1. 首页
  2. 问答
  3. 为什么不能使用提供的示例将SSH分为EC2实例?

为什么不能使用提供的示例将SSH分为EC2实例?

2016-02-13 66 views
3

我使用的是AWS Two-tier example,我直接复制粘贴整个事情。 terraform apply正常工作到它尝试SSH到创建的EC2实例中的位置。在最终失败之前,它循环多次输出这个输出。为什么不能使用提供的示例将SSH分为EC2实例?

aws_instance.web (remote-exec): Connecting to remote host via SSH... 
aws_instance.web (remote-exec): Host: 54.174.8.144 
aws_instance.web (remote-exec): User: ubuntu 
aws_instance.web (remote-exec): Password: false 
aws_instance.web (remote-exec): Private key: false 
aws_instance.web (remote-exec): SSH Agent: true

最终失败W /:

Error applying plan: 

1 error(s) occurred: 

* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain 

Terraform does not automatically rollback in the face of errors. 
Instead, your Terraform state file has been partially updated with 
any resources that successfully completed. Please address the error 
above and apply again to incrementally change your infrastructure.

我已搜索周围,看到了一些旧帖子/问题说翻转agent=false,我已经试过了也瓦特/没有变化或成功。我怀疑这个例子是不是开箱即可,但我没有做过剪裁或修改,可能会破坏它。我在OS X 10.10.5上使用通过自制软件安装的terraform 0.6.11。

其他详细信息:

resource "aws_instance" "web" { 
    # The connection block tells our provisioner how to 
    # communicate with the resource (instance) 
    connection { 
    # The default username for our AMI 
    user = "ubuntu" 

    # The connection will use the local SSH agent for authentication. 
    agent = false 
    } 

    instance_type = "t1.micro" 

    # Lookup the correct AMI based on the region 
    # we specified 
    ami = "${lookup(var.aws_amis, var.aws_region)}" 

    # The name of our SSH keypair we created above. 
    key_name = "${aws_key_pair.auth.id}" 

    # Our Security group to allow HTTP and SSH access 
    vpc_security_group_ids = ["${aws_security_group.default.id}"] 

    # We're going to launch into the same subnet as our ELB. In a production 
    # environment it's more common to have a separate private subnet for 
    # backend instances. 
    subnet_id = "${aws_subnet.default.id}" 

    # We run a remote provisioner on the instance after creating it. 
    # In this case, we just install nginx and start it. By default, 
    # this should be on port 80 
    provisioner "remote-exec" { 
    inline = [ 
     "sudo apt-get -y update", 
     "sudo apt-get -y install nginx", 
     "sudo service nginx start" 
    ] 
    } 
}

而且从变量TF文件:

variable "key_name" { 
    description = "Desired name of AWS key pair" 
    default = "test-keypair" 
} 

variable "key_path" { 
    description = "key location" 
    default = "/Users/n8/dev/play/.ssh/terraform.pub" 
}

,但我可以用这个命令SSH方式:

ssh -i ../.ssh/terraform [email protected]

来源

2016-02-13 n8gard

+0

?你的代理商有钥匙吗? – Jakuje

+0

我能够手动ssh。我不确定我是否理解你的第二个问题,所以答案可能是'不'。你能解释一下吗? – n8gard

+1

请更新与问题的信息*如何*你可以从命令行ssh'和你如何进行身份验证。 – Jakuje

回答

6

你有两种可能性:

  1. 添加您的关键是你的ssh-agent

    ssh-add ../.ssh/terraform

    ,并在配置中使用agent = true。此案应该为你工作

  2. 修改配置直接与

    secret_key = "../.ssh/terraform"

    左右使用的关键。请参阅文档以获取更具体的语法。

来源

2016-02-13 17:22:07 Jakuje

+0

这工作。谢谢。 – n8gard

2

我有同样的问题,我做了以下配置,你可以用正常的SSH连接

connection { 
    type = "ssh" 
    user = "ec2-user" 
    private_key = "${file("*.pem")}" 
    timeout = "2m" 
    agent = false 
}

来源

2016-06-02 21:17:57

相关问题

 相关问题