用于创建 Azure Linux VM 并在其中设置 FTP 连接的 Powershell 脚本
Powershell script to create Azure Linux VM and setting FTP connection in it
我想在 Azure 中创建 Linux VM,并打开一些 FTP 端口(21 和 22)以创建 FTP 连接?
这是我创建 VM 的脚本:
这是新编辑的脚本
$SecurePassword = $accPassword | ConvertTo-SecureString -AsPlainText -Force
$credential = new-object -typename System.Management.Automation.PSCredential ($username, $SecurePassword)
#Login-AzureRmAccount -Credential $credential
Add-AzureRmAccount -Credential $credential
"Script is started"
## Global
$ResourceGroupName = "linux_vm_resource"
$Location = "Central India"
## Storage
$StorageName = "linuxvmstorageac"
$StorageType = "Standard_GRS"
## Network
$InterfaceName = "ServerInterface06"
$Subnet1Name = "Subnet1"
$VNetName = "linux_vm_vnet"
$VNetAddressPrefix = "10.0.0.0/16"
$VNetSubnetAddressPrefix = "10.0.0.0/24"
## Compute
$VMName = "LinuxMigrateVm"
$VMSize = "Standard_F1S"
$OSDiskName = $VMName + "OSDisk1"
# Resource Group
$resourceGroup = Get-AzureRmResourceGroup -Name $ResourceGroupName -ea SilentlyContinue
if(!$resourceGroup){
New-AzureRmResourceGroup -Name $ResourceGroupName -Location $Location
}
# Storage
$StorageAccount = Get-AzureRmStorageAccount -ResourceGroupName $ResourceGroupName -AccountName $StorageName
if(!$StorageAccount){
$StorageAccount = New-AzureRmStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageName -Type $StorageType -Location $Location
}
# Network
$PIp = Get-AzureRmPublicIpAddress -Name $InterfaceName -ResourceGroupName $ResourceGroupName -ea SilentlyContinue
if(!$PIp){
$PIp = New-AzureRmPublicIpAddress -Name $InterfaceName -ResourceGroupName $ResourceGroupName -Location $Location -AllocationMethod Dynamic
}
## Create Network Security Group
$nsg = Get-AzureRmNetworkSecurityGroup -Name "myNetworkSecurityGroup"-ResourceGroupName $ResourceGroupName
if(!$nsg){
$httprule1 = New-AzureRmNetworkSecurityRuleConfig -Name "default-allow-ssh" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Inbound" `
-Priority "1000" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 22
$httprule2 = New-AzureRmNetworkSecurityRuleConfig -Name "ftp_client" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Inbound" `
-Priority "1010" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 21
$httprule3 = New-AzureRmNetworkSecurityRuleConfig -Name "all" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Outbound" `
-Priority "100" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 21
$httprule4 = New-AzureRmNetworkSecurityRuleConfig -Name "ssh" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Outbound" `
-Priority "110" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 22
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $ResourceGroupName `
-Location $Location -Name "myNetworkSecurityGroup" -SecurityRules $httprule1,$httprule2,$httprule3,$httprule4
}
$SubnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name $Subnet1Name -AddressPrefix $VNetSubnetAddressPrefix -NetworkSecurityGroup $nsg
$VNet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $ResourceGroupName
if(!$VNet){
$VNet = New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $ResourceGroupName -Location $Location -AddressPrefix $VNetAddressPrefix -Subnet $SubnetConfig
}
$Interface = Get-AzureRmNetworkInterface -Name $InterfaceName -ResourceGroupName $ResourceGroupName
if(!$Interface){
$Interface = New-AzureRmNetworkInterface -Name $InterfaceName -ResourceGroupName $ResourceGroupName -Location $Location -SubnetId $VNet.Subnets[0].Id -PublicIpAddressId $PIp.Id
}
# Compute
## Setup local VM object
$VirtualMachine = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize
$VirtualMachine = Set-AzureRmVMOperatingSystem -VM $VirtualMachine -Linux -ComputerName $VMName -Credential $Credential
$VirtualMachine = Set-AzureRmVMSourceImage -VM $VirtualMachine -PublisherName "Canonical" -Offer "UbuntuServer" -Skus "16.10" -Version "latest"
$VirtualMachine = Add-AzureRmVMNetworkInterface -VM $VirtualMachine -Id $Interface.Id
$OSDiskUri = $StorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $OSDiskName + ".vhd"
$VirtualMachine = Set-AzureRmVMOSDisk -VM $VirtualMachine -Name $OSDiskName -VhdUri $OSDiskUri -CreateOption FromImage
## Create the VM in Azure
$vM = Get-AzureRmVM -ResourceGroupName $ResourceGroupName
if(!$vM){
$vM = New-AzureRmVM -ResourceGroupName $ResourceGroupName -Location $Location -VM $VirtualMachine
}
脚本正在运行,但它会单独创建 VM 和 nsg。有任何关于将 nsg 附加到 VM 的建议吗?
