为什么不能使用提供的示例将SSH转换为EC2实例?

问题描述 投票:5回答:3

我正在使用AWS Two-tier example而且我直接复制粘贴整个事情。 terraform apply可以直接尝试SSH到创建的EC2实例。它会循环几次,在最终失败之前提供此输出。

aws_instance.web (remote-exec): Connecting to remote host via SSH...
aws_instance.web (remote-exec):   Host: 54.174.8.144
aws_instance.web (remote-exec):   User: ubuntu
aws_instance.web (remote-exec):   Password: false
aws_instance.web (remote-exec):   Private key: false
aws_instance.web (remote-exec):   SSH Agent: true

最终,它失败了w /:

Error applying plan:

1 error(s) occurred:

* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

我已经四处搜索并看到一些较旧的帖子/问题说翻盖agent=false,我尝试过也没有变化或成功。我怀疑这个例子是开箱即用的,但我没有做任何可能破坏它的剪裁或修改。我在OS X 10.10.5上使用通过自制软件安装的terraform 0.6.11。

其他细节:

resource "aws_instance" "web" {
  # The connection block tells our provisioner how to
  # communicate with the resource (instance)
  connection {
    # The default username for our AMI
    user = "ubuntu"

    # The connection will use the local SSH agent for authentication.
    agent = false
  }

  instance_type = "t1.micro"

  # Lookup the correct AMI based on the region
  # we specified
  ami = "${lookup(var.aws_amis, var.aws_region)}"

  # The name of our SSH keypair we created above.
  key_name = "${aws_key_pair.auth.id}"

  # Our Security group to allow HTTP and SSH access
  vpc_security_group_ids = ["${aws_security_group.default.id}"]

  # We're going to launch into the same subnet as our ELB. In a production
  # environment it's more common to have a separate private subnet for
  # backend instances.
  subnet_id = "${aws_subnet.default.id}"

  # We run a remote provisioner on the instance after creating it.
  # In this case, we just install nginx and start it. By default,
  # this should be on port 80
  provisioner "remote-exec" {
    inline = [
      "sudo apt-get -y update",
      "sudo apt-get -y install nginx",
      "sudo service nginx start"
    ]
  }
}

并从变量tf文件:

variable "key_name" {
  description = "Desired name of AWS key pair"
  default = "test-keypair"
}

variable "key_path" {
  description = "key location"
  default = "/Users/n8/dev/play/.ssh/terraform.pub"
}

但我可以用这个命令ssh:

ssh -i ../.ssh/terraform [email protected]
amazon-web-services ssh amazon-ec2 sdn terraform
3个回答
16
投票

你有两种可能性:

  1. 将密钥添加到ssh-agentssh-add ../.ssh/terraform 并在您的配置中使用agent = true。这个案子对你有用
  2. 修改配置以直接使用密钥 secret_key = "../.ssh/terraform" 或者。有关更具体的语法,请参阅文档。
3
投票

我有同样的问题,我做了以下配置

connection {
    type = "ssh"
    user = "ec2-user"
    private_key = "${file("*.pem")}"
    timeout = "2m"
    agent = false
}
1
投票

下面是一个完整且独立的resource "null_resource",带有remote-exec配置器和SSH连接,包括ssh连接类型支持的必要参数:

  • private_key - 用于连接的SSH密钥的内容。可以使用文件功能从磁盘上的文件加载这些文件。如果提供密码,则优先于密码。
  • type - 应使用的连接类型。有效类型是ssh和winrm默认为ssh。
  • user - 我们应该用于连接的用户。使用类型ssh时默认为root,使用winrm类型时默认为Administrator。
  • host - 要连接的资源的地址。这通常由提供商指定。
  • port - 要连接的端口。使用类型ssh时默认为22,使用类型winrm时默认为5985。
  • timeout - 等待连接可用的超时。默认为5分钟。应该提供像30s或5m的字符串。
  • agent - 设置为false以禁用使用ssh-agent进行身份验证。在Windows上,唯一受支持的SSH身份验证代理是Pageant。

资源null_resource w / remote-exec示例代码如下:

resource "null_resource" "ec2-ssh-connection" {
  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get install -y python2.7 python-dev python-pip python-setuptools python-virtualenv libssl-dev vim zip"
    ]

    connection {
      host        = "100.20.30.5"  
      type        = "ssh"
      port        = 22
      user        = "ubuntu"
      private_key = "${file(/path/to/your/id_rsa_private_key)}"
      timeout     = "1m"
      agent       = false
    }
  }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.