terraform 错误：provisioner 的主机不能为空 azurerm

Question

这是我的配置 我必须将所有配置添加到一个文件中

我有与问题无关的配置部分，并保留对理解问题最重要的部分

provider "azurerm" {
  features {}
}




# Create public IPs
resource "azurerm_public_ip" "myterraformpublicip" {
  name                = "myPublicIP"
  location            = "eastus"
  resource_group_name = azurerm_resource_group.myterraformgroup.name
  allocation_method   = "Dynamic"

  tags = {
    environment = "Terraform Demo"
  }
}

#create a data to recicve ip
data "azurerm_public_ip" "myterraformpublicip" {
  name                = azurerm_public_ip.myterraformpublicip.name
  resource_group_name = azurerm_resource_group.myterraformgroup.name

}

output "vm_ip" {
  value = data.azurerm_public_ip.myterraformpublicip.ip_address
}

# Create (and display) an SSH key
resource "tls_private_key" "example_ssh" {
  algorithm = "RSA"
  rsa_bits  = 4096
}
output "tls_private_key" {
  value     = tls_private_key.example_ssh.private_key_pem
  sensitive = true
}

# Create virtual machine
resource "azurerm_linux_virtual_machine" "myterraformvm" {
  name                  = "myVM"
  location              = "eastus"
  resource_group_name   = azurerm_resource_group.myterraformgroup.name
  network_interface_ids = [azurerm_network_interface.myterraformnic.id]
  size                  = "Standard_DS1_v2"

  os_disk {
    name                 = "myOsDisk"
    caching              = "ReadWrite"
    storage_account_type = "Premium_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "18.04-LTS"
    version   = "latest"
  }

  computer_name                   = "myvm"
  admin_username                  = "azureuser"
  disable_password_authentication = true

  admin_ssh_key {
    username   = "azureuser"
    public_key = file("~/.ssh/id_rsa.pub")
  }

  boot_diagnostics {
    storage_account_uri = azurerm_storage_account.mystorageaccount.primary_blob_endpoint
  }

  tags = {
    environment = "Terraform Demo"
  }
}

resource "null_resource" "nginx" {
  provisioner "remote-exec" {
    inline = [
      "sudo yum install nginx -y",
      "sudo service nginx start",
      "sudo rm /usr/share/nginx/html/index.html",
      "echo '<html><head><title>Blue Team Server</title></head><body style=\"background-color:#1F778D\"><p style=\"text-align: center;\"><span style=\"color:#FFFFFF;\"><span style=\"font-size:28px;\">Blue Team</span></span></p></body></html>' | sudo tee /usr/share/nginx/html/index.html"
    ]

    connection {
      type        = "ssh"
      host        = data.azurerm_public_ip.myterraformpublicip.ip_address
      user        = "azureuser"
      private_key = tls_private_key.example_ssh.private_key_pem
      timeout     = "1m"
    }
  }
}

经过多次试验，我仍然遇到同样的错误我是 terraform 的初学者，需要帮助，注意：如果我再次将 ssh 连接应用到以前的公共 IP。

Answer 1

引导实例时，您正在使用file("~/.ssh/id_rsa.pub") 的磁盘公钥。

那么您在远程执行配置器中使用了不匹配的密钥 tls_private_key.example_ssh.private_key_pem。

不建议使用tls_private_key，因为它会将私钥以纯文本形式存储在您的 terraform 状态中。而是使用存储在磁盘上的公钥。

以下将更安全：

resource "null_resource" "nginx" {
  provisioner "remote-exec" {
    inline = [
      "sudo yum install nginx -y",
      "sudo service nginx start",
      "sudo rm /usr/share/nginx/html/index.html",
      "echo '<html><head><title>Blue Team Server</title></head><body style=\"background-color:#1F778D\"><p style=\"text-align: center;\"><span style=\"color:#FFFFFF;\"><span style=\"font-size:28px;\">Blue Team</span></span></p></body></html>' | sudo tee /usr/share/nginx/html/index.html"
    ]

    connection {
      type        = "ssh"
      host        = data.azurerm_public_ip.myterraformpublicip.ip_address
      user        = "azureuser"
      private_key = file("~/.ssh/id_rsa.pub")
      timeout     = "1m"
    }
  }
}