0

我想使用 Azure python SDK 以编程方式创建 Azure VNET,然后在 NET 上启用 NSG 流日志,最后将 VNET 附加到 Azure 虚拟 WAN。

4

1 回答 1

0

使用 pip 安装管理包。(参考-MSDocs )

重击

pip install azure-mgmt-network

创建虚拟网络和关联的子网。

Python

from azure.mgmt.network import NetworkManagementClient

GROUP_NAME = 'resource-group'
VNET_NAME = 'your-vnet-identifier'
LOCATION = 'region'
SUBNET_NAME = 'your-subnet-identifier'

network_client = NetworkManagementClient(credentials, 'your-subscription-id')

async_vnet_creation = network_client.virtual_networks.create_or_update(
    GROUP_NAME,
    VNET_NAME,
    {
        'location': LOCATION,
        'address_space': {
            'address_prefixes': ['10.0.0.0/16']
        }
    }
)
async_vnet_creation.wait()

# Create Subnet
async_subnet_creation = network_client.subnets.create_or_update(
    GROUP_NAME,
    VNET_NAME,
    SUBNET_NAME,
    {'address_prefix': '10.0.0.0/24'}
)
subnet_info = async_subnet_creation.result()

创建具有特定安全规则的 NSG。 参考

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.network import NetworkManagementClient
from azure.mgmt.network.v2017_03_01.models import NetworkSecurityGroup
from azure.mgmt.network.v2017_03_01.models import SecurityRule
from azure.mgmt.resource.resources import ResourceManagementClient

subscription_id = 'xxxxxxxxx-xxxxxxxxxxxxxxxxxxxx'
credentials = ServicePrincipalCredentials(
    client_id = 'xxxxxx-xxxx-xxx-xxxx-xxxxxxx',
    secret = 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx',
    tenant = 'xxxxxx-xxxxxxx'
)

compute_client = ComputeManagementClient(
    credentials,
    subscription_id
)

network_client = NetworkManagementClient(
    credentials,
    subscription_id
)

resource_client = ResourceManagementClient(
    credentials,
    subscription_id
)
resource_client.providers.register('Microsoft.Compute')
resource_client.providers.register('Microsoft.Network')

resource_group_name = 'test-rg'
nsg_name = "testnsg"
parameters = NetworkSecurityGroup(id= "testnsg", location="UK South", tags={ "name" : "testnsg" })


parameters.security_rules = [SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389',source_port_range='*', destination_port_range='3389', priority=100, name='RDP01')]   


network_client.network_security_groups.create_or_update(resource_group_name, "test-nsg", parameters)

print(“completed  creating security rules”)

或者你可以

使用 python sdk SO 参考将 NSG 关联到现有子网

subscription_id = "xxxxxx"
credential = ServicePrincipalCredentials(
  client_id="xxxxx",
  secret="xxxxx",
  tenant="xxxxx"
)

network_client = NetworkManagementClient(credential, subscription_id)

resource_group_name = "xxxxx"
vnet_name = "xxxxx"
subnet_name = "xxxxx"
sunet_data = {
  "properties": {
    "addressSpace": {
      "addressPrefixes": [
        "*"
      ]
    },
    "subnets": [
      {
        "name": "default",
        "properties": {
          "addressPrefix": "*",
          "networkSecurityGroup": {
            "id": networkSecurityGroupId ,
            "location": "eastasia"
            }
        }
      }
    ]
  },
  "location": "eastasia"
}

result = network_client.subnets.create_or_update(resource_group_name, vnet_name, subnet_name, subnet_data)

注意:Source/destination_port_ranges 只接受接受的端口或端口范围的列表。例如:['80', '100-200'] 或其他示例:destination_port_range=[1000,2000] 但是,* 只能与独立属性一起使用,不能在列表中使用。source/destination_address_prefixes 接受 CIDR 地址列表,例如:['10.0.0.0/24', '11.0.0.0/24']。要使用 * 或标签(例如 Internet 或 VirtualNetwork),您必须使用单数属性。它们不能在列表中使用。

您可以查看此文档 >操作模块 ,其中在 python sdk 中列出了各种操作。您可以点击所需操作的[source] 获取要使用的代码: 示例: 在此处输入图像描述

类似于 nsg 和 vnet ,设置所需的 wan 参数并使用:

create_or_update(resource_group_name, virtual_wan_name, wan_parameters, custom_headers=None, raw=False, polling=True, **operation_config)

另请参阅虚拟网络操作并在需要时添加 vpn 网关 创建虚拟网络网关的示例

如果要使用 Azure 门户,请参阅 >将虚拟网络网关连接到 Azure 虚拟 WAN

于 2021-08-16T12:28:40.210 回答