Question

这里有另一篇关于如何将ssh密钥添加到terraform实例的帖子。但是，我的问题是你如何在terraform中使用项目范围的ssh密钥？

    /*CREATE INSTANCE TEMPLATE*/
resource "google_compute_instance_template" "template-030601" {
  name        = "terraform-template-030601"
  description = "This template is used to create app server instances."

  tags = ["foo", "bar"]

  labels = {
    environment = "sbx"
  }

  instance_description = "description assigned to instances"
  machine_type         = "f1-micro"
  can_ip_forward       = false


  //Create a new boot disk from an image
  disk {
        source_image = "https://www.googleapis.com/compute/v1/projects/hp-img-cof-st-core-prd/global/images/cof-ubuntu1604-180124"
        auto_delete  = false
        boot         = true
  }

  network_interface {
    subnetwork         = "${var.subnet}"
    subnetwork_project = "${var.subnet_project}"
  }

  metadata {
      sshKeys = 
  }

  metadata_startup_script = "${data.template_file.install_script.rendered}"

}

Answer 1

我不确定，但我认为它可能是其中之一，因为我试图弄清楚如何将ssh键添加到我的项目中 https://www.terraform.io/docs/providers/google/r/compute_project_metadata_item.html https://www.terraform.io/docs/providers/google/r/compute_project_metadata.html 希望这在某种程度上有所帮助

Answer 2

首先，如果要在整个项目中使用元数据键，则需要使用ssh-keys创建一个单独的部分（如果需要指定多个键，此方法很有用heredoc语法）：

resource "google_compute_project_metadata" "ssh_keys" {
    metadata {
      ssh-keys = <<EOF
      user1:ssh-rsa <YOUR_SSH_PUBLIC_KEY> user1@darkstar
      user2:ssh-rsa <YOUR_SSH_PUBLIC_KEY> user2@domain
EOF
    }
}

然后在您的google_compute_instance中，您需要在元数据配置中指定block-project-ssh-keys。因此，请尝试添加此内容：

resource "google_compute_instance_template" "template-030601" {
    ...
    metadata {
        block-project-ssh-keys = false
    }
    ...
}

如果要启用，请用false替换true 希望有用

如何使用带有terraform的Project宽ssh键

2 个答案: