Terraform - Azure Windows VM连接问题

Question

我使用Windows Server VM的所有必需资源创建了一个资源组。

下面是脚本：创建成功

#Variables 
variable "rsg"   { default = "EXTEDO_US_EASTUS" } 
variable "location" { default = "East US" } 
variable "hostname" { default = "EXTPSUS1" } 
variable "username" { default = "xxxxxxx" } 
variable "password" { default = "xxxxxxx" } 
variable "vmsize"  { default = "Standard_DS1_v2" } 
variable "storagetype" { default = "Premium_LRS" } 
variable "add-space" { default = "10.0.2.0/24" } 
variable "add-subnet1" { default = "10.0.2.0/24" } 
variable "sku"   { default = "2016-Datacenter" } 
variable "environment" { default = "Publishing"} 


# Build the Resource Group 
resource "azurerm_resource_group" "rsg" { 
    name  = "${var.rsg}" 
    location = "${var.location}" 
} 

# Build the Virtual Network 
resource "azurerm_virtual_network" "vnet" { 
    name    = "${var.rsg}-vnet" 
    address_space  = ["${var.add-space}"] 
    location   = "${var.location}" 
    resource_group_name = "${azurerm_resource_group.rsg.name}" 
} 

# Build subnet 
resource "azurerm_subnet" "subnet1" { 
    name     = "Publishing" 
    resource_group_name = "${azurerm_resource_group.rsg.name}" 
    virtual_network_name = "${azurerm_virtual_network.vnet.name}" 
    address_prefix  = "${var.add-subnet1}" 
} 


# Create Public IP 
resource "azurerm_public_ip" "pip" { 
    name       = "${var.hostname}-pip" 
    location      = "${var.location}" 
    resource_group_name   = "${azurerm_resource_group.rsg.name}" 
    public_ip_address_allocation = "static" 

    tags { 
    environment = "Production" 
    } 
} 

# Network Security Group 
resource "azurerm_network_security_group" "nsg" { 
    name    = "${var.rsg}-nsg" 
    location   = "${var.location}" 
    resource_group_name = "${azurerm_resource_group.rsg.name}" 

    security_rule { 
    name      = "RDP" 
    priority     = 100 
    direction     = "Inbound" 
    access      = "Allow" 
    protocol     = "Tcp" 
    source_port_range   = 3389 
    destination_port_range  = 3389 
    source_address_prefix  = "*" 
    destination_address_prefix = "*" 
    } 

    tags { 
    environment = "Production" 
    } 
} 


# Set the private and public IP 
resource "azurerm_network_interface" "ni" { 
    name      = "${var.hostname}-ni" 
    location     = "${var.location}" 
    resource_group_name  = "${azurerm_resource_group.rsg.name}" 
    network_security_group_id = "${azurerm_network_security_group.nsg.id}" 

    # dynamic IP configuration 
    ip_configuration { 
    name       = "${var.hostname}-ipconfig" 
    subnet_id      = "${azurerm_subnet.subnet1.id}" 
    private_ip_address_allocation = "dynamic" 
    } 
} 



# Build Virtual Machine 
resource "azurerm_virtual_machine" "vm" { 
    name     = "${var.hostname}" 
    location    = "${var.location}" 
    resource_group_name = "${azurerm_resource_group.rsg.name}" 
    network_interface_ids = ["${azurerm_network_interface.ni.id}"] 
    vm_size    = "${var.vmsize}" 


    storage_image_reference { 
    publisher = "MicrosoftWindowsServer" 
    offer  = "WindowsServer" 
    sku  = "${var.sku}" 
    version = "latest" 
    } 

    storage_os_disk { 
    name   = "${var.hostname}-osdisk" 
    caching  = "ReadWrite" 
    create_option = "FromImage" 
    managed_disk_type = "${var.storagetype}" 
    } 


    os_profile { 
    computer_name = "${var.hostname}" 
    admin_username = "${var.username}" 
    admin_password = "${var.password}" 
    } 

    tags { 
    environment = "production" 
    } 
} 

资源组。所有看起来不错，但我无法通过RDP连接到虚拟机。

是否有人遇到连接到通过terraform创建的Windows VM的问题？

我检查网络安全组是否正确，RDP端口是否打开。

Answer 1

我已经测试过你的脚本，得到同样的错误。

其根本原因在于，您的azurerm_network_security_group.nsg防火墙设置。

我们应该用“*”代替source_port_range，像这样：

security_rule { 
    name      = "RDP" 
    priority     = 100 
    direction     = "Inbound" 
    access      = "Allow" 
    protocol     = "Tcp" 
    source_port_range   = * 
    destination_port_range  = 3389 

如果要解决这个问题，请删除您的NSG规则，并建立一个新的，就像这样：