配置虛擬資料中心VMware Cloud Foundation as a Service與地形
本指導教學可能會產生成本。 使用「成本估算器」根據您的預計用量生成成本估算。
本教程旨在示範操作的基本步驟IBM Cloud® for VMware Cloud Foundation as a Service初始實例配置後的單一租用戶或多租用戶虛擬資料中心 (VDC)。 本教程大約需要 20-30 分鐘才能完成,並假設 A VMware Cloud Foundation as a Service實例 和 直流電壓 已經被配置。 本教學使用範例 Terraform 模板,如果需要,可以根據您的用例對其進行自訂和修改。
目標
在本教程中,您將學習到
- 如何使用 Terraform 建立 VDC 網路。
- 如何使用 Terraform 在 VDC 網路上建立虛擬機器 (VM)。
- 如何使用 Terraform 在 VDC 邊緣閘道器上設定網路位址轉換 (NAT) 和防火牆 (FW) 規則。
下圖概述了要部署的解決方案。
- 使用IBM Cloud用於在單一租用戶實例中建立 VDC 的控制台。 您的實例可能有一個或多個 VDC,因此您可以擁有一個專用 VDC 來進行測試。 此範例 VDC 僅使用
2 IOPS/GB儲存池。 - 建立VDC時,會自動建立邊緣網關和外部網路。 外部網路為您提供 Internet 存取權和 IP 位址區塊
/29提供6個可用的公共IP位址。 - Terraform 範本用於建立 VDC 網路、虛擬機器以及防火牆和網路位址轉換規則。 創建過程是透過變數完全控制的。 Terraform 進行身份驗證VMware具有使用者名稱和密碼的 Cloud Director API。 不久的將來將支援訪問令牌。
- 建立三個 VDC 網路:兩個路由(
application-network-1和db-network-1)和一個孤立的(isolated-network-1)。路由 VDC 網路連接到邊緣網關,而隔離 VDC 網路是獨立網路。 您可以根據自己的需求建立更多的網路。 - 跳轉伺服器(
jump-server-1)是使用 Windows 2022 作業系統建立的。 伺服器連接到application-network-1。 您可以透過 VM 控制台存取虛擬機,或透過在 Edge Gateway 上建立的 DNAT 規則使用 RDP。 - 一個範例虛擬機器(
application-server-1)創建於application-network-1。 這application-server-1有一個額外的磁碟,例如用於記錄。 您可以根據需要建立更多虛擬機器或磁碟。 - 一個範例虛擬機器(
db-server-1)創建於db-network-1和isolated-network-1有兩個獨立的 vnic。 這db-server-1有兩個附加磁碟,例如用於資料和日誌記錄。 您可以根據需要建立更多虛擬機器或磁碟。 - 為公網存取建立來源NAT(SNAT)和目的NAT(DNAT)規則。 為所有路由網路配置到公共互聯網的 SNAT,並配置 DNAT 以存取應用程式伺服器。
- 配置防火牆規則是為了保護對環境的網路存取。 為了建立防火牆規則,需要為網路和單獨的 IP 位址建立靜態群組和 IP 集。
本教程分為以下幾個步驟:
一個 替代教程 使用VMwareCloud Director 控制台也可使用。
開始之前
本教學需要:
- 一個IBM Cloud計費帳戶,
- 檢查使用者許可權。 確保您的使用者帳戶有足夠的權限 創建和管理VMware Cloud Foundation as a Service資源。
- 預先配置的VMware Cloud Foundation as a Service單一租用戶實例,
- 預先配置的 VDC VMware Cloud Foundation as a Service單一租用戶實例,
- IBM Cloud命令列介面,
- IBM Cloud API金鑰,
jq查詢 JSON 文件,和- 地形和 VMware雲端總監供應商使用基礎架構即程式碼來設定資源。
您將在以下位置找到針對您的操作環境下載和安裝這些工具的說明:教學入門 指導。
克隆範例儲存庫
範例 Terraform 模板VMware Cloud Foundation as a Service位於 GitHub。
將範例儲存庫複製到本機中,例如筆記型電腦或具有 Internet 存取權限的虛擬伺服器。
例如使用GitHub命令列介面:
gh repo clone IBM/vmwaas-terraform-examples
或使用 HTTPS 與下列 URL:
https://github.com/IBM/vmwaas-terraform-examples.git
獲取有關您的 VDC 的所需信息
作為先決條件,請使用 IBM Cloud安慰 到 創造你的VMware Cloud Foundation as a Service單一租用戶實例 和 一個或多個 VDC 在上面。
部署執行個體和 VDC 後,您可以從控制台收集所需的詳細資訊和 VDC ID。
登入VMware Cloud Foundation as a Service單一租用戶實例的VMware雲端總監控制台:
- 在裡面 VMware Cloud Foundation as a Service 表,單擊VMware Cloud Foundation as a Service實例名稱。
- 上概括選項卡,查看資訊。
- 如果這是您第一次訪問VMware對於 VDC 區域的 Cloud Director 控制台,您必須設定管理員憑證以產生初始密碼、複雜密碼和隨機密碼。
- 在VDC詳情頁面,點擊 VMware雲端總監控制台訪問控制台。
- 使用admin使用者名稱和密碼登入VMware首次推出雲端總監控制台。
- 管理員登入後VMwareCloud Director 控制台,您可以建立額外的用戶,這些用戶具有允許他們訪問VMware雲端總監控制台。
您可以登入VMwareCloud Director 控制台,用於收集 Terraform 部署所需的資訊。 您也可以使用提供的 vmwaas.sh 範例儲存庫中的 shell 腳本。 該腳本將使用以下方式收集這些值VMware Cloud Foundation as a Service API。
若要使用該腳本,請使用下列命令設定您的區域和 API 金鑰:
export IBMCLOUD_API_KEY=your-api-key-here
export IBMCLOUD_REGION=region-here
預設區域是 us-south。
腳本用法:
% ./vmwaas.sh
USAGE : vmwaas [ ins | in | vdcs | vdc | vdcgw | tf | tfvars ]
列出您的實例:
% ./vmwaas.sh ins
Get instances.
Instances:
NAME DIRECTOR_SITE_ID LOCATION STATUS
demo b75efs1c-35df-40b3-b569-1124be37687d us-south-1 ReadyToUse
要列出您的 VDC:
% ./vmwaas.sh vdcs
Get virtual datacenters.
VDCs:
NAME ID DIRECTOR_SITE_ID CRN
vdc-demo 5e37ed2d-54cc-4798-96cf-c363de922ab4 b75efs1c-35df-40b3-b569-1124be37687d crn:v1:bluemix:public:vmware:us-south:...
若要取得 Terraform TF_VAR 進行身份驗證:
% ./vmwaas.sh tfvars vdc-demo
Get variables for Terraform in export format.
TF_VARs:
export TF_VAR_vmwaas_url="https://<your_url>.us-south.vmware.cloud.ibm.com/api"
export TF_VAR_vmwaas_org="f37f3422-e6c4-427e-b277-9fec334b99fb"
export TF_VAR_vmwaas_vdc_name="vdc-demo"
您可以將它們匯出到您的 shell,或者您可以獲得terraform.tfvars要新增到的行 terraform.tfvars 文件作為腳本的輸出,使用 tfvars 選項。
配置 Terraform 模板變數
此範例基礎架構 Terraform 範本位於資料夾中 vcd-demo-infra。
此示範 Terraform 範本部署以下範例基礎設施,其中包含兩個路由網路和一個隔離 VDC 網路、三台虛擬機器以及範例 SNAT、DNAT 和防火牆規則。
Terraform 使用 VMware雲端總監供應商範例中使用的主要提供者資源是:
- vcd_network_routed_v2
- vcd_network_isolated_v2
- 光碟虛擬機
- vcd_nsxt_ip_set
- vcd_nsxt_安全性群組
- vcd_nsxt_nat_規則
- vcd_nsxt_防火牆
在此範例模板中,建立是透過 Terraform 變數完全控制的 - 您無需更改實際的 Terraform 模板,例如,如果您需要更多網路或虛擬機器。 一個例子 terraform.tfvars-example 提供了文件並提供了範例值和解釋。
開始之前,先複製範例 terraform.tfvars-example 到 terraform.tfvars,例如:
cp terraform.tfvars-example terraform.tfvars
您可以這樣使用它,根據您的需求添加更多網路、更多虛擬機器並自訂 NAT 或防火牆規則等。
-
設定以下公共變數以存取您的實例和 VDC。
# Note. Variable values to access your Director instance. Use the Director portal # to figure our your values here. vmwaas_url = "put-your-director-url-here" # for example "https://abcxyz.us-south.vmware.cloud.ibm.com/api" vmwaas_org = "put-your-org-id-here" vmwaas_vdc_name = "put-your-vdc-name-here" vmwaas_api_token = "" # Note. See VMware Docs to create API token. #vmwaas_user = "put-your-username-here" # Note. When using a username and password, create a new local user in Director for terraform. #vmwaas_password = "put-your-password-here" # Note. When using a username and password, create a new local user in Director for terraform.若要建立 API 令牌,請參閱 VMware Cloud Director Docs。
對於這些變量,您也可以建立名為 TF_VAR_ 的環境變量
vmwaas_api_token,vmwaas_user和vmwaas_password而不是將它們定義為terraform.tfvars如通過所示vmwaas.sh腳本。 在這種情況下,請在您的terraform.tfvars。如果變更驗證方法,則需要變更程式碼中的提供者區塊以使用不同的驗證方法。
-
設定通用名稱前綴來識別和分隔您的 VDC 網路、虛擬機器等。
# Note. Use a common name prefix for each item. item_name_prefix = "demo" -
為虛擬機器定義 DNS 伺服器。
您可以使用IBM Cloud您的虛擬機器中的公用 DNS 伺服器,或者您也可以使用自己的 DNS 伺服器。
# Note. IBM Cloud DNS servers listed here. # You may also use your own here. dns_servers = ["161.26.1.10","161.26.1.11"]此處使用您自己的 DNS 伺服器時,請確保您有網路連線來存取這些伺服器。
-
定義 VDC 網路。
建立VDC網路時,使用map變數
vdc_networks定義這些及其 IP 池。# Note. Create VDC networks of type `routed` or # `isolated`. You can define one `static_ip_pool`and one # `dhcp_ip_pool` for each. vdc_networks = { application-network-1 = { description = "Application network 1" type = "routed" subnet = { cidr = "172.26.1.0/24" prefix_length = 24 gateway = "172.26.1.1" static_ip_pool = { start_address = "172.26.1.10" end_address = "172.26.1.100" } dhcp_ip_pool = { start_address = "172.26.1.101" end_address = "172.26.1.199" } } }, db-network-1 = { description = "DB network 1" type = "routed" subnet = { cidr = "172.26.2.0/24" prefix_length = 24 gateway = "172.26.2.1" static_ip_pool = { start_address = "172.26.2.10" end_address = "172.26.2.100" } dhcp_ip_pool = { start_address = "172.26.2.101" end_address = "172.26.2.199" } } }, isolated-network-1 = { description = "Isolated network 1" type = "isolated" subnet = { cidr = "172.26.3.0/24" prefix_length = 24 gateway = "172.26.3.1" static_ip_pool = { start_address = "172.26.3.10" end_address = "172.26.3.100" } dhcp_ip_pool = {} # leave empty for isolated network } }, } -
