Terraform on Azure DevOps with azurerm Backend
所以我想使用terraform v0.12.0定义我的azure基础结构。我们公司对使用的东西设置了严格的限制,因此我有点不愿意使用Azure DevOps Marketplace的现成的构建/发布任务。因此,我下载了exe,并将其添加到代码中,也可以直接将其下载到构建/发布代理中。
因此,我将Azure DevOps Release管道内置任务Azure Cli(v1.151.1)与以下代码一起使用
1 2 3 4 5 6 7 8 9 10 | call az login --service-principal -u $(clientid) -p $(clientsecret) --tenant $(tenantid) call cd $(System.DefaultWorkingDirectory)/_DevOps/drop/Terraform/ call set ARM_ACCESS_KEY=$(az keyvault secret show --name mybackendkey --vault-name mykeyvault --query value -o tsv) call set ARM_CLIENT_ID="$(clientid)" call set ARM_CLIENT_SECRET="$(clientsecret)" call set ARM_SUBSCRIPTION_ID="$(subscriptionid)" call set ARM_TENANT_ID="$(tenantid)" call terraform init -backend-config="storage_account_name=mystorageaccount" -backend-config="container_name=terraform-state" -backend-config="key=terraform.tfstate" call terraform plan -input=false call terraform apply -input=false |
具有以下terraform.tf文件
1 2 3 4 5 6 7 8 9 10 11 12 | terraform { backend"azurerm" { storage_account_name ="mystorageaccount" container_name ="terraform-state" key ="terraform.tfstate" resource_group_name ="myresourcegroup" subscription_id ="00000000-0000-0000-0000-000000000000" client_id ="00000000-0000-0000-0000-000000000000" client_secret ="mysecret" tenant_id ="00000000-0000-0000-0000-000000000000" } } |
现在出现以下错误
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | 2019-05-27T14:45:53.7470711Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call set ARM_ACCESS_KEY=$(az keyvault secret show --name mybackendkey --vault-name mykeyvault --query value -o tsv) 2019-05-27T14:45:53.7491727Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call set ARM_CLIENT_ID="***" 2019-05-27T14:45:53.7511373Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call set ARM_CLIENT_SECRET="***" 2019-05-27T14:45:53.7532794Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call set ARM_SUBSCRIPTION_ID="***" 2019-05-27T14:45:53.7554859Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call set ARM_TENANT_ID="***" 2019-05-27T14:45:53.7574875Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call terraform init -backend-config="storage_account_name=mystorageaccount" -backend-config="container_name=terraform-state" -backend-config="key=terraform.tfstate" 2019-05-27T14:45:53.9641074Z ?Initializing the backend...? 2019-05-27T14:45:53.9721551Z Successfully configured the backend"azurerm"! Terraform will automatically 2019-05-27T14:45:53.9721831Z use this backend unless the backend configuration changes.? 2019-05-27T14:45:53.9737291Z ?Error: ?Failed to get migrated workspaces: Error creating storage client for storage account"mystorageaccount": azure: malformed storage account key: illegal base64 data at input byte 0? 2019-05-27T14:45:53.9856719Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call terraform plan -out=tfplan -input=false 2019-05-27T14:45:54.1177547Z ?Error: ?Error loading state: Error creating storage client for storage account"mystorageaccount": azure: malformed storage account key: illegal base64 data at input byte 0? 2019-05-27T14:45:54.1302709Z D:\\a\ 1\\a\\_DevOps\\drop\\Terraform>call terraform apply -input=false tfplan 2019-05-27T14:45:54.2539375Z ?CreateFile tfplan: The system cannot find the file specified.? 2019-05-27T14:45:54.2782991Z ##[error]Script failed with error: Error: D:\\a\\_temp\\azureclitaskscript1558968322690.bat failed with return code: 1 2019-05-27T14:45:54.2899205Z [command]C:\\windows\\system32\\cmd.exe /D /S /C""C:\\Program Files (x86)\\Microsoft SDKs\\Azure\\CLI2\\wbin\\az.cmd" account clear" |
如果我将后端移动到本地,它可以工作,无论如何,我可以使其与Azure后端一起工作吗?顺便说一句,我从Azure Key Vault中获得了秘密和ID,直接将其注入到DevOps peipline
中
对于您的问题,就像该错误表明您通过环境变量设置的存储帐户访问密钥是错误的一样。如您所言,设置环境变量
是错误的方法。
我认为有两种方法可以解决此问题。一种是使用DevOps方法设置环境变量。看来这是Windows主机。因此,另一种方法是以Windows方式设置环境变量。
在下面添加Windows方式:
在PowerShell中:
1 | $env:ARM_ACCESS_KEY=$(az keyvault secret show --name mybackendkey --vault-name mykeyvault --query value -o tsv) |
在CMD中,您似乎无法通过命令的输出直接设置环境变量,而只能使用字符串进行设置。
1 | set ARM_ACCESS_KEY="xxxxx" |