Packer 出现问题:amazon-ebs:等待 SSH 超时
Having problems with Packer: amazon-ebs: Timeout waiting for SSH
我是 Packer 的新手,我正在尝试使用 VPC 的专用网络创建映像,但我不断遇到错误 *amazon-ebs: Timeout waiting for SSH.*
正在使用的 Packer 版本是 1.3.4,私有子网可以通过 public 子网和路由 table 访问 NAT 网关。但是由于问题可能无法到达实例,所以我还尝试了其他参数,例如:ssh_interface 的值为 private_dns 和 associate_public_ip_address。但即使是更改,我也会遇到同样的错误。
我使用的模板有下一个内容
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `region`}}",
"source_ami": "{{user `source_ami`}}",
"instance_type": "{{user `instance_type`}}",
"iam_instance_profile": "{{user `role`}}",
"ssh_username": "{{user `ssh_username`}}",
"ssh_timeout": "15m",
"vpc_id": "{{user `vpc_id`}}",
"subnet_id": "{{user `subnet_id`}}",
"associate_public_ip_address": true,
"ami_name": "{{user `name`}}.{{isotime \"2006-01-02T150405Z\"}}",
"ami_description": "based on {{user `source_ami`}}",
"tags": {
"Name": "{{user `name`}}"
}]
在模板中我没有定义安全组,但在 Packer 的日志中我看到它能够创建一个临时安全组,那么对端口 22 的访问也应该可用
==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue.
==> amazon-ebs: Creating temporary security group for this instance: packer_5
c6b3667-c41f-92bc-aa89-efc5f3a2d8a8
==> amazon-ebs: Authorizing access to port 22 from 0.0.0.0/0 in the temporary security group...
==> amazon-ebs: Pausing after run of step 'StepSecurityGroup'. Press enter to continue.
==> amazon-ebs: Pausing after run of step 'StepCleanupVolumes'. Press enter to continue.
==> amazon-ebs: Launching a source AWS instance...
但问题依旧。模板中是否缺少某些内容?或者我应该做些什么来生成 AMI?
您无法通过 NAT 网关访问 ec2。 AWS 中的 NAT 网关用于提供从 VPC 到 VPC 的 Internet 访问。
您有多种选择:
- Make packer 在 public 子网中使用 public ip 启动 ec2。在 VPC 和路由中正确配置 IGW table
- 在 AWS 中部署了一个安全堡垒主机,并使用它从带有加壳程序的工作站跳转到 ec2。您需要使用自定义通信器在 packer.json 中配置一些内容。这里的文档 https://www.packer.io/docs/templates/communicator.html#ssh
此致
还有一种可能是加壳器找不到登录堡垒机的秘钥,等待其他方法登录。
收集的日志导出 PACKER_LOG=1 如下。
==> amazon-ebs: Waiting for SSH to become available...
2020/07/30 12:19:22 packer: 2020/07/30 12:19:22 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/07/30 12:19:27 packer: 2020/07/30 12:19:27 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:32 packer: 2020/07/30 12:19:32 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:37 packer: 2020/07/30 12:19:37 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:43 packer: 2020/07/30 12:19:43 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:48 packer: 2020/07/30 12:19:48 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
另外,为了验证 ssh-add -l 不应该列出密钥,然后我们知道加壳器无法找到登录密钥。
在这种情况下,我们只需要使用 ssh-add <path to your ssh keys> 添加 ssh 密钥,它应该可以解决问题。
我遇到了同样的问题。我发现的问题是我的所有实例都在默认 VPC 中启动。即使我设置了 SG 和路由 table 以允许来自 0.0.0.0/0 的入口 ssh 流量。仍然无法从控制台访问。
因此必须创建具有适当互联网网关、安全组和路由的自定义 VPC table,我最终的 builders 是这样的。
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-******",
"source_ami": "ami-*********",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-example {{timestamp}}",
"vpc_id": "{VPC id i had created}",
"subnet_id": "{Subnet i had created}",
"security_group_id": "sg with proper ingress port 22 rule enabled from 0.0.0.0"
}],
希望解决了你的问题,请原谅我的词汇:)
我遇到了同样的问题,导致我使用加密的 AMI,而我明确指出“错误”。
"builders": [
{
"launch_block_device_mappings": [
{
"device_name": "/dev/sda1",
"volume_type": "gp2",
"encrypted": true <-- I was setting it to 'false' while only 'true' works
}
],
...
