使用GCP服务帐户连接的Terraform远程配置不起作用

时间:2019-08-24 10:42:01

标签: google-cloud-platform terraform


以下是我想用terraform实现的目标,而我对terraform还是陌生的
我想创建一个VM,然后将文件从gcp存储复制到vm,我已经开始使用文件配置程序,以便首先复制本地shell脚本(它具有gsutil命令,用于将文件从存储复制到vm)。
我以不同的方式尝试过,例如无法进行

的远程配置

我创建了一个服务帐户,该帐户具有创建虚拟机,管理存储所需的权限,我在配置

时使用了相同的服务帐户 
# Provider Configuration
provider "google" {
    credentials = "${file("terraform-vm-sa.json")}"
    project = "gcp-exp-test-npe"
    region = "us-east4"
}

data "google_service_account" "vmaccount" {
    account_id = "terraform-vm-sa"
}

resource "google_service_account_key" "vmkey" {
  service_account_id = "${data.google_service_account.vmaccount.name}"
}

resource "local_file" "vmkeyfile" {
    content = "${google_service_account_key.vmkey.private_key}"
    filename = "./vmprivatekey"
}

resource "google_compute_instance" "test-inst" {
    name = "testq"
    machine_type= "n1-standard-1"
    zone = "us-east4-c"
    service_account {
        email = "terraform-vm-sa@gcp-exp-test-npe.iam.gserviceaccount.com"
        scopes = ["cloud-platform"]
    }

    boot_disk {
      initialize_params {
        image = "centos-cloud/centos-7"
      }
    }

    network_interface {
          subnetwork="https://www.googleapis.com/compute/v1/projects/gcp-exp-test-network-npe/regions/us-east4/subnetworks/npe-test-subnet-1"
    }
    metadata = {
        sshKeys = "terraform-vm-sa:${google_service_account_key.vmkey.public_key}"
     }
    provisioner "file" {
        source = "./storage-provision.sh"
        destination = "/tmp/storage-provision.sh"
        connection {
            host = "${google_compute_instance.test-inst.network_interface.0.network_ip}"
            user = "terraform-vm-sa"
            private_key = "${file("./vmprivatekey")}"
        }
    }

}

output "internal_ip" {
    value = "${google_compute_instance.test-inst.network_interface.0.network_ip}"
}

terraform抛出错误

google_compute_instance.test-inst: Creating...
google_compute_instance.test-inst: Still creating... [10s elapsed]
google_compute_instance.test-inst: Provisioning with 'file'...


Error: Failed to read ssh private key: no key found

但是我能够看到带有私钥的文件,无法理解为什么会发生

➜  cat vmprivatekey
ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiZ2NwLXVzaGktaWRlbnRpdHktbnBlIiwKICAicHJpdmF0ZV9rZXlfaWQiOiAiZTljNzRiNThiYjI0YmQ3M2M4NzAyMGU5ODk2Y2M5OGQwYmMyNGE3YSIsCiAgInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDbXE4UFZTZDFIWkZtUVxucVNKOG1tVFpvTWo5TlBTeEFkR3V5UjMzaTZwQlJ4bXozeURPQTZWV0F3bEQxK2tvN3hhK1dtY1FnQjFDa2Y2MFxubFJ1U0MwbmhUNTJpTWRMZkk1dUFSUUpHY1BlaG1oL2RBWTFjRVo5TzhKbTF3Ti9ZU0JRcGdiSnFqRVpOMjQ0UVxudTBLdXU2QVBWSmFYe

虽然我在Google上发现了不同的方法,例如在脚本中创建用户并创建公钥,私钥,并与该用户创建连接,但是我无法使用该方法,因为我需要与具有gcp角色的用户进行ssh复制存储中的文件
请问有人可以解决这个问题吗?
谢谢

0 个答案:

没有答案
相关问题
最新问题