(AWS Opsworks) Terraform Chef provisioning: ERROR: Failed to authenticate
(AWS Opsworks) Terraform Chef provisioning: ERROR: Failed to authenticate
Terraform 的新手,我正在尝试 bootstrap 在创建实例后创建一个节点。
这是文件:
resource "aws_instance" "jenkinsNode" {
provisioner "remote-exec" {
connection {
user = "ubuntu"
private_key = "${file("~/key/mykey.pem")}"
host = "${aws_instance.jenkinsNode.public_ip}"
}
inline = [
"sudo mkdir -p /etc/chef/trusted_certs",
"sudo curl --silent --show-error --retry 3 --location --output
\"/etc/chef/trusted_certs/opsworks-cm-ca-2016-root.pem\"
\"https://opsworks-cm-us-assets.s3.amazonaws.com/misc/opsworks-cm-ca-2016-root.pem\""
]
}
provisioner "chef" {
environment = "_default"
run_list = ["android-aws-nodes::updateAndroidSdk"]
node_name = "jenkinsNodeOnDemandUpdate"
secret_key = "${file("~/chef/mobile-chef-aws/.chef/private.pem")}"
server_url = "https://my-opsworks-server.io/organizations/default"
recreate_client = true
user_name = "delivery"
user_key = "${file("~/chef/mobile-chef-aws/.chef/private.pem")}"
version = "12.8.1"
}
connection {
user = "ubuntu"
private_key = "${file("~/key/jenkins-main.pem")}"
}
count = 1
instance_type = "c4.8xlarge"
ami = "ami-0000000"
key_name = "mykey"
subnet_id = "subnet-00000000"
vpc_security_group_ids = ["sg-00000000"]
}
当我 运行 尝试应用上述代码时,我收到以下错误。我连接并启动了 bootstrap 进程,但它一直抱怨找不到私有(我相信它是在 运行 和 "client create" 时创建的。我进入实例并我在 /etc/chef/ 目录中没有看到 ubuntu.pem:
已更新
aws_instance.jenkinsNode(厨师):错误:无法通过密钥 /etc/chef/delivery.pem 向 https://mobile-b9oer25dyrts1qor.us-east-1.opsworks-cm.io/organizations/default/ 进行身份验证
aws_instance.jenkinsNode(主厨):响应:用户或客户端的签名无效 'delivery'
aws_instance.jenkinsNode(厨师):清理用户密钥...
Error applying plan:
1 error(s) occurred:
* aws_instance.jenkinsNode: 1 error(s) occurred:
* Command "sudo knife client create jenkinsNodeOnDemandUpdate -d -f /etc/chef/client.pem -c /etc/chef/client.rb -u ubuntu --key /etc/chef/ubuntu.pem" exited with non-zero exit status: 100
登录时没有密钥,因为失败后立即删除bootstrap
aws_instance.jenkinsNode (chef): Cleanup user key...
仔细检查运行 Terraform 的机器上的密钥 (~/key/mykey.pem
) 的格式是否正确。它也应该加载 $file
或作为 String:
user_key = "${file("~/key/mykey.pem")}"
只需仔细检查 Terraform 是否支持 ~
。
Terraform 的新手,我正在尝试 bootstrap 在创建实例后创建一个节点。
这是文件:
resource "aws_instance" "jenkinsNode" {
provisioner "remote-exec" {
connection {
user = "ubuntu"
private_key = "${file("~/key/mykey.pem")}"
host = "${aws_instance.jenkinsNode.public_ip}"
}
inline = [
"sudo mkdir -p /etc/chef/trusted_certs",
"sudo curl --silent --show-error --retry 3 --location --output
\"/etc/chef/trusted_certs/opsworks-cm-ca-2016-root.pem\"
\"https://opsworks-cm-us-assets.s3.amazonaws.com/misc/opsworks-cm-ca-2016-root.pem\""
]
}
provisioner "chef" {
environment = "_default"
run_list = ["android-aws-nodes::updateAndroidSdk"]
node_name = "jenkinsNodeOnDemandUpdate"
secret_key = "${file("~/chef/mobile-chef-aws/.chef/private.pem")}"
server_url = "https://my-opsworks-server.io/organizations/default"
recreate_client = true
user_name = "delivery"
user_key = "${file("~/chef/mobile-chef-aws/.chef/private.pem")}"
version = "12.8.1"
}
connection {
user = "ubuntu"
private_key = "${file("~/key/jenkins-main.pem")}"
}
count = 1
instance_type = "c4.8xlarge"
ami = "ami-0000000"
key_name = "mykey"
subnet_id = "subnet-00000000"
vpc_security_group_ids = ["sg-00000000"]
}
当我 运行 尝试应用上述代码时,我收到以下错误。我连接并启动了 bootstrap 进程,但它一直抱怨找不到私有(我相信它是在 运行 和 "client create" 时创建的。我进入实例并我在 /etc/chef/ 目录中没有看到 ubuntu.pem:
已更新 aws_instance.jenkinsNode(厨师):错误:无法通过密钥 /etc/chef/delivery.pem 向 https://mobile-b9oer25dyrts1qor.us-east-1.opsworks-cm.io/organizations/default/ 进行身份验证 aws_instance.jenkinsNode(主厨):响应:用户或客户端的签名无效 'delivery' aws_instance.jenkinsNode(厨师):清理用户密钥...
Error applying plan:
1 error(s) occurred:
* aws_instance.jenkinsNode: 1 error(s) occurred:
* Command "sudo knife client create jenkinsNodeOnDemandUpdate -d -f /etc/chef/client.pem -c /etc/chef/client.rb -u ubuntu --key /etc/chef/ubuntu.pem" exited with non-zero exit status: 100
登录时没有密钥,因为失败后立即删除bootstrap
aws_instance.jenkinsNode (chef): Cleanup user key...
仔细检查运行 Terraform 的机器上的密钥 (~/key/mykey.pem
) 的格式是否正确。它也应该加载 $file
或作为 String:
user_key = "${file("~/key/mykey.pem")}"
只需仔细检查 Terraform 是否支持 ~
。