您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

快速入门:使用 Ansible 在 Azure 中配置 Linux 虚拟机Quickstart: Configure Linux virtual machines in Azure using Ansible

Ansible 使用声明性语言,适用于通过 Ansible playbook 来自动完成 Azure 资源的创建、配置和部署。Using a declarative language, Ansible allows you to automate the creation, configuration, and deployment of Azure resources via Ansible playbooks. 本文提供了一个用于配置 Linux 虚拟机的示例 Ansible playbook。This article presents a sample Ansible playbook for configuring Linux virtual machines. 完整的 Ansible playbook 列在本文末尾。The complete Ansible playbook is listed at the end of this article.

先决条件Prerequisites

  • Azure 订阅:如果还没有 Azure 订阅,可以在开始前创建一个 免费帐户Azure subscription: If you don't have an Azure subscription, create a free account before you begin.

创建资源组Create a resource group

Ansible 需要一个在其中部署了资源的资源组。Ansible needs a resource group in which your resources are deployed. 以下示例 Ansible playbook 部分在 eastus 位置创建名为 myResourceGroup 的资源组:The following sample Ansible playbook section creates a resource group named myResourceGroup in the eastus location:

- name: Create resource group
  azure_rm_resourcegroup:
    name: myResourceGroup
    location: eastus

创建虚拟网络Create a virtual network

创建 Azure 虚拟机时,必须创建虚拟网络或使用现有的虚拟网络。When you create an Azure virtual machine, you must create a virtual network or use an existing virtual network. 此外,还需要确定如何在虚拟网络上访问虚拟机。You also need to decide how your virtual machines are intended to be accessed on the virtual network. 以下示例 Ansible playbook 部分在 10.0.0.0/16 地址空间中创建名为 myVnet 的虚拟网络:The following sample Ansible playbook section creates a virtual network named myVnet in the 10.0.0.0/16 address space:

- name: Create virtual network
  azure_rm_virtualnetwork:
    resource_group: myResourceGroup
    name: myVnet
    address_prefixes: "10.0.0.0/16"

部署到虚拟网络的所有 Azure 资源都将部署到虚拟网络内的子网中。All Azure resources deployed into a virtual network are deployed into a subnet within a virtual network.

以下示例 Ansible playbook 部分在 myVnet 虚拟网络中创建名为 mySubnet 的子网:The following sample Ansible playbook section creates a subnet named mySubnet in the myVnet virtual network:

- name: Add subnet
  azure_rm_subnet:
    resource_group: myResourceGroup
    name: mySubnet
    address_prefix: "10.0.1.0/24"
    virtual_network: myVnet

创建公共 IP 地址Create a public IP address

公共 IP 地址允许 Internet 资源与 Azure 资源进行入站通信。Public IP addresses allow Internet resources to communicate inbound to Azure resources. 公共 IP 地址还使 Azure 资源能够与面向公众的 Azure 服务进行出站通信。Public IP addresses also enable Azure resources to communicate outbound to public-facing Azure services. 在这两种方案中,为分配给正在访问的资源的 IP 地址。In both scenarios, an IP address assigned to the resource being accessed. 此地址专门用于该资源,直到你对其取消分配。The address is dedicated to the resource until you unassign it. 如果未将资源分配给公共 IP 地址,则资源仍可以通过 Internet 进行出站通信。If a public IP address isn't assigned to a resource, the resource can still communicate outbound to the Internet. 此连接通过 Azure 动态分配可用的 IP 地址进行创建。The connection is made by Azure dynamically assigning an available IP address. 动态分配的地址不专用于该资源。The dynamically assigned address isn't dedicated to the resource.

以下示例 Ansible playbook 部分创建名为 myPublicIP 的公共 IP 地址:The following sample Ansible playbook section creates a public IP address named myPublicIP:

- name: Create public IP address
  azure_rm_publicipaddress:
    resource_group: myResourceGroup
    allocation_method: Static
    name: myPublicIP

创建网络安全组Create a network security group

网络安全组筛选虚拟网络中 Azure 资源之间的网络流量。Network security groups filter network traffic between Azure resources in a virtual network. 定义安全规则,用于管理进出 Azure 资源的入站和出站流量。Security Rules are defined that govern inbound and outbound traffic to and from Azure resources. 有关 Azure 资源和网络安全组的详细信息,请参阅 Azure 服务的虚拟网络集成For more information about Azure resources and network security groups, see Virtual network integration for Azure services

以下 playbook 创建名为 myNetworkSecurityGroup 的网络安全组。The following playbook creates a network security group named myNetworkSecurityGroup. 网络安全组包括一条规则,允许 TCP 端口 22 上的 SSH 流量。The network security group includes a rule that allows SSH traffic on TCP port 22.

- name: Create Network Security Group that allows SSH
  azure_rm_securitygroup:
    resource_group: myResourceGroup
    name: myNetworkSecurityGroup
    rules:
      - name: SSH
        protocol: Tcp
        destination_port_range: 22
        access: Allow
        priority: 1001
        direction: Inbound

创建虚拟网络接口卡Create a virtual network interface card

虚拟网络接口卡将虚拟机连接到规定的虚拟网络、公共 IP 地址和网络安全组。A virtual network interface card connects your virtual machine to a given virtual network, public IP address, and network security group.

示例 Ansible playbook 部分中的以下部分创建名为 myNIC 的虚拟网络接口卡,该卡连接到已创建的虚拟网络资源:The following section in a sample Ansible playbook section creates a virtual network interface card named myNIC connected to the virtual networking resources you've created:

- name: Create virtual network interface card
  azure_rm_networkinterface:
    resource_group: myResourceGroup
    name: myNIC
    virtual_network: myVnet
    subnet: mySubnet
    public_ip_name: myPublicIP
    security_group: myNetworkSecurityGroup

创建虚拟机Create a virtual machine

最后一步是创建虚拟机,该虚拟机使用在本文的前述部分创建的所有资源。The final step is to create a virtual machine that uses all the resources you've created in the previous sections of this article.

