1. 首頁
  2. 問答
  3. 爲什麼不能使用提供的示例將SSH分爲EC2實例?

爲什麼不能使用提供的示例將SSH分爲EC2實例?

2016-02-13 68 views
3

我使用的是AWS Two-tier example,我直接複製粘貼整個事情。 terraform apply正常工作到它嘗試SSH到創建的EC2實例中的位置。在最終失敗之前,它循環多次輸出這個輸出。爲什麼不能使用提供的示例將SSH分爲EC2實例?

aws_instance.web (remote-exec): Connecting to remote host via SSH... 
aws_instance.web (remote-exec): Host: 54.174.8.144 
aws_instance.web (remote-exec): User: ubuntu 
aws_instance.web (remote-exec): Password: false 
aws_instance.web (remote-exec): Private key: false 
aws_instance.web (remote-exec): SSH Agent: true

最終失敗W /:

Error applying plan: 

1 error(s) occurred: 

* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain 

Terraform does not automatically rollback in the face of errors. 
Instead, your Terraform state file has been partially updated with 
any resources that successfully completed. Please address the error 
above and apply again to incrementally change your infrastructure.

我已搜索周圍,看到了一些舊帖子/問題說翻轉agent=false,我已經試過了也瓦特/沒有變化或成功。我懷疑這個例子是不是開箱即可,但我沒有做過剪裁或修改,可能會破壞它。我在OS X 10.10.5上使用通過自制軟件安裝的terraform 0.6.11。

其他詳細信息:

resource "aws_instance" "web" { 
    # The connection block tells our provisioner how to 
    # communicate with the resource (instance) 
    connection { 
    # The default username for our AMI 
    user = "ubuntu" 

    # The connection will use the local SSH agent for authentication. 
    agent = false 
    } 

    instance_type = "t1.micro" 

    # Lookup the correct AMI based on the region 
    # we specified 
    ami = "${lookup(var.aws_amis, var.aws_region)}" 

    # The name of our SSH keypair we created above. 
    key_name = "${aws_key_pair.auth.id}" 

    # Our Security group to allow HTTP and SSH access 
    vpc_security_group_ids = ["${aws_security_group.default.id}"] 

    # We're going to launch into the same subnet as our ELB. In a production 
    # environment it's more common to have a separate private subnet for 
    # backend instances. 
    subnet_id = "${aws_subnet.default.id}" 

    # We run a remote provisioner on the instance after creating it. 
    # In this case, we just install nginx and start it. By default, 
    # this should be on port 80 
    provisioner "remote-exec" { 
    inline = [ 
     "sudo apt-get -y update", 
     "sudo apt-get -y install nginx", 
     "sudo service nginx start" 
    ] 
    } 
}

而且從變量TF文件:

variable "key_name" { 
    description = "Desired name of AWS key pair" 
    default = "test-keypair" 
} 

variable "key_path" { 
    description = "key location" 
    default = "/Users/n8/dev/play/.ssh/terraform.pub" 
}

,但我可以用這個命令SSH方式:

ssh -i ../.ssh/terraform [email protected]

來源

2016-02-13 n8gard

+0

?你的代理商有鑰匙嗎? – Jakuje

+0

我能夠手動ssh。我不確定我是否理解你的第二個問題,所以答案可能是'不'。你能解釋一下嗎? – n8gard

+1

請更新與問題的信息*如何*你可以從命令行ssh'和你如何進行身份驗證。 – Jakuje

回答

6

你有兩種可能性:

  1. 添加您的關鍵是你的ssh-agent

    ssh-add ../.ssh/terraform

    ,並在配置中使用agent = true。此案應該爲你工作

  2. 修改配置直接與

    secret_key = "../.ssh/terraform"

    左右使用的關鍵。請參閱文檔以獲取更具體的語法。

來源

2016-02-13 17:22:07 Jakuje

+0

這工作。謝謝。 – n8gard

2

我有同樣的問題,我做了以下配置,你可以用正常的SSH連接

connection { 
    type = "ssh" 
    user = "ec2-user" 
    private_key = "${file("*.pem")}" 
    timeout = "2m" 
    agent = false 
}

來源

2016-06-02 21:17:57

相關問題

 相關問題