Terraform AWS ASG:错误:超时-最后一个错误:ssh:握手失败:ssh:无法进行身份验证
我正在使用terraform 0.12与aws创建自动缩放组,当我应用terraform时,我得到:Terraform AWS ASG:错误:超时-最后一个错误:ssh:握手失败:ssh:无法进行身份验证,terraform,terraform-provider-aws,Terraform,Terraform Provider Aws,我正在使用terraform 0.12与aws创建自动缩放组,当我应用terraform时,我得到: aws_autoscaling_group.satellite_websites_asg: Still creating... [4m50s elapsed] aws_autoscaling_group.satellite_websites_asg: Still creating... [5m0s elapsed] aws_autoscaling_group.satellite_websites
aws_autoscaling_group.satellite_websites_asg: Still creating... [4m50s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m0s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m10s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m20s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m30s elapsed]
Error: timeout - last error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
如果我签入aws,ASG已经创建,我可以通过ssh连接到ASG中的实例
我的.tf文件
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
}
}
resource "aws_launch_configuration" "satellite_websites_conf" {
name_prefix = "satellite_websites_conf-"
image_id = "${data.aws_ami.ubuntu.id}"
instance_type = "t3.micro"
enable_monitoring = "true"
key_name = data.terraform_remote_state.shared_infra.outputs.vpc_access_keyname
iam_instance_profile = data.terraform_remote_state.shared_infra.outputs.ecs_iam_instance_profile
security_groups = [aws_security_group.ghost_ec2_http_https_ssh.id]
user_data = "${file("./boot-script.sh")}"
lifecycle {
create_before_destroy = true
}
}
# ASG in which we'll host EC2 instance running ghost servers
resource "aws_autoscaling_group" "satellite_websites_asg" {
name_prefix = "satellite_websites_asg-"
max_size = 1
min_size = 1
launch_configuration = "${aws_launch_configuration.satellite_websites_conf.name}"
vpc_zone_identifier = data.terraform_remote_state.shared_infra.outputs.vpc_private_subnets
load_balancers = ["${aws_elb.satellite_websites_elb.name}"]
health_check_type = "ELB"
provisioner "file" {
content = templatefile("${path.module}/ghost-config.json.template", {
// somestuff
})
destination = "~/config.production.template"
}
provisioner "file" {
source = "${path.module}/boot-script.sh"
destination = "~/boot-script.sh"
}
lifecycle {
create_before_destroy = true
}
}
您需要提供文件供应器才能连接到ASG实例
不幸的是,ASG资源只间接管理它创建的实例,因此不返回此信息
您可以依赖ASG并使用它来查找它创建的实例,但在ASG创建后通过连接到实例来修改实例是一种反模式,如果ASG替换了实例,则对您没有帮助,因为此时您和您的自动化软件(例如Terraform)不在循环中
相反,您应该尝试使用以下方法将任何通用配置(例如Ghost及其依赖项安装在您的案例中?)烘焙到AMI中。对于环境之间需要不同的任何内容,请在创建实例时使用用户数据进行这些更改,或者使用更动态、更基于运行时的内容进行更改,例如。谢谢,事实上,我们将这些内容移动到用户数据中。只是我们没有足够长的时间阅读文档,但是可以理解的是,您不能插入文件“像这样”,并且您必须有ssh才能让terraform做到这一点。