Azure PowerShell 脚本示例:对传入 VM 的流量进行负载均衡以实现高可用性Azure PowerShell script example: Load balance traffic to VMs for high availability

本 Azure PowerShell 脚本示例创建运行多个 Windows 虚拟机(使用高度可用且负载均衡的配置进行配置)所需的所有项。This Azure PowerShell script example creates everything needed to run several Windows virtual machines configured in a highly available and load balanced configuration. 运行脚本后,即可拥有已加入到 Azure 可用性集并可通过 Azure 负载均衡器访问的 3 个虚拟机。After running the script, you will have three virtual machines, joined to an Azure Availability Set, and accessible through an Azure Load Balancer.

必要时,请使用 Azure PowerShell 指南中的说明安装 Azure PowerShell,并运行 Connect-AzAccount -Environment AzureChinaCloud 创建与 Azure 的连接。If needed, install the Azure PowerShell using the instruction found in the Azure PowerShell guide, and then run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

示例脚本Sample script

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

# Variables for common values
$rgName='MyResourceGroup'
$location='chinaeast'

# Create user object
$cred = Get-Credential -Message 'Enter a username and password for the virtual machine.'

# Create a resource group.
New-AzResourceGroup -Name $rgName -Location $location

# Create a virtual network.
$subnet = New-AzVirtualNetworkSubnetConfig -Name 'MySubnet' -AddressPrefix 192.168.1.0/24

$vnet = New-AzVirtualNetwork -ResourceGroupName $rgName -Name 'MyVnet' `
  -AddressPrefix 192.168.0.0/16 -Location $location -Subnet $subnet

# Create a public IP address.
$publicIp = New-AzPublicIpAddress -ResourceGroupName $rgName -Name 'myPublicIP' `
  -Location $location -AllocationMethod Dynamic

# Create a front-end IP configuration for the website.
$feip = New-AzLoadBalancerFrontendIpConfig -Name 'myFrontEndPool' -PublicIpAddress $publicIp

# Create the back-end address pool.
$bepool = New-AzLoadBalancerBackendAddressPoolConfig -Name 'myBackEndPool'

# Creates a load balancer probe on port 80.
$probe = New-AzLoadBalancerProbeConfig -Name 'myHealthProbe' -Protocol Http -Port 80 `
  -RequestPath / -IntervalInSeconds 360 -ProbeCount 5

# Creates a load balancer rule for port 80.
$rule = New-AzLoadBalancerRuleConfig -Name 'myLoadBalancerRuleWeb' -Protocol Tcp `
  -Probe $probe -FrontendPort 80 -BackendPort 80 `
  -FrontendIpConfiguration $feip -BackendAddressPool $bePool

# Create three NAT rules for port 3389.
$natrule1 = New-AzLoadBalancerInboundNatRuleConfig -Name 'myLoadBalancerRDP1' -FrontendIpConfiguration $feip `
  -Protocol tcp -FrontendPort 4221 -BackendPort 3389

$natrule2 = New-AzLoadBalancerInboundNatRuleConfig -Name 'myLoadBalancerRDP2' -FrontendIpConfiguration $feip `
  -Protocol tcp -FrontendPort 4222 -BackendPort 3389

$natrule3 = New-AzLoadBalancerInboundNatRuleConfig -Name 'myLoadBalancerRDP3' -FrontendIpConfiguration $feip `
  -Protocol tcp -FrontendPort 4223 -BackendPort 3389

# Create a load balancer.
$lb = New-AzLoadBalancer -ResourceGroupName $rgName -Name 'MyLoadBalancer' -Location $location `
  -FrontendIpConfiguration $feip -BackendAddressPool $bepool `
  -Probe $probe -LoadBalancingRule $rule -InboundNatRule $natrule1,$natrule2,$natrule3

