Terraform无法使用ssh

时间:2016-12-03 04:38:42

标签: ssh chef terraform

我无法通过私人aws keypair连接terraform的ssh进行厨师配置 - 错误看起来只是暂停:

aws_instance.app (chef): Connecting to remote host via SSH...
aws_instance.app (chef):   Host: 96.175.120.236:32:
aws_instance.app (chef):   User: ubuntu
aws_instance.app (chef):   Password: false
aws_instance.app (chef):   Private key: true
aws_instance.app (chef):   SSH Agent: true
aws_instance.app: Still creating... (5m30s elapsed)
Error applying plan:

1 error(s) occurred:

* dial tcp 96.175.120.236:32: i/o timeout

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

这是我的terraform计划 - 请注意ssh设置.. key_name设置设置为我的AWS密钥对名称,ssh_for_chef.pem是私钥

variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}

provider "aws" {
    region = "us-east-1"
    access_key = "${var.AWS_ACCESS_KEY}"
    secret_key = "${var.AWS_SECRET_KEY}"
}

resource "aws_instance" "app" {
  ami = "ami-88aa1ce0"
  count = "1"
  instance_type = "t1.micro"
  key_name = "ssh_for_chef"
  security_groups = ["sg-c43490e1"]
  subnet_id = "subnet-75dd96e2"
  associate_public_ip_address = true


  provisioner "chef" {
    server_url = "https://api.chef.io/organizations/xxxxxxx"
    validation_client_name = "xxxxxxx-validator"
    validation_key = "/home/user01/Documents/Devel/chef-repo/.chef/xxxxxxxx-validator.pem"
    node_name = "dubba_u_7"
    run_list = [ "motd_rhel" ]
    user_name = "user01"
    user_key = "/home/user01/Documents/Devel/chef-repo/.chef/user01.pem"  
    ssl_verify_mode = "false"
  }
  connection {
        type = "ssh"
        user = "ubuntu"
        private_key = "${file("/home/user01/Documents/Devel/ssh_for_chef.pem")}"
  }
}

有什么想法吗?

1 个答案:

答案 0 :(得分:1)

我不确定我们是否遇到同样的问题,因为您没有指定是否能够ssh到该实例。
就我而言,我在VPC中运行terraform,并且允许与安全组建立连接,这些安全组无法与公共IP一起使用。
解决方案很简单(但你必须使用terraform v.0.8.0的新条件插值) -

定义此变量 - variable use_public_ip { default = true }

然后,在厨师配置器的连接部分内,添加以下行 -
host = "${var.use_public_ip ? aws_instance.instance.public_ip : aws_instance.instance.private_ip}"

如果您希望使用公共IP,请将变量设置为true,否则将其设置为false。

我用它来制作aws - connection { user = "ubuntu" host = "${var.use_public_ip ? aws_instance.instance.public_ip : aws_instance.instance.private_ip}"," }