使用 Terraform 在 VMware Cloud Foundation as a Service 中配置虚拟数据中心
本教程可能会发生成本。 使用“成本估算器”根据您的预计使用量生成成本估算。
本教程将演示在初始实例配置后运行 IBM Cloud® for VMware Cloud Foundation as a Service 单租户或多租户虚拟数据中心 (VDC) 的基本步骤。 本教程大约需要 20-30 分钟即可完成,假定 VMware Cloud Foundation as a Service 实例 和 VDC 已经配置。 本教程使用的是 Terraform 模板示例,如有需要,可根据具体情况进行定制和修改。
目标
在本教程中,您将学到
- 如何使用 Terraform 创建 VDC 网络。
- 如何使用 Terraform 在 VDC 网络上创建虚拟机 (VM)。
- 如何使用 Terraform 在 VDC 边缘网关上配置网络地址转换 (NAT) 和防火墙 (FW) 规则。
下图为将要部署的解决方案概览。
{: caption="*
- 使用 IBM Cloud 控制台在单一租户实例中创建 VDC。 您的实例可能有一个或多个 VDC,因此您可以使用专用 VDC 进行测试。 此示例 VDC 仅使用
2 IOPS/GB存储池。 - 创建 VDC 时,会自动创建边缘网关和外部网络。 外部网络为您提供互联网接入,并提供一个
/29的 IP 地址块,其中有 6 个可用的公共 IP 地址。 - Terraform 模板用于创建 VDC 网络、虚拟机以及防火墙和网络地址转换规则。 创作完全由变量控制。 Terraform 使用用户名和密码验证 VMware Cloud Director API。 访问令牌将在不久的将来得到支持。
- 创建了三个 VDC 网络:两个路由网络(
application-network-1和db-network-1)和一个隔离网络(isolated-network-1)。路由 VDC 网络连接到边缘网关,而隔离 VDC 网络是一个独立网络。 您可以根据自己的需要创建更多网络。 - 使用 Windows 2022 操作系统创建了一个跳转服务器(
jump-server-1)。 服务器连接到application-network-1。 您可以通过虚拟机控制台访问虚拟机,也可以通过在边缘网关上创建的 DNAT 规则使用 RDP 访问虚拟机。 - 在
application-network-1上创建了一个示例虚拟机(application-server-1)。application-server-1有一个附加磁盘,例如用于日志记录。 您可以根据需要创建更多虚拟机或磁盘。 - 在
db-network-1和isolated-network-1上创建了一个虚拟机示例(db-server-1),其中有两个独立的 vnics。db-server-1有两个额外的磁盘,例如用于数据和日志记录的磁盘。 您可以根据需要创建更多虚拟机或磁盘。 - 为公共网络访问创建源 NAT (SNAT) 和目标 NAT (DNAT) 规则。 为所有路由网络配置了连接公共互联网的 SNAT,为访问应用服务器配置了 DNAT。
- 提供防火墙规则,以确保环境的网络访问安全。 要创建防火墙规则,需要为网络和单个 IP 地址创建静态组和 IP 集。
本教程分为以下几个步骤:
还提供了使用 VMware Cloud Director 控制台的 替代教程。
准备工作
本教程需要
- 一个 IBM Cloud 计费账户、
- 检查用户许可权。 确保您的用户帐户具有足够的权限 来创建和管理 VMware Cloud Foundation as a Service 资源。
- 预配置的 VMware Cloud Foundation as a Service 单租户实例、
- 在 VMware Cloud Foundation as a Service 单租户实例上预先配置的 VDC、
- IBM Cloud CLI、
- IBM Cloud API KEY、
jq以查询 JSON 文件,以及- Terraform 与 VMware Cloud Director Provider 一起使用基础架构即代码来调配资源。
您可以在 教程入门 指南中找到针对您的操作环境下载和安装这些工具的说明。
克隆示例软件源
VMware Cloud Foundation as a Service 的 Terraform 模板示例位于 GitHub 中。
将示例软件包克隆到本地计算机中,例如笔记本电脑或可上网的虚拟服务器。
例如,使用 GitHub CLI:
gh repo clone IBM/vmwaas-terraform-examples
或者使用 HTTPS 与以下 URL:
https://github.com/IBM/vmwaas-terraform-examples.git
获取有关 VDC 的所需信息
作为前提条件,使用 IBM Cloud 控制台创建 VMware Cloud Foundation as a Service 单租户实例,并在其上创建 一个或多个 VDC。
部署实例和 VDC 后,可以从控制台收集所需的详细信息和 VDC ID。
登录 VMware Cloud Foundation as a Service 单租户实例的 VMware Cloud Director 控制台:
- 在 VMware Cloud Foundation as a Service 表中,单击 VMware Cloud Foundation as a Service 实例名称。
- 在 “摘要”选项卡上查看信息。
- 如果这是您第一次访问 VDC 区域的 VMware Cloud Director 控制台,则必须设置管理员凭据以生成初始、复杂和随机的密码。
- 在 VDC 详细信息页面上,单击 VMware Cloud Director Console 访问控制台。
- 使用 admin 用户名和密码首次登录 VMware Cloud Director 控制台。
- 管理员登录 VMware Cloud Director 控制台后,您可以创建具有允许其访问 VMware Cloud Director 控制台的角色的额外用户。
您可以登录 VMware Cloud Director 控制台,收集 Terraform 部署所需的信息。 您也可以使用示例软件仓库中提供的 vmwaas.sh shell 脚本。 脚本将使用 VMware Cloud Foundation as a Service API 收集这些值。
要使用该脚本,请使用以下命令配置您的地区和 API 密钥:
export IBMCLOUD_API_KEY=your-api-key-here
export IBMCLOUD_REGION=region-here
默认区域为 us-south。
脚本使用:
% ./vmwaas.sh
USAGE : vmwaas [ ins | in | vdcs | vdc | vdcgw | tf | tfvars ]
列出您的实例:
% ./vmwaas.sh ins
Get instances.
