如何在地形上断开远程执行？

Question

我在我的google云平台中有这个问题，默认的全局用户"gcp-root“与我们的不可接受的用户列表发生冲突。因此，作为解决办法，我要做以下工作：

sudo adduser -u 9999 -G google-sudoers tmproot
sudo cp -Rfvp /home/gcp-root/.ssh /home/tmproot/
sudo chown tmproot:tmproot -Rf /home/tmproot/

下面是我的terraform remote-exec区块：

  ## Create a 'tmproot' as default full sudoer in gcp (gcp-root) has a uid
  ## that conflicts with one of ansible list of users.
  provisioner "remote-exec" {
    inline = [
      "sudo adduser -u 9999 -G google-sudoers tmproot",
      "sudo cp -Rfvp /home/gcp-root/.ssh /home/tmproot/",
      "sudo chown tmproot:tmproot -Rf /home/tmproot/",
    ]

    connection {
      type        = "ssh"
      user        = "gcp-root"
      private_key = "${file("${var.ssh_key_location}")}"
      host        = "${google_compute_address.static-ip-address.address}"
    }
  }

  ## Delete gcp-root
  provisioner "remote-exec" {
    inline = [
      "sudo userdel gcp-root",
    ]

    connection {
      type        = "ssh"
      user        = "tmproot"
      private_key = "${file("${var.ssh_key_location}")}"
      host        = "${google_compute_address.static-ip-address.address}"
    }
  }

当我应用terraform代码时，结果如下：

null_resource.ansible_provisioning: Still creating... [50s elapsed]
null_resource.ansible_provisioning (remote-exec): Connecting to remote host via SSH...
null_resource.ansible_provisioning (remote-exec):   Host: <REDACTED>
null_resource.ansible_provisioning (remote-exec):   User: gcp-root
null_resource.ansible_provisioning (remote-exec):   Password: false
null_resource.ansible_provisioning (remote-exec):   Private key: true
null_resource.ansible_provisioning (remote-exec):   Certificate: false
null_resource.ansible_provisioning (remote-exec):   SSH Agent: false
null_resource.ansible_provisioning (remote-exec):   Checking Host Key: false
null_resource.ansible_provisioning (remote-exec): Connected!
null_resource.ansible_provisioning (remote-exec): ‘/home/gcp-root/.ssh’ -> ‘/home/tmproot/.ssh’
null_resource.ansible_provisioning (remote-exec): ‘/home/gcp-root/.ssh/authorized_keys’ -> ‘/home/tmproot/.ssh/authorized_keys’
null_resource.ansible_provisioning: Provisioning with 'remote-exec'...
null_resource.ansible_provisioning (remote-exec): Connecting to remote host via SSH...
null_resource.ansible_provisioning (remote-exec):   Host: <REDACTED>
null_resource.ansible_provisioning (remote-exec):   User: tmproot
null_resource.ansible_provisioning (remote-exec):   Password: false
null_resource.ansible_provisioning (remote-exec):   Private key: true
null_resource.ansible_provisioning (remote-exec):   Certificate: false
null_resource.ansible_provisioning (remote-exec):   SSH Agent: false
null_resource.ansible_provisioning (remote-exec):   Checking Host Key: false
null_resource.ansible_provisioning (remote-exec): Connected!
null_resource.ansible_provisioning (remote-exec): userdel: user gcp-root is currently used by process 1359


Error: error executing "/tmp/terraform_633887752.sh": Process exited with status 8

所以很明显，问题是第一个远程-exec(使用用户'gcp-root')仍然是连接的，因此，第二个远程-exec(使用用户'tmproot')不能删除'gcp-root‘。

如果我能断开第一个远程管理器的连接，这似乎解决了我的问题，但在terraform的文档中，我似乎没有这个选项。搜索google似乎没有返回任何提示。

我是否有更好的方法来完成我的目标？

任何提示/建议一定会事先表示欢迎和感谢。

Answer 1

通过在google云平台中添加一个启动脚本元数据，我设法找到了一个可行的解决方案。

在元数据中，我添加了键：

startup-script

具有以下价值：

#!/bin/bash
sudo usermod -u 9999 gcp-root
sudo groupmod -g 9999 gcp-root
sudo chown gcp-root.gcp-root -Rf /home/gcp-root

有关参考，请参见https://cloud.google.com/compute/docs/startupscript

问题解决了。