在 Azure 环境中使用 terraform 和 cloud-init 配置虚拟机

在 Azure 环境中使用 terraform 和 cloud-init 配置虚拟机

嗨,我是新手,如果我犯了错误,请原谅我,我对 cloud-init 很陌生,并且了解 terraform 但不是很熟悉。我正在使用 terraform cloud 来配置我的虚拟机。这是我第一次遇到 custom_data。我遇到的问题是,我不仅试图在所述虚拟机上安装 ansible。但我还想将密钥文件复制到 /.ssh/,请注意,不是公钥!我知道安全隐患,这只是在安全环境中的概念证明。这是我设置 terraform 的方式;

来自我的资源组内;资源“azurerm_linux_virtual_machine”“ansible-vm”{名称=“ansible-vm”resource_group_name = azurerm_resource_group.ansible_rg.name位置= azurerm_resource_group.ansible_rg.location大小=“Standard_B2ms”admin_username =“adminuser”network_interface_ids = [azurerm_network_interface.ans-nic [1] .id]admin_password = var.admin_password disable_password_authentication = false

admin_ssh_key { username = “adminuser” public_key = file(“${path.module}/files/id_rsa.pub”) } custom_data = base64encode(<<-CLOUD_INIT #cloud-config write_files: - path: /tmp/install_ansible.sh content: | #!/bin/bash LINUX_VM_IP="${azurerm_linux_virtual_machine.linux-vm.private_ip_address}" MSSQL_VM_IP="${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address}" # 更新软件包列表 sudo apt-get update # 安装所需软件包 sudo apt-get install -y software-properties-common

      # Add Ansible repository
      sudo apt-add-repository --yes --update ppa:ansible/ansible

      # Update package lists again
      sudo apt-get update

      # Install Ansible
      sudo apt-get install -y ansible

      # Install python-winrm
      sudo apt-get install -y python3-winrm

      # Check if Python 3.7 is already installed
      if ! command -v python3.7 >/dev/null 2>&1; then
        # Install Python 3.7
        sudo apt-get install -y python3.7
      fi

      # Create a backup of the current hosts file
      sudo cp /etc/ansible/hosts /etc/ansible/hosts.bak

      # Add the IP addresses to the Ansible hosts file
      echo "[webservers]
      ${azurerm_linux_virtual_machine.linux-vm.private_ip_address} ansible_python_interpreter=/usr/bin/python3

      [databases]
      ${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address} ansible_python_interpreter=/usr/bin/python3" | sudo tee /etc/ansible/hosts

      # Run your Ansible playbook using the dynamic inventory file
      ansible -i /etc/ansible/hosts all -m ping > /tmp/ansible_check.log
      ansible-playbook -i /etc/ansible/hosts your_playbook.yml
  • 路径:/var/lib/cloud/instance/scripts/part-001 内容:| #!/bin/bash bash /tmp/install_ansible.sh 权限:“0755” CLOUD_INIT

该代码块有效,但是当我尝试添加代码以在远程虚拟机上创建新文件时,整个脚本失败,我认为这是一个语法问题,但不确定,也不确定我是否也应该添加数据资源。 这是我失败的代码; custom_data = base64encode(<<-CLOUD_INIT #cloud-config write_files:-path:/tmp/install_ansible.sh content:| #!/ bin / bash LINUX_VM_IP =“${azurerm_linux_virtual_machine.linux-vm.private_ip_address}” MSSQL_VM_IP =“${azurerm_network_interface.ans-nic [2] .ip_configuration [0] .private_ip_address}” #更新包列表 sudo apt-get update #安装所需包 sudo apt-get install -y software-properties-common

      # Add Ansible repository
      sudo apt-add-repository --yes --update ppa:ansible/ansible

      # Update package lists again
      sudo apt-get update

      # Install Ansible
      sudo apt-get install -y ansible

      # Install python-winrm
      sudo apt-get install -y python3-winrm

      # Check if Python 3.7 is already installed
      if ! command -v python3.7 >/dev/null 2>&1; then
        # Install Python 3.7
        sudo apt-get install -y python3.7
      fi

