时间戳

首页 > 解决方案 > Terraform 文件配置程序无法通过 ssh 连接 ec2。超时 - 最后一个错误:拨打 tcp 92.242.xxx.xx:22: i/o timeout

amazon-web-services - Terraform 文件配置程序无法通过 ssh 连接 ec2。超时 - 最后一个错误:拨打 tcp 92.242.xxx.xx:22: i/o timeout

问题描述

我正在使用 terraform 脚本: - 创建 EC2 实例 - 使用文件配置器连接到 EC2 实例并复制文件 我的脚本是:

脚本

provider "aws" {
  region = "us-east-1"
  shared_credentials_file = "~/.aws/credentials"
}

resource "aws_instance" "pd_terraform" {
  ami = "ami-03d315ad33b9d49c4"
  instance_type = "t2.micro"
  key_name = "pd_kp_tf"

  connection {
        type        = "ssh"
        host        = "${self.public_ip}.compute-1.amazonaws.com"
        user        = "ubuntu"
        private_key = "${file("~/.ssh/id_rsa")}"
    }

  provisioner "file" {

    content     = "touch pd_bash_file.txt"
    destination = "/tmp/script.sh"
  }
}

运行脚本的步骤:

terraform init 
terraform apply

预期输出:代码完全运行并将文件复制到 EC2

实际结果: 我可以看到我的 TF 代码创建了一个 EC2 实例。但是,它无法通过 SSH 连接并将文件复制到 EC2 实例。
最后我收到了这个错误Error: timeout - last error: dial tcp 92.242.140.21:22: i/o timeout

日志: 我开始了一个重复此块的日志跟踪:

file-provisioner (internal) 2021/03/03 12:44:55 [DEBUG] Connecting to 3.85.141.254.compute-1.amazonaws.com:22 for SSH
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    file-provisioner (internal) 2021/03/03 12:45:10 [ERROR] connection error: dial tcp 92.242.140.21:22: i/o timeout
    file-provisioner (internal) 2021/03/03 12:45:10 [WARN] retryable error: dial tcp 92.242.140.21:22: i/o timeout
    file-provisioner (internal) 2021/03/03 12:45:10 [INFO] sleeping for 20s
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip

故障排除:我尝试使用相同的密钥连接到 terraform 创建的 ec2 实例。我能够毫无问题地连接。各种论坛上的一般讨论表明这可能是与安全组相关的问题,但由于我能够连接到我的终端,这不太可能。

标签: amazon-web-servicesterraformterraform-provider-awsterraform0.12+

解决方案

我在这里的 github 存储库中找到了我的问题的解决方案:https ://github.com/DeekshithSN/Terraform/blob/master/Provisioner/file-Provisioner/main.tf

我必须在我的 terraform 主文件中定义一个安全组。更新后的主文件如下:

    resource "aws_instance" "web" {
  ami           = "ami-04bf6dcdc9ab498ca"
  instance_type = "t2.micro"
  key_name      = "pd_kp_tf"
  user_data     = "${file("httpd.sh")}"
  vpc_security_group_ids = ["${aws_security_group.webSG.id}"]
  tags = {
    Name = "Test-file-provisioner"
  }

}

resource "null_resource" "copyhtml" {

    connection {
    type = "ssh"
    host = aws_instance.web.public_ip
    user = "ec2-user"
    private_key = file("pd_kp_tf.pem")
    }

  provisioner "file" {
    source      = "index.html"
    destination = "/tmp/index.html"
  }

  provisioner "file" {
    source      = "copy.sh"
    destination = "/tmp/copy.sh"
  }

  depends_on = [ aws_instance.web ]

  }

resource "aws_security_group" "webSG" {
  name        = "webSG"
  description = "Allow ssh  inbound traffic"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]

  }
}

我相信 WebSG 安全组中的入口和出口块允许您的实例接受 ssh 流量。如果您遇到任何问题,您还可以检查他的其他供应商。我能够从他的代码中运行所有的供应商。

解决方案: 定义允许端口 22 和 80 上的入口流量的安全组。

推荐阅读