pka*_*mol 2 amazon-ec2 amazon-web-services terraform
我已经使用Terraform在AWS上创建了EC2实例;
我想要在操作系统级别添加一个用户,并提供要添加到其~/.ssh/authorized_keys文件中的特定密钥。
该aws_instance文档似乎没有列出此功能。
有办法解决吗?
编辑:我认为一种方法是通过remote-exec预配器,但是由于我已经创建了ec2资源,因此我需要一种强制运行该方法的方法。
@Brandon Miller 给出的答案似乎很好,我最终得到了以下结果(不是很优雅,我必须承认):
provisioner "remote-exec" {
inline = [
"sudo adduser --disabled-password --gecos '' myuser",
"sudo mkdir -p /home/myuser/.ssh",
"sudo touch /home/myuser/.ssh/authorized_keys",
"sudo echo '${var.MY_USER_PUBLIC_KEY}' > authorized_keys",
"sudo mv authorized_keys /home/myuser/.ssh",
"sudo chown -R myuser:myuser /home/myuser/.ssh",
"sudo chmod 700 /home/myuser/.ssh",
"sudo chmod 600 /home/myuser/.ssh/authorized_keys",
"sudo usermod -aG sudo myuser"
]
connection {
user = "ubuntu"
}
}
跟进评论和编辑,您正在寻找的内容可能如下所示:
resource "aws_instance" "default" {
...
provisioner "remote-exec" {
inline = [
"sudo useradd someuser"
]
connection {
type = "ssh"
user = "ubuntu"
private_key = "${file("yourkey.pem")}"
}
}
provisioner "file" {
source = "authorized_keys"
destination = "/home/someuser/.ssh/authorized_keys"
connection {
type = "ssh"
user = "ubuntu"
private_key = "${file("yourkey.pem")}"
}
}
provisioner "remote-exec" {
inline = [
"sudo chown someuser:someuser /home/someuser/.ssh/authorized_keys",
"sudo chmod 0600 /home/someuser/.ssh/authorized_keys"
]
connection {
type = "ssh"
user = "ubuntu"
private_key = "${file("yourkey.pem")}"
}
}
...
}
您也可以一次完成所有操作,remote-exec具体取决于您要如何设置authorized_keys文件
| 归档时间: |
|
| 查看次数: |
2139 次 |
| 最近记录: |