从本地迁移到azurerm后端时出现“Error:Error building ARM Config”(错误:构建ARM配置时出错)

e0bqpujr  于 2023-04-22  发布在  其他
关注(0)|答案(2)|浏览(102)

我正在使用Terraform在Microsoft Azure上创建存储容器来存储远程状态文件。为了创建存储容器,我已经编写了适当的terraform代码并使用本地状态文件应用了基础设施。问题是当将azurerm后端添加到我的main.tf以迁移本地状态时,我收到以下错误:

terraform init -reconfigure

Initializing the backend...
> ╷
Error: Error building ARM Config: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in $PATH.

我设置了以下环境变量:

  • ARM_SUBSCRIPTION_ID= xxxxxxxxxxxxx
  • ARM_TENANT_ID= xxxxxxxxxxx
  • ARM_CLIENT_ID= xxxxxxxxxxx

我使用输入变量来处理client_certificate_path和client_certificate_password。
当我terraform init/plan/apply使用本地后端时,一切都按预期工作:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">=3.52.0"
    }
  }
}

provider "azurerm" {
  features {}
  client_certificate_path     = var.client_certificate_path
  client_certificate_password = var.client_certificate_password
}

我的期望是,通过添加azurerm后端,我应该能够使用terraform init -migrate-state将状态信息迁移到远程后端。下面是代码:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">=3.52.0"
    }
  }
  backend "azurerm" {
    resource_group_name  = "exampletfstate"
    storage_account_name = "exampletfstate"
    container_name       = "exampletfstate"
    key                  = "state.terraform.tfstate"
  }
}

provider "azurerm" {
  features {}
  client_certificate_path     = var.client_certificate_path
  client_certificate_password = var.client_certificate_password
}

结果如下:

❯ terraform init -migrate-state

Initializing the backend...
╷
│ Error: Error building ARM Config: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in $PATH.

在使用azurerm后端时,感觉terraform没有拾取服务原则凭证,但我无法确定发生了什么。
Terraform/提供程序版本:

❯ terraform --version
Terraform v1.4.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/azurerm v3.52.0
8xiog9wr

8xiog9wr1#

下面是我的terraform代码配置。

main.tf

provider "azurerm" {
  //subscription_id = "xx3f"
  //tenant_id              = "xxx47"
  features {
    resource_group {
      prevent_deletion_if_contains_resources = false
    }

  }

terraform {
  backend "azurerm" {
    resource_group_name  = "resourcegroupname"
    storage_account_name = "remotestatestorage"
    container_name       = "terraform"
    key                  = "terraform.tfstate"
  }
}

你需要做**az login**

使用凭据和
设置订阅

az account set --subscription <desiredSubscriptionId>

与错误的租户,你可能会面临的错误,因为:Error building ARM Config: please ensure you have installed Azure CLI version在这种情况下,运行下面的命令来设置正确的租户,其中提供了适当的权限,如贡献者。

az login --tenant TENANT_ID

然后尝试运行**terraform init**

地形图或地形应用
我有v1.0.7 terraform版本

terraform --version

Terraform v1.0.7
on windows_amd64

providers.tf

terraform {
   
  required_providers {
    azapi = {
      source  = "azure/azapi"
      version = "=1.2.0"
    }

    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.0.2"
    }

    random = {
      source  = "hashicorp/random"
      version = "=3.1.2"
    }
  }

另请参阅Build Infrastructure - Terraform Azure Example | Terraform | HashiCorp Developer

参考:Authenticate Terraform to Azure | Microsoft Learn

kxxlusnw

kxxlusnw2#

今天早上我发现了原因。
为了让terraform从azure中读取tfstate,它需要所有的凭证,包括我在提供者设置中声明的证书路径和密码。Terraform似乎在询问缺少的输入变量之前提取状态信息。
为了暂时解除封锁,我写了一个bash Package 器来 Package terraform,这样当terraform查找远程状态文件时,cert路径/密码就可以作为环境变量被添加进来。这不是我理想的解决方案,因为我需要在使用后通过取消设置来管理这些变量的安全性。

相关问题