# Create a network security group rule for port 3389.
$rule1 = New-AzNetworkSecurityRuleConfig -Name 'myNetworkSecurityGroupRuleRDP' -Description 'Allow RDP' `
  -Access Allow -Protocol Tcp -Direction Inbound -Priority 1000 `
  -SourceAddressPrefix Internet -SourcePortRange * `
  -DestinationAddressPrefix * -DestinationPortRange 3389

# Create a network security group rule for port 80.
$rule2 = New-AzNetworkSecurityRuleConfig -Name 'myNetworkSecurityGroupRuleHTTP' -Description 'Allow HTTP' `
  -Access Allow -Protocol Tcp -Direction Inbound -Priority 2000 `
  -SourceAddressPrefix Internet -SourcePortRange * `
  -DestinationAddressPrefix * -DestinationPortRange 80

# Create a network security group
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $RgName -Location $location `
-Name 'myNetworkSecurityGroup' -SecurityRules $rule1,$rule2

# Create three virtual network cards and associate with public IP address and NSG.
$nicVM1 = New-AzNetworkInterface -ResourceGroupName $rgName -Location $location `
  -Name 'MyNic1' -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg `
  -LoadBalancerInboundNatRule $natrule1 -Subnet $vnet.Subnets[0]

$nicVM2 = New-AzNetworkInterface -ResourceGroupName $rgName -Location $location `
  -Name 'MyNic2' -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg `
  -LoadBalancerInboundNatRule $natrule2 -Subnet $vnet.Subnets[0]

$nicVM3 = New-AzNetworkInterface -ResourceGroupName $rgName -Location $location `
  -Name 'MyNic3' -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg `
  -LoadBalancerInboundNatRule $natrule3 -Subnet $vnet.Subnets[0]

# Create an availability set.
$as = New-AzAvailabilitySet -ResourceGroupName $rgName -Location $location `
  -Name 'MyAvailabilitySet' -Sku Aligned -PlatformFaultDomainCount 3 -PlatformUpdateDomainCount 3

# Create three virtual machines.

# ############## VM1 ###############

# Create a virtual machine configuration
$vmConfig = New-AzVMConfig -VMName 'myVM1' -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
  Set-AzVMOperatingSystem -Windows -ComputerName 'myVM1' -Credential $cred | `
  Set-AzVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
  -Skus 2016-Datacenter -Version latest | Add-AzVMNetworkInterface -Id $nicVM1.Id

# Create a virtual machine
$vm1 = New-AzVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

# ############## VM2 ###############

# Create a virtual machine configuration
$vmConfig = New-AzVMConfig -VMName 'myVM2' -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
  Set-AzVMOperatingSystem -Windows -ComputerName 'myVM2' -Credential $cred | `
  Set-AzVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
  -Skus 2016-Datacenter -Version latest | Add-AzVMNetworkInterface -Id $nicVM2.Id

# Create a virtual machine
$vm2 = New-AzVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

# ############## VM3 ###############

# Create a virtual machine configuration
$vmConfig = New-AzVMConfig -VMName 'myVM3' -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
  Set-AzVMOperatingSystem -Windows -ComputerName 'myVM3' -Credential $cred | `
  Set-AzVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
  -Skus 2016-Datacenter -Version latest | Add-AzVMNetworkInterface -Id $nicVM3.Id

# Create a virtual machine
$vm3 = New-AzVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

清理部署Clean up deployment

运行以下命令来删除资源组、VM 和所有相关资源。Run the following command to remove the resource group, VM, and all related resources.

Remove-AzResourceGroup -Name myResourceGroup

脚本说明Script explanation

此脚本使用以下命令创建资源组、虚拟机、可用性集、负载均衡器和所有相关资源。This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. 表中的每条命令均链接到特定于命令的文档。Each command in the table links to command specific documentation.

CommandCommand 说明Notes
New-AzResourceGroupNew-AzResourceGroup 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
New-AzVirtualNetworkSubnetConfigNew-AzVirtualNetworkSubnetConfig 创建子网配置。Creates a subnet configuration. 在虚拟网络创建过程中将使用此配置。This configuration is used with the virtual network creation process.
New-AzVirtualNetworkNew-AzVirtualNetwork 创建 Azure 虚拟网络和子网。Creates an Azure virtual network and subnet.
New-AzPublicIpAddressNew-AzPublicIpAddress 使用静态 IP 地址和关联的 DNS 名称创建公共 IP 地址。Creates a public IP address with a static IP address and an associated DNS name.
New-AzLoadBalancerNew-AzLoadBalancer 创建 Azure 负载均衡器。Creates an Azure load balancer.
New-AzLoadBalancerProbeConfigNew-AzLoadBalancerProbeConfig 创建负载均衡器探测。Creates a load balancer probe. 负载均衡器探测用于监视负载均衡器集中的每个 VM。A load balancer probe is used to monitor each VM in the load balancer set. 如果任何 VM 无法访问,流量将不会路由到该 VM。If any VM becomes inaccessible, traffic is not routed to the VM.
New-AzLoadBalancerRuleConfigNew-AzLoadBalancerRuleConfig 创建负载均衡器规则。Creates an load balancer rule. 在此示例中,将为端口 80 创建一个规则。In this sample, a rule is created for port 80. 当 HTTP 流量到达负载均衡器时,它会路由到负载均衡器集中某个 VM 的端口 80。As HTTP traffic arrives at the load balancer, it is routed to port 80 one of the VMs in the load balancer set.
New-AzLoadBalancerInboundNatRuleConfigNew-AzLoadBalancerInboundNatRuleConfig 创建负载均衡器网络地址转换 (NAT) 规则。Creates a load balancer Network Address Translation (NAT) rule. NAT 规则将负载均衡器的端口映射到 VM 上的端口。NAT rules map a port of the load balancer to a port on a VM. 在本示例中,将为发往负载均衡器集中的每个 VM 的 SSH 流量创建 NAT 规则。In this sample, a NAT rule is created for SSH traffic to each VM in the load balancer set.
New-AzNetworkSecurityGroupNew-AzNetworkSecurityGroup 创建网络安全组 (NSG),这是 Internet 和虚拟机之间的安全边界。Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine.
New-AzNetworkSecurityRuleConfigNew-AzNetworkSecurityRuleConfig 创建 NSG 规则以允许入站流量。Creates an NSG rule to allow inbound traffic. 在此示例中,将为 SSH 流量打开端口 22。In this sample, port 22 is opened for SSH traffic.
New-AzNetworkInterfaceNew-AzNetworkInterface 创建虚拟网卡并将其连接到虚拟网络、子网和 NSG。Creates a virtual network card and attaches it to the virtual network, subnet, and NSG.
New-AzAvailabilitySetNew-AzAvailabilitySet 创建可用性集。Creates an availability set. 可用性集通过将虚拟机分布到各个物理资源上(以便发生故障时,不会影响整个集)来确保应用程序运行时间。Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set is not effected.
New-AzVMConfigNew-AzVMConfig 创建 VM 配置。Creates a VM configuration. 此配置包括 VM 名称、操作系统和管理凭据等信息。This configuration includes information such as VM name, operating system, and administrative credentials. 在创建 VM 期间将使用此配置。The configuration is used during VM creation.
New-AzVMNew-AzVM 创建虚拟机并将其连接到网卡、虚拟网络、子网和 NSG。Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. 此命令还指定要使用的虚拟机映像和管理凭据。This command also specifies the virtual machine image to be used and administrative credentials.
Remove-AzResourceGroupRemove-AzResourceGroup 删除资源组,包括所有嵌套的资源。Deletes a resource group including all nested resources.

后续步骤Next steps

有关 Azure PowerShell 的详细信息,请参阅 Azure PowerShell 文档For more information on the Azure PowerShell, see Azure PowerShell documentation.

可在 Azure 网络概述文档中找到其他网络 PowerShell 脚本示例。Additional networking PowerShell script samples can be found in the Azure Networking Overview documentation.