Azure devops Terraform计划在Azure Devops中失败
我正在尝试使用terraform在Azure中构建infra。我正在通过Azure DevOps实现自动化,我们的组织中还没有任务,我正在运行CLI脚本来获取它,虽然我可以一直运行到terraform init,但无法运行terraform plan。如前所述,我正在使用服务主体进行身份验证。我正在跟踪以完成设置 这是我的管道Azure devops Terraform计划在Azure Devops中失败,azure-devops,terraform,terraform-provider-azure,azure-devops-pipelines,Azure Devops,Terraform,Terraform Provider Azure,Azure Devops Pipelines,我正在尝试使用terraform在Azure中构建infra。我正在通过Azure DevOps实现自动化,我们的组织中还没有任务,我正在运行CLI脚本来获取它,虽然我可以一直运行到terraform init,但无法运行terraform plan。如前所述,我正在使用服务主体进行身份验证。我正在跟踪以完成设置 这是我的管道 - task: AzureCLI@1 displayName: Terraform init inputs: azureSubscription: Sub
- task: AzureCLI@1
displayName: Terraform init
inputs:
azureSubscription: Subscription
scriptLocation: inlineScript
inlineScript: |
set -eux # fail on error
terraform init \
-backend-config=storage_account_name=$(storageAccountName) \
-backend-config=container_name=$(container_name) \
-backend-config=key=$(key)/terraform.tfstate \
-backend-config=sas_token=$(artifactsLocationSasToken) \
-backend-config=subscription_id="$(ARM_SUBSCRIPTION_ID)" \
-backend-config=tenant_id="$(ARM_TENANT_ID)" \
-backend-config=client_id="$(ARM_CLIENT_ID)" \
-backend-config=client_secret="$(ARM_CLIENT_SECRET)"
addSpnToEnvironment: true
workingDirectory: $(System.DefaultWorkingDirectory)/Modules
- bash: |
set -eu # fail on error
terraform plan -out=tfplan -input=false -detailed-exitcode
displayName: Terraform apply
workingDirectory: $(System.DefaultWorkingDirectory)/Modules
在tf文件中,我有非常基本的内容要尝试
provider "azurerm" {
version = ">= 2.61.0"
features {}
}
data "azurerm_resource_group" "main" {
name = var.resource_group_name
}
terraform {
backend "azurerm" {
}
}
我得到了这个错误
生成AzureRM客户端时出错:从Azure获取订阅(***)
CLI:从Azure解析json结果时出错CLI:等待时出错
Azure CLI:退出状态1:错误:请运行“az登录”以安装
帐户
已更新
- task: AzureCLI@2
inputs:
azureSubscription: $(scConn)
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
$sasToken = (az storage container generate-sas --account-name $(storageAccountName) --name $(container_name) --permissions rwdl --expiry $(date -u -d "30 minutes" +%Y-%m-%dT%H:%MZ))
Write-Host($sasToken) Write-Output("##vso[task.setvariable variable=artifactsLocationSasToken;]$sasToken")
- task: AzureCLI@1
displayName: Terraform credentials
inputs:
azureSubscription: $(scConn)
scriptLocation: inlineScript
inlineScript: |
set -eu # fail on error
echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$(servicePrincipalId)"
echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET;issecret=true]$(servicePrincipalKey)"
echo "##vso[task.setvariable variable=ARM_SUBSCRIPTION_ID]$(subscriptionId)"
echo "##vso[task.setvariable variable=ARM_TENANT_ID]$(tenantId)"
addSpnToEnvironment: true
- task: AzureCLI@1
displayName: Terraform init
inputs:
azureSubscription: $(scConn)
scriptLocation: inlineScript
inlineScript: |
set -eux # fail on error
terraform init \
-backend-config=storage_account_name=$(storageAccountName) \
-backend-config=container_name=$(container_name) \
-backend-config=key=$(key)/terraform.tfstate \
-backend-config=sas_token=$(artifactsLocationSasToken) \
-backend-config=subscription_id="$(ARM_SUBSCRIPTION_ID)" \
-backend-config=tenant_id="$(ARM_TENANT_ID)" \
-backend-config=client_id="$(ARM_CLIENT_ID)" \
-backend-config=client_secret="$(ARM_CLIENT_SECRET)"
addSpnToEnvironment: true
workingDirectory: $(System.DefaultWorkingDirectory)/Modules
生成AzureRM客户端时出错:从Azure CLI获取订阅(***):从Azure CLI解析json结果时出错:等待Azure CLI时出错:退出状态1:错误:请运行“az登录”到安装帐户
此问题的根本原因是Azure CLI最终将运行az account clear命令。因此,当前Azure CLI任务中的az登录信息将不会保留
您需要在terraform plan命令之前添加其他命令(az login命令)以登录
您可以在Azure CLI任务中启用参数:addSpnToEnvironment:true
,并将登录信息设置为管道变量。然后您可以在az login命令中使用这些信息
以下是一个例子:
- task: AzureCLI@1
displayName: Terraform init
inputs:
azureSubscription: Subscription
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
set -eux # fail on error
echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId"
echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET]$servicePrincipalKey"
echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
terraform init \
-backend-config=storage_account_name=$(storageAccountName) \
-backend-config=container_name=$(container_name) \
-backend-config=key=$(key)/terraform.tfstate \
-backend-config=sas_token=$(artifactsLocationSasToken) \
-backend-config=subscription_id="$(ARM_SUBSCRIPTION_ID)" \
-backend-config=tenant_id="$(ARM_TENANT_ID)" \
-backend-config=client_id="$(ARM_CLIENT_ID)" \
-backend-config=client_secret="$(ARM_CLIENT_SECRET)"
addSpnToEnvironment: true
workingDirectory: $(System.DefaultWorkingDirectory)/Modules
- bash: |
set -eu # fail on error
az login --service-principal --username $(ARM_CLIENT_ID) --password $(ARM_CLIENT_SECRET) --tenant $(ARM_TENANT_ID)
terraform plan -out=tfplan -input=false -detailed-exitcode
displayName: Terraform apply
workingDirectory: $(System.DefaultWorkingDirectory)/Modules
这张票有更新吗?请随时告诉我答案是否可以解决此问题。我已将az登录添加到管道->错误生成AzureRM客户端:仅支持作为用户(而不是服务主体)使用Azure CLI进行身份验证bash:| set-eu#错误登录失败——服务主体——用户名$(ARM_CLIENT_ID)——密码$(ARM_CLIENT_SECRET)——租户$(ARM_tenant_ID)terraform plan-out=tfplan-input=false——详细的exitcode显示名称:terraform应用工作目录:$(System.DefaultWorkingDirectory)/ModulesHi@threeleggedrabbit。您是否添加了
echo“##vso[task.setvariable=ARM_CLIENT_ID]……
以在azure cli任务中设置变量?您是否可以与我们共享当前的YAML示例?是的,我添加了ARM_CLIENT_ID。更新了问题