如何在Terraform中断开remote-exec?

时间:2019-12-21 16:23:42

标签: terraform

我的Google Cloud平台存在此问题,其中默认的全局用户“ gcp-root”与我们的可访问用户列表冲突。 因此,作为解决方法,我正在执行以下操作:

sudo adduser -u 9999 -G google-sudoers tmproot
sudo cp -Rfvp /home/gcp-root/.ssh /home/tmproot/
sudo chown tmproot:tmproot -Rf /home/tmproot/

这是我的Terraform远程执行块:

  ## Create a 'tmproot' as default full sudoer in gcp (gcp-root) has a uid
  ## that conflicts with one of ansible list of users.
  provisioner "remote-exec" {
    inline = [
      "sudo adduser -u 9999 -G google-sudoers tmproot",
      "sudo cp -Rfvp /home/gcp-root/.ssh /home/tmproot/",
      "sudo chown tmproot:tmproot -Rf /home/tmproot/",
    ]

    connection {
      type        = "ssh"
      user        = "gcp-root"
      private_key = "${file("${var.ssh_key_location}")}"
      host        = "${google_compute_address.static-ip-address.address}"
    }
  }

  ## Delete gcp-root
  provisioner "remote-exec" {
    inline = [
      "sudo userdel gcp-root",
    ]

    connection {
      type        = "ssh"
      user        = "tmproot"
      private_key = "${file("${var.ssh_key_location}")}"
      host        = "${google_compute_address.static-ip-address.address}"
    }
  }

当我应用terraform代码时,结果如下:

null_resource.ansible_provisioning: Still creating... [50s elapsed]
null_resource.ansible_provisioning (remote-exec): Connecting to remote host via SSH...
null_resource.ansible_provisioning (remote-exec):   Host: <REDACTED>
null_resource.ansible_provisioning (remote-exec):   User: gcp-root
null_resource.ansible_provisioning (remote-exec):   Password: false
null_resource.ansible_provisioning (remote-exec):   Private key: true
null_resource.ansible_provisioning (remote-exec):   Certificate: false
null_resource.ansible_provisioning (remote-exec):   SSH Agent: false
null_resource.ansible_provisioning (remote-exec):   Checking Host Key: false
null_resource.ansible_provisioning (remote-exec): Connected!
null_resource.ansible_provisioning (remote-exec): ‘/home/gcp-root/.ssh’ -> ‘/home/tmproot/.ssh’
null_resource.ansible_provisioning (remote-exec): ‘/home/gcp-root/.ssh/authorized_keys’ -> ‘/home/tmproot/.ssh/authorized_keys’
null_resource.ansible_provisioning: Provisioning with 'remote-exec'...
null_resource.ansible_provisioning (remote-exec): Connecting to remote host via SSH...
null_resource.ansible_provisioning (remote-exec):   Host: <REDACTED>
null_resource.ansible_provisioning (remote-exec):   User: tmproot
null_resource.ansible_provisioning (remote-exec):   Password: false
null_resource.ansible_provisioning (remote-exec):   Private key: true
null_resource.ansible_provisioning (remote-exec):   Certificate: false
null_resource.ansible_provisioning (remote-exec):   SSH Agent: false
null_resource.ansible_provisioning (remote-exec):   Checking Host Key: false
null_resource.ansible_provisioning (remote-exec): Connected!
null_resource.ansible_provisioning (remote-exec): userdel: user gcp-root is currently used by process 1359


Error: error executing "/tmp/terraform_633887752.sh": Process exited with status 8

显然,问题在于第一个remote-exec(使用用户'gcp-root')仍处于连接状态,因此,第二个remote-exec(使用用户'tmproot')无法删除“ gcp-根”。

如果只有我可以断开第一个remote-exec的连接,那似乎可以解决我的问题,但是terraform的文档中似乎没有该选项。搜索google似乎没有任何提示。

我是否有更好的方法实现目标?

任何提示/建议都一定会受到欢迎,并在此先感谢。

1 个答案:

答案 0 :(得分:0)

通过在Google Cloud Platform中添加启动脚本元数据,我设法找到了解决问题的可行方案。

在元数据中,我添加了密钥:

startup-script

值:

#!/bin/bash
sudo usermod -u 9999 gcp-root
sudo groupmod -g 9999 gcp-root
sudo chown gcp-root.gcp-root -Rf /home/gcp-root

有关参考,请参见https://cloud.google.com/compute/docs/startupscript

问题解决了。

相关问题
最新问题