我正在使用Terraform v0.12.9Azure cloud配置Windows VM。在该虚拟机上,我想使用Terraform执行以下任务。基本上是为了避免RDP到虚拟机并执行手动执行srcipts。
1. Enable PSRemoting
2. Create a new FirewallRule
3. Create a SelfSignedCertificate
我有一个 vm_provisioning.tf,如下所示:
resource "azurerm_virtual_machine" "vm" {
#count = "${var.env == "dev" ? 0 : 1}"
count = "${var.env == "dev" ? 0 : 1}"
name = var.vm_name
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
network_interface_ids = ["${azurerm_network_interface.network-interface[count.index].id}"]
vm_size = "Standard_D13_v2"
storage_image_reference {
publisher = "MicrosoftWindowsDesktop"
offer = "Windows-10"
sku = "rs4-pro"
version = "latest"
}
storage_os_disk {
name = "Primary-disk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
disk_size_gb = "127"
}
os_profile {
computer_name = var.vm_name
admin_username = "${var.vm-username}"
admin_password = "${random_password.vm_password.result}"
}
os_profile_windows_config {
}
provisioner "remote-exec" {
connection {
host = "${element(azurerm_public_ip.PublicIP.*.ip_address, count.index)}"
type = "winrm"
user = var.vm-username
password = "${random_password.vm_password.result}"
agent = "false"
insecure = "true"
}
**inline = [
"powershell.exe Set-ExecutionPolicy Bypass -force",
"powershell.exe $DNSName = $env:COMPUTERNAME",
"powershell.exe Enable-PSRemoting -Force",
"powershell.exe New-NetFirewallRule -Name 'WinRM HTTPS' -DisplayName 'WinRM HTTPS' -Enabled True -Profile 'Any' -Action 'Allow' -Direction 'Inbound' -LocalPort 5986 -Protocol 'TCP'",
"powershell.exe $thumbprint = (New-SelfSignedCertificate -DnsName $DNSName -CertStoreLocation Cert:/LocalMachine/My).Thumbprint",
"powershell.exe $cmd = 'winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=''$DNSName''; CertificateThumbprint=''$thumbprint''}'",
"powershell.exe cmd.exe /C $cmd"
]**
}
}
我也尝试过azurerm_virtual_machine_extension。
resource "azurerm_virtual_machine_extension" "winrm" {
name = var.name
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
virtual_machine_name = var.vm_name
publisher = "Microsoft.Azure.Extensions"
type = "CustomScriptExtension"
type_handler_version = "2.0"
settings = <<SETTINGS
{
"commandToExecute": "hostname && uptime"
}
SETTINGS
}
有了azurerm_virtual_machine_extension我得到以下错误。
##[error]Terraform command 'apply' failed with exit code '1'.: compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="This operation cannot be performed when extension operations are disallowed. To allow, please ensure VM Agent is installed on the VM and the osProfile.allowExtensionOperations property is true."
根据错误消息,您需要包含一个os_profile_windows_config块。它支持以下内容:
provision_vm_agent - (可选(Azure 虚拟机来宾是否应 代理是否安装在此虚拟机上?默认为 false。
os_profile_windows_config {
provision_vm_agent = true
}
编辑
此示例使用公共 IP 地址预配运行 Windows Server 2016 的虚拟机,并通过 WinRM 运行remote-exec预配程序。
main.tf
locals {
custom_data_params = "Param($ComputerName = "${local.virtual_machine_name}")"
custom_data_content = "${local.custom_data_params} ${file("./files/winrm.ps1")}"
}
赢.ps1