}
],
我是 Packer 的新手,我正在尝试使用 VPC 的专用网络创建映像,但我不断遇到错误 *amazon-ebs: Timeout waiting for SSH.*
正在使用的 Packer 版本是 1.3.4,私有子网可以通过 public 子网和路由 table 访问 NAT 网关。但是由于问题可能无法到达实例,所以我还尝试了其他参数,例如:ssh_interface 的值为 private_dns 和 associate_public_ip_address。但即使是更改,我也会遇到同样的错误。
我使用的模板有下一个内容
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `region`}}",
"source_ami": "{{user `source_ami`}}",
"instance_type": "{{user `instance_type`}}",
"iam_instance_profile": "{{user `role`}}",
"ssh_username": "{{user `ssh_username`}}",
"ssh_timeout": "15m",
"vpc_id": "{{user `vpc_id`}}",
"subnet_id": "{{user `subnet_id`}}",
"associate_public_ip_address": true,
"ami_name": "{{user `name`}}.{{isotime \"2006-01-02T150405Z\"}}",
"ami_description": "based on {{user `source_ami`}}",
"tags": {
"Name": "{{user `name`}}"
}]
在模板中我没有定义安全组,但在 Packer 的日志中我看到它能够创建一个临时安全组,那么对端口 22 的访问也应该可用
==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue.
==> amazon-ebs: Creating temporary security group for this instance: packer_5
c6b3667-c41f-92bc-aa89-efc5f3a2d8a8
==> amazon-ebs: Authorizing access to port 22 from 0.0.0.0/0 in the temporary security group...
==> amazon-ebs: Pausing after run of step 'StepSecurityGroup'. Press enter to continue.
==> amazon-ebs: Pausing after run of step 'StepCleanupVolumes'. Press enter to continue.
==> amazon-ebs: Launching a source AWS instance...
但问题依旧。模板中是否缺少某些内容?或者我应该做些什么来生成 AMI?
您无法通过 NAT 网关访问 ec2。 AWS 中的 NAT 网关用于提供从 VPC 到 VPC 的 Internet 访问。
您有多种选择:
- Make packer 在 public 子网中使用 public ip 启动 ec2。在 VPC 和路由中正确配置 IGW table
- 在 AWS 中部署了一个安全堡垒主机,并使用它从带有加壳程序的工作站跳转到 ec2。您需要使用自定义通信器在 packer.json 中配置一些内容。这里的文档 https://www.packer.io/docs/templates/communicator.html#ssh
此致
还有一种可能是加壳器找不到登录堡垒机的秘钥,等待其他方法登录。
收集的日志导出 PACKER_LOG=1 如下。
==> amazon-ebs: Waiting for SSH to become available...
2020/07/30 12:19:22 packer: 2020/07/30 12:19:22 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/07/30 12:19:27 packer: 2020/07/30 12:19:27 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:32 packer: 2020/07/30 12:19:32 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:37 packer: 2020/07/30 12:19:37 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:43 packer: 2020/07/30 12:19:43 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:48 packer: 2020/07/30 12:19:48 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
另外,为了验证 ssh-add -l 不应该列出密钥,然后我们知道加壳器无法找到登录密钥。
在这种情况下,我们只需要使用 ssh-add <path to your ssh keys> 添加 ssh 密钥,它应该可以解决问题。
我遇到了同样的问题。我发现的问题是我的所有实例都在默认 VPC 中启动。即使我设置了 SG 和路由 table 以允许来自 0.0.0.0/0 的入口 ssh 流量。仍然无法从控制台访问。 因此必须创建具有适当互联网网关、安全组和路由的自定义 VPC table,我最终的 builders 是这样的。
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-******",
"source_ami": "ami-*********",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-example {{timestamp}}",
"vpc_id": "{VPC id i had created}",
"subnet_id": "{Subnet i had created}",
"security_group_id": "sg with proper ingress port 22 rule enabled from 0.0.0.0"
}],
希望解决了你的问题,请原谅我的词汇:)
我遇到了同样的问题,导致我使用加密的 AMI,而我明确指出“错误”。
"builders": [
{
"launch_block_device_mappings": [
{
"device_name": "/dev/sda1",
"volume_type": "gp2",
"encrypted": true <-- I was setting it to 'false' while only 'true' works
}
],
...
}
],