为什么不能 Terraform SSH 进入我的 EC2 实例?

【问题标题】:Why can't Terraform SSH into my EC2 instance?为什么不能 Terraform SSH 进入我的 EC2 实例?
【发布时间】:2019-11-20 11:22:09
【问题描述】:

我正在尝试使用 terraform SSH 进入新创建的 EC2 实例。我的主机是 Windows 10,我从主机使用 Bitvise SSH 客户端 SSH 到实例没有问题,但 Terraform 似乎无法通过 SSH 在实例上创建目录:

我的main.tf

provider "aws" {
  region = "us-west-2"
}

resource "aws_security_group" "instance" { 
  name = "inlets-server-instance" 
  description = "Security group for the inlets server" 
  ingress { 
    from_port = 22 
    to_port = 22 
    protocol = "tcp" 
    cidr_blocks = ["0.0.0.0/0"] 
  } 

  egress { 
    from_port = 0 
    to_port = 0 
    protocol = "-1" 
    cidr_blocks = ["0.0.0.0/0"] 
  } 
}

resource "aws_instance" "tunnel" {
  ami = "ami-07b4f3c02c7f83d59"
  instance_type = "t2.nano"
  key_name = "${var.key_name}"
  vpc_security_group_ids = [aws_security_group.instance.id]

  tags = {
    Name = "inlets-server"
  }

  provisioner "local-exec" {
    command = "echo ${aws_instance.tunnel.public_ip} > ${var.public_ip_path}"
  }

  provisioner "remote-exec" {
    inline = [
      "mkdir /home/${var.ssh_user}/ansible",
    ]

    connection {
      type        = "ssh"
      host        = "${file("${var.public_ip_path}")}"
      user        = "${var.ssh_user}"
      private_key = "${file("${var.private_key_path}")}"
      timeout     = "1m"
      agent       = false
    }
  }
}

我的variables.tf

variable "key_name" {
  description = "Name of the SSH key pair generated in Amazon EC2."
  default     = "aws_ssh_key"
}

variable "public_ip_path" {
  description = "Path to the file that contains the instance's public IP address"
  default     = "ip_address.txt"
}

variable "private_key_path" {
  description = "Path to the private SSH key, used to access the instance."
  default     = "aws_ssh_key.pem"
}

variable "ssh_user" {
  description = "SSH user name to connect to your instance."
  default     = "ubuntu"
}

我得到的只是尝试的连接:

aws_instance.tunnel (remote-exec): Connecting to remote host via SSH...
aws_instance.tunnel (remote-exec):   Host: XX.XXX.XXX.XXX
aws_instance.tunnel (remote-exec):   User: ubuntu
aws_instance.tunnel (remote-exec):   Password: false
aws_instance.tunnel (remote-exec):   Private key: true
aws_instance.tunnel (remote-exec):   Certificate: false
aws_instance.tunnel (remote-exec):   SSH Agent: false
aws_instance.tunnel (remote-exec):   Checking Host Key: false

它最终超时:

Error: timeout - last error: dial tcp: lookup XX.XXX.XXX.XXX
: no such host

有什么想法吗?

【问题讨论】:

  • 显示安全组资源。
  • 它不会让我在原始问题中发布它,因为它说我有太多代码。这是:resource "aws_security_group" "instance" { name = "inlets-server-instance" description = "Security group for the inlets server" ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }
  • 由于这些问题,我使用local-exec for ssh

标签: amazon-web-services amazon-ec2 ssh terraform terraform-provider-aws


【解决方案1】:

你没有谈论你的网络结构。

你的win10机器在VPC里面吗?如果没有,您是否正确设置了 Internet 网关、路由表、NAT 网关?

创建一个弹性 IP 资源以使用 terraform 知识访问您的机器的 IP 地址而不是尝试从机器上获取它会更清洁、更安全。当然,本地 exec 会比远程 exec 更快,但是你创建了一个可能会产生问题的隐式依赖。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2019-03-18
    • 2016-05-24
    • 1970-01-01
    • 1970-01-01
    • 2020-09-03
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode