amazon-web-services - Terraform 文件配置程序无法通过 ssh 连接 ec2。超时 - 最后一个错误:拨打 tcp 92.242.xxx.xx:22: i/o timeout
问题描述
我正在使用 terraform 脚本: - 创建 EC2 实例 - 使用文件配置器连接到 EC2 实例并复制文件 我的脚本是:
脚本
provider "aws" {
region = "us-east-1"
shared_credentials_file = "~/.aws/credentials"
}
resource "aws_instance" "pd_terraform" {
ami = "ami-03d315ad33b9d49c4"
instance_type = "t2.micro"
key_name = "pd_kp_tf"
connection {
type = "ssh"
host = "${self.public_ip}.compute-1.amazonaws.com"
user = "ubuntu"
private_key = "${file("~/.ssh/id_rsa")}"
}
provisioner "file" {
content = "touch pd_bash_file.txt"
destination = "/tmp/script.sh"
}
}
运行脚本的步骤:
terraform init
terraform apply
预期输出:代码完全运行并将文件复制到 EC2
实际结果:
我可以看到我的 TF 代码创建了一个 EC2 实例。但是,它无法通过 SSH 连接并将文件复制到 EC2 实例。
最后我收到了这个错误Error: timeout - last error: dial tcp 92.242.140.21:22: i/o timeout
日志: 我开始了一个重复此块的日志跟踪:
file-provisioner (internal) 2021/03/03 12:44:55 [DEBUG] Connecting to 3.85.141.254.compute-1.amazonaws.com:22 for SSH
2021/03/03 12:45:00 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/03/03 12:45:00 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
2021/03/03 12:45:00 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:00 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:00 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:05 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:05 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
2021/03/03 12:45:05 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:05 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:05 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/03/03 12:45:10 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/03/03 12:45:10 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:10 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:10 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:10 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
file-provisioner (internal) 2021/03/03 12:45:10 [ERROR] connection error: dial tcp 92.242.140.21:22: i/o timeout
file-provisioner (internal) 2021/03/03 12:45:10 [WARN] retryable error: dial tcp 92.242.140.21:22: i/o timeout
file-provisioner (internal) 2021/03/03 12:45:10 [INFO] sleeping for 20s
2021/03/03 12:45:15 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
2021/03/03 12:45:15 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:15 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:15 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:15 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/03/03 12:45:20 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
2021/03/03 12:45:20 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:20 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:20 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:20 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/03/03 12:45:25 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:25 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/03/03 12:45:25 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:25 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
2021/03/03 12:45:25 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:30 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:30 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2021/03/03 12:45:30 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:30 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
2021/03/03 12:45:30 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip
故障排除:我尝试使用相同的密钥连接到 terraform 创建的 ec2 实例。我能够毫无问题地连接。各种论坛上的一般讨论表明这可能是与安全组相关的问题,但由于我能够连接到我的终端,这不太可能。
解决方案
我在这里的 github 存储库中找到了我的问题的解决方案:https ://github.com/DeekshithSN/Terraform/blob/master/Provisioner/file-Provisioner/main.tf
我必须在我的 terraform 主文件中定义一个安全组。更新后的主文件如下:
resource "aws_instance" "web" {
ami = "ami-04bf6dcdc9ab498ca"
instance_type = "t2.micro"
key_name = "pd_kp_tf"
user_data = "${file("httpd.sh")}"
vpc_security_group_ids = ["${aws_security_group.webSG.id}"]
tags = {
Name = "Test-file-provisioner"
}
}
resource "null_resource" "copyhtml" {
connection {
type = "ssh"
host = aws_instance.web.public_ip
user = "ec2-user"
private_key = file("pd_kp_tf.pem")
}
provisioner "file" {
source = "index.html"
destination = "/tmp/index.html"
}
provisioner "file" {
source = "copy.sh"
destination = "/tmp/copy.sh"
}
depends_on = [ aws_instance.web ]
}
resource "aws_security_group" "webSG" {
name = "webSG"
description = "Allow ssh inbound traffic"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
我相信 WebSG 安全组中的入口和出口块允许您的实例接受 ssh 流量。如果您遇到任何问题,您还可以检查他的其他供应商。我能够从他的代码中运行所有的供应商。
解决方案: 定义允许端口 22 和 80 上的入口流量的安全组。
推荐阅读
- c++ - 当使用鼠标增加linux终端gui大小时,会出现ncurses窗口边框残像问题
- android - Firebase 在本地网络上工作?这是怎么回事?
- python-3.x - 将 PIL 的输出(多个文件)保存到目录
- python - 当 Python 脚本运行并以 sys.exit(0) 结束时出现错误:以状态 2 退出
- python - 试图做一个计算器,但代码不起作用
- html - 如何制作这样的多边形按钮?
- java - 如何告诉 log4j 没有 web 容器?
- excel - 如何在excel中旋转表格?
- python - 从 10M 样本中找到最接近向量的有效方法
- php - PHP JWT 过期问题