Fatal编程技术网
  • amazon-ec2/
  • Amazon ec2 Terraform远程执行失败(aws/ec2)

Amazon ec2 Terraform远程执行失败(aws/ec2)

amazon-ec2 terraform

Amazon ec2 Terraform远程执行失败(aws/ec2),amazon-ec2,terraform,terraform-provider-aws,Amazon Ec2,Terraform,Terraform Provider Aws,当尝试执行shell脚本时,在terraform连接中抛出provisioner“remote exec”未建立 我正在为ubuntu-xenial-16.04使用ami,所以用户是ubuntu 这是我用来执行shell脚本的最后一段代码: resource "aws_instance" "secondary_zone" { count = 1 instance_type = "${var.ec2_instance_type}" ami = "${data.aws

当尝试执行shell脚本时,在terraform连接中抛出provisioner“remote exec”未建立

我正在为ubuntu-xenial-16.04使用ami,所以用户是ubuntu

这是我用来执行shell脚本的最后一段代码:

resource "aws_instance" "secondary_zone" {
  count = 1
  instance_type = "${var.ec2_instance_type}"
  ami           = "${data.aws_ami.latest-ubuntu.id}"
  key_name = "${aws_key_pair.deployer.key_name}"
  subnet_id = "${aws_subnet.secondary.id}"
  vpc_security_group_ids =  ["${aws_security_group.server.id}"]
  associate_public_ip_address = true

  provisioner "remote-exec" {
    inline = ["${template_file.script.rendered}"]
  }

  connection {
    type        = "ssh"
    user        = "ubuntu"
    private_key = "${file("~/.ssh/id_rsa")}"
  }
}
这是在控制台中获取的内容:

aws_instance.secondary_zone (remote-exec): Connecting to remote host via SSH...
aws_instance.secondary_zone (remote-exec):   Host: x.x.x.x
aws_instance.secondary_zone (remote-exec):   User: ubuntu
aws_instance.secondary_zone (remote-exec):   Password: false
aws_instance.secondary_zone (remote-exec):   Private key: true
aws_instance.secondary_zone (remote-exec):   SSH Agent: false
aws_instance.secondary_zone (remote-exec):   Checking Host Key: false
谢谢你的帮助…

正如我提到的,这是我的案例中的连接问题

此外,
template\u文件
已被弃用,因此我将代码更改为:

resource "aws_instance" "secondary_zone" {
  instance_type = "${var.ec2_instance_type}"
  ami           = "${data.aws_ami.latest-ubuntu.id}"
  key_name = "${aws_key_pair.deployer.key_name}"
  subnet_id = "${aws_subnet.secondary.id}"
  vpc_security_group_ids =  ["${aws_security_group.server.id}"]
  associate_public_ip_address = true

    connection {
    type     = "ssh"
    user = "ubuntu"
    private_key = "${file("~/.ssh/id_rsa")}"
    timeout = "2m"

  }

  provisioner "file" {
    source      = "/server/script.sh"
    destination = "/tmp/script.sh"
  }  

  provisioner "remote-exec" {
    inline = [
      "chmod +x /tmp/script.sh",
      "/tmp/script.sh args",
    ]
  }
}
此外,我还了解到scrip.sh必须格式化为
LR

如果您只是试图运行一些脚本来提供使用Terraform创建的ec2节点,我将尝试设置
用户数据
参数以引用您的脚本。当节点初始化时,用户数据脚本将自动运行

这将确保您的部署不会出现与生命周期相关的问题(例如,正在创建EC2节点,并且主机不可用于远程执行),并且总体上更干净

这方面的一个例子如下所示:

resource "aws_instance" "secondary_zone" {
  count = 1
  instance_type = "${var.ec2_instance_type}"
  ami           = "${data.aws_ami.latest-ubuntu.id}"
  key_name = "${aws_key_pair.deployer.key_name}"
  subnet_id = "${aws_subnet.secondary.id}"
  vpc_security_group_ids =  ["${aws_security_group.server.id}"]
  associate_public_ip_address = true

  user_data = "${template_file.script.rendered}"
}
希望这有帮助

进一步阅读:
我也有同样的问题。在连接块中,尝试指定主机

  connection {
    type        = "ssh"
    user        = "ubuntu"
    private_key = "${file("~/.ssh/id_rsa")}"
    host        = self.public_ip
  }
我还必须创建一个路由和网关,并将它们与我的vpc关联。我还在学习terraform,但这对我来说很有效

resource "aws_internet_gateway" "test-env-gw" {
  vpc_id = aws_vpc.test-env.id
}

resource "aws_route_table" "route-table-test-env" {
  vpc_id = aws_vpc.test-env.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.test-env-gw.id
  }
}

resource "aws_route_table_association" "subnet-association" {
  subnet_id      = aws_subnet.us-east-2a-public.id
  route_table_id = aws_route_table.route-table-test-env.id
}
实例的安全组是否允许从运行Terraform的机器上进行SSH访问?是的,当然,我将provisioner类型更改为“file”,然后再更改为provisioner“remote exec”。这是一个环境问题,因此任何人都很难回答。但是作为一个需要尝试的清单:当不使用provisioner时,您是否可以从运行Terraform的机器使用该用户/密钥组合SSH到实例中?运行provisioner时,连接是否最终超时?这有什么错误吗?@ydaetskcoR我想你是对的。当我尝试从另一个位置应用它时,它连接正常。此外,模板文件已弃用,因此我更改了代码。我也这么认为。我不认为这个答案真的解决了这个问题,而且你的问题本质上是无法回答的,除了“向实例打开你的安全组/其他网络策略,以允许从运行Terraform的机器进行SSH”实际上,我很确定情况并非如此。解决方案就在这里,但并没有足够的号召力让任何人注意到。这是因为连接节中有私钥行。