【问题标题】:Azure Pyhton Sdk :: 1. Create Azure VNET 2. enable Flow log on NET 3. Attach VNET to Azure Virtual WANAzure Python Sdk :: 1. 创建 Azure VNET 2. 在 NET 上启用流日志 3. 将 VNET 附加到 Azure 虚拟 WAN
【发布时间】:2021-08-16 20:28:40
【问题描述】:

我想使用 Azure python SDK 以编程方式创建 Azure VNET,然后在 NET 上启用 NSG 流日志,最后将 VNET 附加到 Azure 虚拟 WAN。

【问题讨论】:

    标签: azure azure-virtual-network azure-python-sdk


    【解决方案1】:

    使用 pip 安装管理包。(Reference-MSDocs)

    重击

    pip install azure-mgmt-network

    创建一个虚拟网络和关联的子网。

    Python

    from azure.mgmt.network import NetworkManagementClient
    
    GROUP_NAME = 'resource-group'
    VNET_NAME = 'your-vnet-identifier'
    LOCATION = 'region'
    SUBNET_NAME = 'your-subnet-identifier'
    
    network_client = NetworkManagementClient(credentials, 'your-subscription-id')
    
    async_vnet_creation = network_client.virtual_networks.create_or_update(
        GROUP_NAME,
        VNET_NAME,
        {
            'location': LOCATION,
            'address_space': {
                'address_prefixes': ['10.0.0.0/16']
            }
        }
    )
    async_vnet_creation.wait()
    
    # Create Subnet
    async_subnet_creation = network_client.subnets.create_or_update(
        GROUP_NAME,
        VNET_NAME,
        SUBNET_NAME,
        {'address_prefix': '10.0.0.0/24'}
    )
    subnet_info = async_subnet_creation.result()
    

    创建具有特定安全规则的 NSG。 Reference

    from azure.common.credentials import ServicePrincipalCredentials
    from azure.mgmt.compute import ComputeManagementClient
    from azure.mgmt.network import NetworkManagementClient
    from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
    from azure.mgmt.network.v2017_03_01.models import SecurityRule
    from azure.mgmt.resource.resources import ResourceManagementClient
    
    subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
    credentials = ServicePrincipalCredentials(
        client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
        secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
        tenant = 'xxxxxx-xxxxxxx'
    )
    
    compute_client = ComputeManagementClient(
        credentials,
        subscription_id
    )
    
    network_client = NetworkManagementClient(
        credentials,
        subscription_id
    )
    
    resource_client = ResourceManagementClient(
        credentials,
        subscription_id
    )
    resource_client.providers.register('Microsoft.Compute')
    resource_client.providers.register('Microsoft.Network')
    
    resource_group_name = 'test-rg'
    nsg_name = "testnsg"
    parameters = NetworkSecurityGroup(id= "testnsg", location="UK South", tags={ "name" : "testnsg" })
    
    
    parameters.security_rules = [SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389',source_port_range='*', destination_port_range='3389', priority=100, name='RDP01')]   
    
    
    network_client.network_security_groups.create_or_update(resource_group_name, "test-nsg", parameters)
    
    print(“completed  creating security rules”)
    

    或者你可以

    使用 python sdk 将 NSG 关联到现有子网 SO reference

    subscription_id = "xxxxxx"
    credential = ServicePrincipalCredentials(
      client_id="xxxxx",
      secret="xxxxx",
      tenant="xxxxx"
    )
    
    network_client = NetworkManagementClient(credential, subscription_id)
    
    resource_group_name = "xxxxx"
    vnet_name = "xxxxx"
    subnet_name = "xxxxx"
    sunet_data = {
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "*"
          ]
        },
        "subnets": [
          {
            "name": "default",
            "properties": {
              "addressPrefix": "*",
              "networkSecurityGroup": {
                "id": networkSecurityGroupId ,
                "location": "eastasia"
                }
            }
          }
        ]
      },
      "location": "eastasia"
    }
    
    result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)
    

    注意:Source/destination_port_ranges 只接受接受的列表 端口或端口范围。例如:['80', '100-200'] 或其他 示例:destination_port_range=[1000,2000] 但是,* 只能是 与独立属性一起使用,而不是在列表中。 source/destination_address_prefixes 接受 CIDR 地址列表, 例如:['10.0.0.0/24','11.0.0.0/24']。使用 * 或标签(Internet 或 VirtualNetwork 例如)您必须使用单数属性。他们 不能在列表中使用。

    您可以查看此文档>Operations module,其中列出了 python sdk 中的各种操作。您可以点击所需操作的[source]获取要使用的代码: 例子:

    类似于nsg和vnet,设置所需的wan参数并使用:

    create_or_update(resource_group_name, virtual_wan_name, wan_parameters, custom_headers=None, raw=False, polling=True, **operation_config)
    

    另请参阅虚拟网络操作并在需要时添加 vpn 网关 Sample for Creating Virtual Network Gateway

    如果您想使用 azure 门户,请参阅 > Connect a virtual network gateway to an Azure Virtual WAN

    【讨论】:

      猜你喜欢
      • 2021-04-26
      • 2018-08-15
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-10-25
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多