云上资源的特点灵活,按需部署,自然少不了自动化的支持,Azure除了CLI, SDK之外,我们也有Rest API的支持。那么今天就介绍一下使用Rest API如何创建虚机
准备Service Principal
调用之前我们需要准备一套Service Principal,也就是登录的身份。如果安装了Azure CLI的话,非常简单,只需要执行下面的CLI命令就可以创建好了,调用完我们需要记住AppId,Password还有Tenant.
kele@cnkelwan:~$ az ad sp create-for-rbac --name aadclient
Changing "aadclient" to a valid URI of "http://aadclient", which is the required format used for service principal names
Creating a role assignment under the scope of "/subscriptions/758754b6-cfda-4106-bcf1-d78e6d54d41e"
Retrying role assignment creation: 1/36
AppId DisplayName Name Password Tenant
------------------------------------ ------------- ---------------- ------------------------------------ ------------------------------------
e54485d1-8133-4fc***-36cb17f16300 aadclient http://aadclient 328b8bc5-2d76-47f9-9ea6-ea452***de2 c2c1***-9ca6-4d6c-9ccc-356376e6f45c
如果没有安装CLI
没有CLI的话,那就需要去portal上创建App,步骤比较多
首先按照下图进入Azure Active Directory
新注册一个应用
按下图填写具体的参数
注册好了添加密码
密码添加好了记住这个值(这个值只有刚创建的时候能看到,之后就是下图所示有掩码了)
回到创建好的App的概述页,记下AppID(程序ID)和Tenant ID(目录ID)
这时候APP已经创建好了,我们还需要给他赋予订阅的权限
去到订阅里面
添加角色分配
角色选择参与者,按照App名字搜索刚才创建的App,选中
这个时候我们的Service Principal就准备好了,接下来可以用这个Service Principal调用API
调用Rest API
首先要通过这个API获得Access Token,把下面大括号里的字替换成前面记下来的值(注意:大括号本身要记得去掉),返回的 "access_token"后面这一串字符就是我们的token了。记下来。
kele@cnkelwan:~$ curl -X POST -d 'grant_type=client_credentials&client_id={程序ID}&client_secret={密码}&resource=https%3A%2F%2Fmanagement.chinacloudapi.cn%2F' /
https://login.partner.microsoftonline.cn/{目录ID}/oauth2/token
{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"3599","expires_on":"1593514291","not_before":"1593510391","
resource":"https://management.chinacloudapi.cn/","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im9CaExHLXB
MUXBFUmVQems1Nzh3ZXpsVVozNCIsImtpZCI6Im9CaExHLXBMUXBFUmVQems1Nzh3ZXpsVVozNCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuY2hpbm
FjbG91ZGFwaS5jbi8iLCJpc3MiOiJodHRwczovL3N0cy5jaGluYWNsb3VkYXBpLmNuL2MyYzE0MWU2LTljYTYtNGQ2Yy05Y2NjLTM1NjM3NmU2ZjQ1Yy8iLC
JpYXQiOjE1OTM1MTAzOTEsIm5iZiI6MTU5MzUxMDM5MSwiZXhwIjoxNTkzNTE0MjkxLCJhaW8iOiJZMmRnWUxCOE4wbDMvN2xmTDdMWTVoMnhhWTVpQndBPS
IsImFwcGlkIjoiNGM1MzRlMjYtMmU2ZC00OTQ1LWE2NjItYTY4Y2I1YjFhM2VkIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMuY2hpbmFjbG
91ZGFwaS5jbi9jMmMxNDFlNi05Y2E2LTRkNmMtOWNjYy0zNTYzNzZlNmY0NWMvIiwib2lkIjoiNjA0OWMwNjQtNWYyZC00NzIyLWJmODctYzVlNGVmYmUzNm
MyIiwic3ViIjoiNjA0OWMwNjQtNWYyZC00NzIyLWJmODctYzVlNGVmYmUzNmMyIiwidGlkIjoiYzJjMTQxZTYtOWNhNi00ZDZjLTljY2MtMzU2Mzc2ZTZmND
VjIiwidXRpIjoiTjNWLXB3VWM3VXVtZ182VEhWQUlBQSIsInZlciI6IjEuMCJ9.TnTPw3dI429uJuXALSMF3oaZZ2LviD5YH3vnL3zjXnCmO3psLhMSkp1Ag
KKuLGr9RfHPDBgS6c1e6gVeNO9jm3JJSIU7OKDCMoRf0qMYpU-yapkPbArF1E_QBHBueMT-enqy3yZSw0TE5QOmudhW-j6IagnjqpnNUsaZ8FATpQd5IBDGf
RGetc69TX5BSphNzsM_X_uLbZ0sS1ROk_w1GsoJfnQSDE6ALuZHV5aRDPs8k3-sJtvO1SjgCOLRyjrnuYhvaT4k4QXdJTH_EWjhF-eMtf9NBXYBLiA8_SiXr
pzvyMTh4vS77xF9SFWNKE75eD6PXH55EA47s4j96sthwg"}
接下来就是正式创建虚拟机了
首先我们需要给虚拟机准备好虚拟网络。简单起见我这边就用现成的,名为mysql-vnet的虚拟网络,子网为default
image.png
接下来需要为虚机准备网卡,创建网卡的API介绍可以在这里找到
https://docs.microsoft.com/en-us/rest/api/virtualnetwork/networkinterfaces/createorupdate
首先我们配置好Request Body(也就是网卡的一些参数)
创建一个文件createnic.json,内容如下,其中大括号内为需要替换成对应环境的参数
{
