我正在尝试使用 Terraform File Provisioning er 使用 WinRM 将目录上传到 Azure VM。 出现各种错误和超时。 Win2009 服务器 VM 部署良好,部署后,我可以使用 WinRM 对系统执行 Powershell 远程处理会话。 但是当我添加文件配置程序(如下所示(时,出现以下错误之一:
Error: timeout - last error: http response error: 401 - invalid content type
或者这个错误,取决于切换到https true/false或不安全的true/false:
Error: timeout - last error: unknown error Post https://52.176.165.48:5985/wsman: http: server gave HTTP response to HTTPS client
是否有更好的方法可以在 VM 实例化后上传目录并执行 PowerShell 后期部署脚本?
这是我的 *.tf 文件:
locals {
virtual_machine_name = "${var.prefix}-dc1"
virtual_machine_fqdn = "${local.virtual_machine_name}.${var.active_directory_domain}"
custom_data_params = "Param($RemoteHostName = "${local.virtual_machine_fqdn}", $ComputerName = "${local.virtual_machine_name}")"
custom_data_content = "${local.custom_data_params} ${file("${path.module}/files/winrm.ps1")}"
}
resource "azurerm_availability_set" "dcavailabilityset" {
name = "dcavailabilityset"
resource_group_name = "${var.resource_group_name}"
location = "${var.location}"
platform_fault_domain_count = 3
platform_update_domain_count = 5
managed = true
}
resource "azurerm_virtual_machine" "domain-controller" {
name = "${local.virtual_machine_name}"
location = "${var.location}"
resource_group_name = "${var.resource_group_name}"
availability_set_id = "${azurerm_availability_set.dcavailabilityset.id}"
network_interface_ids = ["${azurerm_network_interface.primary.id}"]
vm_size = "Standard_A1"
delete_os_disk_on_termination = false
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
storage_os_disk {
name = "${local.virtual_machine_name}-disk1"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "${local.virtual_machine_name}"
admin_username = "${var.admin_username}"
admin_password = "${var.admin_password}"
custom_data = "${local.custom_data_content}"
}
os_profile_windows_config {
provision_vm_agent = true
enable_automatic_upgrades = false
additional_unattend_config {
pass = "oobeSystem"
component = "Microsoft-Windows-Shell-Setup"
setting_name = "AutoLogon"
content = "<AutoLogon><Password><Value>${var.admin_password}</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>${var.admin_username}</Username></AutoLogon>"
}
# Unattend config is to enable basic auth in WinRM, required for the provisioner stage.
additional_unattend_config {
pass = "oobeSystem"
component = "Microsoft-Windows-Shell-Setup"
setting_name = "FirstLogonCommands"
content = "${file("${path.module}/files/FirstLogonCommands.xml")}"
}
}
provisioner "file" {
source = "BadBlood"
destination = "C:/BadBlood"
connection {
host = "${azurerm_public_ip.dc1-external.ip_address}"
type = "winrm"
user = "${var.admin_username}"
password = "${var.admin_password}"
timeout = "15m"
https = false
port = "5985"
insecure = true
}
}
}
这是分辨率。 Azure VM 扩展中已有一个 winrm.ps1 脚本用于执行自动预配。 我必须添加一个条目才能让端口 5986 侦听,因为它已经配置为侦听 WinRM 的 https:
Write-Host "Enable HTTPS in WinRM"
$WinRmHttps = "@{Hostname=`"$RemoteHostName`"; CertificateThumbprint=`"$Thumbprint`"}"
winrm create winrm/config/Listener?Address=*+Transport=HTTPS $WinRmHttps
Write-Host "Set Basic Auth in WinRM"
$WinRmBasic = "@{Basic=`"true`"}"
winrm set winrm/config/service/Auth $WinRmBasicWrite-Host "Open Firewall Ports"
netsh advfirewall firewall add ruleenter code here name="Windows Remote Management (HTTP-In)" dir=in action=allow protocol=TCP localport=5985
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986
我不得不使用 Wireshark 和 netcat 进行大量数据包调试才能解决这个问题并从外部测试 Azure VM。 没有配置 NSG 规则,因为这只是一个测试实验室 Azure VM 系统。
最后,必须配置文件配置器以正确上传https设置为true和端口5986:
provisioner "file" {
source = "${path.module}/files/badblood.zip"
destination = "C:/terraform/badblood.zip"
connection {
host = "${azurerm_public_ip.dc1-external.ip_address}"
type = "winrm"
user = "${var.admin_username}"
password = "${var.admin_password}"
timeout = "15m"
https = true
port = "5986"
insecure = true
}