地形Azurerm_virtual_machine_extension

Question

我正在使用azurerm_virtual_machine_extension在Azure中引导一些虚拟机。

我发现的所有示例都使用类似的内容显示：

settings = <<SETTINGS
    {   
    "fileUris": [ "https://my.bootstrapscript.com/script.sh}" ],
    "commandToExecute": "bash script.sh"
    }
SETTINGS

虽然可行，但我的问题是我必须公开托管script以便与fileUris一起使用。设置中是否有允许我从terraform文件夹发送本地文件内容的选项？

类似的东西：

settings = <<SETTINGS
    {   
    "file": [ ${file("./script.txt")} ],
    "commandToExecute": "bash script.sh"
    }
SETTINGS

谢谢。

Answer 1

是的！

简介

在protected_settings中，使用“脚本”。

脚本

terrain脚本

provider "azurerm" {
}

resource "azurerm_virtual_machine_extension" "vmext" {
    resource_group_name     = "${var.resource_group_name}"
    location                = "${var.location}"
    name                    = "${var.hostname}-vmext"

    virtual_machine_name = "${var.hostname}"
    publisher            = "Microsoft.Azure.Extensions"
    type                 = "CustomScript"
    type_handler_version = "2.0"

    protected_settings = <<PROT
    {
        "script": "${base64encode(file(var.scfile))}"
    }
    PROT
}

变量

variable resource_group_name {
    type = string
    default = "ORA"
}

variable location {
    type = string
    default = "eastus"
}

variable hostname {
    type = string
    default = "ora"
}

variable scfile{
    type = string
    default = "yum.bash"
}

bash脚本

#!/bin/bash

mkdir -p ~/download
cd ~/download
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
yum -y install cowsay
cowsay ExaGridDba

输出

应用

[terraform@terra stackoverflow]$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_virtual_machine_extension.vmex0 will be created
  + resource "azurerm_virtual_machine_extension" "vmex0" {
      + id                   = (known after apply)
      + location             = "eastus"
      + name                 = "ora-vmext"
      + protected_settings   = (sensitive value)
      + publisher            = "Microsoft.Azure.Extensions"
      + resource_group_name  = "ORA"
      + tags                 = (known after apply)
      + type                 = "CustomScript"
      + type_handler_version = "2.0"
      + virtual_machine_name = "ora"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_virtual_machine_extension.vmex0: Creating...
azurerm_virtual_machine_extension.vmex0: Still creating... [10s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [20s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [30s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [40s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [50s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m0s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m10s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m20s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m30s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m40s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m50s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [2m0s elapsed]
azurerm_virtual_machine_extension.vmex0: Creation complete after 2m1s [id=/subscriptions/7fe8a9c3-0812-42e2-9733-3f567308a0d0/resourceGroups/ORA/providers/Microsoft.Compute/virtualMachines/ora/extensions/ora-vmext]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

目标上的标准输出

[root@ora ~]# cat /var/lib/waagent/custom-script/download/0/stdout
Preparing...                          ########################################
Updating / installing...
epel-release-7-12                     ########################################
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
--> Running transaction check
---> Package cowsay.noarch 0:3.04-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch             Version                 Repository      Size
================================================================================
Installing:
 cowsay           noarch           3.04-4.el7              epel            42 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 42 k
Installed size: 77 k
Downloading packages:
Public key for cowsay-3.04-4.el7.noarch.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : cowsay-3.04-4.el7.noarch                                     1/1
  Verifying  : cowsay-3.04-4.el7.noarch                                     1/1

Installed:
  cowsay.noarch 0:3.04-4.el7

Complete!

< ExaGridDba >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

备注

1. 脚本大小限制为262144字节base64编码，或196608字节。
2. “＃！”确定口译员。 “＃！/ bin / python”将启动python脚本。
3. 不需要这些azurerm_virtual_machine_extension参数：
   • 设置
   • fileUris
   • commandToExecute
   • storageAccountName
   • storageAccountKey
Terrali文档中可能未提及
4. protected_settings参数“脚本”。请参阅Use the Azure Custom Script Extension Version 2 with Linux virtual machines
5. azurerm_virtual_machine_extension可以在VM创建期间使用，也可以用作独立的管理工具。

结论

在Azure VM中，可以在不引用Blob存储帐户的情况下运行脚本。

Answer 2

不，您不能这样做，您有2种选择：

1. 使用azure存储帐户并使用SAS令牌保护blob，并将其传递给扩展名，它将使用该令牌对azure存储进行身份验证并下载blob。您将需要使用protected settings来传递SAS令牌。 Extension schema。 Terraform应该将一对一映射到该模式。
2. 您可以使用Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action和Microsoft.Compute/virtualMachines/runCommand/action在vm \ vmss实例上从本地控制台运行脚本（很确定terrafrom不会公开此api调用，但是powershell \ azu cli可以这样做）。