Amazon ec2 打包器有问题:amazon ebs:等待SSH超时
我是Packer的新手,我正在尝试使用VPC的专用网络创建一个映像,并且不断出现错误Amazon ec2 打包器有问题:amazon ebs:等待SSH超时,amazon-ec2,ssh,packer,Amazon Ec2,Ssh,Packer,我是Packer的新手,我正在尝试使用VPC的专用网络创建一个映像,并且不断出现错误*amazon ebs:等待SSH超时。* 正在使用的Packer版本是1.3.4,并且专用子网可以通过公用子网和路由表访问NAT网关。但由于问题可能无法到达实例,因此我还尝试了其他参数,例如:使用private\u dns和associate\u public\u ip\u address的值。但即使是改变,我也会得到同样的错误 我正在使用的模板包含下一个内容 "builders": [ { "type":
*amazon ebs:等待SSH超时。*
正在使用的Packer版本是1.3.4
,并且专用子网可以通过公用子网和路由表访问NAT网关。但由于问题可能无法到达实例,因此我还尝试了其他参数,例如:使用private\u dns
和associate\u public\u ip\u address
的值。但即使是改变,我也会得到同样的错误
我正在使用的模板包含下一个内容
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `region`}}",
"source_ami": "{{user `source_ami`}}",
"instance_type": "{{user `instance_type`}}",
"iam_instance_profile": "{{user `role`}}",
"ssh_username": "{{user `ssh_username`}}",
"ssh_timeout": "15m",
"vpc_id": "{{user `vpc_id`}}",
"subnet_id": "{{user `subnet_id`}}",
"associate_public_ip_address": true,
"ami_name": "{{user `name`}}.{{isotime \"2006-01-02T150405Z\"}}",
"ami_description": "based on {{user `source_ami`}}",
"tags": {
"Name": "{{user `name`}}"
}]
在模板中,我没有定义安全组,但在Packer的日志中,我看到它能够创建一个临时安全组,然后还可以访问端口22
==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue.
==> amazon-ebs: Creating temporary security group for this instance: packer_5
c6b3667-c41f-92bc-aa89-efc5f3a2d8a8
==> amazon-ebs: Authorizing access to port 22 from 0.0.0.0/0 in the temporary security group...
==> amazon-ebs: Pausing after run of step 'StepSecurityGroup'. Press enter to continue.
==> amazon-ebs: Pausing after run of step 'StepCleanupVolumes'. Press enter to continue.
==> amazon-ebs: Launching a source AWS instance...
但问题依然存在。模板中是否有我遗漏的内容?或者我应该做些不同的事情来生成AMI?您不能通过NAT网关访问ec2。AWS中的NAT网关用于提供从专有网络(VPC)到专有网络(VPC)的互联网访问 您有几个选择:
关于您无法通过NAT网关访问ec2。AWS中的NAT网关用于提供从专有网络(VPC)到专有网络(VPC)的互联网访问 您有几个选择:
就而言,还有一种可能性是,打包机无法找到登录到bastion主机的密钥,并等待其他方法登录 收集的日志,导出封隔器日志=1,如下所示
==> amazon-ebs: Waiting for SSH to become available...
2020/07/30 12:19:22 packer: 2020/07/30 12:19:22 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/07/30 12:19:27 packer: 2020/07/30 12:19:27 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:32 packer: 2020/07/30 12:19:32 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:37 packer: 2020/07/30 12:19:37 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:43 packer: 2020/07/30 12:19:43 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:48 packer: 2020/07/30 12:19:48 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
另外,为了验证ssh add-l
不应该列出密钥,然后我们知道打包程序无法找到要登录的密钥
在这种情况下,我们只需要使用
ssh add
添加ssh密钥,它应该可以解决这个问题。还有一种可能性,打包程序无法找到登录到bastion主机的密钥,并等待其他方法登录
收集的日志,导出封隔器日志=1,如下所示
==> amazon-ebs: Waiting for SSH to become available...
2020/07/30 12:19:22 packer: 2020/07/30 12:19:22 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/07/30 12:19:27 packer: 2020/07/30 12:19:27 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:32 packer: 2020/07/30 12:19:32 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:37 packer: 2020/07/30 12:19:37 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:43 packer: 2020/07/30 12:19:43 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:48 packer: 2020/07/30 12:19:48 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
另外,为了验证ssh add-l
不应该列出密钥,然后我们知道打包程序无法找到要登录的密钥
在这种情况下,我们只需要使用ssh add添加ssh密钥,它应该可以解决这个问题。我也面临同样的问题。我发现的问题是,我的所有实例都是在默认VPC中启动的。尽管我已经设置了SG和路由表,以允许从0.0.0.0/0进入ssh流量。即使从控制台也无法访问。 因此,我必须创建具有适当互联网网关、安全组和路由表的自定义专有网络,而我最终的构建器就是这样的
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-******",
"source_ami": "ami-*********",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-example {{timestamp}}",
"vpc_id": "{VPC id i had created}",
"subnet_id": "{Subnet i had created}",
"security_group_id": "sg with proper ingress port 22 rule enabled from 0.0.0.0"
}],
希望能解决你的问题,请原谅我的词汇:)我也面临同样的问题。我发现的问题是,我的所有实例都是在默认VPC中启动的。尽管我已经设置了SG和路由表,以允许从0.0.0.0/0进入ssh流量。即使从控制台也无法访问。 因此,我必须创建具有适当互联网网关、安全组和路由表的自定义专有网络,而我最终的构建器就是这样的
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-******",
"source_ami": "ami-*********",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-example {{timestamp}}",
"vpc_id": "{VPC id i had created}",
"subnet_id": "{Subnet i had created}",
"security_group_id": "sg with proper ingress port 22 rule enabled from 0.0.0.0"
}],
希望解决了您的问题,请原谅我的词汇:)我也有同样的问题,导致我出现这种问题的原因是使用了加密的AMI,而我特别声明“false”
“构建器”:[
{
“启动块设备映射”:[
{
“设备名称”:“/dev/sda1”,
“卷类型”:“gp2”,
“加密”:true我也有同样的问题,导致这个问题的原因是我使用了一个加密的AMI,而我特别声明了“false”
“构建器”:[
{
“启动块设备映射”:[
{
“设备名称”:“/dev/sda1”,
“卷类型”:“gp2”,
“加密”:true jww谢谢你的提示,我要提出这个问题。我在这里提出这个问题是因为它是作为代码的基础设施,这里有地形和打包机的主题。我还猜想这个问题可以通过使用公共网络中的堡垒来解决,这个堡垒可以通过路由表到达私有网络中的实例。然后谢谢。jww谢谢你的提示,我要提出这个问题。我在这里提问是因为它是作为代码的基础设施,这里有关于地形和打包机的主题。我也猜这个问题可以通过使用公共网络内的堡垒来解决,这个堡垒可以通过路由表到达私有网络中的实例。然后谢谢。谢谢,我想第一个选项会让我很快摆脱这个问题,但是为了避免将来的问题,我会读第二个选项。谢谢,我想第一个选项会让我很快摆脱这个问题,但是为了避免将来的问题,我会读第二个选项。