Instances:
NAME DIRECTOR_SITE_ID LOCATION STATUS
demo b75efs1c-35df-40b3-b569-1124be37687d us-south-1 ReadyToUse
列出 VDC:
% ./vmwaas.sh vdcs
Get virtual datacenters.
VDCs:
NAME ID DIRECTOR_SITE_ID CRN
vdc-demo 5e37ed2d-54cc-4798-96cf-c363de922ab4 b75efs1c-35df-40b3-b569-1124be37687d crn:v1:bluemix:public:vmware:us-south:...
获取用于身份验证的 Terraform TF_VAR:
% ./vmwaas.sh tfvars vdc-demo
Get variables for Terraform in export format.
TF_VARs:
export TF_VAR_vmwaas_url="https://<your_url>.us-south.vmware.cloud.ibm.com/api"
export TF_VAR_vmwaas_org="f37f3422-e6c4-427e-b277-9fec334b99fb"
export TF_VAR_vmwaas_vdc_name="vdc-demo"
你可以将这些内容导出到 shell,或者使用 tfvars 选项将 terraform.tfvars 行添加到 terraform.tfvars 文件中,作为脚本的输出。
配置 Terraform 模板变量
此示例基础架构 Terraform 模板位于 vcd-demo-infra 文件夹中。
此演示 Terraform 模板部署了以下示例基础架构,其中包括两个路由 VDC 网络和一个隔离 VDC 网络、三个虚拟机以及 SNAT、DNAT 和防火墙规则示例。
Terraform 使用 VMware云计算指导提供程序,示例中使用的主要提供程序资源如下:
- vcd_network_routed_v2
- vcd_network_isolated_v2
- vcd_vm
- vcd_nsxt_ip_set
- vcd_nsxt_security_group
- vcd_nsxt_nat_rule
- vcd_nsxt_firewall
在此示例模板中,创建完全由 Terraform 变量控制,无需更改实际的 Terraform 模板,例如在需要更多网络或虚拟机时。 提供了一个 terraform.tfvars-example 文件示例,并对示例值进行了解释。
开始之前,请将示例 terraform.tfvars-example 复制到 terraform.tfvars 中:
cp terraform.tfvars-example terraform.tfvars
您可以根据自己的需要使用它,添加更多网络、更多虚拟机并自定义 NAT 或防火墙规则等。
-
设置以下通用变量以访问实例和 VDC。
# Note. Variable values to access your Director instance. Use the Director portal # to figure our your values here. vmwaas_url = "put-your-director-url-here" # for example "https://abcxyz.us-south.vmware.cloud.ibm.com/api" vmwaas_org = "put-your-org-id-here" vmwaas_vdc_name = "put-your-vdc-name-here" vmwaas_api_token = "" # Note. See VMware Docs to create API token. #vmwaas_user = "put-your-username-here" # Note. When using a username and password, create a new local user in Director for terraform. #vmwaas_password = "put-your-password-here" # Note. When using a username and password, create a new local user in Director for terraform.要创建API令牌,请参阅 VMware Cloud Director文档。
对于这些变量,您也可以为
vmwaas_api_token、vmwaas_user和vmwaas_password创建名为 TF_VAR_ 的环境变量,而不是如vmwaas.sh脚本所示在terraform.tfvars中定义它们。 在这种情况下,请在terraform.tfvars中注释掉这几行。如果更改了身份验证方法,则需要更改代码中的提供程序块,以使用不同的身份验证方法。
-
设置一个通用名称前缀,以识别和区分 VDC 网络、虚拟机等。
# Note. Use a common name prefix for each item. item_name_prefix = "demo" -
为虚拟机定义 DNS 服务器。
您可以在虚拟机中使用 IBM Cloud 公共 DNS 服务器,也可以使用自己的 DNS 服务器。
# Note. IBM Cloud DNS servers listed here. # You may also use your own here. dns_servers = ["161.26.1.10","161.26.1.11"]在此使用您自己的 DNS 服务器时,请确保您有网络连接来连接这些服务器。
-
定义 VDC 网络。
创建 VDC 网络时,使用映射变量
vdc_networks来定义这些网络及其 IP 池。# Note. Create VDC networks of type `routed` or # `isolated`. You can define one `static_ip_pool`and one # `dhcp_ip_pool` for each. vdc_networks = { application-network-1 = { description = "Application network 1" type = "routed" subnet = { cidr = "172.26.1.0/24" prefix_length = 24 gateway = "172.26.1.1" static_ip_pool = { start_address = "172.26.1.10" end_address = "172.26.1.100" } dhcp_ip_pool = { start_address = "172.26.1.101" end_address = "172.26.1.199" } } }, db-network-1 = { description = "DB network 1" type = "routed" subnet = { cidr = "172.26.2.0/24" prefix_length = 24 gateway = "172.26.2.1" static_ip_pool = { start_address = "172.26.2.10" end_address = "172.26.2.100" } dhcp_ip_pool = { start_address = "172.26.2.101" end_address = "172.26.2.199" } } }, isolated-network-1 = { description = "Isolated network 1" type = "isolated" subnet = { cidr = "172.26.3.0/24" prefix_length = 24 gateway = "172.26.3.1" static_ip_pool = { start_address = "172.26.3.10" end_address = "172.26.3.100" } dhcp_ip_pool = {} # leave empty for isolated network } }, } -
定义虚拟机配置。
创建虚拟机时,使用映射变量
virtual_machines来定义这些虚拟机。# Note. Create VMs inside your VDC. # You can define each one individually and attach multiple networks # and disks. Individual disks are created for each additional disk. # Note. Check the storage profile names and apply to your VMs / disks. # If left empty, default profile is used. virtual_machines = { app-server-1 = { image = { catalog_name = "Public Catalog" template_name = "RedHat-8-Template-Official" } memory = 8192 cpus = 2 cpu_hot_add_enabled = true memory_hot_add_enabled = true storage_profile = "2 IOPS/GB" networks = { 0 = { name = "application-network-1" ip_allocation_mode = "POOL" is_primary = true ip = "" }, } disks = { 0 = { name = "logDisk" size_in_mb = "100" bus_type = "SCSI" bus_sub_type = "VirtualSCSI" bus_number = 1 storage_profile = "" }, } }, db-server-1 = { image = { catalog_name = "Public Catalog" template_name = "RedHat-8-Template-Official" } memory = 8192 cpus = 2 cpu_hot_add_enabled = true memory_hot_add_enabled = true storage_profile = "" networks = { 0 = { name = "db-network-1" ip_allocation_mode = "POOL" is_primary = true ip = "" }, 1 = { name = "isolated-network-1" ip_allocation_mode = "POOL" is_primary = false ip = "" }, } disks = { 0 = { name = "dbDisk" size_in_mb = "100" bus_type = "SCSI" bus_sub_type = "VirtualSCSI" bus_number = 1 storage_profile = "" }, 1 = { name = "dbLogDisk" size_in_mb = "100" bus_type = "SCSI" bus_sub_type = "VirtualSCSI" bus_number = 1 storage_profile = "" }, } }, jump-server-1 = { image = { catalog_name = "Public Catalog" template_name = "Windows-2022-Template-Official" } memory = 8192 cpus = 2 cpu_hot_add_enabled = true memory_hot_add_enabled = true storage_profile = "" networks = { 0 = { name = "application-network-1" ip_allocation_mode = "POOL" is_primary = true ip = "" }, }, disks = {} }, } -
定义公共 IP 地址映射。
每个 VDC 及其边缘网关可获得 6 个公共 IP 地址。 此 Terraform 模板将所提供的连续 IP 地址列表视为地图。 以下变量
public_ips描述了为 VDC 提供的公共 IP 地址。 您可以使用键(如public-ip-1)来定义模板中的 IP 地址并将其用作参考,而无需在其他变量中实际指定真正的 IP 地址(如xx.yy.zz.56)。# Note. Map of available 6 public IPs. You can use these names # in NAT rules. Do not change the map's keys here. public_ips = { public-ip-0 = { name = "public-ip-0" description = "" }, public-ip-1 = { name = "public-ip-1" description = "" }, public-ip-2 = { name = "public-ip-2" description = "" }, public-ip-3 = { name = "public-ip-3" description = "" }, public-ip-4 = { name = "public-ip-4" description = "" }, public-ip-5 = { name = "public-ip-5" description = "" }, } -
