具有Azure后端的Azure DevOps上的Terraform
[英]Terraform on Azure DevOps with azurerm Backend
问题描述
So I want to use terraform v0.12.0 for defining my azure infrastructure. 
所以我想使用terraform v0.12.0定义我的azure基础结构。 Our company is heavy on placing restrictions on things to use, so I am a bit reluctant to use off the shelf build/release tasks from Azure DevOps Marketplace. 我们公司对使用的东西设置了严格的限制,因此我有点不愿意使用Azure DevOps Marketplace的现成的构建/发布任务。 So I downloaded the exe, added it to the code, I can also download it directly on the build/release agent. 因此,我下载了exe,并将其添加到代码中,也可以直接在构建/发行代理中下载它。
So I used Azure DevOps Release pipelines built-in task Azure Cli (v1.151.1) with the following code 所以我将Azure DevOps Release管道内置任务Azure Cli(v1.151.1)与以下代码结合使用
call az login --service-principal -u $(clientid) -p $(clientsecret) --tenant $(tenantid)
call cd $(System.DefaultWorkingDirectory)/_DevOps/drop/Terraform/
call set ARM_ACCESS_KEY=$(az keyvault secret show --name mybackendkey --vault-name mykeyvault --query value -o tsv)
call set ARM_CLIENT_ID="$(clientid)"
call set ARM_CLIENT_SECRET="$(clientsecret)"
call set ARM_SUBSCRIPTION_ID="$(subscriptionid)"
call set ARM_TENANT_ID="$(tenantid)"
call terraform init -backend-config="storage_account_name=mystorageaccount" -backend-config="container_name=terraform-state" -backend-config="key=terraform.tfstate"
call terraform plan -input=false
call terraform apply -input=false
with the following terraform.tf file 使用以下terraform.tf文件
terraform {
backend "azurerm" {
storage_account_name = "mystorageaccount"
container_name = "terraform-state"
key = "terraform.tfstate"
resource_group_name = "myresourcegroup"
subscription_id = "00000000-0000-0000-0000-000000000000"
client_id = "00000000-0000-0000-0000-000000000000"
client_secret = "mysecret"
tenant_id = "00000000-0000-0000-0000-000000000000"
}
}
Now it is giving the the following error 现在出现以下错误
2019-05-27T14:45:53.7470711Z D:\a\r1\a\_DevOps\drop\Terraform>call set ARM_ACCESS_KEY=$(az keyvault secret show --name mybackendkey --vault-name mykeyvault --query value -o tsv)
2019-05-27T14:45:53.7491727Z D:\a\r1\a\_DevOps\drop\Terraform>call set ARM_CLIENT_ID="***"
2019-05-27T14:45:53.7511373Z D:\a\r1\a\_DevOps\drop\Terraform>call set ARM_CLIENT_SECRET="***"
2019-05-27T14:45:53.7532794Z D:\a\r1\a\_DevOps\drop\Terraform>call set ARM_SUBSCRIPTION_ID="***"
2019-05-27T14:45:53.7554859Z D:\a\r1\a\_DevOps\drop\Terraform>call set ARM_TENANT_ID="***"
2019-05-27T14:45:53.7574875Z D:\a\r1\a\_DevOps\drop\Terraform>call terraform init -backend-config="storage_account_name=mystorageaccount" -backend-config="container_name=terraform-state" -backend-config="key=terraform.tfstate"
2019-05-27T14:45:53.9641074Z Initializing the backend...
2019-05-27T14:45:53.9721551Z Successfully configured the backend "azurerm"! Terraform will automatically
2019-05-27T14:45:53.9721831Z use this backend unless the backend configuration changes.
2019-05-27T14:45:53.9737291Z Error: Failed to get migrated workspaces: Error creating storage client for storage account "mystorageaccount": azure: malformed storage account key: illegal base64 data at input byte 0
2019-05-27T14:45:53.9856719Z D:\a\r1\a\_DevOps\drop\Terraform>call terraform plan -out=tfplan -input=false
2019-05-27T14:45:54.1177547Z Error: Error loading state: Error creating storage client for storage account "mystorageaccount": azure: malformed storage account key: illegal base64 data at input byte 0
2019-05-27T14:45:54.1302709Z D:\a\r1\a\_DevOps\drop\Terraform>call terraform apply -input=false tfplan
2019-05-27T14:45:54.2539375Z CreateFile tfplan: The system cannot find the file specified.
2019-05-27T14:45:54.2782991Z ##[error]Script failed with error: Error: D:\a\_temp\azureclitaskscript1558968322690.bat failed with return code: 1
2019-05-27T14:45:54.2899205Z [command]C:\windows\system32\cmd.exe /D /S /C ""C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd" account clear"
It works if I move my backend to local, is there anyway I can make it work with Azure Backend? 如果将后端移动到本地,它可以工作,无论如何,我可以使其与Azure后端一起工作吗? BTW I am getting the secrets and Ids from Azure Key Vault directly injected into the DevOps peipline 顺便说一句,我从Azure Key Vault中获取了秘密和ID,直接将它们注入到DevOps peipline中
1 个解决方案
解决方案1
0 已采纳 2019-05-28 09:32:18
For your issue, just as the error shows that the storage account access key that you set through the environment variable is wrong. 对于您的问题,就像错误表明您通过环境变量设置的存储帐户访问密钥是错误的一样。 As your comment, it's a wrong way to set the environment variable ARM_ACCESS_KEY . 如您ARM_ACCESS_KEY ,设置环境变量ARM_ACCESS_KEY是错误的方法。
I think there are two ways to solve the issue. 我认为有两种方法可以解决此问题。 One is that use the DevOps way to set the environment variables. 一种是使用DevOps方法设置环境变量。 And it seems it's a windows host. 看来这是Windows主机。 So another way is to set the environment variables in windows way. 因此另一种方法是在Windows中设置环境变量。
Add the windows way below: 在下面添加Windows方式:
In PowerShell: 在PowerShell中:
$env:ARM_ACCESS_KEY=$(az keyvault secret show --name mybackendkey --vault-name mykeyvault --query value -o tsv)
In CMD it seems you cannot directly set the environment variables through the output of the command, just can set it with a string. 在CMD中,似乎无法通过命令的输出直接设置环境变量,而只能使用字符串进行设置。
set ARM_ACCESS_KEY="xxxxx"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.