Azure 虚拟机扩展 fileUris 路径与 Terraform

Question

需要使用 Terraform 和 Azure 实现 VM 扩展 DevOps.I 我正在尝试从 .tfvars 传递 fileUris 值或从存储帐户详细信息动态创建 ["https://${var.Storageaccountname} .blob.core.windows.net/${var.containername}/test.sh"], 这两种情况都不起作用。

resource "azurerm_virtual_machine_extension" "main" {
  name                 = "${var.vm_name}"
  location           ="${azurerm_resource_group.resource_group.location}"
  resource_group_name  = "${azurerm_resource_group.resource_group.name}"
  virtual_machine_name = "${azurerm_virtual_machine.vm.name}"
  publisher            = "Microsoft.Azure.Extensions"
  type                 = "CustomScript"
  type_handler_version = "2.0"

  settings = <<SETTINGS
  {
    "fileUris" :"${var.fileUris}",
    "commandToExecute": "sh <name of file> --ExecutionPolicy Unrestricted\""
  }
  SETTINGS
}

关于解决此问题的任何提示？也许在 main.tf/variable.tf?

中实现零硬编码的其他解决方案

Answer 1

如果我们将脚本存储在 Azure blob 存储中，我们需要提供存储密钥，然后扩展才能有权访问脚本。详情请参考here。请在脚本中添加以下设置

...
protected_settings = <<PROTECTED_SETTINGS
    {
      
      "storageAccountName": "mystorageaccountname",
      "storageAccountKey": "myStorageAccountKey"
    }
  PROTECTED_SETTINGS
...

Answer 2

您可以参考此工作示例在 Linux VM 上部署扩展。脚本文件存储了一个存储帐户。

resource "azurerm_virtual_machine_extension" "test" {
  name                       = "test-LinuxExtension"
  virtual_machine_id         =  "/subscriptions/xxx/virtualMachines/www"
  publisher                  = "Microsoft.Azure.Extensions"
  type                       = "CustomScript"
  type_handler_version       = "2.1"
  auto_upgrade_minor_version = true


  protected_settings = <<PROTECTED_SETTINGS
    {
            "commandToExecute": "sh aptupdate.sh",
            "storageAccountName": "xxxxx",
            "storageAccountKey": "xxxxx",
            "fileUris": [
                "${var.fileUris}"
            ]
    }
  PROTECTED_SETTINGS
}