定义 NAT 规则
变量
nat_rules定义了要创建的 NAT 规则。 请查看所提供的示例,并根据自己的需要进行修改。# Note. You can use `vdc_networks` or `virtual_machines` keys as # address_targets here. Terraform will pick the IP address of # the specific resource and use that in the actual NAT rule. # Note. You can specify the desired actual public IP address # (`external_address`) in the rule, or you can use the # `external_address_list_index`, which will pick the IP # addresses from the allocated IP pool (`edge_gateway_allocated_ips`). # Note. Use Director UI to get the name for the Application # profiles." nat_rules = { dnat-to-app-1 = { rule_type = "DNAT" description = "DNAT rule to app-server-1" external_address_target = "public-ip-1" external_address = "" internal_address_target = "app-server-1" internal_address = "" dnat_external_port = "" app_port_profile = "" logging = false priority = 90 enabled = true }, dnat-to-jump-1 = { rule_type = "DNAT" description = "DNAT rule to jump-server-1" external_address_target = "public-ip-2" external_address = "" internal_address_target = "jump-server-1" internal_address = "" dnat_external_port = "" app_port_profile = "" logging = false priority = 90 enabled = true }, snat-to-internet-1 = { rule_type = "SNAT" description = "SNAT rule to application-network-1" external_address_target = "public-ip-0" external_address = "" internal_address_target = "application-network-1" internal_address = "" snat_destination_address = "" logging = false priority = 100 enabled = true }, snat-to-internet-2 = { rule_type = "SNAT" description = "SNAT rule to db-network-1" external_address_target = "public-ip-0" external_address = "" internal_address_target = "db-network-1" internal_address = "" snat_destination_address = "" logging = false priority = 100 enabled = true }, } -
创建定义防火墙规则所需的 IP 组和静态组。
Terraform 模板会为 NAT 规则中使用的公共 IP 地址创建 IP 集。 您还可以定义其他 IP 集,例如内部网络或其他专用或公用 IP 地址。
# Note. You need to create IP sets to be used in firewall rules. # You can use the `public_ips` keys here as address_targets, # but you can define IP sets using real IP addresses using a # list `ip_addresses`. ip_sets = { ip-set-on-public-ip-0 = { description = "Public IP 0 - used for SNAT" ip_addresses = [] address_target = "public-ip-0" }, ip-set-on-public-ip-1 = { description = "Public IP 1 - used for DNAT to app-server-1" ip_addresses = [] address_target = "public-ip-1" }, ip-set-on-public-ip-2 = { description = "Public IP 2 - used for DNAT to jump-server-1" ip_addresses = [] address_target = "public-ip-2" }, ip-set-on-public-ip-3 = { description = "Public IP 3" ip_addresses = [] address_target = "public-ip-3" }, ip-set-on-public-ip-4 = { description = "Public IP 4" ip_addresses = [] address_target = "public-ip-4" }, ip-set-on-public-ip-5 = { description = "Public IP 5" ip_addresses = [] address_target = "public-ip-5" }, ip-set-on-premises-networks = { description = "On-premises networks" ip_addresses = ["172.16.0.0/16",] address_target = "" }, }您还可以在防火墙规则中使用静态组作为源和目标。 此示例创建了三个静态组,一个用于每个路由 VDC 网络,另一个包括所有路由 VDC 网络。
# Note. You need to create Static Groups to be used in firewall rules. # You can use `vdc_networks` as keys here. security_groups = { sg-application-network-1 = { description = "Static Group for application-network-1" address_targets = ["application-network-1"] }, sg-db-network-1 = { description = "Static Group for db-network-1" address_targets = ["db-network-1"] }, sg-all-routed-networks = { description = "Static Group for all VDC networks" address_targets = ["application-network-1", "db-network-1"] }, } -
定义防火墙规则。
