快速入門:使用 Bicep 檔案建立 Ubuntu Linux 虛擬機器
適用於:✔️ Linux VM
本快速入門說明如何使用 Bicep 檔案在 Azure 中部署 Ubuntu Linux 虛擬機器 (VM)。
Bicep 是使用宣告式語法來部署 Azure 資源的特定領域語言 (DSL)。 其提供簡潔的語法、可靠的類型安全,並支援程式碼重複使用。 Bicep 能夠為您在 Azure 中的基礎結構即程式碼解決方案,提供最佳的製作體驗。
如果您沒有 Azure 訂用帳戶,請在開始前建立免費帳戶。
檢閱 Bicep 檔案
此快速入門中使用的 Bicep 檔案是來自 Azure 快速入門範本。
@description('The name of your Virtual Machine.')
param vmName string = 'simpleLinuxVM'
@description('Username for the Virtual Machine.')
param adminUsername string
@description('Type of authentication to use on the Virtual Machine. SSH key is recommended.')
param authenticationType string = 'password'
@description('SSH Key or password for the Virtual Machine. SSH key is recommended.')
param adminPasswordOrKey string
@description('Unique DNS Name for the Public IP used to access the Virtual Machine.')
param dnsLabelPrefix string = toLower('${vmName}-${uniqueString(resourceGroup().id)}')
@description('The Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version.')
param ubuntuOSVersion string = 'Ubuntu-2004'
@description('Location for all resources.')
param location string = resourceGroup().location
@description('The size of the VM')
param vmSize string = 'Standard_D2s_v3'
@description('Name of the VNET')
param virtualNetworkName string = 'vNet'
@description('Name of the subnet in the virtual network')
param subnetName string = 'Subnet'
@description('Name of the Network Security Group')
param networkSecurityGroupName string = 'SecGroupNet'
@description('Security Type of the Virtual Machine.')
param securityType string = 'TrustedLaunch'
var imageReference = {
'Ubuntu-2004': {
publisher: 'Canonical'
offer: '0001-com-ubuntu-server-focal'
sku: '20_04-lts-gen2'
version: 'latest'
'Ubuntu-2204': {
publisher: 'Canonical'
offer: '0001-com-ubuntu-server-jammy'
sku: '22_04-lts-gen2'
version: 'latest'
var publicIPAddressName = '${vmName}PublicIP'
var networkInterfaceName = '${vmName}NetInt'
var osDiskType = 'Standard_LRS'
var subnetAddressPrefix = ''
var addressPrefix = ''
var linuxConfiguration = {
disablePasswordAuthentication: true
ssh: {
publicKeys: [
path: '/home/${adminUsername}/.ssh/authorized_keys'
keyData: adminPasswordOrKey
var securityProfileJson = {
uefiSettings: {
secureBootEnabled: true
vTpmEnabled: true
securityType: securityType
var extensionName = 'GuestAttestation'
var extensionPublisher = 'Microsoft.Azure.Security.LinuxAttestation'
var extensionVersion = '1.0'
var maaTenantName = 'GuestAttestation'
var maaEndpoint = substring('emptystring', 0, 0)
resource networkInterface 'Microsoft.Network/networkInterfaces@2023-09-01' = {
name: networkInterfaceName
location: location
properties: {
ipConfigurations: [
name: 'ipconfig1'
properties: {
subnet: {
id: virtualNetwork.properties.subnets[0].id
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: publicIPAddress.id
networkSecurityGroup: {
id: networkSecurityGroup.id
resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-09-01' = {
name: networkSecurityGroupName
location: location
properties: {
securityRules: [
name: 'SSH'
properties: {
priority: 1000
protocol: 'Tcp'
access: 'Allow'
direction: 'Inbound'