在此部分提供的示例 Ansible playbook 部分创建名为 myVM 的虚拟机,并附加名为 myNIC 的虚拟网络接口卡。The sample Ansible playbook section presented in this section creates a virtual machine named myVM and attaches the virtual network interface card named myNIC. 将 <your-key-data> 占位符替换为你自己的完整公钥数据。Replace the <your-key-data> placeholder with your own complete public key data.

- name: Create VM
  azure_rm_virtualmachine:
    resource_group: myResourceGroup
    name: myVM
    vm_size: Standard_DS1_v2
    admin_username: azureuser
    ssh_password_enabled: false
    ssh_public_keys:
      - path: /home/azureuser/.ssh/authorized_keys
        key_data: <your-key-data>
    network_interfaces: myNIC
    image:
      offer: CentOS
      publisher: OpenLogic
      sku: '7.5'
      version: latest

完整的示例 Ansible playbookComplete sample Ansible playbook

此部分列出在本文中从头至尾生成的整个示例 Ansible playbook。This section lists the entire sample Ansible playbook that you've built up over the course of this article.

- name: Create Azure VM
  hosts: localhost
  connection: local
  tasks:
  - name: Create resource group
    azure_rm_resourcegroup:
      name: myResourceGroup
      location: eastus
  - name: Create virtual network
    azure_rm_virtualnetwork:
      resource_group: myResourceGroup
      name: myVnet
      address_prefixes: "10.0.0.0/16"
  - name: Add subnet
    azure_rm_subnet:
      resource_group: myResourceGroup
      name: mySubnet
      address_prefix: "10.0.1.0/24"
      virtual_network: myVnet
  - name: Create public IP address
    azure_rm_publicipaddress:
      resource_group: myResourceGroup
      allocation_method: Static
      name: myPublicIP
    register: output_ip_address
  - name: Dump public IP for VM which will be created
    debug:
      msg: "The public IP is {{ output_ip_address.state.ip_address }}."
  - name: Create Network Security Group that allows SSH
    azure_rm_securitygroup:
      resource_group: myResourceGroup
      name: myNetworkSecurityGroup
      rules:
        - name: SSH
          protocol: Tcp
          destination_port_range: 22
          access: Allow
          priority: 1001
          direction: Inbound
  - name: Create virtual network interface card
    azure_rm_networkinterface:
      resource_group: myResourceGroup
      name: myNIC
      virtual_network: myVnet
      subnet: mySubnet
      public_ip_name: myPublicIP
      security_group: myNetworkSecurityGroup
  - name: Create VM
    azure_rm_virtualmachine:
      resource_group: myResourceGroup
      name: myVM
      vm_size: Standard_DS1_v2
      admin_username: azureuser
      ssh_password_enabled: false
      ssh_public_keys:
        - path: /home/azureuser/.ssh/authorized_keys
          key_data: <your-key-data>
      network_interfaces: myNIC
      image:
        offer: CentOS
        publisher: OpenLogic
        sku: '7.5'
        version: latest

运行示例 Ansible playbookRun the sample Ansible playbook

此部分详述如何运行在本文中提供的示例 Ansible playbook。This section walks you through running the sample Ansible playbook presented in this article.

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 打开 Cloud ShellOpen Cloud Shell.

  3. 创建名为 azure_create_complete_vm.yml 的文件(用于包含 playbook)并在 VI 编辑器中将其打开,如下所示:Create a file (to contain your playbook) named azure_create_complete_vm.yml, and open it in the VI editor, as follows:

    vi azure_create_complete_vm.yml
    
  4. I 键进入插入模式。Enter insert mode by selecting the I key.

  5. 完整的示例 Ansible playbook 粘贴到编辑器中。Paste the complete sample Ansible playbook into the editor.

  6. Esc 键退出插入模式。Exit insert mode by selecting the Esc key.

  7. 保存文件,然后输入以下命令退出 vi 编辑器:Save the file and exit the vi editor by entering the following command:

    :wq
    
  8. 运行示例 Ansible playbook。Run the sample Ansible playbook.

    ansible-playbook azure_create_complete_vm.yml
    
  9. 输出如下所示,其中可以看到虚拟机已成功创建:The output looks similar to the following where you can see that a virtual machine has been successfully created:

    PLAY [Create Azure VM] ****************************************************
    
    TASK [Gathering Facts] ****************************************************
    ok: [localhost]
    
    TASK [Create resource group] *********************************************
    changed: [localhost]
    
    TASK [Create virtual network] *********************************************
    changed: [localhost]
    
    TASK [Add subnet] *********************************************************
    changed: [localhost]
    
    TASK [Create public IP address] *******************************************
    changed: [localhost]
    
    TASK [Dump public IP for VM which will be created] ********************************************************************
    ok: [localhost] => {
       "msg": "The public IP is <ip-address>."
    }
    
    TASK [Create Network Security Group that allows SSH] **********************
    changed: [localhost]
    
    TASK [Create virtual network interface card] *******************************
    changed: [localhost]
    
    TASK [Create VM] **********************************************************
    changed: [localhost]
    
    PLAY RECAP ****************************************************************
    localhost                  : ok=8    changed=7    unreachable=0    failed=0
    
  10. SSH 命令用于访问 Linux VM。The SSH command is used to access your Linux VM. 将 <ip-address> 占位符替换为上一步骤中的 IP 地址。Replace the <ip-address> placeholder with the IP address from the previous step.

    ssh azureuser@<ip-address>
    

后续步骤Next steps