【发布时间】:2021-08-16 20:28:40
【问题描述】:
我想使用 Azure python SDK 以编程方式创建 Azure VNET,然后在 NET 上启用 NSG 流日志,最后将 VNET 附加到 Azure 虚拟 WAN。
【问题讨论】:
标签: azure azure-virtual-network azure-python-sdk
我想使用 Azure python SDK 以编程方式创建 Azure VNET,然后在 NET 上启用 NSG 流日志,最后将 VNET 附加到 Azure 虚拟 WAN。
【问题讨论】:
标签: azure azure-virtual-network azure-python-sdk
使用 pip 安装管理包。(Reference-MSDocs)
重击
pip install azure-mgmt-network
创建一个虚拟网络和关联的子网。
Python
from azure.mgmt.network import NetworkManagementClient
GROUP_NAME = 'resource-group'
VNET_NAME = 'your-vnet-identifier'
LOCATION = 'region'
SUBNET_NAME = 'your-subnet-identifier'
network_client = NetworkManagementClient(credentials, 'your-subscription-id')
async_vnet_creation = network_client.virtual_networks.create_or_update(
GROUP_NAME,
VNET_NAME,
{
'location': LOCATION,
'address_space': {
'address_prefixes': ['10.0.0.0/16']
}
}
)
async_vnet_creation.wait()
# Create Subnet
async_subnet_creation = network_client.subnets.create_or_update(
GROUP_NAME,
VNET_NAME,
SUBNET_NAME,
{'address_prefix': '10.0.0.0/24'}
)
subnet_info = async_subnet_creation.result()
创建具有特定安全规则的 NSG。 Reference
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
from azure.mgmt.resource.resources import ResourceManagementClient
subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
credentials = ServicePrincipalCredentials(
client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
tenant = 'xxxxxx-xxxxxxx'
)
compute_client = ComputeManagementClient(
credentials,
subscription_id
)
network_client = NetworkManagementClient(
credentials,
subscription_id
)
resource_client = ResourceManagementClient(
credentials,
subscription_id
)
resource_client.providers.register('Microsoft.Compute')
resource_client.providers.register('Microsoft.Network')
resource_group_name = 'test-rg'
nsg_name = "testnsg"
parameters = NetworkSecurityGroup(id= "testnsg", location="UK South", tags={ "name" : "testnsg" })
parameters.security_rules = [SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389',source_port_range='*', destination_port_range='3389', priority=100, name='RDP01')]
network_client.network_security_groups.create_or_update(resource_group_name, "test-nsg", parameters)
print(“completed creating security rules”)
或者你可以
使用 python sdk 将 NSG 关联到现有子网 SO reference
subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
client_id="xxxxx",
secret="xxxxx",
tenant="xxxxx"
)
network_client = NetworkManagementClient(credential, subscription_id)
resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
"properties": {
"addressSpace": {
"addressPrefixes": [
"*"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "*",
"networkSecurityGroup": {
"id": networkSecurityGroupId ,
"location": "eastasia"
}
}
}
]
},
"location": "eastasia"
}
result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)
注意:Source/destination_port_ranges 只接受接受的列表 端口或端口范围。例如:['80', '100-200'] 或其他 示例:destination_port_range=[1000,2000] 但是,* 只能是 与独立属性一起使用,而不是在列表中。 source/destination_address_prefixes 接受 CIDR 地址列表, 例如:['10.0.0.0/24','11.0.0.0/24']。使用 * 或标签(Internet 或 VirtualNetwork 例如)您必须使用单数属性。他们 不能在列表中使用。
您可以查看此文档>Operations module,其中列出了 python sdk 中的各种操作。您可以点击所需操作的[source]获取要使用的代码: 例子:
类似于nsg和vnet,设置所需的wan参数并使用:
create_or_update(resource_group_name, virtual_wan_name, wan_parameters, custom_headers=None, raw=False, polling=True, **operation_config)
另请参阅虚拟网络操作并在需要时添加 vpn 网关 Sample for Creating Virtual Network Gateway
如果您想使用 azure 门户,请参阅 > Connect a virtual network gateway to an Azure Virtual WAN
【讨论】: