Terraform azurerm_virtual_machine_extension

Question

我正在使用 azurerm_virtual_machine_extension 在 azure 中引导一些虚拟机。

我发现的所有示例都使用类似于以下内容的内容：

settings = <<SETTINGS
    {   
    "fileUris": [ "https://my.bootstrapscript.com/script.sh}" ],
    "commandToExecute": "bash script.sh"
    }
SETTINGS

虽然这可行，但我的问题是我必须公开托管 script 以与 fileUris 一起使用。设置中是否有允许我从 terraform 文件夹发送本地文件内容的选项？

类似：

settings = <<SETTINGS
    {   
    "file": [ ${file("./script.txt")} ],
    "commandToExecute": "bash script.sh"
    }
SETTINGS

谢谢。

Answer 1

是的，我们可以！

简介

在 protected_settings 中，使用“脚本”。

脚本

地形脚本

provider "azurerm" {
}

resource "azurerm_virtual_machine_extension" "vmext" {
    resource_group_name     = "${var.resource_group_name}"
    location                = "${var.location}"
    name                    = "${var.hostname}-vmext"

    virtual_machine_name = "${var.hostname}"
    publisher            = "Microsoft.Azure.Extensions"
    type                 = "CustomScript"
    type_handler_version = "2.0"

    protected_settings = <<PROT
    {
        "script": "${base64encode(file(var.scfile))}"
    }
    PROT
}

变量

variable resource_group_name {
    type = string
    default = "ORA"
}

variable location {
    type = string
    default = "eastus"
}

variable hostname {
    type = string
    default = "ora"
}

variable scfile{
    type = string
    default = "yum.bash"
}

bash 脚本

#!/bin/bash

mkdir -p ~/download
cd ~/download
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
yum -y install cowsay
cowsay ExaGridDba

输出

申请

[terraform@terra stackoverflow]$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_virtual_machine_extension.vmex0 will be created
  + resource "azurerm_virtual_machine_extension" "vmex0" {
      + id                   = (known after apply)
      + location             = "eastus"
      + name                 = "ora-vmext"
      + protected_settings   = (sensitive value)
      + publisher            = "Microsoft.Azure.Extensions"
      + resource_group_name  = "ORA"
      + tags                 = (known after apply)
      + type                 = "CustomScript"
      + type_handler_version = "2.0"
      + virtual_machine_name = "ora"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_virtual_machine_extension.vmex0: Creating...
azurerm_virtual_machine_extension.vmex0: Still creating... [10s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [20s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [30s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [40s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [50s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m0s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m10s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m20s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m30s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m40s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [1m50s elapsed]
azurerm_virtual_machine_extension.vmex0: Still creating... [2m0s elapsed]
azurerm_virtual_machine_extension.vmex0: Creation complete after 2m1s [id=/subscriptions/7fe8a9c3-0812-42e2-9733-3f567308a0d0/resourceGroups/ORA/providers/Microsoft.Compute/virtualMachines/ora/extensions/ora-vmext]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

目标上的标准输出

[root@ora ~]# cat /var/lib/waagent/custom-script/download/0/stdout
Preparing...                          ########################################
Updating / installing...
epel-release-7-12                     ########################################
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
--> Running transaction check
---> Package cowsay.noarch 0:3.04-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch             Version                 Repository      Size
================================================================================
Installing:
 cowsay           noarch           3.04-4.el7              epel            42 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 42 k
Installed size: 77 k
Downloading packages:
Public key for cowsay-3.04-4.el7.noarch.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : cowsay-3.04-4.el7.noarch                                     1/1
  Verifying  : cowsay-3.04-4.el7.noarch                                     1/1

Installed:
  cowsay.noarch 0:3.04-4.el7

Complete!

< ExaGridDba >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

备注

1. 脚本大小限制为 262144 字节 base64 编码，或 196608 字节。
2. “#！”决定解释器。 "#!/bin/python" 将启动一个 python 脚本。
3. 这些 azurerm_virtual_machine_extension 参数不是必需的：
   • 设置
   • fileUris
   • commandToExecute
   • storageAccountName
   • storageAccountKey
4. protected_settings 参数“脚本”可能未在 Terraform 文档中提及。请参考Use the Azure Custom Script Extension Version 2 with Linux virtual machines
5. azurerm_virtual_machine_extension 可在 VM 创建期间使用，或用作独立的管理工具。

结论

在 Azure VM 中，可以在不引用 Blob 存储帐户的情况下运行脚本。