使用 Azure Marketplace 映像透過 Azure 資源的受控識別來建立 Terraform Linux 虛擬機器Use an Azure Marketplace image to create a Terraform Linux virtual machine with managed identities for Azure resources

本文示範如何使用 Terraform Marketplace 映像來建立 Ubuntu Linux VM (16.04 LTS),並使用 Azure 資源的受控識別來安裝及設定最新的 Terraform 版本。This article shows you how to use a Terraform Marketplace image to create an Ubuntu Linux VM (16.04 LTS) with the latest Terraform version installed and configured using managed identities for Azure resources. 此映像也會設定遠端後端,以使用 Terraform 啟用遠端狀態管理。This image also configures a remote back end to enable remote state management using Terraform.

Terraform Marketplace 映像可讓您輕鬆地在 Azure 上開始使用 Terraform,而不必手動安裝及設定 Terraform。The Terraform Marketplace image makes it easy to get started using Terraform on Azure, without having to install and configure Terraform manually.

這個 Terraform VM 映像沒有任何軟體費用。There are no software charges for this Terraform VM image. 您僅需支付 Azure 硬體使用費,這是根據所佈建的虛擬機器大小來評估。You pay only the Azure hardware usage fees that are assessed based on the size of the virtual machine that's provisioned. 如需費用計算的詳細資料,請參閱 Linux 虛擬機器定價頁面For more information about the compute fees, see the Linux virtual machines pricing page.


您必須先具有 Azure 訂用帳戶,才可以建立 Linux Terraform 虛擬機器。Before you can create a Linux Terraform virtual machine, you must have an Azure subscription. 如果您還沒有訂用帳戶,請參閱立即建立免費的 Azure 帳戶If you don't already have one, see Create your free Azure account today.

建立 Terraform 虛擬機器Create your Terraform virtual machine

建立 Linux Terraform 虛擬機器執行個體的步驟如下:Here are the steps to create an instance of a Linux Terraform virtual machine:

  1. 在 Azure 入口網站中,移至 建立資源 清單。In the Azure portal, go to the Create a Resource listing.

  2. 搜尋 Marketplace 搜尋列中搜尋 TerraformIn the Search the Marketplace search bar, search for Terraform. 選取 Terraform 範本。Select the Terraform template.

  3. 在右下方的 Terraform 詳細資料索引標籤中,選取 建立 按鈕。On the Terraform details tab on the lower right, select the Create button.

    建立 Terraform 虛擬機器

  4. 下列各節提供精靈中每個步驟的輸入資訊,可用來建立 Terraform Linux 虛擬機器。The following sections provide inputs for each of the steps in the wizard to create the Terraform Linux virtual machine. 下一節列出設定每個步驟所需的輸入資訊。The following section lists the inputs that are needed to configure each of these steps.

建立 Terraform 索引標籤的詳細資料Details on the Create Terraform tab

在 [建立 Terraform] 索引標籤中輸入以下的詳細資料:Enter the following details on the Create Terraform tab:

  1. 基本概念Basics

    • 名稱:Terraform 虛擬機器的名稱。Name: The name of your Terraform virtual machine.
    • 使用者名稱: 第一個帳戶登入識別碼。User Name: The first account sign-in ID.
    • 密碼:第一個帳戶密碼。Password: The first account password. (您可以使用 SSH 公開金鑰而不使用密碼。)(You can use an SSH public key instead of a password.)
    • 訂用帳戶 :要用來建立虛擬機器和開立帳單的訂用帳戶。Subscription: The subscription on which the machine is to be created and billed. 您必須有此訂用帳戶的資源建立權限。You must have resource creation privileges for this subscription.
    • 資源群組:新的或現有的資源群組。Resource group: A new or existing resource group.
    • 位置:最適合的資料中心。Location: The datacenter that is most appropriate. 通常是擁有您大部分資料的資訊中心,或是最接近您實際位置可進行最快速網路存取的資料中心。Usually it's the datacenter that has most of your data, or the one that's closest to your physical location for fastest network access.
  2. 其他設定Additional settings

    • 大小:虛擬機器的大小。Size: Size of the virtual machine.
    • VM 磁碟類型:SSD 或 HDD。VM disk type: SSD or HDD.
  3. 摘要 TerraformSummary Terraform

    • 請確認您輸入的所有資訊都正確無誤。Verify that all information that you entered is correct.
  4. 購買Buy

    • 若要開始佈建程序,選取 [購買] 。To start the provisioning process, select Buy. 會提供一個交易條款的連結。A link is provided to the terms of the transaction. VM 除了計算您在 [大小] 步驟中所選擇的伺服器大小之外,不會收取任何其他費用。The VM does not have any additional charges beyond the compute for the server size that you chose in the size step.