变量
firewall_rules定义了要创建的防火墙规则。 请参阅所提供的示例,并根据自己的需要进行修改。# Note. Use "ALLOW or "DROP". # Note. Use Director UI to get the name for the Application # profiles." firewall_rules = { app-1-egress = { action = "ALLOW" direction = "OUT" ip_protocol = "IPV4" destinations = [] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) sources = ["sg-application-network-1", "sg-db-network-1"] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) system_app_ports = [] logging = false enabled = true }, dnat-to-app-1-ingress = { action = "ALLOW" direction = "IN" ip_protocol = "IPV4" destinations = ["ip-set-on-public-ip-1"] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) sources = [] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) system_app_ports = ["SSH","HTTPS","ICMP ALL"] logging = false enabled = true }, dnat-to-jump-1-ingress = { action = "ALLOW" direction = "IN" ip_protocol = "IPV4" destinations = ["ip-set-on-public-ip-2"] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) sources = [] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) system_app_ports = ["RDP"] logging = false enabled = true }, }
一般不建议在公共互联网上使用 RDP。 上述规则仅用于说明目的。
启动、规划和应用
-
要初始化 Terraform 项目,请在示例目录中运行
terraform init命令并观察输出。例如:
% terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/random... - Finding latest version of vmware/vcd... - Installing hashicorp/random v3.4.3... - Installed hashicorp/random v3.4.3 (signed by HashiCorp) - Installing vmware/vcd v3.8.2... - Installed vmware/vcd v3.8.2 (signed by a HashiCorp partner, key ID 8BF53DB49CDB70B0) Partner and community providers are signed by their developers. If you'd like to know more about provider signing, you can read about it here: https://www.terraform.io/docs/cli/plugins/signing.html Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. -
接下来,您可以运行
terraform plan查看将要部署的内容。% terraform plan data.vcd_resource_list.list_of_vdcs: Reading... data.vcd_resource_list.list_of_vdc_edges: Reading... data.vcd_resource_list.list_of_catalog_items: Reading... data.vcd_nsxt_app_port_profile.system["SSH"]: Reading... data.vcd_nsxt_app_port_profile.system["HTTPS"]: Reading... data.vcd_nsxt_app_port_profile.system["ICMP ALL"]: Reading... data.vcd_org_vdc.org_vdc: Reading... [output omitted] Plan: 29 to add, 0 to change, 0 to destroy. -
检查计划输出,如果一切按计划进行,就可以运行
terraform apply来实际部署资产。例如:
% terraform apply --auto-approve data.vcd_resource_list.list_of_vdcs: Reading... data.vcd_resource_list.list_of_vdc_edges: Reading... data.vcd_resource_list.list_of_catalog_items: Reading... data.vcd_nsxt_app_port_profile.system["SSH"]: Reading... data.vcd_nsxt_app_port_profile.system["HTTPS"]: Reading... data.vcd_nsxt_app_port_profile.system["ICMP ALL"]: Reading... data.vcd_org_vdc.org_vdc: Reading... [output omitted] Apply complete! Resources: 29 added, 0 changed, 0 destroyed. -
