我正在使用AWS Two-tier example而且我直接复制粘贴整个事情。 terraform apply
可以直接尝试SSH到创建的EC2实例。它会循环几次,在最终失败之前提供此输出。
aws_instance.web (remote-exec): Connecting to remote host via SSH...
aws_instance.web (remote-exec): Host: 54.174.8.144
aws_instance.web (remote-exec): User: ubuntu
aws_instance.web (remote-exec): Password: false
aws_instance.web (remote-exec): Private key: false
aws_instance.web (remote-exec): SSH Agent: true
最终,它失败了w /:
Error applying plan:
1 error(s) occurred:
* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
我已经四处搜索并看到一些较旧的帖子/问题说翻盖agent=false
,我尝试过也没有变化或成功。我怀疑这个例子是开箱即用的,但我没有做任何可能破坏它的剪裁或修改。我在OS X 10.10.5上使用通过自制软件安装的terraform 0.6.11。
其他细节:
resource "aws_instance" "web" {
# The connection block tells our provisioner how to
# communicate with the resource (instance)
connection {
# The default username for our AMI
user = "ubuntu"
# The connection will use the local SSH agent for authentication.
agent = false
}
instance_type = "t1.micro"
# Lookup the correct AMI based on the region
# we specified
ami = "${lookup(var.aws_amis, var.aws_region)}"
# The name of our SSH keypair we created above.
key_name = "${aws_key_pair.auth.id}"
# Our Security group to allow HTTP and SSH access
vpc_security_group_ids = ["${aws_security_group.default.id}"]
# We're going to launch into the same subnet as our ELB. In a production
# environment it's more common to have a separate private subnet for
# backend instances.
subnet_id = "${aws_subnet.default.id}"
# We run a remote provisioner on the instance after creating it.
# In this case, we just install nginx and start it. By default,
# this should be on port 80
provisioner "remote-exec" {
inline = [
"sudo apt-get -y update",
"sudo apt-get -y install nginx",
"sudo service nginx start"
]
}
}
并从变量tf文件:
variable "key_name" {
description = "Desired name of AWS key pair"
default = "test-keypair"
}
variable "key_path" {
description = "key location"
default = "/Users/n8/dev/play/.ssh/terraform.pub"
}
但我可以用这个命令ssh:
ssh -i ../.ssh/terraform [email protected]
你有两种可能性:
ssh-agent
:
ssh-add ../.ssh/terraform
并在您的配置中使用agent = true
。这个案子对你有用secret_key = "../.ssh/terraform"
或者。有关更具体的语法,请参阅文档。我有同样的问题,我做了以下配置
connection {
type = "ssh"
user = "ec2-user"
private_key = "${file("*.pem")}"
timeout = "2m"
agent = false
}
下面是一个完整且独立的resource "null_resource"
,带有remote-exec
配置器和SSH连接,包括ssh连接类型支持的必要参数:
资源null_resource
w / remote-exec
示例代码如下:
resource "null_resource" "ec2-ssh-connection" {
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
"sudo apt-get install -y python2.7 python-dev python-pip python-setuptools python-virtualenv libssl-dev vim zip"
]
connection {
host = "100.20.30.5"
type = "ssh"
port = 22
user = "ubuntu"
private_key = "${file(/path/to/your/id_rsa_private_key)}"
timeout = "1m"
agent = false
}
}
}