定義虛擬機器配置。
建立VM時,使用map變數
virtual_machines來定義這些。# Note. Create VMs inside your VDC. # You can define each one individually and attach multiple networks # and disks. Individual disks are created for each additional disk. # Note. Check the storage profile names and apply to your VMs / disks. # If left empty, default profile is used. virtual_machines = { app-server-1 = { image = { catalog_name = "Public Catalog" template_name = "RedHat-8-Template-Official" } memory = 8192 cpus = 2 cpu_hot_add_enabled = true memory_hot_add_enabled = true storage_profile = "2 IOPS/GB" networks = { 0 = { name = "application-network-1" ip_allocation_mode = "POOL" is_primary = true ip = "" }, } disks = { 0 = { name = "logDisk" size_in_mb = "100" bus_type = "SCSI" bus_sub_type = "VirtualSCSI" bus_number = 1 storage_profile = "" }, } }, db-server-1 = { image = { catalog_name = "Public Catalog" template_name = "RedHat-8-Template-Official" } memory = 8192 cpus = 2 cpu_hot_add_enabled = true memory_hot_add_enabled = true storage_profile = "" networks = { 0 = { name = "db-network-1" ip_allocation_mode = "POOL" is_primary = true ip = "" }, 1 = { name = "isolated-network-1" ip_allocation_mode = "POOL" is_primary = false ip = "" }, } disks = { 0 = { name = "dbDisk" size_in_mb = "100" bus_type = "SCSI" bus_sub_type = "VirtualSCSI" bus_number = 1 storage_profile = "" }, 1 = { name = "dbLogDisk" size_in_mb = "100" bus_type = "SCSI" bus_sub_type = "VirtualSCSI" bus_number = 1 storage_profile = "" }, } }, jump-server-1 = { image = { catalog_name = "Public Catalog" template_name = "Windows-2022-Template-Official" } memory = 8192 cpus = 2 cpu_hot_add_enabled = true memory_hot_add_enabled = true storage_profile = "" networks = { 0 = { name = "application-network-1" ip_allocation_mode = "POOL" is_primary = true ip = "" }, }, disks = {} }, } -
定義公共IP位址映射。
每個 VDC 為其及其邊緣網關取得 6 個公用 IP 位址。 此 Terraform 範本將提供的連續 IP 位址清單視為地圖。 以下變數
public_ips描述為您的 VDC 提供的公用 IP 位址。 您可以使用按鍵(例如public-ip-1)定義並用作範本中 IP 位址的引用,而無需實際指定真實 IP 位址(例如xx.yy.zz.56)在其他變數中。# Note. Map of available 6 public IPs. You can use these names # in NAT rules. Do not change the map's keys here. public_ips = { public-ip-0 = { name = "public-ip-0" description = "" }, public-ip-1 = { name = "public-ip-1" description = "" }, public-ip-2 = { name = "public-ip-2" description = "" }, public-ip-3 = { name = "public-ip-3" description = "" }, public-ip-4 = { name = "public-ip-4" description = "" }, public-ip-5 = { name = "public-ip-5" description = "" }, } -
定義 NAT 規則。
變數