      # Create a backup of the current hosts file
      sudo cp /etc/ansible/hosts /etc/ansible/hosts.bak

      # Add the IP addresses to the Ansible hosts file
      echo "[webservers]
      ${azurerm_linux_virtual_machine.linux-vm.private_ip_address} ansible_python_interpreter=/usr/bin/python3

      [databases]
      ${azurerm_network_interface.ans-nic[2].ip_configuration[0].private_ip_address} ansible_python_interpreter=/usr/bin/python3" | sudo tee /etc/ansible/hosts

      # Run your Ansible playbook using the dynamic inventory file
      ansible -i /etc/ansible/hosts all -m ping > /tmp/ansible_check.log
      ansible-playbook -i /etc/ansible/hosts your_playbook.yml
      
      
  

  - path: ~/.ssh/id_rsa
    content: | 
    -----BEGIN OPENSSH PRIVATE KEY-----
    *******************i trying to copy
    -----END OPENSSH PRIVATE KEY-----

    owner: adminuser:adminuser
    permissions: '0400'  

  - path: /var/lib/cloud/instance/scripts/part-001
    content: |
      #!/bin/bash
      bash /tmp/install_ansible.sh
    permissions: "0755"
CLOUD_INIT

该项目使用的是 ubuntu 18.04lts 和 terraform ~>3.36.0。我希望得到一些关于如何让我的脚本能够创建第二个文件并仍然执行显示的其他任务的指点。非常感谢

答案1

resource "azurerm_resource_group" "ansible_rg" {
  name     = "my-ansible-rg"
  location = "East US"
}

resource "azurerm_virtual_network" "ansible_vnet" {
  name                = "my-ansible-vnet"
  resource_group_name = azurerm_resource_group.ansible_rg.name
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.ansible_rg.location
}

resource "azurerm_subnet" "ansible_subnet" {
  name                 = "my-ansible-subnet"
  resource_group_name  = azurerm_resource_group.ansible_rg.name
  virtual_network_name = azurerm_virtual_network.ansible_vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_network_interface" "ans-nic" {
  count               = 2
  name                = "my-nic-${count.index}"
  location            = azurerm_resource_group.ansible_rg.location
  resource_group_name = azurerm_resource_group.ansible_rg.name

  ip_configuration {
    name                          = "testconfiguration1"
    subnet_id                     = azurerm_subnet.ansible_subnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_linux_virtual_machine" "ansible_vm" {
  count                = 2
  name                 = "my-vm-${count.index}"
  resource_group_name  = azurerm_resource_group.ansible_rg.name
  location             = azurerm_resource_group.ansible_rg.location
  size                 = "Standard_B2ms"
  admin_username       = "adminuser"
  network_interface_ids = [azurerm_network_interface.ans-nic[count.index].id]
  admin_password       = var.admin_password
  disable_password_authentication = false

  admin_ssh_key {
    username   = "adminuser"
    public_key = file("${path.module}/files/id_rsa.pub")
  }

  custom_data = base64encode(<<CLOUD_INIT
#cloud-config
write_files:
  - path: /tmp/install_ansible.sh
    content: |
      #!/bin/bash
      LINUX_VM_IP="${azurerm_linux_virtual_machine.ansible_vm[count.index].private_ip_address}"
      MSSQL_VM_IP="${azurerm_network_interface.ans-nic[count.index].ip_configuration[0].private_ip_address}"
      # Rest of your script here...

  - path: /home/adminuser/.ssh/id_rsa
    content: |
      -----BEGIN OPENSSH PRIVATE KEY-----
      Your private SSH key content here
      -----END OPENSSH PRIVATE KEY-----
    owner: adminuser:adminuser
    permissions: '0400'

  - path: /var/lib/cloud/instance/scripts/part-001
    content: |
      #!/bin/bash
      bash /tmp/install_ansible.sh
    permissions: "0755"
CLOUD_INIT
)
}

variable "admin_password" {
  description = "Admin password for the VM"
  type        = string
}

添加了必要的 Azure 资源(azurerm_resource_group、azurerm_virtual_network、azurerm_subnet、azurerm_network_interface)以创建虚拟机的基本网络配置。这是虚拟机实现连接所必需的。

相关内容