除上述示例外,terraform 还提供了一些变量
outputs。 选中这些output值,即可获得访问虚拟机的 IP 地址和其他访问信息。例如,您可以运行
terraform output created_virtual_machines来获取虚拟机的访问权限信息:% terraform output created_virtual_machines { "app-server-1" = { "admin_password" = "<omitted>" "name" = "demo-app-server-1" "network" = [ { "ip_address" = "172.26.1.10" "is_primary" = true "name" = "demo-application-network-1" }, ] } "db-server-1" = { "admin_password" = "<omitted>" "name" = "demo-db-server-1" "network" = [ { "ip_address" = "172.26.2.10" "is_primary" = true "name" = "demo-db-network-1" }, { "ip_address" = "172.26.3.10" "is_primary" = false "name" = "demo-isolated-network-1" }, ] } "jump-server-1" = { "admin_password" = "<omitted>" "name" = "demo-jump-server-1" "network" = [ { "ip_address" = "172.26.1.11" "is_primary" = true "name" = "demo-application-network-1" }, ] } }要获取 NAT 规则和使用的公共 IP 地址,可以运行
terraform output created_nat_rules命令:% terraform output created_nat_rules { "dnat-to-app-1" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.19" "internal_address" = "172.26.1.10" "name" = "demo-dnat-to-app-1" "rule_type" = "DNAT" "snat_destination_address" = "" } "dnat-to-jump-1" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.20" "internal_address" = "172.26.1.11" "name" = "demo-dnat-to-jump-1" "rule_type" = "DNAT" "snat_destination_address" = "" } "snat-to-internet-1" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.18" "internal_address" = "172.26.1.0/24" "name" = "demo-snat-to-internet-1" "rule_type" = "SNAT" "snat_destination_address" = "" } "snat-to-internet-2" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.18" "internal_address" = "172.26.2.0/24" "name" = "demo-snat-to-internet-2" "rule_type" = "SNAT" "snat_destination_address" = "" } }您可以通过输出
created_fw_rules获得配置的防火墙规则,通过created_ip_sets获得 IP 组,通过created_static_groups获得静态组,等等。 例如:terraform output created_fw_rules
配置完成后,请确保根据您的标准和需求调整示例防火墙规则。 它们将暴露对虚拟机的公共访问,如 ssh 和 RDP,此处的配置仅供演示之用。
连接到 VMware Cloud Director 控制台
请参阅 替代教程,了解如何使用和访问 VMware Cloud Director 控制台。 检查已部署的资产以及边缘网关的配置方式(FW 和 NAT 规则)。
例如,从 terraform output 中获取虚拟机的用户名和密码:
terraform output created_virtual_machines
要通过 VMware Cloud Director 控制台中的控制台连接到虚拟机:
- 单击 Launch Web Console 打开虚拟机的本地控制台。
- 使用网络控制台,使用 root 作为用户 ID 和上一步获取的密码登录虚拟机。
- 然后,您就可以 ping 互联网资源(如
www.ibm.com),表明联网已完成并开始工作。
通过互联网连接虚拟机并验证连接性
最后一步是通过互联网连接虚拟机,以验证部署和网络连接。
通过互联网连接虚拟机:
- 您应该能够 ping 公共 IP 地址
public-ip-1并从笔记本电脑或工作站 ssh 到您的app-server-1显示联网已完成并正在运行。 - 使用公共 IP 地址
public-ip-2和上一步中收集的用户名和密码,您应该可以使用 RDP 连接到 Jump 服务器jump-server-1。 - 然后,您可以使用控制台编辑上一步创建的 FW 规则
dnat-to-app-1-ingress及其状态,将状态滑动到已禁用(灰色),从而禁用该规则,也可以将特定规则中的 Terraform 变量更改为Drop并运行terraform apply --auto-approve。 - 然后,您可以使用控制台编辑上一步创建的 FW 规则
dnat-to-jump-1-ingress及其状态,将状态滑动到已禁用(灰色),从而禁用该规则,也可以将特定规则中的 Terraform 变量更改为Drop并运行terraform apply --auto-approve。
参考资料
有关管理 VDC 的详细信息,请查看以下 VMware Cloud Director™ 租户门户指南:
有关提供程序、资源和数据源的详细信息,请查看 Terraform 注册表: