0

我实际上正在学习 Terraform,我一直在尝试使用它在远程服务器上创建 docker 容器。它正在工作,但问题是它在每一步都不断要求输入密码。我只想在开始时输入一次密码,然后部署我的所有资源。这是我的地形代码。

terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = ">= 2.13.0"
    }
  }
}


provider "docker" {
  host = "ssh://username@myserverip:22"

  registry_auth {
    address     = "my.docker.repo"
    config_file = pathexpand("~/.docker/config.json")
  }

}

resource "docker_image" "nginx" {
  name         = "nginx:latest"
  keep_locally = false
}

resource "docker_container" "nginx" {
  image = docker_image.nginx.latest
  name  = "tutorial"
  ports {
    internal = 80
    external = 8000
  }
}

这是部署的交互式输出,您可以看到对于每个 SSH 命令,我一直在输入密码。

PS C:\Users\lenovo\learn-terraform-docker-container> terraform apply
username@server's password:
docker_image.nginx: Refreshing state... [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]
username@server's password:
docker_container.nginx: Refreshing state... [id=fab834920f1b0d1382be1e54a112124042e889b26fa86cbc82bb86cb9962a0f1]
username@server's password:

Unless you have made equivalent changes to your configuration, or ignored the relevant       
attributes using ignore_changes, the following plan may include actions to undo or respond   
to these changes.

──────────────────────────────────────────────────────────────────────────────────────────── 

Terraform used the selected providers to generate the following execution plan. Resource     
actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # docker_container.nginx will be created

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

username@server's password
docker_container.nginx: Creating...
username@server's password: 
docker_container.nginx: Still creating... [10s elapsed]
docker_container.nginx: Creation complete after 11s 

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

我使用 ssh-keygen 命令生成了 SSH 密钥,并将密钥复制到本地计算机上的 SSH 配置文件中:

    Répertoire : C:\Users\lenovo\.ssh


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----        29/10/2021     15:33            316 config
-a----        29/10/2021     15:10           1766 id_rsa
-a----        29/10/2021     15:11            415 id_rsa.pub
-a----        29/10/2021     14:01           5569 known_hosts

这是SSH配置文件

Host server_ip
  HostName server_ip
  IdentityFile "C:\Users\lenovo\.ssh\id_rsa"
  User username

我怎样才能通过只提供一次 SSH 密码来执行此代码?

4

1 回答 1

0

您需要运行 ssh-agent 并将附加到您的私钥的身份添加到代理。不知道它如何与windows一起工作。对于 linux,它应该在 shell 中分别调用以下代码的每一行:

export DISPLAY=1 export SSH_ASKPASS=/path_to_the/script_that_echos_your_passphrase.sh eval $(ssh-agent -s) ssh-add "$HOME/.ssh/id_your_private_key" < $SSH_ASKPASS

请注意,您还必须设法在第一次连接时接受 ssh 服务器的指纹。使用 linux 会是这样的:

ssh-keyscan -H ip_of_your_ssh_server > ~/.ssh/known_hosts

于 2022-02-18T08:10:18.670 回答