我使用的是AWS Two-tier example,我直接复制粘贴整个事情。 terraform apply
正常工作到它尝试SSH到创建的EC2实例中的位置。在最终失败之前,它循环多次输出这个输出。为什么不能使用提供的示例将SSH分为EC2实例?
aws_instance.web (remote-exec): Connecting to remote host via SSH...
aws_instance.web (remote-exec): Host: 54.174.8.144
aws_instance.web (remote-exec): User: ubuntu
aws_instance.web (remote-exec): Password: false
aws_instance.web (remote-exec): Private key: false
aws_instance.web (remote-exec): SSH Agent: true
最终失败W /:
Error applying plan:
1 error(s) occurred:
* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
我已搜索周围,看到了一些旧帖子/问题说翻转agent=false
,我已经试过了也瓦特/没有变化或成功。我怀疑这个例子是不是开箱即可,但我没有做过剪裁或修改,可能会破坏它。我在OS X 10.10.5上使用通过自制软件安装的terraform 0.6.11。
其他详细信息:
resource "aws_instance" "web" {
# The connection block tells our provisioner how to
# communicate with the resource (instance)
connection {
# The default username for our AMI
user = "ubuntu"
# The connection will use the local SSH agent for authentication.
agent = false
}
instance_type = "t1.micro"
# Lookup the correct AMI based on the region
# we specified
ami = "${lookup(var.aws_amis, var.aws_region)}"
# The name of our SSH keypair we created above.
key_name = "${aws_key_pair.auth.id}"
# Our Security group to allow HTTP and SSH access
vpc_security_group_ids = ["${aws_security_group.default.id}"]
# We're going to launch into the same subnet as our ELB. In a production
# environment it's more common to have a separate private subnet for
# backend instances.
subnet_id = "${aws_subnet.default.id}"
# We run a remote provisioner on the instance after creating it.
# In this case, we just install nginx and start it. By default,
# this should be on port 80
provisioner "remote-exec" {
inline = [
"sudo apt-get -y update",
"sudo apt-get -y install nginx",
"sudo service nginx start"
]
}
}
而且从变量TF文件:
variable "key_name" {
description = "Desired name of AWS key pair"
default = "test-keypair"
}
variable "key_path" {
description = "key location"
default = "/Users/n8/dev/play/.ssh/terraform.pub"
}
,但我可以用这个命令SSH方式:
ssh -i ../.ssh/terraform [email protected]
?你的代理商有钥匙吗? – Jakuje
我能够手动ssh。我不确定我是否理解你的第二个问题,所以答案可能是'不'。你能解释一下吗? – n8gard
请更新与问题的信息*如何*你可以从命令行ssh'和你如何进行身份验证。 – Jakuje