快速入门:使用 PowerShell 在 Azure 中创建 Linux 虚拟机Quickstart: Create a Linux virtual machine in Azure with PowerShell

Azure PowerShell 模块用于从 PowerShell 命令行或脚本创建和管理 Azure 资源。The Azure PowerShell module is used to create and manage Azure resources from the PowerShell command line or in scripts. 本快速入门展示了如何使用 Azure PowerShell 模块在 Azure 中部署 Linux 虚拟机 (VM)。This quickstart shows you how to use the Azure PowerShell module to deploy a Linux virtual machine (VM) in Azure. 本快速入门使用 Canonical 提供的 Ubuntu 18.04 LTS 市场映像。This quickstart uses the Ubuntu 18.04 LTS marketplace image from Canonical. 若要查看运行中的 VM,也可以通过 SSH 登录到该 VM 并安装 NGINX Web 服务器。To see your VM in action, you'll also SSH to the VM and install the NGINX web server.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

启动 Azure 本地 ShellLaunch Azure local Shell

若要在本地安装和使用 PowerShell,请运行 Get-Module -ListAvailable Az.* 以查找版本。If you want to install and use the PowerShell locally, Run Get-Module -ListAvailable Az.* to find the version. 如果在本地运行 PowerShell,则还需运行 Connect-AzAccount -Environment AzureChinaCloud 来创建与 Azure 的连接。If you are running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

创建 SSH 密钥对Create SSH key pair

使用 ssh-keygen 创建 SSH 密钥对。Use ssh-keygen to create an SSH key pair. 如果已有一个 SSH 密钥对,则可以跳过此步骤。If you already have an SSH key pair, you can skip this step.

ssh-keygen -m PEM -t rsa -b 4096

系统会提示为密钥对提供文件名,也可以点击 Enter 以使用 /home/<username>/.ssh/id_rsa 默认位置。You will be prompted to provide a filename for the key pair or you can hit Enter to use the default location of /home/<username>/.ssh/id_rsa. 如果需要,还能够为密钥创建密码。You will also be able to create a password for the keys, if you like.

有关如何创建 SSH 密钥对的更多详细信息,请参阅如何将 SSH 密钥与 Windows 配合使用For more detailed information on how to create SSH key pairs, see How to use SSH keys with Windows.

创建资源组Create a resource group

使用 New-AzResourceGroup 创建 Azure 资源组。Create an Azure resource group with New-AzResourceGroup. 资源组是在其中部署和管理 Azure 资源的逻辑容器:A resource group is a logical container into which Azure resources are deployed and managed:

New-AzResourceGroup -Name "myResourceGroup" -Location "ChinaEast2"

创建虚拟网络资源Create virtual network resources

创建虚拟网络、子网和公共 IP 地址。Create a virtual network, subnet, and a public IP address. 这些资源用来与 VM 建立网络连接,以及将其连接到 Internet:These resources are used to provide network connectivity to the VM and connect it to the internet:

# Create a subnet configuration
$subnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name "mySubnet" `
  -AddressPrefix 192.168.1.0/24

# Create a virtual network
$vnet = New-AzVirtualNetwork `
  -ResourceGroupName "myResourceGroup" `
  -Location "ChinaEast2" `
  -Name "myVNET" `
  -AddressPrefix 192.168.0.0/16 `
  -Subnet $subnetConfig

# Create a public IP address and specify a DNS name
$pip = New-AzPublicIpAddress `
  -ResourceGroupName "myResourceGroup" `
  -Location "ChinaEast2" `
  -AllocationMethod Static `
  -IdleTimeoutInMinutes 4 `
  -Name "mypublicdns$(Get-Random)"

创建 Azure 网络安全组和流量规则。Create an Azure Network Security Group and traffic rule. 网络安全组使用入站和出站规则来保护 VM。The Network Security Group secures the VM with inbound and outbound rules. 在下面的示例中,将为 TCP 端口 22 创建允许 SSH 连接的入站规则。In the following example, an inbound rule is created for TCP port 22 that allows SSH connections. 为允许传入的 Web 流量,还将为 TCP 端口 80 创建一个入站规则。To allow incoming web traffic, an inbound rule for TCP port 80 is also created.

# Create an inbound network security group rule for port 22
$nsgRuleSSH = New-AzNetworkSecurityRuleConfig `
  -Name "myNetworkSecurityGroupRuleSSH"  `
  -Protocol "Tcp" `
  -Direction "Inbound" `
  -Priority 1000 `
  -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 22 `
  -Access "Allow"

# Create an inbound network security group rule for port 80
$nsgRuleWeb = New-AzNetworkSecurityRuleConfig `
  -Name "myNetworkSecurityGroupRuleWWW"  `
  -Protocol "Tcp" `
  -Direction "Inbound" `
  -Priority 1001 `
  -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 80 `
  -Access "Allow"

# Create a network security group
$nsg = New-AzNetworkSecurityGroup `
  -ResourceGroupName "myResourceGroup" `
  -Location "ChinaEast2" `
  -Name "myNetworkSecurityGroup" `
  -SecurityRules $nsgRuleSSH,$nsgRuleWeb

使用 New-AzNetworkInterface 创建虚拟网络接口卡 (NIC)。Create a virtual network interface card (NIC) with New-AzNetworkInterface. 虚拟 NIC 将 VM 连接到子网、网络安全组和公共 IP 地址。The virtual NIC connects the VM to a subnet, Network Security Group, and public IP address.