Terraform VM 映像會執行下列步驟:The Terraform VM image performs the following steps:

  • 使用系統根據 Ubuntu 16.04 LTS 映像指派的身分識別來建立 VM。Creates a VM with system-assigned identity that's based on the Ubuntu 16.04 LTS image.
  • 在 VM 上安裝 MSI 擴充功能,以允許要針對 Azure 資源發行的 OAuth 權杖。Installs the MSI extension on the VM to allow OAuth tokens to be issued for Azure resources.
  • 將 RBAC 權限指派給受控身分識別,從而授與資源群組的擁有者權限。Assigns RBAC permissions to the managed identity, granting owner rights for the resource group.
  • 建立 Terraform 範本資料夾 (tfTemplate)。Creates a Terraform template folder (tfTemplate).
  • 使用 Azure 後端預先設定 Terraform 遠端狀態。Pre-configures a Terraform remote state with the Azure back end.

存取及設定 Linux Terraform 虛擬機器Access and configure a Linux Terraform virtual machine

建立 VM 之後,您就可以使用 SSH 登入 VM。After you create the VM, you can sign in to it by using SSH. 針對文字殼層介面,使用您在步驟 3 「基本資料」一節中建立的帳戶認證。Use the account credentials that you created in the "Basics" section of step 3 for the text shell interface. 在 Windows 上,您可以下載 SSH 用戶端工具,例如 PuttyOn Windows, you can download an SSH client tool like Putty.

使用 SSH 連線至虛擬機器後,您必須將整個訂用帳戶的參與者權限授予虛擬機器上 Azure 資源的受控識別。After you use SSH to connect to the virtual machine, you need to give contributor permissions for the entire subscription to managed identities for Azure resources on the virtual machine.

參與者權限可協助 VM 的 MSI 使用 Terraform 來建立 VM 資源群組外部的資源。Contributor permission helps MSI on VM to use Terraform to create resources outside the VM resource group. 您可以執行一次指令碼,輕鬆達成這個動作。You can easily achieve this action by running a script once. 使用下列命令:Use the following command:

. ~/tfEnv.sh

先前的指令碼會使用 AZ CLI 2.0 版互動式登入機制向 Azure 驗證,並指派整個訂用帳戶上的虛擬機器受控識別參與者權限。The previous script uses the AZ CLI v 2.0 interactive log-in mechanism to authenticate with Azure and assign the virtual machine Managed Identity contributor permission on the entire subscription.

VM 有一個 Terraform 遠端狀態後端。The VM has a Terraform remote state back end. 若要在您的 Terraform 部署中啟用此後端,將 remoteState.tf 檔案從 tfTemplate 目錄複製到 Terraform 指令碼的根目錄。To enable it on your Terraform deployment, copy the remoteState.tf file from tfTemplate directory to the root of the Terraform scripts.

cp ~/tfTemplate/remoteState.tf .

如需遠端狀態管理的詳細資訊,請參閱與 Terraform 遠端狀態相關的此網頁For more information about Remote State Management, see this page about the Terraform remote state. 儲存體存取金鑰會在這個檔案中公開,且在將 Terraform 組態檔認可至原始檔控制之前,需要排除儲存體存取金鑰。The storage access key is exposed in this file and needs to be excluded before committing Terraform configuration files into source control.

後續步驟Next steps

在本文中,您已了解如何在 Azure 上設定 Terraform Linux 虛擬機器。In this article, you learned how to set up a Terraform Linux virtual machine on Azure. 以下有一些額外的資源,可協助您深入了解 Azure 上的 Terraform:Here are some additional resources to help you learn more about Terraform on Azure:

Microsoft.com 中的 Terraform 中樞Terraform Hub in Microsoft.com
Terraform Azure 提供者文件Terraform Azure provider documentation
Terraform Azure 提供者來源Terraform Azure provider source
Terraform Azure 模組Terraform Azure modules