将 “safemodeadminpassword” 添加到 Terraform 中的本地变量中。

huangapple go评论71阅读模式
英文:

Add safemodeadminpassword to locals in terraform

问题

尝试创建一个具有一个域控制器的实验室,我试图将该虚拟机加入到一个新的AD林,但我在添加SafeModeAdministratorPassword时遇到了问题,而不是将密码添加为明文。

密码是由random_password提供程序生成的:

resource "random_password" "rndm-pass-vm" {
  length  = 12
  special = true
}
resource "azurerm_key_vault_secret" "kv-sec-vm-pass" {
  name         = "kv-sec-vm-pass"
  value        = random_password.rndm-pass-vm.result
  key_vault_id = azurerm_key_vault.kvne01.id
  depends_on   = [azurerm_key_vault.kvne01]
}
resource "azurerm_virtual_machine_extension" "dc01-ad" {
  name                       = "dc01-ad-ps1"
  virtual_machine_id         = azurerm_windows_virtual_machine.rgne1-vm01.id
  depends_on                 = [azurerm_managed_disk.dc01-ntds]
  publisher                  = "Microsoft.Compute"
  type                       = "CustomScriptExtension"
  type_handler_version       = "1.9"
  auto_upgrade_minor_version = true

  settings = <<SETTINGS
  {
    "commandToExecute": "powershell.exe -Command \"${local.powershell}\""
  }
  SETTINGS
}

locals {

  cmd01      = "Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools"
  cmd02      = "Install-WindowsFeature DNS -IncludeAllSubFeature -IncludeManagementTools"
  cmd03      = "Import-Module ADDSDeployment, DnsServer"
  cmd04      = "Install-ADDSForest -DomainName ${var.domain_name} -DomainNetbiosName ${var.domain_netbios_name} -DomainMode ${var.domain_mode} -ForestMode ${var.domain_mode} -DatabasePath ${var.database_path} -SysvolPath ${var.sysvol_path} -LogPath ${var.log_path} -NoRebootOnCompletion:$false -Force:$true -SafeModeAdministratorPassword (ConvertTo-SecureString ${var.safe_mode_administrator_password} -AsPlainText -Force)"
  powershell = "${local.cmd01}; ${local.cmd02}; ${local.cmd03}; ${local.cmd04}"

}
英文:

Trying to create a lab with one domain controller and I'm trying to join that VM to a new ad forest but I'm having trouble adding the SafeModeAdministratorPassword without adding the password as plaintext

The password is generated by random_password provider:

resource &quot;random_password&quot; &quot;rndm-pass-vm&quot; {
  length  = 12
  special = true
}
resource &quot;azurerm_key_vault_secret&quot; &quot;kv-sec-vm-pass&quot; {
  name         = &quot;kv-sec-vm-pass&quot;
  value        = random_password.rndm-pass-vm.result
  key_vault_id = azurerm_key_vault.kvne01.id
  depends_on   = [azurerm_key_vault.kvne01]
}
resource &quot;azurerm_virtual_machine_extension&quot; &quot;dc01-ad&quot; {
  name                       = &quot;dc01-ad-ps1&quot;
  virtual_machine_id         = azurerm_windows_virtual_machine.rgne1-vm01.id
  depends_on                 = [azurerm_managed_disk.dc01-ntds]
  publisher                  = &quot;Microsoft.Compute&quot;
  type                       = &quot;CustomScriptExtension&quot;
  type_handler_version       = &quot;1.9&quot;
  auto_upgrade_minor_version = true

  settings = &lt;&lt;SETTINGS
  {
    &quot;commandToExecute&quot;: &quot;powershell.exe -Command \&quot;${local.powershell}\&quot;&quot;
  }
  SETTINGS
}

locals {

  cmd01      = &quot;Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools&quot;
  cmd02      = &quot;Install-WindowsFeature DNS -IncludeAllSubFeature -IncludeManagementTools&quot;
  cmd03      = &quot;Import-Module ADDSDeployment, DnsServer&quot;
  cmd04      = &quot;Install-ADDSForest -DomainName ${var.domain_name} -DomainNetbiosName ${var.domain_netbios_name} -DomainMode ${var.domain_mode} -ForestMode ${var.domain_mode} -DatabasePath ${var.database_path} -SysvolPath ${var.sysvol_path} -LogPath ${var.log_path} -NoRebootOnCompletion:$false -Force:$true -SafeModeAdministratorPassword (ConvertTo-SecureString ${var.safe_mode_administrator_password} -AsPlainText -Force)&quot;
  powershell = &quot;${local.cmd01}; ${local.cmd02}; ${local.cmd03}; ${local.cmd04}&quot;

}

答案1

得分: 1

如果您的资源声明正确,您需要创建一个名为 variables.tf 的文件,并插入以下代码:

variable "safe_mode_administrator_password" {
  type        = string
  description = "The password for the Safe Mode Administrator account."
  sensitive   = true
}

将变量声明为 sensitive 是为了建议保护秘密:https://developer.hashicorp.com/terraform/tutorials/configuration-language/sensitive-variables#sensitive-variables

您可以运行以下命令进行检查:

terraform plan

这将显示下一个屏幕:

将 “safemodeadminpassword” 添加到 Terraform 中的本地变量中。

然后,您可以继续执行 terraform apply 命令。

更新:

要生成密码并在命令中使用它,您可以在本地块中声明:

resource "random_password" "rndm-pass-vm" {
  length  = 12
  special = true
}

locals {
  generated_password = random_password.rndm-pass-vm.result
  cmd01      = "Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools"
  cmd02      = "Install-WindowsFeature DNS -IncludeAllSubFeature -IncludeManagementTools"
  cmd03      = "Import-Module ADDSDeployment, DnsServer"
  cmd04      = "Install-ADDSForest -DomainName 'test.domain' -DomainNetbiosName 'test' -NoRebootOnCompletion:$false -Force:$true -SafeModeAdministratorPassword (ConvertTo-SecureString ${local.generated_password} -AsPlainText -Force)"
  powershell = "${local.cmd01}; ${local.cmd02}; ${local.cmd03}; ${local.cmd04}"
}

然后更新命令以使用它:

... -SafeModeAdministratorPassword (ConvertTo-SecureString ${local.generated_password} -AsPlainText -Force) ...
英文:

If your resources declaration it's OK, you need to create a file named variables.tf and insert the following code:

variable &quot;safe_mode_administrator_password&quot; {
  type        = string
  description = &quot;The password for the Safe Mode Administrator account.&quot;
  sensitive   = true
}

The declaration of the variable as sensitive it's a recommendation to protect the secret: https://developer.hashicorp.com/terraform/tutorials/configuration-language/sensitive-variables#sensitive-variables

And you can check running:

terraform plan

That will show you the next screen:

将 “safemodeadminpassword” 添加到 Terraform 中的本地变量中。

And you can continue to execute the terraform apply command.

Update:

To generate the password and use it inside de command, you can declare on the locals block:

resource &quot;random_password&quot; &quot;rndm-pass-vm&quot; {
  length  = 12
  special = true
}

locals {
  generated_password = random_password.rndm-pass-vm.result
  cmd01      = &quot;Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools&quot;
  cmd02      = &quot;Install-WindowsFeature DNS -IncludeAllSubFeature -IncludeManagementTools&quot;
  cmd03      = &quot;Import-Module ADDSDeployment, DnsServer&quot;
  cmd04      = &quot;Install-ADDSForest -DomainName &#39;test.domain&#39; -DomainNetbiosName &#39;test&#39; -NoRebootOnCompletion:$false -Force:$true -SafeModeAdministratorPassword (ConvertTo-SecureString ${local.generated_password} -AsPlainText -Force)&quot;
  powershell = &quot;${local.cmd01}; ${local.cmd02}; ${local.cmd03}; ${local.cmd04}&quot;
}

And update the command to use it:

... -SafeModeAdministratorPassword (ConvertTo-SecureString ${local.generated_password} -AsPlainText -Force)&quot; ...

huangapple
  • 本文由 发表于 2023年5月29日 23:53:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/76358733.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定