我正在使用Windows VM
上的Terraform v0.12.9
设置Azure cloud
。在该VM上,我想使用Terraform执行以下任务。基本上是为了避免向VM发送RDP
并执行手动脚本执行。
1. Enable PSRemoting
2. Create a new FirewallRule
3. Create a SelfSignedCertificate
我有一个vm_provisioning.tf,如下:
resource "azurerm_virtual_machine" "vm" {
#count = "${var.env == "dev" ? 0 : 1}"
count = "${var.env == "dev" ? 0 : 1}"
name = var.vm_name
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
network_interface_ids = ["${azurerm_network_interface.network-interface[count.index].id}"]
vm_size = "Standard_D13_v2"
storage_image_reference {
publisher = "MicrosoftWindowsDesktop"
offer = "Windows-10"
sku = "rs4-pro"
version = "latest"
}
storage_os_disk {
name = "Primary-disk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
disk_size_gb = "127"
}
os_profile {
computer_name = var.vm_name
admin_username = "${var.vm-username}"
admin_password = "${random_password.vm_password.result}"
}
os_profile_windows_config {
}
provisioner "remote-exec" {
connection {
host = "${element(azurerm_public_ip.PublicIP.*.ip_address, count.index)}"
type = "winrm"
user = var.vm-username
password = "${random_password.vm_password.result}"
agent = "false"
insecure = "true"
}
**inline = [
"powershell.exe Set-ExecutionPolicy Bypass -force",
"powershell.exe $DNSName = $env:COMPUTERNAME",
"powershell.exe Enable-PSRemoting -Force",
"powershell.exe New-NetFirewallRule -Name 'WinRM HTTPS' -DisplayName 'WinRM HTTPS' -Enabled True -Profile 'Any' -Action 'Allow' -Direction 'Inbound' -LocalPort 5986 -Protocol 'TCP'",
"powershell.exe $thumbprint = (New-SelfSignedCertificate -DnsName $DNSName -CertStoreLocation Cert:/LocalMachine/My).Thumbprint",
"powershell.exe $cmd = 'winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=''$DNSName''; CertificateThumbprint=''$thumbprint''}'",
"powershell.exe cmd.exe /C $cmd"
]**
}
}
我也尝试过azurerm_virtual_machine_extension
。
resource "azurerm_virtual_machine_extension" "winrm" {
name = var.name
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
virtual_machine_name = var.vm_name
publisher = "Microsoft.Azure.Extensions"
type = "CustomScriptExtension"
type_handler_version = "2.0"
settings = <<SETTINGS
{
"commandToExecute": "hostname && uptime"
}
SETTINGS
}
使用azurerm_virtual_machine_extension
,我遇到了错误。
##[error]Terraform command 'apply' failed with exit code '1'.: compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="This operation cannot be performed when extension operations are disallowed. To allow, please ensure VM Agent is installed on the VM and the osProfile.allowExtensionOperations property is true."
根据错误消息,您需要包括一个os_profile_windows_config块。它支持以下内容:
provision_vm_agent-(可选)Azure虚拟机来宾代理程序将安装在此虚拟机上吗?默认为false。
os_profile_windows_config {
provision_vm_agent = true
}