nat_rules定義要建立的 NAT 規則。 檢查提供的範例並根據您的需求進行修改。# Note. You can use `vdc_networks` or `virtual_machines` keys as # address_targets here. Terraform will pick the IP address of # the specific resource and use that in the actual NAT rule. # Note. You can specify the desired actual public IP address # (`external_address`) in the rule, or you can use the # `external_address_list_index`, which will pick the IP # addresses from the allocated IP pool (`edge_gateway_allocated_ips`). # Note. Use Director UI to get the name for the Application # profiles." nat_rules = { dnat-to-app-1 = { rule_type = "DNAT" description = "DNAT rule to app-server-1" external_address_target = "public-ip-1" external_address = "" internal_address_target = "app-server-1" internal_address = "" dnat_external_port = "" app_port_profile = "" logging = false priority = 90 enabled = true }, dnat-to-jump-1 = { rule_type = "DNAT" description = "DNAT rule to jump-server-1" external_address_target = "public-ip-2" external_address = "" internal_address_target = "jump-server-1" internal_address = "" dnat_external_port = "" app_port_profile = "" logging = false priority = 90 enabled = true }, snat-to-internet-1 = { rule_type = "SNAT" description = "SNAT rule to application-network-1" external_address_target = "public-ip-0" external_address = "" internal_address_target = "application-network-1" internal_address = "" snat_destination_address = "" logging = false priority = 100 enabled = true }, snat-to-internet-2 = { rule_type = "SNAT" description = "SNAT rule to db-network-1" external_address_target = "public-ip-0" external_address = "" internal_address_target = "db-network-1" internal_address = "" snat_destination_address = "" logging = false priority = 100 enabled = true }, } -
建立定義防火牆規則所需的 IP 集和靜態群組。
Terraform 範本為 NAT 規則中使用的公用 IP 位址建立 IP 集。 您也可以定義其他 IP 集,例如為您的本機網路或其他私人或公用 IP 位址。
# Note. You need to create IP sets to be used in firewall rules. # You can use the `public_ips` keys here as address_targets, # but you can define IP sets using real IP addresses using a # list `ip_addresses`. ip_sets = { ip-set-on-public-ip-0 = { description = "Public IP 0 - used for SNAT" ip_addresses = [] address_target = "public-ip-0" }, ip-set-on-public-ip-1 = { description = "Public IP 1 - used for DNAT to app-server-1" ip_addresses = [] address_target = "public-ip-1" }, ip-set-on-public-ip-2 = { description = "Public IP 2 - used for DNAT to jump-server-1" ip_addresses = [] address_target = "public-ip-2" }, ip-set-on-public-ip-3 = { description = "Public IP 3" ip_addresses = [] address_target = "public-ip-3" }, ip-set-on-public-ip-4 = { description = "Public IP 4" ip_addresses = [] address_target = "public-ip-4" }, ip-set-on-public-ip-5 = { description = "Public IP 5" ip_addresses = [] address_target = "public-ip-5" }, ip-set-on-premises-networks = { description = "On-premises networks" ip_addresses = ["172.16.0.0/16",] address_target = "" }, }您也可以使用防火牆規則中的靜態群組作為來源和目標。 此範例建立三個靜態群組,一個用於每個路由 VDC 網絡,另一個包含所有路由 VDC 網路。
# Note. You need to create Static Groups to be used in firewall rules. # You can use `vdc_networks` as keys here. security_groups = { sg-application-network-1 = { description = "Static Group for application-network-1" address_targets = ["application-network-1"] }, sg-db-network-1 = { description = "Static Group for db-network-1" address_targets = ["db-network-1"] }, sg-all-routed-networks = { description = "Static Group for all VDC networks" address_targets = ["application-network-1", "db-network-1"] }, } -
定義防火牆規則。
