嗨,我是新手,如果我犯了错误,请原谅我,我对 cloud-init 很陌生,并且了解 terraform 但不是很熟悉。我正在使用 terraform cloud 来配置我的虚拟机。这是我第一次遇到 custom_data。我遇到的问题是,我不仅试图在所述虚拟机上安装 ansible。但我还想将密钥文件复制到 /.ssh/,请注意,不是公钥!我知道安全隐患,这只是在安全环境中的概念证明。这是我设置 terraform 的方式;
来自我的资源组内;资源“azurerm_linux_virtual_machine”“ansible-vm”{名称=“ansible-vm”resource_group_name = azurerm_resource_group.ansible_rg.name位置= azurerm_resource_group.ansible_rg.location大小=“Standard_B2ms”admin_username =“adminuser”network_interface_ids = [azurerm_network_interface.ans-nic [1] .id]admin_password = var.admin_password disable_password_authentication = false
admin_ssh_key { username = “adminuser” public_key = file(“${path.module}/files/id_rsa.pub”) } custom_data = base64encode(<<-CLOUD_INIT #cloud-config write_files: - path: /tmp/install_ansible.sh content: | #!/bin/bash LINUX_VM_IP="${azurerm_linux_virtual_machine.linux-vm.private_ip_address}" MSSQL_VM_IP="${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address}" # 更新软件包列表 sudo apt-get update # 安装所需软件包 sudo apt-get install -y software-properties-common
# Add Ansible repository
sudo apt-add-repository --yes --update ppa:ansible/ansible
# Update package lists again
sudo apt-get update
# Install Ansible
sudo apt-get install -y ansible
# Install python-winrm
sudo apt-get install -y python3-winrm
# Check if Python 3.7 is already installed
if ! command -v python3.7 >/dev/null 2>&1; then
# Install Python 3.7
sudo apt-get install -y python3.7
fi
# Create a backup of the current hosts file
sudo cp /etc/ansible/hosts /etc/ansible/hosts.bak
# Add the IP addresses to the Ansible hosts file
echo "[webservers]
${azurerm_linux_virtual_machine.linux-vm.private_ip_address} ansible_python_interpreter=/usr/bin/python3
[databases]
${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address} ansible_python_interpreter=/usr/bin/python3" | sudo tee /etc/ansible/hosts
# Run your Ansible playbook using the dynamic inventory file
ansible -i /etc/ansible/hosts all -m ping > /tmp/ansible_check.log
ansible-playbook -i /etc/ansible/hosts your_playbook.yml
路径:/var/lib/cloud/instance/scripts/part-001 内容:| #!/bin/bash bash /tmp/install_ansible.sh 权限:“0755” CLOUD_INIT
)
该代码块有效,但是当我尝试添加代码以在远程虚拟机上创建新文件时,整个脚本失败,我认为这是一个语法问题,但不确定,也不确定我是否也应该添加数据资源。 这是我失败的代码; custom_data = base64encode(<<-CLOUD_INIT #cloud-config write_files:-path:/tmp/install_ansible.sh content:| #!/ bin / bash LINUX_VM_IP =“${azurerm_linux_virtual_machine.linux-vm.private_ip_address}” MSSQL_VM_IP =“${azurerm_network_interface.ans-nic [2] .ip_configuration [0] .private_ip_address}” #更新包列表 sudo apt-get update #安装所需包 sudo apt-get install -y software-properties-common
# Add Ansible repository
sudo apt-add-repository --yes --update ppa:ansible/ansible
# Update package lists again
sudo apt-get update
# Install Ansible
sudo apt-get install -y ansible
# Install python-winrm
sudo apt-get install -y python3-winrm
# Check if Python 3.7 is already installed
if ! command -v python3.7 >/dev/null 2>&1; then
# Install Python 3.7
sudo apt-get install -y python3.7
fi
# Create a backup of the current hosts file
sudo cp /etc/ansible/hosts /etc/ansible/hosts.bak
# Add the IP addresses to the Ansible hosts file
echo "[webservers]
${azurerm_linux_virtual_machine.linux-vm.private_ip_address} ansible_python_interpreter=/usr/bin/python3
[databases]
${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address} ansible_python_interpreter=/usr/bin/python3" | sudo tee /etc/ansible/hosts
# Run your Ansible playbook using the dynamic inventory file
ansible -i /etc/ansible/hosts all -m ping > /tmp/ansible_check.log
ansible-playbook -i /etc/ansible/hosts your_playbook.yml
- path: ~/.ssh/id_rsa
content: |
-----BEGIN OPENSSH PRIVATE KEY-----
*******************i trying to copy
-----END OPENSSH PRIVATE KEY-----
owner: adminuser:adminuser
permissions: '0400'
- path: /var/lib/cloud/instance/scripts/part-001
content: |
#!/bin/bash
bash /tmp/install_ansible.sh
permissions: "0755"
CLOUD_INIT
)
该项目使用的是 ubuntu 18.04lts 和 terraform ~>3.36.0。我希望得到一些关于如何让我的脚本能够创建第二个文件并仍然执行显示的其他任务的指点。非常感谢
答案1
resource "azurerm_resource_group" "ansible_rg" {
name = "my-ansible-rg"
location = "East US"
}
resource "azurerm_virtual_network" "ansible_vnet" {
name = "my-ansible-vnet"
resource_group_name = azurerm_resource_group.ansible_rg.name
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.ansible_rg.location
}
resource "azurerm_subnet" "ansible_subnet" {
name = "my-ansible-subnet"
resource_group_name = azurerm_resource_group.ansible_rg.name
virtual_network_name = azurerm_virtual_network.ansible_vnet.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_network_interface" "ans-nic" {
count = 2
name = "my-nic-${count.index}"
location = azurerm_resource_group.ansible_rg.location
resource_group_name = azurerm_resource_group.ansible_rg.name
ip_configuration {
name = "testconfiguration1"
subnet_id = azurerm_subnet.ansible_subnet.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_linux_virtual_machine" "ansible_vm" {
count = 2
name = "my-vm-${count.index}"
resource_group_name = azurerm_resource_group.ansible_rg.name
location = azurerm_resource_group.ansible_rg.location
size = "Standard_B2ms"
admin_username = "adminuser"
network_interface_ids = [azurerm_network_interface.ans-nic[count.index].id]
admin_password = var.admin_password
disable_password_authentication = false
admin_ssh_key {
username = "adminuser"
public_key = file("${path.module}/files/id_rsa.pub")
}
custom_data = base64encode(<<CLOUD_INIT
#cloud-config
write_files:
- path: /tmp/install_ansible.sh
content: |
#!/bin/bash
LINUX_VM_IP="${azurerm_linux_virtual_machine.ansible_vm[count.index].private_ip_address}"
MSSQL_VM_IP="${azurerm_network_interface.ans-nic[count.index].ip_configuration[0].private_ip_address}"
# Rest of your script here...
- path: /home/adminuser/.ssh/id_rsa
content: |
-----BEGIN OPENSSH PRIVATE KEY-----
Your private SSH key content here
-----END OPENSSH PRIVATE KEY-----
owner: adminuser:adminuser
permissions: '0400'
- path: /var/lib/cloud/instance/scripts/part-001
content: |
#!/bin/bash
bash /tmp/install_ansible.sh
permissions: "0755"
CLOUD_INIT
)
}
variable "admin_password" {
description = "Admin password for the VM"
type = string
}
添加了必要的 Azure 资源(azurerm_resource_group、azurerm_virtual_network、azurerm_subnet、azurerm_network_interface)以创建虚拟机的基本网络配置。这是虚拟机实现连接所必需的。