Azure CLI 脚本示例:对传入 VM 的流量进行负载均衡以实现高可用性Azure CLI script example: Load balance traffic to VMs for high availability

本 Azure CLI 脚本示例创建运行多个 Ubuntu 虚拟机(使用高度可用且负载均衡的配置进行配置)所需的所有项。This Azure CLI script example creates everything needed to run several Ubuntu virtual machines configured in a highly available and load balanced configuration. 运行脚本后,即可拥有已加入到 Azure 可用性集并可通过 Azure 负载均衡器访问的 3 个虚拟机。After running the script, you will have three virtual machines, joined to an Azure Availability Set, and accessible through an Azure Load Balancer.

若要运行此示例,请安装最新版本的 Azure CLITo run this sample, install the latest version of the Azure CLI. 若要开始,请运行 az login 以创建与 Azure 的连接。To start, run az login to create a connection with Azure.

适用于 Azure CLI 的示例是针对 bash shell 编写的。Samples for the Azure CLI are written for the bash shell. 若要在 Windows PowerShell 或命令提示符中运行此示例,可能需要更改脚本的元素。To run this sample in Windows PowerShell or Command Prompt, you may need to change elements of the script.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

示例脚本Sample script

#!/bin/bash

# Create a resource group.
az group create --name myResourceGroup --location chinanorth

# Create a virtual network.
az network vnet create --resource-group myResourceGroup --location chinanorth --name myVnet --subnet-name mySubnet

# Create a public IP address.
az network public-ip create --resource-group myResourceGroup --name myPublicIP

# Create an Azure Load Balancer.
az network lb create --resource-group myResourceGroup --name myLoadBalancer --public-ip-address myPublicIP \
  --frontend-ip-name myFrontEndPool --backend-pool-name myBackEndPool

# Creates an LB probe on port 80.
az network lb probe create --resource-group myResourceGroup --lb-name myLoadBalancer \
  --name myHealthProbe --protocol tcp --port 80

# Creates an LB rule for port 80.
az network lb rule create --resource-group myResourceGroup --lb-name myLoadBalancer --name myLoadBalancerRuleWeb \
  --protocol tcp --frontend-port 80 --backend-port 80 --frontend-ip-name myFrontEndPool \
  --backend-pool-name myBackEndPool --probe-name myHealthProbe

# Create three NAT rules for port 22.
for i in `seq 1 3`; do
  az network lb inbound-nat-rule create \
    --resource-group myResourceGroup --lb-name myLoadBalancer \
    --name myLoadBalancerRuleSSH$i --protocol tcp \
    --frontend-port 422$i --backend-port 22 \
    --frontend-ip-name myFrontEndPool
done

# Create a network security group
az network nsg create --resource-group myResourceGroup --name myNetworkSecurityGroup

# Create a network security group rule for port 22.
az network nsg rule create --resource-group myResourceGroup --nsg-name myNetworkSecurityGroup --name myNetworkSecurityGroupRuleSSH \
  --protocol tcp --direction inbound --source-address-prefix '*' --source-port-range '*'  \
  --destination-address-prefix '*' --destination-port-range 22 --access allow --priority 1000

# Create a network security group rule for port 80.
az network nsg rule create --resource-group myResourceGroup --nsg-name myNetworkSecurityGroup --name myNetworkSecurityGroupRuleHTTP \
--protocol tcp --direction inbound --priority 1001 --source-address-prefix '*' --source-port-range '*' \
--destination-address-prefix '*' --destination-port-range 80 --access allow --priority 2000

# Create three virtual network cards and associate with public IP address and NSG.
for i in `seq 1 3`; do
  az network nic create \
    --resource-group myResourceGroup --name myNic$i \
    --vnet-name myVnet --subnet mySubnet \
    --network-security-group myNetworkSecurityGroup --lb-name myLoadBalancer \
    --lb-address-pools myBackEndPool --lb-inbound-nat-rules myLoadBalancerRuleSSH$i
done

# Create an availability set.
az vm availability-set create --resource-group myResourceGroup --name myAvailabilitySet --platform-fault-domain-count 3 --platform-update-domain-count 3

# Create three virtual machines, this creates SSH keys if not present.
for i in `seq 1 3`; do
  az vm create \
    --resource-group myResourceGroup \
    --name myVM$i \
    --availability-set myAvailabilitySet \
    --nics myNic$i \
    --image UbuntuLTS \
    --generate-ssh-keys \
    --no-wait
done

清理部署Clean up deployment

运行以下命令来删除资源组、VM 和所有相关资源。Run the following command to remove the resource group, VM, and all related resources.

az group delete --name myResourceGroup

脚本说明Script explanation

此脚本使用以下命令创建资源组、虚拟机、可用性集、负载均衡器和所有相关资源。This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. 表中的每条命令均链接到特定于命令的文档。Each command in the table links to command specific documentation.

CommandCommand 说明Notes
az group createaz group create 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
az network vnet createaz network vnet create 创建 Azure 虚拟网络和子网。Creates an Azure virtual network and subnet.
az network public-ip createaz network public-ip create 使用静态 IP 地址和关联的 DNS 名称创建公共 IP 地址。Creates a public IP address with a static IP address and an associated DNS name.
az network lb createaz network lb create 创建 Azure 负载均衡器。Creates an Azure load balancer.
az network lb probe createaz network lb probe create 创建负载均衡器探测。Creates a load balancer probe. 负载均衡器探测用于监视负载均衡器集中的每个 VM。A load balancer probe is used to monitor each VM in the load balancer set. 如果任何 VM 无法访问,流量将不会路由到该 VM。If any VM becomes inaccessible, traffic is not routed to the VM.
az network lb rule createaz network lb rule create 创建负载均衡器规则。Creates a load balancer rule. 在此示例中,将为端口 80 创建一个规则。In this sample, a rule is created for port 80. 当 HTTP 流量到达负载均衡器时,它会路由到 LB 集中某个 VM 的端口 80。As HTTP traffic arrives at the load balancer, it is routed to port 80 one of the VMs in the LB set.
az network lb inbound-nat-rule createaz network lb inbound-nat-rule create 创建负载均衡器网络地址转换 (NAT) 规则。Creates load balancer Network Address Translation (NAT) rule. NAT 规则将负载均衡器的端口映射到 VM 上的端口。NAT rules map a port of the load balancer to a port on a VM. 在本示例中,将为发往负载均衡器集中的每个 VM 的 SSH 流量创建 NAT 规则。In this sample, a NAT rule is created for SSH traffic to each VM in the load balancer set.
az network nsg createaz network nsg create 创建网络安全组 (NSG),这是 Internet 和虚拟机之间的安全边界。Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine.
az network nsg rule createaz network nsg rule create 创建 NSG 规则以允许入站流量。Creates an NSG rule to allow inbound traffic. 在此示例中,将为 SSH 流量打开端口 22。In this sample, port 22 is opened for SSH traffic.
az network nic createaz network nic create 创建虚拟网卡并将其连接到虚拟网络、子网和 NSG。Creates a virtual network card and attaches it to the virtual network, subnet, and NSG.
az vm availability-set createaz vm availability-set create 创建可用性集。Creates an availability set. 可用性集通过将虚拟机分布到各个物理资源上(以便发生故障时,不会影响整个集)来确保应用程序运行时间。Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set is not effected.
az vm createaz vm create 创建虚拟机并将其连接到网卡、虚拟网络、子网和 NSG。Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. 此命令还指定要使用的虚拟机映像和管理凭据。This command also specifies the virtual machine image to be used and administrative credentials.
az group deleteaz group delete 删除资源组,包括所有嵌套的资源。Deletes a resource group including all nested resources.

后续步骤Next steps

有关 Azure CLI 的详细信息,请参阅 Azure CLI 文档For more information on the Azure CLI, see Azure CLI documentation.

可在 Azure 网络文档中找到其他 Azure 网络 CLI 脚本示例。Additional Azure Networking CLI script samples can be found in the Azure Networking documentation.