使用 Terraform 方案部署 VMware Windows 虛擬機器,並將其連線到 Azure ArcUse a Terraform plan to deploy a VMware Windows virtual machine and connect it to Azure Arc

本文提供指導方針,說明如何使用提供的 Terraform 方案來部署 Windows Server、VMware vSphere 虛擬機器,並將其連線為啟用 Azure Arc 的伺服器資源。This article provides guidance for using the provided Terraform plan to deploy a Windows Server, VMware vSphere virtual machine and connect it as an Azure Arc enabled server resource.

必要條件Prerequisites

  1. 複製 Azure Arc Jumpstart 存放庫。Clone the Azure Arc Jumpstart repository.

    git clone https://github.com/microsoft/azure_arc.git
    
  2. 安裝或更新 AZURE CLI 至2.7 版或更新版本Install or update Azure CLI to version 2.7 and above. 使用下列命令來檢查您目前安裝的版本。Use the following command to check your current installed version.

    az --version
    
  3. 安裝 Terraform >= 0.12Install Terraform >= 0.12

  4. VMware vCenter Server 使用者,具有從 vSphere web 用戶端的範本部署虛擬機器的 許可權A VMware vCenter Server user with permissions to deploy a virtual machine from a template in the vSphere web client.

  5. 建立 Azure 服務主體。Create an Azure service principal.

    若要將 VMware vSphere 虛擬機器連線到 Azure Arc,需要有指派「參與者」角色的 Azure 服務主體。To connect the VMware vSphere virtual machine to Azure Arc, an Azure service principal assigned with the Contributor role is required. 若要建立它,請登入您的 Azure 帳戶,然後執行下列命令。To create it, sign in to your Azure account and run the following command. 您也可以在 Azure Cloud Shell中執行此命令。You can also run this command in Azure Cloud Shell.

    az login
    az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor
    

    例如:For example:

    az ad sp create-for-rbac -n "http://AzureArcServers" --role contributor
    

    輸出應該看起來像這樣︰Output should look like this:

    {
      "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "displayName": "AzureArcServers",
      "name": "http://AzureArcServers",
      "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    注意

    強烈建議您將服務主體的範圍設為特定的 Azure 訂用帳戶和資源群組We highly recommend that you scope the service principal to a specific Azure subscription and resource group.

準備 Windows Server VMware vSphere VM 範本Prepare a Windows Server VMware vSphere VM template

在使用本指南來部署 Windows Server VM 並將它連線到 Azure Arc 之前,需要 VMware vSphere 範本。Before using this guidance to deploy a Windows Server VM and connect it to Azure Arc, a VMware vSphere template is required. 您可以 使用 VMware vSphere 6.5 和更新版本輕鬆地建立這類範本You can easily create such a template using VMware vSphere 6.5 and above.

Terraform 計畫使用的布建程式,會 remote-exec 使用 WinRM 通訊協定來複製及執行所需的 Azure Arc 腳本。若要允許對 VM 的 WinRM 連線,請 allow_winrm 先在您的 vm 上執行 PowerShell 腳本,再將其轉換為範本。The Terraform plan used the remote-exec provisioner which uses the WinRM protocol to copy and execute the required Azure Arc script. To allow WinRM connectivity to the VM, run the allow_winrm PowerShell script on your VM before converting it to template.

注意

如果您已經有 Windows Server VM 範本,仍建議使用本指南作為參考。If you already have a Windows Server VM template it is still recommended to use the guide as a reference.

部署Deployment

執行 Terraform 計畫之前,您必須先設定計劃將使用的環境變數。Before executing the Terraform plan, you must set the environment variables which will be used by the plan. 這些變數是根據您剛才建立的 Azure 服務主體、您的 Azure 訂用帳戶和租使用者,以及 VMware vSphere 認證。These variables are based on the Azure service principal you've just created, your Azure subscription and tenant, and your VMware vSphere credentials.

  1. 使用命令取出您的 Azure 訂用帳戶識別碼和租使用者識別碼 az account listRetrieve your Azure subscription ID and tenant ID using the az account list command.

  2. Terraform 方案會在 Microsoft Azure 和 VMware vSphere 中建立資源。The Terraform plan creates resources in both Microsoft Azure and VMware vSphere. 然後,它會在虛擬機器上執行腳本,以安裝 Azure Arc 代理程式和所有必要的構件。It then executes a script on the virtual machine to install the Azure Arc agent and all necessary artifacts. 此腳本需要有關 VMware vSphere 和 Azure 環境的特定資訊。This script requires certain information about your VMware vSphere and Azure environments. scripts/vars.sh使用適當的值編輯和更新每個變數。Edit scripts/vars.sh and update each of the variables with the appropriate values.

