Azure-尝试在Terraform中使用JsonADDomainExtension将VM加入域

时间:2019-07-18 09:48:01

标签: azure terraform terraform-provider-azure

尝试将Azure CentOS VM加入现有的AD域。但是,它失败了。错误消息含糊不清,无济于事。

试图使用Terraform中的JsonADDomainExtension将Azure CentOS VM加入现有的AD域。到目前为止,我已经尝试了以下方法,

  • 我可以手动使用'realm join'将虚拟机加入域
  • 在没有OUPath的情况下尝试TF代码->没有帮助

代码与https://github.com/Azure/azure-quickstart-templates/blob/master/201-vm-domain-join-existing/azuredeploy.json

非常相似 
resource "azurerm_virtual_machine_extension" "adjoin" {
  name                 = "${azurerm_virtual_machine.testextn01.name}-adjoin"
  location             = "${azurerm_resource_group.testextn.location}"
  resource_group_name  = "${azurerm_resource_group.testextn.name}"
  virtual_machine_name = "${azurerm_virtual_machine.testextn01.name}"
  publisher            = "Microsoft.Compute"
  type                 = "JsonADDomainExtension"
  type_handler_version = "1.3"

  settings = <<SETTINGS
    {
        "Name": "NEXT.CLOUD.COM",
        "User": "DOMAIN\\ad-join",
        "OUPath": "\"OU=Centos,OU=Servers,OU=Operations,DC=NEXT,DC=CLOUD,DC=COM\"",
        "Restart": "true",
        "Options": "3"
    }
SETTINGS
  protected_settings = <<PROTECTED_SETTINGS
    {
      "Password": "topsecret"
    }
  PROTECTED_SETTINGS

}

Terraform apply没有返回提示,

azurerm_virtual_machine_extension.adjoin:仍在创建...(经过1h26m21s)
azurerm_virtual_machine_extension.adjoin:仍在创建...(经过1h26m31s)
azurerm_virtual_machine_extension.adjoin:仍在创建...(经过1h26m41s)
^ CInterrupt已收到。
请等待Terraform退出,否则可能会丢失数据。
正常关闭...
停止操作...

在/var/log/waagent.log文件中,错误消息显示如下,

2019年7月18日05:06:41.630295 ERROR ExtHandler事件:名称= Microsoft.Compute.JsonADDomainExtension,OP =安装,消息= eJytkcFKxDAURff9ivcBTtK0ndZ2N9gRR3B0PxTJJOkQaPJKkmrHrzdUFBcKMrh8i3s4993Ddg7Keo126xy6DvZoV2 / KIahZBxAoVQMsq65AWx / 4MBBhZHLwQeIUuiRLWU3TirJrSNdNWjZ5Tco0q6oSdvvbR4j0O27loBxspFQSnnYtsHVRQEAQJ4fTCNSfPe09 / TipGCf6ygdtp5mflA1EfRp6 + qCFQ499IDdoxikocu / RbtoWDdf2q8ozIznJfpHL86K + WM4og + 78T37J8kflXJfQF + 7ooI + RVED / SlotJPptmwaimgLWwFHbHzNROG4q0JhYHiwG6HGyMnkHeGWxYg ==,持续时间= 0


错误消息毫无头绪,帮助不大。

1 个答案:

答案 0 :(得分:0)

您可能会注意settings中的用户和 OUPath 格式,它不应具有"\,可以将其更改为"OUPath":"OU=Centos,OU=Servers,OU=Operations,DC=NEXT,DC=CLOUD,DC=COM", < / p>

此外,您可以在扩展块中添加depends_on,因为扩展创建取决于VM生成。

例如,

resource "azurerm_virtual_machine_extension" "domjoin" {
name = "domjoin"
location = "${var.location}"
resource_group_name = "${var.image_resource_group}"
virtual_machine_name = "${var.prefix}"
publisher = "Microsoft.Compute"
type = "JsonADDomainExtension"
type_handler_version = "1.3"
# What the settings mean: https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netjoindomain
settings = <<SETTINGS
{
"Name": "pixelrobots.co.uk",
"OUPath": "OU=Servers,DC=pixelrobots,DC=co,DC=uk",
"User": "pixelrobots.co.uk\\pr_admin",
"Restart": "true",
"Options": "3"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"Password": "${var.admin_password}"
}
PROTECTED_SETTINGS
depends_on = ["azurerm_virtual_machine.vm"]
}

您可以获得有关使用Terraform将新的Azure虚拟机从this1this2连接到域的更多参考。

相关问题
最新问题