无法SSH到通过Terraform创建的ibmcloud实例

时间:2020-09-08 21:06:03

标签: cloud terraform ibm-cloud terraform-provider-ibm

我可以通过Terraform在IBMCloud中成功创建实例。问题是,成功部署后,我无法ssh进入实例。

terraform-provider-ibm的版本为: 1.11.2

terraform本身的版本为: v0.12.20

我正在使用的terraform代码如下:

provider "ibm" {
  ibmcloud_api_key   = ""
  region="eu-gb"
  generation = 2
}

variable "ssh_public_key" {
  default = "~/.ssh/id_rsa.pub"
}

resource "ibm_is_vpc" "testacc_vpc" {
  name = "testvpc"
}

resource "ibm_is_subnet" "testacc_subnet" {
  name            = "testsubnet"
  vpc             = ibm_is_vpc.testacc_vpc.id
  zone            = "eu-gb-1"
  ipv4_cidr_block = "10.242.0.0/24"
}

resource "ibm_is_ssh_key" "testacc_sshkey" {
  name       = "testssh"
  public_key = "file(var.ssh_public_key)"
}


resource "ibm_is_security_group" "testacc_security_group" {
    name = "test"
    vpc = ibm_is_vpc.testacc_vpc.id
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "127.0.0.1"
    depends_on = [ibm_is_security_group.testacc_security_group]
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "127.0.0.1"
    icmp {
        code = 22
        type = 22
    }
    depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
  name    = "testinstance"
  image   = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
  profile = "cx2-2x4"

  primary_network_interface {
    subnet = ibm_is_subnet.testacc_subnet.id
  }

  network_interfaces {
    name   = "eth1"
    subnet = ibm_is_subnet.testacc_subnet.id
  }

  vpc  = ibm_is_vpc.testacc_vpc.id
  zone = "eu-gb-1"
  keys = [ibm_is_ssh_key.testacc_sshkey.id]
  depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]

  //User can configure timeouts
  timeouts {
    create = "90m"
    delete = "30m"
  }
}

resource "ibm_is_floating_ip" "fip1" {
  name   = "fip1"
  target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}

output "sshcommand" {
  value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}

有人看到安全规则有任何问题吗?我是否缺少其他配置?

提前感谢大家!

1 个答案:

答案 0 :(得分:1)

需要在terraform文件中进行几处更改

  1. 您需要将实例(vsi)附加到安全组。
  2. 如果要定义主网络接口,则不需要network interface。如果需要,请记住使用ssh
  3. 将安全组附加到security_groups规则中
  4. 遥控器应为0.0.0.0/0,而不是127.0.0.1
  5. 传递SSH发布密钥值cat ~/.ssh/id_rsa.pub或从用户界面创建SSH密钥,然后传递密钥名称
data "ibm_is_ssh_key" "ds_key" {
    name = "test"
}

这是具有所有上述更改的更新的Terraform文件。有关文档,请参见here

provider "ibm" {
  ibmcloud_api_key   = ""
  region="eu-gb"
  generation = 2
}


resource "ibm_is_vpc" "testacc_vpc" {
  name = "testvpc"
}

resource "ibm_is_subnet" "testacc_subnet" {
  name            = "testsubnet"
  vpc             = ibm_is_vpc.testacc_vpc.id
  zone            = "eu-gb-1"
  ipv4_cidr_block = "10.242.0.0/24"
}

resource "ibm_is_ssh_key" "testacc_sshkey" {
  name       = "testssh"
  public_key = "ssh-rsa xxxxxxx"
}


resource "ibm_is_security_group" "testacc_security_group" {
    name = "test"
    vpc = ibm_is_vpc.testacc_vpc.id
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "0.0.0.0/0"
    depends_on = [ibm_is_security_group.testacc_security_group]
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "0.0.0.0/0"
    icmp {
        code = 22
        type = 22
    }
    depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
  name    = "testinstance"
  image   = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
  profile = "cx2-2x4"

  primary_network_interface {
    subnet = ibm_is_subnet.testacc_subnet.id
    security_groups = [ibm_is_security_group.testacc_security_group.id]
  }

  vpc  = ibm_is_vpc.testacc_vpc.id
  zone = "eu-gb-1"
  keys = [ibm_is_ssh_key.testacc_sshkey.id]
  depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]

  //User can configure timeouts
  timeouts {
    create = "90m"
    delete = "30m"
  }
}

resource "ibm_is_floating_ip" "fip1" {
  name   = "fip1"
  target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}

output "sshcommand" {
  value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}