Terraform AWS ASG: Error: timeout - last error: ssh: handshake failed: ssh: unable to authenticate
Terraform AWS ASG: Error: timeout - last error: ssh: handshake failed: ssh: unable to authenticate
我正在使用 terraform 0.12 通过 aws 创建一个自动缩放组,当我应用 terraform 时我得到了:
aws_autoscaling_group.satellite_websites_asg: Still creating... [4m50s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m0s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m10s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m20s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m30s elapsed]
Error: timeout - last error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
如果我check in aws,ASG已经创建,我可以ssh到ASG中的实例
我的 .tf 文件
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
}
}
resource "aws_launch_configuration" "satellite_websites_conf" {
name_prefix = "satellite_websites_conf-"
image_id = "${data.aws_ami.ubuntu.id}"
instance_type = "t3.micro"
enable_monitoring = "true"
key_name = data.terraform_remote_state.shared_infra.outputs.vpc_access_keyname
iam_instance_profile = data.terraform_remote_state.shared_infra.outputs.ecs_iam_instance_profile
security_groups = [aws_security_group.ghost_ec2_http_https_ssh.id]
user_data = "${file("./boot-script.sh")}"
lifecycle {
create_before_destroy = true
}
}
# ASG in which we'll host EC2 instance running ghost servers
resource "aws_autoscaling_group" "satellite_websites_asg" {
name_prefix = "satellite_websites_asg-"
max_size = 1
min_size = 1
launch_configuration = "${aws_launch_configuration.satellite_websites_conf.name}"
vpc_zone_identifier = data.terraform_remote_state.shared_infra.outputs.vpc_private_subnets
load_balancers = ["${aws_elb.satellite_websites_elb.name}"]
health_check_type = "ELB"
provisioner "file" {
content = templatefile("${path.module}/ghost-config.json.template", {
// somestuff
})
destination = "~/config.production.template"
}
provisioner "file" {
source = "${path.module}/boot-script.sh"
destination = "~/boot-script.sh"
}
lifecycle {
create_before_destroy = true
}
}
您需要提供 connection details 文件供应器才能连接到 ASG 实例。
遗憾的是,ASG 资源仅间接管理它创建的实例,因此 return 没有此信息。
您可以有一个依赖于 ASG 的 aws_instance data source 并使用它来查找它创建的实例,但是在 ASG 创建后通过连接到它来修改实例是一种反模式并且无济于事如果 ASG 替换了实例,您和您的自动化软件(例如 Terraform)此时不在循环中。
相反,您应该尝试使用 Packer. For anything that needs to be different between environments then use user data to make these changes on instance creation or something more dynamic and runtime based such as Consul.
之类的东西将任何通用配置(例如,我认为在您的情况下安装 Ghost 及其依赖项?)烘焙到 AMI 中
我正在使用 terraform 0.12 通过 aws 创建一个自动缩放组,当我应用 terraform 时我得到了:
aws_autoscaling_group.satellite_websites_asg: Still creating... [4m50s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m0s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m10s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m20s elapsed]
aws_autoscaling_group.satellite_websites_asg: Still creating... [5m30s elapsed]
Error: timeout - last error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
如果我check in aws,ASG已经创建,我可以ssh到ASG中的实例
我的 .tf 文件
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
}
}
resource "aws_launch_configuration" "satellite_websites_conf" {
name_prefix = "satellite_websites_conf-"
image_id = "${data.aws_ami.ubuntu.id}"
instance_type = "t3.micro"
enable_monitoring = "true"
key_name = data.terraform_remote_state.shared_infra.outputs.vpc_access_keyname
iam_instance_profile = data.terraform_remote_state.shared_infra.outputs.ecs_iam_instance_profile
security_groups = [aws_security_group.ghost_ec2_http_https_ssh.id]
user_data = "${file("./boot-script.sh")}"
lifecycle {
create_before_destroy = true
}
}
# ASG in which we'll host EC2 instance running ghost servers
resource "aws_autoscaling_group" "satellite_websites_asg" {
name_prefix = "satellite_websites_asg-"
max_size = 1
min_size = 1
launch_configuration = "${aws_launch_configuration.satellite_websites_conf.name}"
vpc_zone_identifier = data.terraform_remote_state.shared_infra.outputs.vpc_private_subnets
load_balancers = ["${aws_elb.satellite_websites_elb.name}"]
health_check_type = "ELB"
provisioner "file" {
content = templatefile("${path.module}/ghost-config.json.template", {
// somestuff
})
destination = "~/config.production.template"
}
provisioner "file" {
source = "${path.module}/boot-script.sh"
destination = "~/boot-script.sh"
}
lifecycle {
create_before_destroy = true
}
}
您需要提供 connection details 文件供应器才能连接到 ASG 实例。
遗憾的是,ASG 资源仅间接管理它创建的实例,因此 return 没有此信息。
您可以有一个依赖于 ASG 的 aws_instance data source 并使用它来查找它创建的实例,但是在 ASG 创建后通过连接到它来修改实例是一种反模式并且无济于事如果 ASG 替换了实例,您和您的自动化软件(例如 Terraform)此时不在循环中。
相反,您应该尝试使用 Packer. For anything that needs to be different between environments then use user data to make these changes on instance creation or something more dynamic and runtime based such as Consul.
之类的东西将任何通用配置(例如,我认为在您的情况下安装 Ghost 及其依赖项?)烘焙到 AMI 中