sourceAddressPrefix: '*'
sourcePortRange: '*'
destinationAddressPrefix: '*'
destinationPortRange: '22'
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-09-01' = {
name: virtualNetworkName
location: location
properties: {
addressSpace: {
addressPrefixes: [
subnets: [
name: subnetName
properties: {
addressPrefix: subnetAddressPrefix
privateEndpointNetworkPolicies: 'Enabled'
privateLinkServiceNetworkPolicies: 'Enabled'
resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-09-01' = {
name: publicIPAddressName
location: location
sku: {
name: 'Basic'
properties: {
publicIPAllocationMethod: 'Dynamic'
publicIPAddressVersion: 'IPv4'
dnsSettings: {
domainNameLabel: dnsLabelPrefix
idleTimeoutInMinutes: 4
resource vm 'Microsoft.Compute/virtualMachines@2023-09-01' = {
name: vmName
location: location
properties: {
hardwareProfile: {
vmSize: vmSize
storageProfile: {
osDisk: {
createOption: 'FromImage'
managedDisk: {
storageAccountType: osDiskType
imageReference: imageReference[ubuntuOSVersion]
networkProfile: {
networkInterfaces: [
id: networkInterface.id
osProfile: {
computerName: vmName
adminUsername: adminUsername
adminPassword: adminPasswordOrKey
linuxConfiguration: ((authenticationType == 'password') ? null : linuxConfiguration)
securityProfile: (securityType == 'TrustedLaunch') ? securityProfileJson : null
resource vmExtension 'Microsoft.Compute/virtualMachines/extensions@2023-09-01' = if (securityType == 'TrustedLaunch' && securityProfileJson.uefiSettings.secureBootEnabled && securityProfileJson.uefiSettings.vTpmEnabled) {
parent: vm
name: extensionName
location: location
properties: {
publisher: extensionPublisher
type: extensionName
typeHandlerVersion: extensionVersion
autoUpgradeMinorVersion: true
enableAutomaticUpgrade: true
settings: {
AttestationConfig: {
MaaSettings: {
maaEndpoint: maaEndpoint
maaTenantName: maaTenantName
output adminUsername string = adminUsername
output hostname string = publicIPAddress.properties.dnsSettings.fqdn
output sshCommand string = 'ssh ${adminUsername}@${publicIPAddress.properties.dnsSettings.fqdn}'
Bicep 檔案中定義了幾個資源:
- Microsoft.Network/virtualNetworks/subnets:建立子網路。
- Microsoft.Storage/storageAccounts:建立儲存體帳戶。
- Microsoft.Network/networkInterfaces:建立 NIC。
- Microsoft.Network/networkSecurityGroups:建立網路安全性群組。
- Microsoft.Network/virtualNetworks:建立虛擬網路。
- Microsoft.Network/publicIPAddresses:建立公用 IP 位址。
- Microsoft.Compute/virtualMachines:建立虛擬機器。
部署 Bicep 檔案
將 Bicep 檔案以 main.bicep 儲存至本機電腦。
使用 Azure CLI 或 Azure PowerShell 部署 Bicep 檔案。
az group create --name exampleRG --location eastus az deployment group create --resource-group exampleRG --template-file main.bicep --parameters adminUsername=<admin-username>
以唯一的用戶名稱取代 <admin-username>。 系統也會提示您輸入 adminPasswordOrKey。
在 Bicep 的虛擬機器建立過程中,不會像 Azure 入口網站那樣顯示成本資訊。 如果您想要深入瞭解虛擬機器的成本運作方式,請參閱成本最佳化概觀頁面。
使用 Azure 入口網站、Azure CLI 或 Azure PowerShell 來列出資源群組中已部署的資源。
az resource list --resource-group exampleRG
不再需要時,請使用 Azure 入口網站、Azure CLI 或 Azure PowerShell 來刪除 VM 以及資源群組中的所有資源。
az group delete --name exampleRG
在本快速入門中,您已使用 Bicep 檔案部署簡單的虛擬機器。 若要深入了解 Azure 虛擬機器,請繼續 Linux VM 的教學課程。