使用 python 将 NSG 附加到子网
Attaching NSG to Subnet using python
我正在尝试创建 NSG,然后将其附加到现有子网。
我已成功创建 NSG,但在将其附加到子网时会引发错误。声明地址前缀不能为空。我们是否也必须传递地址前缀?在下面的函数中?
params_create = azure.mgmt.network.models.Subnet(
下面是完整的代码片段。
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.compute.models import DiskCreateOption
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
import azure.mgmt.network.models
SUBSCRIPTION_ID = 'xxx'
GROUP_NAME = 'xxxx'
LOCATION = 'xxxx'
VM_NAME = 'myVM'
VNET = 'existingvnet'
SUBNET = 'default'
def get_credentials():
credentials = ServicePrincipalCredentials(
client_id = 'xxx',
secret = 'xxxx',
tenant = 'xxxx'
)
return credentials
def create_network_security_group(network_client):
params_create = azure.mgmt.network.models.NetworkSecurityGroup(
location=LOCATION,
security_rules=[
azure.mgmt.network.models.SecurityRule(
name='rdprule',
access=azure.mgmt.network.models.SecurityRuleAccess.allow,
description='test security rule',
destination_address_prefix='*',
destination_port_range='3389',
direction=azure.mgmt.network.models.SecurityRuleDirection.inbound,
priority=500,
protocol=azure.mgmt.network.models.SecurityRuleProtocol.tcp,
source_address_prefix='*',
source_port_range='*',
),
],
)
result_create_NSG = network_client.network_security_groups.create_or_update(
GROUP_NAME,
'nsg-vm',
params_create,
)
return result_create_NSG.result()
def attach_network_security_group(network_client,creation_result_nsg):
params_create = azure.mgmt.network.models.Subnet(
network_security_group= creation_result_nsg,
)
result_create = network_client.subnets.create_or_update(
GROUP_NAME,
VNET,
SUBNET,
params_create,
)
return result_create.result()
if __name__ == "__main__":
credentials = get_credentials()
resource_group_client = ResourceManagementClient(
credentials,
SUBSCRIPTION_ID
)
network_client = NetworkManagementClient(
credentials,
SUBSCRIPTION_ID
)
compute_client = ComputeManagementClient(
credentials,
SUBSCRIPTION_ID
)
creation_result_nsg = create_network_security_group(network_client)
print("------------------------------------------------------")
print(creation_result_nsg)
input('Press enter to continue...')
creation_result = attach_network_security_group(network_client,creation_result_nsg)
print("------------------------------------------------------")
print(creation_result)
input('Press enter to continue...')
这意味着您没有将它应该使用的地址前缀传递给它。根据 the docs 你需要传入 address_prefix
参数。所以将它添加到您的 params_create,像这样:
params_create = Subnet(
address_prefix = "10.0.0.0/24",
network_security_group = azure.mgmt.network.models.NetworkSecurityGroup(xxx)
)
我正在尝试创建 NSG,然后将其附加到现有子网。 我已成功创建 NSG,但在将其附加到子网时会引发错误。声明地址前缀不能为空。我们是否也必须传递地址前缀?在下面的函数中?
params_create = azure.mgmt.network.models.Subnet(
下面是完整的代码片段。
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.compute.models import DiskCreateOption
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
import azure.mgmt.network.models
SUBSCRIPTION_ID = 'xxx'
GROUP_NAME = 'xxxx'
LOCATION = 'xxxx'
VM_NAME = 'myVM'
VNET = 'existingvnet'
SUBNET = 'default'
def get_credentials():
credentials = ServicePrincipalCredentials(
client_id = 'xxx',
secret = 'xxxx',
tenant = 'xxxx'
)
return credentials
def create_network_security_group(network_client):
params_create = azure.mgmt.network.models.NetworkSecurityGroup(
location=LOCATION,
security_rules=[
azure.mgmt.network.models.SecurityRule(
name='rdprule',
access=azure.mgmt.network.models.SecurityRuleAccess.allow,
description='test security rule',
destination_address_prefix='*',
destination_port_range='3389',
direction=azure.mgmt.network.models.SecurityRuleDirection.inbound,
priority=500,
protocol=azure.mgmt.network.models.SecurityRuleProtocol.tcp,
source_address_prefix='*',
source_port_range='*',
),
],
)
result_create_NSG = network_client.network_security_groups.create_or_update(
GROUP_NAME,
'nsg-vm',
params_create,
)
return result_create_NSG.result()
def attach_network_security_group(network_client,creation_result_nsg):
params_create = azure.mgmt.network.models.Subnet(
network_security_group= creation_result_nsg,
)
result_create = network_client.subnets.create_or_update(
GROUP_NAME,
VNET,
SUBNET,
params_create,
)
return result_create.result()
if __name__ == "__main__":
credentials = get_credentials()
resource_group_client = ResourceManagementClient(
credentials,
SUBSCRIPTION_ID
)
network_client = NetworkManagementClient(
credentials,
SUBSCRIPTION_ID
)
compute_client = ComputeManagementClient(
credentials,
SUBSCRIPTION_ID
)
creation_result_nsg = create_network_security_group(network_client)
print("------------------------------------------------------")
print(creation_result_nsg)
input('Press enter to continue...')
creation_result = attach_network_security_group(network_client,creation_result_nsg)
print("------------------------------------------------------")
print(creation_result)
input('Press enter to continue...')
这意味着您没有将它应该使用的地址前缀传递给它。根据 the docs 你需要传入 address_prefix
参数。所以将它添加到您的 params_create,像这样:
params_create = Subnet(
address_prefix = "10.0.0.0/24",
network_security_group = azure.mgmt.network.models.NetworkSecurityGroup(xxx)
)