtual machine to install the Azure Arc agent and all necessary artifacts. 此脚本需要某些有关 GCP 和 Azure 环境的信息。This script requires certain information about your GCP and Azure environments. scripts/vars.sh用适当的值编辑和更新每个变量。Edit scripts/vars.sh and update each of the variables with the appropriate values.

    • TF_VAR_subscription_id = 你的 Azure 订阅 IDTF_VAR_subscription_id = your Azure subscription ID
    • TF_VAR_client_id = 你的 Azure 服务主体应用程序 IDTF_VAR_client_id = your Azure service principal application ID
    • TF_VAR_client_secret = 你的 Azure 服务主体密码TF_VAR_client_secret = your Azure service principal password
    • TF_VAR_tenant_id = 你的 Azure 租户 IDTF_VAR_tenant_id = your Azure tenant ID
    • TF_VAR_gcp_project_id = GCP 项目 IDTF_VAR_gcp_project_id = GCP project ID
    • TF_VAR_gcp_credentials_filename = GCP 凭据 JSON filenameTF_VAR_gcp_credentials_filename = GCP credentials JSON filename
  3. 在 CLI 中,导航到克隆的存储库的 azure_arc_servers_jumpstart/gcp/windows/terraform 目录。From CLI, navigate to the azure_arc_servers_jumpstart/gcp/windows/terraform directory of the cloned repo.

  4. 使用 source 命令导出你编辑的环境变量,如下 scripts/vars.sh 所示。Export the environment variables you edited by running scripts/vars.sh with the source command as shown below. Terraform 要求对其进行设置,以便计划正确执行。Terraform requires these to be set for the plan to execute properly.

    source ./scripts/vars.sh
    
  5. 运行 terraform init 命令,该命令将下载 Terraform AzureRM 提供程序。Run the terraform init command which will download the Terraform AzureRM provider.

    "Terraform init" 命令的屏幕截图。

  6. 接下来,运行 terraform apply --auto-approve 命令并等待计划完成。Next, run the terraform apply --auto-approve command and wait for the plan to finish. 完成 Terraform 脚本后,你将部署一个 GCP Windows Server 2019 VM 并启动了一个脚本,用于将 Azure Arc 代理下载到 VM,并在新的 Azure 资源组内将该 VM 连接为启用了新的 Azure Arc 服务器。Upon completion of the Terraform script, you will have deployed a GCP Windows Server 2019 VM and initiated a script to download the Azure Arc agent to the VM and connect the VM as a new Azure Arc enabled server inside a new Azure resource group. 代理需要几分钟时间才能完成预配,因此请抓住咖啡。It will take a few minutes for the agent to finish provisioning so grab a coffee.

    "Terraform apply" 命令的屏幕截图。

  7. 几分钟后,你应该能够打开 Azure 门户并导航到 arc-gcp-demo 资源组。After a few minutes, you should be able to open the Azure portal and navigate to the arc-gcp-demo resource group. 在 GCP 中创建的 Windows Server 虚拟机将显示为资源。The Windows Server virtual machine created in GCP will be visible as a resource.

    Azure 门户中启用了 Azure Arc 的服务器的屏幕截图。

半自动部署 (可选) Semi-automated deployment (optional)

Terraform 计划会自动安装 Azure Arc 代理,并在首次启动 VM 时执行 PowerShell 脚本,将 VM 作为托管资源连接到 Azure。The Terraform plan automatically installs the Azure Arc agent and connects the VM to Azure as a managed resource by executing a PowerShell script when the VM is first booted.

"Azcmagent connect" 命令的屏幕截图。

如果要演示/控制实际注册过程,请执行以下操作:If you want to demo/control the actual registration process, do the following:

  1. 运行命令之前 terraform apply ,请打开 main.tf 并注释掉 windows-startup-script-ps1 = local-file.install_arc_agent-ps1.content 行并保存文件。Before running the terraform apply command, open main.tf and comment out the windows-startup-script-ps1 = local-file.install_arc_agent-ps1.content line and save the file.

    屏幕截图显示 "main.tf" 被注释掉,以禁用自动载入 Azure Arc 代理。

  2. terraform apply --auto-approve按上文所述运行。Run terraform apply --auto-approve as instructed above.

  3. 打开 GCP 控制台并导航到 " 计算实例" 页,然后选择已创建的 VM。Open the GCP console and navigate to the compute instance page, and then select the VM that was created.

    GCP 控制台中的服务器的屏幕截图。

    显示如何在 GCP 控制台中重置 Windows server 密码的屏幕截图。

  4. 通过选择 " 设置密码 " 并指定 "用户名",为 VM 创建用户和密码。Create a user and password for the VM by selecting Set Password and specifying a user name.

    显示如何在 GCP 控制台中为 Windows server 设置用户名和密码的屏幕截图。

  5. 通过在 GCP 控制台中的 "VM" 页上选择 "RDP" 按钮,然后使用刚创建的用户名和密码登录到 VM。RDP into the VM by selecting the RDP button from the VM page in the GCP console, and sign in with the username and password you just created.

    显示如何将 RDP 连接到 GCP 实例的屏幕截图。

  6. 登录后,请 以管理员身份 打开 PowerShell ISE。Once logged in, open PowerShell ISE as Administrator. 请确保运行的是 x64 版本的 PowerShell ISE 而不是 x86 版本。Make sure you are running the x64 version of PowerShell ISE and not the x86 version. 打开后,选择 " 文件" > "新建 " 以创建一个空 .ps1 文件。Once opened, select File > New to create an empty .ps1 file. 然后,粘贴的全部内容 ./scripts/install_arc_agent.ps1Then paste in the entire contents of ./scripts/install_arc_agent.ps1. 单击 "播放" 按钮以执行该脚本。Click the play button to execute the script. 完成后,应会看到输出显示已成功加入计算机。When complete, you should see the output showing successful onboarding of the machine.

    使用 Azure Arc 代理连接脚本显示 Windows Powershell 集成脚本环境的屏幕截图。

删除部署Delete the deployment

若要删除在此演示中创建的所有资源,请使用 terraform destroy --auto-approve 命令,如下所示。To delete all the resources you created as part of this demo use the terraform destroy --auto-approve command as shown below.

"Terraform 销毁" 命令的屏幕截图。

或者,可以直接从 GCP 控制台删除 GCP VM。Alternatively, you can delete the GCP VM directly from GCP console.

显示如何从 GCP 控制台中删除虚拟机的屏幕截图。