    • TF_VAR_subscription_id = 您的 Azure 訂用帳戶識別碼TF_VAR_subscription_id = Your Azure subscription ID
    • TF_VAR_client_id = 您的 Azure 服務主體名稱TF_VAR_client_id = Your Azure service principal name
    • TF_VAR_client_secret = 您的 Azure 服務主體密碼TF_VAR_client_secret = Your Azure service principal password
    • TF_VAR_tenant_id = 您的 Azure 租使用者識別碼TF_VAR_tenant_id = Your Azure tenant ID
    • TF_VAR_resourceGroup = Azure 資源組名TF_VAR_resourceGroup = Azure resource group name
    • TF_VAR_location = Azure 區域TF_VAR_location = Azure Region
    • TF_VAR_vsphere_user = vCenter 系統管理員使用者名稱TF_VAR_vsphere_user = vCenter Admin Username
    • TF_VAR_vsphere_password = vCenter 管理員密碼TF_VAR_vsphere_password = vCenter Admin Password
    • TF_VAR_vsphere_server = vCenter server FQDN/IPTF_VAR_vsphere_server = vCenter server FQDN/IP
    • TF_VAR_admin_user = 操作系統管理員使用者名稱TF_VAR_admin_user = OS Admin Username
    • TF_VAR_admin_password = 操作系統管理員密碼TF_VAR_admin_password = OS Admin Password
  3. 從 CLI 流覽至複製的存放庫 azure_arc_servers_jumpstart/vmware/winsrv/terraform 目錄。From CLI, navigate to the azure_arc_servers_jumpstart/vmware/winsrv/terraform directory of the cloned repo.

  4. 使用 source 命令來匯出您所編輯的環境變數, scripts/vars.sh 如下所示。Export the environment variables you edited by running scripts/vars.sh with the source command as shown below. Terraform 需要設定這些設定,才能讓計畫正常執行。Terraform requires these to be set for the plan to execute properly. 請注意,此腳本也會在 Terraform 部署時,在虛擬機器上遠端執行。Note that this script will also be automatically executed remotely on the virtual machine as part of the Terraform deployment.

    source ./scripts/vars.sh
    
  5. 除了 TF_VAR 您剛才匯出的環境變數之外,您還可以在中編輯 Terraform 變數, terraform.tfvars 以符合您的 VMware vSphere 環境。In addition to the TF_VAR environment variables you've just exported, edit the Terraform variables in the terraform.tfvars to match your VMware vSphere environment.

    「TF_VAR」環境變數的螢幕擷取畫面

  6. 執行 terraform init 命令,此命令會下載 Terraform AzureRM、local 和 vSphere 提供者。Run the terraform init command which will download the Terraform AzureRM, local and vSphere providers.

    ' Terraform init ' 命令的螢幕擷取畫面。

  7. 執行 terraform apply --auto-approve 命令,並等候計畫完成。Run the terraform apply --auto-approve command and wait for the plan to finish. Terraform 部署完成後,新的 Windows Server VM 將會啟動並執行,而且會在新建立的 Azure 資源群組中投影為 Azure Arc 伺服器資源。Once the Terraform deployment is completed, a new Windows Server VM will be up and running and will be projected as an Azure Arc server resource in a newly created Azure resource group.

    [Terraform apply] 已完成的螢幕擷取畫面。

    新 VMware vSphere Windows Server 虛擬機器的螢幕擷取畫面。

    Azure 資源群組中已啟用 Azure Arc 之伺服器的螢幕擷取畫面。

    Azure 資源群組中已啟用 Azure Arc 之伺服器的另一個螢幕擷取畫面。

刪除部署Delete the deployment

  • 最直接的方法是透過 Azure 入口網站刪除 Azure Arc 資源,直接選取資源並將其刪除。The most straightforward way is to delete the Azure Arc resource via the Azure portal, just select the resource and delete it. 此外,也請刪除 VMware vSphere VM。In addition, delete the VMware vSphere VM.

    已刪除且已啟用 Azure Arc 之伺服器的螢幕擷取畫面。

  • 如果您以手動方式刪除實例,則您也應該刪除 install_arc_agent.ps1 Terraform 方案所建立的。If you delete the instance manually, then you should also delete install_arc_agent.ps1, which is created by the Terraform plan.

  • 如果您想要卸載整個環境,請使用如下 terraform destroy --auto-approve 所示的命令。If you want to tear down the entire environment, use the terraform destroy --auto-approve command as shown below.

    [Terraform 終結] 命令的螢幕擷取畫面。