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "/subscriptions/{758754b6-cfda-4106-bcf1-d78e6d54d41e订阅ID}/resourceGroups/{mysql资源组名称}/providers/Microsoft.Network/virtualNetworks/{mysql-vnet虚拟网络名称}/subnets/{default子网名称}"
}
}
}
]},
"location": "{chinanorth2所在区域}"
}
准备好了配置文件,执行下面Curl命令即可创建网卡
curl -H "Authorization: Bearer {前面记下来的Access Token}" -H "Content-Type: application/json" -X PUT https://management.chinacloudapi.cn/subscriptions/{758754b6-cfda-4106-bcf1-d78e6d54d41e 订阅名称}/resourceGroups/{mysql 资源组名称}/providers/Microsoft.Network/networkInterfaces/{test-nic2 网卡名称}?api-version=2020-05-01 -d @createnic.json
这就成功创建好了网卡。接下来再根据创建虚机的API
https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate
同理我们先创建虚机的配置文件createvm.json
{
"location": "chinanorth2",
"properties": {
"hardwareProfile": {
"vmSize": "Standard_D1_v2{虚机型号}"
},
"storageProfile": {
"imageReference": {
"sku": "2016-Datacenter{操作系统SKU}",
"publisher": "MicrosoftWindowsServer",
"version": "latest",
"offer": "WindowsServer"
},
"osDisk": {
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Standard_LRS{磁盘类型}"
},
"name": "myVMosdisk",
"createOption": "FromImage"
}
},
"osProfile": {
"adminUsername": "kele{虚拟机用户名}",
"computerName": "myVM{虚拟机主机名}",
"adminPassword": "****{虚拟机密码}"
},
"networkProfile": {
"networkInterfaces": [
{
"id": "/subscriptions/758754b6-cfda-4106-bcf1-d78e6d54d41e/resourceGroups/mysql/providers/Microsoft.Network/networkInterfaces/test-nic{前面创建的网卡}",
"properties": {
"primary": true
}
}
]
}
}
}
再执行命令,(记得参数替换成对应环境的)
curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im9CaExHLXBMUXBFUmVQems1Nzh3ZXpsVVozNCIsImtpZCI6Im9CaExHLXBMUXBFUmVQems1Nzh3ZXpsVVozNCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuY2hpbmFjbG91ZGFwaS5jbi8iLCJpc3MiOiJodHRwczovL3N0cy5jaGluYWNsb3VkYXBpLmNuL2MyYzE0MWU2LTljYTYtNGQ2Yy05Y2NjLTM1NjM3NmU2ZjQ1Yy8iLCJpYXQiOjE1OTM1MTMyOTgsIm5iZiI6MTU5MzUxMzI5OCwiZXhwIjoxNTkzNTE3MTk4LCJhaW8iOiJZMmRnWU5nODYva05VY2NpNHpyMnU0dEtmK2xNQndBPSIsImFwcGlkIjoiZDhiMTVjZTEtMTgzZC00MjY4LTg2OTItYzU2NWNiMTkzYjUzIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMuY2hpbmFjbG91ZGFwaS5jbi9jMmMxNDFlNi05Y2E2LTRkNmMtOWNjYy0zNTYzNzZlNmY0NWMvIiwib2lkIjoiNjQwNWVkMTUtNjQ5Ny00MWViLTgxZTgtOGViYTZlMzQwMGZkIiwic3ViIjoiNjQwNWVkMTUtNjQ5Ny00MWViLTgxZTgtOGViYTZlMzQwMGZkIiwidGlkIjoiYzJjMTQxZTYtOWNhNi00ZDZjLTljY2MtMzU2Mzc2ZTZmNDVjIiwidXRpIjoidHhpR05oMm9mRXFmMFNJRlVtNTRBQSIsInZlciI6IjEuMCJ9.Hgg2w1V4k-5rEszdlrb93Nt_fAvPkfzdNBR9PPoiBM5iUwYSFxJTWBDvKtewvEovQxkmvV-VbzRIFv5oALHHh4aO5qJ6xWQbRQpqgMGnDG0Ojz4GkyCbEAZO-e51VoPdlyAlDN8YlX1D9fF3kueHDLDB8CccHFxJi6djk9BD3yFMJjWkrPVNMgzyDRQS_XAA8V1SW7FWLWflpCzbBeMhyMmHGhPoaJVhvtkjONvb2rJs45h79g3LLfZ09w07gVYjq-aLYMIhi-cIhx4kcNEWqAfQEvYQjUDC1a-VtGet9b_8favMsGTKy4mUs53XYCoA4gEOWyrbHDwc2SZ9Su_yFg" -H "Content-Type: application/json" -X PUT https://management.chinacloudapi.cn/subscriptions/758754b6-cfda-4106-bcf1-d78e6d54d41e{订阅ID}/resourceGroups/mysql{资源组名}/providers/Microsoft.Compute/virtualMachines/vmtest01{虚机名}?api-version=2019-12-01 -d @createvm.json
虚机就创建好了。
当然实际的情况中,可能我们还有NSG, Disk等特殊配置的需求,这些我们也都是可以通过RestAPI的方式来完成的。具体的文档可以去这里查阅
https://docs.microsoft.com/en-us/rest/api/azure/
总结
可以看到,除了刚开始需要准备一个Service Principal如果没有CLI的话会多一些步骤,后面还是比较直观的。