创建 VM 后,我们可以通过 Azure 门户 将端口添加到 NSG 入站规则。
有关如何将端口添加到 NSG 的入站规则的更多信息,请参阅 link。
如果你还没有创建这个VM,你可以将NSG的配置添加到这个PowerShell脚本中,然后部署它。有关 PowerSehll 设置 NSG 的更多信息,请参阅此 link。
例如:
$FTPrule = New-AzureRmNetworkSecurityRuleConfig -Name "myNetworkSecurityGroupRule" `
-Description "Allow port 21" -Access "Allow" -Protocol "Tcp" -Direction "Inbound" `
-Priority "100" -SourceAddressPrefix "Internet" -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 21
我想在 Azure 中创建 Linux VM,并打开一些 FTP 端口(21 和 22)以创建 FTP 连接? 这是我创建 VM 的脚本:
这是新编辑的脚本
$SecurePassword = $accPassword | ConvertTo-SecureString -AsPlainText -Force
$credential = new-object -typename System.Management.Automation.PSCredential ($username, $SecurePassword)
#Login-AzureRmAccount -Credential $credential
Add-AzureRmAccount -Credential $credential
"Script is started"
## Global
$ResourceGroupName = "linux_vm_resource"
$Location = "Central India"
## Storage
$StorageName = "linuxvmstorageac"
$StorageType = "Standard_GRS"
## Network
$InterfaceName = "ServerInterface06"
$Subnet1Name = "Subnet1"
$VNetName = "linux_vm_vnet"
$VNetAddressPrefix = "10.0.0.0/16"
$VNetSubnetAddressPrefix = "10.0.0.0/24"
## Compute
$VMName = "LinuxMigrateVm"
$VMSize = "Standard_F1S"
$OSDiskName = $VMName + "OSDisk1"
# Resource Group
$resourceGroup = Get-AzureRmResourceGroup -Name $ResourceGroupName -ea SilentlyContinue
if(!$resourceGroup){
New-AzureRmResourceGroup -Name $ResourceGroupName -Location $Location
}
# Storage
$StorageAccount = Get-AzureRmStorageAccount -ResourceGroupName $ResourceGroupName -AccountName $StorageName
if(!$StorageAccount){
$StorageAccount = New-AzureRmStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageName -Type $StorageType -Location $Location
}
# Network
$PIp = Get-AzureRmPublicIpAddress -Name $InterfaceName -ResourceGroupName $ResourceGroupName -ea SilentlyContinue
if(!$PIp){
$PIp = New-AzureRmPublicIpAddress -Name $InterfaceName -ResourceGroupName $ResourceGroupName -Location $Location -AllocationMethod Dynamic
}
## Create Network Security Group
$nsg = Get-AzureRmNetworkSecurityGroup -Name "myNetworkSecurityGroup"-ResourceGroupName $ResourceGroupName
if(!$nsg){
$httprule1 = New-AzureRmNetworkSecurityRuleConfig -Name "default-allow-ssh" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Inbound" `
-Priority "1000" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 22
$httprule2 = New-AzureRmNetworkSecurityRuleConfig -Name "ftp_client" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Inbound" `
-Priority "1010" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 21
$httprule3 = New-AzureRmNetworkSecurityRuleConfig -Name "all" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Outbound" `
-Priority "100" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 21
$httprule4 = New-AzureRmNetworkSecurityRuleConfig -Name "ssh" `
-Description "Allow HTTP" -Access "Allow" -Protocol "TCP" -Direction "Outbound" `
-Priority "110" -SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 22
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $ResourceGroupName `
-Location $Location -Name "myNetworkSecurityGroup" -SecurityRules $httprule1,$httprule2,$httprule3,$httprule4
}
$SubnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name $Subnet1Name -AddressPrefix $VNetSubnetAddressPrefix -NetworkSecurityGroup $nsg
$VNet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $ResourceGroupName
if(!$VNet){
$VNet = New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $ResourceGroupName -Location $Location -AddressPrefix $VNetAddressPrefix -Subnet $SubnetConfig
}
$Interface = Get-AzureRmNetworkInterface -Name $InterfaceName -ResourceGroupName $ResourceGroupName
if(!$Interface){
$Interface = New-AzureRmNetworkInterface -Name $InterfaceName -ResourceGroupName $ResourceGroupName -Location $Location -SubnetId $VNet.Subnets[0].Id -PublicIpAddressId $PIp.Id
}
# Compute
## Setup local VM object
$VirtualMachine = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize
$VirtualMachine = Set-AzureRmVMOperatingSystem -VM $VirtualMachine -Linux -ComputerName $VMName -Credential $Credential
$VirtualMachine = Set-AzureRmVMSourceImage -VM $VirtualMachine -PublisherName "Canonical" -Offer "UbuntuServer" -Skus "16.10" -Version "latest"
$VirtualMachine = Add-AzureRmVMNetworkInterface -VM $VirtualMachine -Id $Interface.Id
$OSDiskUri = $StorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $OSDiskName + ".vhd"
$VirtualMachine = Set-AzureRmVMOSDisk -VM $VirtualMachine -Name $OSDiskName -VhdUri $OSDiskUri -CreateOption FromImage
## Create the VM in Azure
$vM = Get-AzureRmVM -ResourceGroupName $ResourceGroupName
if(!$vM){
$vM = New-AzureRmVM -ResourceGroupName $ResourceGroupName -Location $Location -VM $VirtualMachine
}
脚本正在运行,但它会单独创建 VM 和 nsg。有任何关于将 nsg 附加到 VM 的建议吗?
创建 VM 后,我们可以通过 Azure 门户 将端口添加到 NSG 入站规则。 有关如何将端口添加到 NSG 的入站规则的更多信息,请参阅 link。
如果你还没有创建这个VM,你可以将NSG的配置添加到这个PowerShell脚本中,然后部署它。有关 PowerSehll 设置 NSG 的更多信息,请参阅此 link。
例如:
$FTPrule = New-AzureRmNetworkSecurityRuleConfig -Name "myNetworkSecurityGroupRule" `
-Description "Allow port 21" -Access "Allow" -Protocol "Tcp" -Direction "Inbound" `
-Priority "100" -SourceAddressPrefix "Internet" -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 21