# Create a virtual network card and associate with public IP address and NSG
$nic = New-AzNetworkInterface `
  -Name "myNic" `
  -ResourceGroupName "myResourceGroup" `
  -Location "ChinaEast2" `
  -SubnetId $vnet.Subnets[0].Id `
  -PublicIpAddressId $pip.Id `
  -NetworkSecurityGroupId $nsg.Id

创建虚拟机Create a virtual machine

若要在 PowerShell 中创建 VM,请创建一个配置,其中包含要使用的映像、大小和身份验证选项等设置。To create a VM in PowerShell, you create a configuration that has settings like the image to use, size, and authentication options. 然后,系统会使用此配置来生成 VM。Then the configuration is used to build the VM.

定义 SSH 凭据、OS 信息和 VM 大小。Define the SSH credentials, OS information, and VM size. 在此示例中,SSH 密钥存储在 ~/.ssh/id_rsa.pub 中。In this example, the SSH key is stored in ~/.ssh/id_rsa.pub.

# Define a credential object
$securePassword = ConvertTo-SecureString ' ' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("azureuser", $securePassword)

# Create a virtual machine configuration
$vmConfig = New-AzVMConfig `
  -VMName "myVM" `
  -VMSize "Standard_D1_v2" | `
Set-AzVMOperatingSystem `
  -Linux `
  -ComputerName "myVM" `
  -Credential $cred `
  -DisablePasswordAuthentication | `
Set-AzVMSourceImage `
  -PublisherName "Canonical" `
  -Offer "UbuntuServer" `
  -Skus "18.04-LTS" `
  -Version "latest" | `
Add-AzVMNetworkInterface `
  -Id $nic.Id

# Configure the SSH key
$sshPublicKey = cat ~/.ssh/id_rsa.pub
Add-AzVMSshPublicKey `
  -VM $vmconfig `
  -KeyData $sshPublicKey `
  -Path "/home/azureuser/.ssh/authorized_keys"

现在,组合前面的配置定义来使用 New-AzVM 创建虚拟机:Now, combine the previous configuration definitions to create with New-AzVM:

New-AzVM `
  -ResourceGroupName "myResourceGroup" `
  -Location chinaeast2 -VM $vmConfig

部署 VM 需要数分钟。It will take a few minutes for your VM to be deployed. 部署完成后,请转到下一部分。When the deployment is finished, move on to the next section.

连接到 VMConnect to the VM

使用公共 IP 地址创建与 VM 的 SSH 连接。Create an SSH connection with the VM using the public IP address. 若要查看 VM 的公共 IP 地址,请使用 Get-AzPublicIpAddress cmdlet:To see the public IP address of the VM, use the Get-AzPublicIpAddress cmdlet:

Get-AzPublicIpAddress -ResourceGroupName "myResourceGroup" | Select "IpAddress"

使用用于创建 SSH 密钥对的相同 shell,将以下命令粘贴到 shell 中以创建 SSH 会话。Using the same shell you used to create your SSH key pair, paste the the following command into the shell to create an SSH session. 将 10.111.12.123 替换为 VM 的 IP 地址。Replace 10.111.12.123 with the IP address of your VM.

ssh azureuser@10.111.12.123

出现提示时,请输入登录用户名 azureuserWhen prompted, the login user name is azureuser. 如果将通行短语与 SSH 密钥配合使用,则需要在出现提示时将其输入。If a passphrase is used with your SSH keys, you need to enter that when prompted.

安装 NGINXInstall NGINX

若要查看运行中的 VM,请安装 NGINX Web 服务器。To see your VM in action, install the NGINX web server. 在 SSH 会话中更新包源,然后安装最新的 NGINX 包。From your SSH session, update your package sources and then install the latest NGINX package.

sudo apt-get -y update
sudo apt-get -y install nginx

完成后,键入 exit 以离开 SSH 会话。When done, type exit to leave the SSH session.

查看运行中的 Web 服务器View the web server in action

使用所选的 Web 浏览器查看默认的 NGINX 欢迎页。Use a web browser of your choice to view the default NGINX welcome page. 输入 VM 的公共 IP 地址作为 Web 地址。Enter the public IP address of the VM as the web address. 可以在 VM 概览页上或此前使用过的 SSH 连接字符串中找到公共 IP 地址。The public IP address can be found on the VM overview page or as part of the SSH connection string you used earlier.

NGINX 默认欢迎页

清理资源Clean up resources

不再需要时,可以使用 Remove-AzResourceGroup cmdlet 删除资源组、VM 和所有相关资源:When no longer needed, you can use the Remove-AzResourceGroup cmdlet to remove the resource group, VM, and all related resources:

Remove-AzResourceGroup -Name "myResourceGroup"

后续步骤Next steps

在本快速入门中,你部署了一台简单的虚拟机、一条网络安全组规则组和规则,并安装了一台基本 Web 服务器。In this quickstart, you deployed a simple virtual machine, created a Network Security Group and rule, and installed a basic web server. 若要详细了解 Azure 虚拟机,请继续学习 Linux VM 的教程。To learn more about Azure virtual machines, continue to the tutorial for Linux VMs.