變數
firewall_rules定義要建立的防火牆規則。 請參閱提供的範例並根據您的需求進行修改。# Note. Use "ALLOW or "DROP". # Note. Use Director UI to get the name for the Application # profiles." firewall_rules = { app-1-egress = { action = "ALLOW" direction = "OUT" ip_protocol = "IPV4" destinations = [] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) sources = ["sg-application-network-1", "sg-db-network-1"] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) system_app_ports = [] logging = false enabled = true }, dnat-to-app-1-ingress = { action = "ALLOW" direction = "IN" ip_protocol = "IPV4" destinations = ["ip-set-on-public-ip-1"] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) sources = [] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) system_app_ports = ["SSH","HTTPS","ICMP ALL"] logging = false enabled = true }, dnat-to-jump-1-ingress = { action = "ALLOW" direction = "IN" ip_protocol = "IPV4" destinations = ["ip-set-on-public-ip-2"] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) sources = [] # These refer to IP sets (ip_sets or nat_rules) or Static Groups (vdc_networks) system_app_ports = ["RDP"] logging = false enabled = true }, }
通常不建議在公共 Internet 上使用 RDP。 上面列出的規則僅用於說明目的。
初始化、計劃和應用
-
若要初始化您的 Terraform 項目,請執行
terraform init在範例目錄中運行命令並觀察輸出。例如:
% terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/random... - Finding latest version of vmware/vcd... - Installing hashicorp/random v3.4.3... - Installed hashicorp/random v3.4.3 (signed by HashiCorp) - Installing vmware/vcd v3.8.2... - Installed vmware/vcd v3.8.2 (signed by a HashiCorp partner, key ID 8BF53DB49CDB70B0) Partner and community providers are signed by their developers. If you'd like to know more about provider signing, you can read about it here: https://www.terraform.io/docs/cli/plugins/signing.html Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. -
接下來,您可以運行
terraform plan看看將部署什麼。% terraform plan data.vcd_resource_list.list_of_vdcs: Reading... data.vcd_resource_list.list_of_vdc_edges: Reading... data.vcd_resource_list.list_of_catalog_items: Reading... data.vcd_nsxt_app_port_profile.system["SSH"]: Reading... data.vcd_nsxt_app_port_profile.system["HTTPS"]: Reading... data.vcd_nsxt_app_port_profile.system["ICMP ALL"]: Reading... data.vcd_org_vdc.org_vdc: Reading... [output omitted] Plan: 29 to add, 0 to change, 0 to destroy. -
檢查計劃的輸出,如果一切都符合計劃,則可以運行
terraform apply實際部署資產。例如:
% terraform apply --auto-approve data.vcd_resource_list.list_of_vdcs: Reading... data.vcd_resource_list.list_of_vdc_edges: Reading... data.vcd_resource_list.list_of_catalog_items: Reading... data.vcd_nsxt_app_port_profile.system["SSH"]: Reading... data.vcd_nsxt_app_port_profile.system["HTTPS"]: Reading... data.vcd_nsxt_app_port_profile.system["ICMP ALL"]: Reading... data.vcd_org_vdc.org_vdc: Reading... [output omitted] Apply complete! Resources: 29 added, 0 changed, 0 destroyed. -
