在远程执行中使用 file()
Use file() in remote-exec
我在 Terraform 中成功创建了一个 Azure Ubuntu VM,它在创建完成后运行一个远程执行供应器。在这个 remote-exec 块中,我创建了可以通过 SSH 访问的用户帐户。由于我有 public 键,我还想将每个 public 键添加到它们各自的 authorized_keys 文件中。我的做法是:
"sudo adduser --quiet --disabled-password --shell /bin/bash --home /home/username--gecos \"Firstname Lastname\" username",
"sudo mkdir ~/../username/.ssh",
"sudo chmod 700 ~/../username/.ssh/",
"sudo touch ~/../username/.ssh/authorized_keys",
"sudo echo ${file("userKeys/username.pub")} > ~/../username/.ssh/authorized_keys",
"sudo chmod 600 ~/../username/.ssh/authorized_keys",
"sudo chown -R username.username ~/../username/"
不幸的是,这会导致 Terraform 在应用后崩溃,可能是由于文件中的双引号。所以我也尝试了
"echo ${file("userKeys/username.pub")}"
效果很好。
此时我真的不知道如何解决这个问题。也许在 remote-exec 中使用 file() 无论如何都是错误的方法?
在这种情况下,您可以使用 Provisioner Connection to create an SSH connection and use Provisioner File 将本地文件复制到远程机器。
这是我这边使用以下配置环境的工作示例。
Terraform v0.15.0
on windows_amd64
+ provider registry.terraform.io/hashicorp/azurerm v2.57.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
例如,
resource "null_resource" "example_provisioner" {
triggers = {
public_ip = azurerm_public_ip.example.ip_address
}
connection {
type = "ssh"
host = azurerm_public_ip.example.ip_address
user = "testadmin"
private_key = "${file("~/.ssh/id_rsa")}"
# password = "${var.root_password}"
}
provisioner "file" {
source = "test.pub" # local public key
destination = "/tmp/test.pub" # will copy to remote VM as /tmp/test.pub
}
provisioner "remote-exec" {
inline = [
"sudo adduser --quiet --disabled-password --shell /bin/bash --home /home/username --gecos \"Firstname Lastname\" username",
"sudo mkdir ~/../username/.ssh",
"sudo chmod 700 ~/../username/.ssh/",
"sudo touch ~/../username/.ssh/authorized_keys",
"sudo cp /tmp/test.pub ~/../username/.ssh/authorized_keys",
"sudo chmod 600 ~/../username/.ssh/authorized_keys",
"sudo chown -R username.username ~/../username/"
]
}
}
我在 Terraform 中成功创建了一个 Azure Ubuntu VM,它在创建完成后运行一个远程执行供应器。在这个 remote-exec 块中,我创建了可以通过 SSH 访问的用户帐户。由于我有 public 键,我还想将每个 public 键添加到它们各自的 authorized_keys 文件中。我的做法是:
"sudo adduser --quiet --disabled-password --shell /bin/bash --home /home/username--gecos \"Firstname Lastname\" username",
"sudo mkdir ~/../username/.ssh",
"sudo chmod 700 ~/../username/.ssh/",
"sudo touch ~/../username/.ssh/authorized_keys",
"sudo echo ${file("userKeys/username.pub")} > ~/../username/.ssh/authorized_keys",
"sudo chmod 600 ~/../username/.ssh/authorized_keys",
"sudo chown -R username.username ~/../username/"
不幸的是,这会导致 Terraform 在应用后崩溃,可能是由于文件中的双引号。所以我也尝试了
"echo ${file("userKeys/username.pub")}"
效果很好。
此时我真的不知道如何解决这个问题。也许在 remote-exec 中使用 file() 无论如何都是错误的方法?
在这种情况下,您可以使用 Provisioner Connection to create an SSH connection and use Provisioner File 将本地文件复制到远程机器。
这是我这边使用以下配置环境的工作示例。
Terraform v0.15.0
on windows_amd64
+ provider registry.terraform.io/hashicorp/azurerm v2.57.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
例如,
resource "null_resource" "example_provisioner" {
triggers = {
public_ip = azurerm_public_ip.example.ip_address
}
connection {
type = "ssh"
host = azurerm_public_ip.example.ip_address
user = "testadmin"
private_key = "${file("~/.ssh/id_rsa")}"
# password = "${var.root_password}"
}
provisioner "file" {
source = "test.pub" # local public key
destination = "/tmp/test.pub" # will copy to remote VM as /tmp/test.pub
}
provisioner "remote-exec" {
inline = [
"sudo adduser --quiet --disabled-password --shell /bin/bash --home /home/username --gecos \"Firstname Lastname\" username",
"sudo mkdir ~/../username/.ssh",
"sudo chmod 700 ~/../username/.ssh/",
"sudo touch ~/../username/.ssh/authorized_keys",
"sudo cp /tmp/test.pub ~/../username/.ssh/authorized_keys",
"sudo chmod 600 ~/../username/.ssh/authorized_keys",
"sudo chown -R username.username ~/../username/"
]
}
}