除了上面的範例之外,terraform 還提供了一些變數:
outputs。 檢查這些output值來取得例如 IP 位址和其他存取資訊以存取您的 VM。例如,您可以運行
terraform output created_virtual_machines取得虛擬機器的存取資訊:% terraform output created_virtual_machines { "app-server-1" = { "admin_password" = "<omitted>" "name" = "demo-app-server-1" "network" = [ { "ip_address" = "172.26.1.10" "is_primary" = true "name" = "demo-application-network-1" }, ] } "db-server-1" = { "admin_password" = "<omitted>" "name" = "demo-db-server-1" "network" = [ { "ip_address" = "172.26.2.10" "is_primary" = true "name" = "demo-db-network-1" }, { "ip_address" = "172.26.3.10" "is_primary" = false "name" = "demo-isolated-network-1" }, ] } "jump-server-1" = { "admin_password" = "<omitted>" "name" = "demo-jump-server-1" "network" = [ { "ip_address" = "172.26.1.11" "is_primary" = true "name" = "demo-application-network-1" }, ] } }若要取得 NAT 規則和使用的公用 IP 位址,您可以執行
terraform output created_nat_rules:% terraform output created_nat_rules { "dnat-to-app-1" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.19" "internal_address" = "172.26.1.10" "name" = "demo-dnat-to-app-1" "rule_type" = "DNAT" "snat_destination_address" = "" } "dnat-to-jump-1" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.20" "internal_address" = "172.26.1.11" "name" = "demo-dnat-to-jump-1" "rule_type" = "DNAT" "snat_destination_address" = "" } "snat-to-internet-1" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.18" "internal_address" = "172.26.1.0/24" "name" = "demo-snat-to-internet-1" "rule_type" = "SNAT" "snat_destination_address" = "" } "snat-to-internet-2" = { "dnat_external_port" = "" "external_address" = "xxx.yyy.zzz.18" "internal_address" = "172.26.2.0/24" "name" = "demo-snat-to-internet-2" "rule_type" = "SNAT" "snat_destination_address" = "" } }您可以透過輸出取得配置的防火牆規則
created_fw_rules, IP 設定為created_ip_sets和靜態組created_static_groups等等。 例如:terraform output created_fw_rules
配置後,請確保根據您的標準和需求調整範例防火牆規則。 他們將公開對您的虛擬機的公共訪問,例如 ssh 和 RDP,此處配置僅用於演示目的。
連接到VMware雲端總監控制台
請參閱 替代教程 如何使用和存取VMware雲端總監控制台。 檢查已部署的資產以及 Edge Gateway 的設定方式(FW 和 NAT 規則)。
從 terraform 取得虛擬機器使用者名稱和密碼 output,例如:
terraform output created_virtual_machines
使用控制台連接到虛擬機VMware雲端總監控制台:
- 點選啟動 Web 控制台開啟虛擬機器的本機控制台。
- 使用 Web 控制台,使用 root 作為使用者 ID 和您在上一個步驟中捕獲的密碼登入虛擬機器。
- 然後您應該能夠 ping 通 Internet 資源,例如
www.ibm.com,表示網路已完成且正在運作。
透過 Internet 連接到 VM 並驗證連接
最後一步是透過 Internet 連接到虛擬機器以驗證部署和網路連線。
若要透過 Internet 連線到虛擬機器:
- 您應該能夠 ping 通公用 IP 位址
public-ip-1並且 ssh 到你的app-server-1從您的筆記型電腦或工作站,顯示網路已完成且正常運作。 - 您應該能夠使用 RDP 連接到您的 Jump 伺服器
jump-server-1使用公共IP位址public-ip-2以及上一步收集的使用者名稱和密碼。 - 然後您可以停用 FW 規則
dnat-to-app-1-ingress透過使用控制台將狀態滑動到停用(灰色)來編輯規則及其狀態,或者您可以將特定規則中的 Terraform 變數變更為Drop並運行terraform apply --auto-approve。 - 然後您可以停用 FW 規則
dnat-to-jump-1-ingress透過使用控制台將狀態滑動到停用(灰色)來編輯規則及其狀態,或者您可以將特定規則中的 Terraform 變數變更為Drop並運行terraform apply --auto-approve。
參考資料
檢查以下內容VMwareCloud Director™ 租用戶入口網站指南,以了解更多有關管理 VDC 的詳細資訊:
- 在 VMware Cloud Director 租戶入口網站管理組織虛擬資料中心網路
- 在 VMware Cloud Director 租戶入口網站管理 NSX Edge Gateways
- 使用虛擬機器
檢查 Terraform 註冊表以獲取有關提供程序、資源和資料來源的更多詳細資訊: