无法 ssh 到通过 terraform 创建的 ibmcloud 实例
Cannot ssh to ibmcloud instance created via terraform
我可以通过 Terraform 在 IBMCloud 中成功创建实例。问题是在成功部署后我无法通过 ssh 进入实例。
terraform-provider-ibm 的版本是:1.11.2.
terraform 本身的版本是:v0.12.20.
我使用的 terraform 代码如下:
provider "ibm" {
ibmcloud_api_key = ""
region="eu-gb"
generation = 2
}
variable "ssh_public_key" {
default = "~/.ssh/id_rsa.pub"
}
resource "ibm_is_vpc" "testacc_vpc" {
name = "testvpc"
}
resource "ibm_is_subnet" "testacc_subnet" {
name = "testsubnet"
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
ipv4_cidr_block = "10.242.0.0/24"
}
resource "ibm_is_ssh_key" "testacc_sshkey" {
name = "testssh"
public_key = "file(var.ssh_public_key)"
}
resource "ibm_is_security_group" "testacc_security_group" {
name = "test"
vpc = ibm_is_vpc.testacc_vpc.id
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "127.0.0.1"
depends_on = [ibm_is_security_group.testacc_security_group]
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "127.0.0.1"
icmp {
code = 22
type = 22
}
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
name = "testinstance"
image = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
profile = "cx2-2x4"
primary_network_interface {
subnet = ibm_is_subnet.testacc_subnet.id
}
network_interfaces {
name = "eth1"
subnet = ibm_is_subnet.testacc_subnet.id
}
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
keys = [ibm_is_ssh_key.testacc_sshkey.id]
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]
//User can configure timeouts
timeouts {
create = "90m"
delete = "30m"
}
}
resource "ibm_is_floating_ip" "fip1" {
name = "fip1"
target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}
output "sshcommand" {
value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}
有人发现安全规则有问题吗?我是否缺少一些额外的配置?
先谢谢大家了!
需要在 terraform 文件中进行一些更改
- 您需要将实例 (vsi) 附加到安全组。
- 如果您要定义主网络接口,则不需要
network interface。以防万一,如果您需要一个,请记住使用 security_groups 使用 ssh 规则附加安全组
- 遥控器应该是
0.0.0.0/0,不是127.0.0.1
- 传递 SSH 公钥值
cat ~/.ssh/id_rsa.pub 或从 UI 创建 SSH 密钥然后传递密钥名称
data "ibm_is_ssh_key" "ds_key" {
name = "test"
}
这是包含所有 above-mentioned 更改的更新后的 Terraform 文件。有关文档,请参阅 here
provider "ibm" {
ibmcloud_api_key = ""
region="eu-gb"
generation = 2
}
resource "ibm_is_vpc" "testacc_vpc" {
name = "testvpc"
}
resource "ibm_is_subnet" "testacc_subnet" {
name = "testsubnet"
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
ipv4_cidr_block = "10.242.0.0/24"
}
resource "ibm_is_ssh_key" "testacc_sshkey" {
name = "testssh"
public_key = "ssh-rsa xxxxxxx"
}
resource "ibm_is_security_group" "testacc_security_group" {
name = "test"
vpc = ibm_is_vpc.testacc_vpc.id
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "0.0.0.0/0"
depends_on = [ibm_is_security_group.testacc_security_group]
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "0.0.0.0/0"
icmp {
code = 22
type = 22
}
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
name = "testinstance"
image = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
profile = "cx2-2x4"
primary_network_interface {
subnet = ibm_is_subnet.testacc_subnet.id
security_groups = [ibm_is_security_group.testacc_security_group.id]
}
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
keys = [ibm_is_ssh_key.testacc_sshkey.id]
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]
//User can configure timeouts
timeouts {
create = "90m"
delete = "30m"
}
}
resource "ibm_is_floating_ip" "fip1" {
name = "fip1"
target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}
output "sshcommand" {
value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}
我可以通过 Terraform 在 IBMCloud 中成功创建实例。问题是在成功部署后我无法通过 ssh 进入实例。
terraform-provider-ibm 的版本是:1.11.2.
terraform 本身的版本是:v0.12.20.
我使用的 terraform 代码如下:
provider "ibm" {
ibmcloud_api_key = ""
region="eu-gb"
generation = 2
}
variable "ssh_public_key" {
default = "~/.ssh/id_rsa.pub"
}
resource "ibm_is_vpc" "testacc_vpc" {
name = "testvpc"
}
resource "ibm_is_subnet" "testacc_subnet" {
name = "testsubnet"
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
ipv4_cidr_block = "10.242.0.0/24"
}
resource "ibm_is_ssh_key" "testacc_sshkey" {
name = "testssh"
public_key = "file(var.ssh_public_key)"
}
resource "ibm_is_security_group" "testacc_security_group" {
name = "test"
vpc = ibm_is_vpc.testacc_vpc.id
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "127.0.0.1"
depends_on = [ibm_is_security_group.testacc_security_group]
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "127.0.0.1"
icmp {
code = 22
type = 22
}
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
name = "testinstance"
image = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
profile = "cx2-2x4"
primary_network_interface {
subnet = ibm_is_subnet.testacc_subnet.id
}
network_interfaces {
name = "eth1"
subnet = ibm_is_subnet.testacc_subnet.id
}
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
keys = [ibm_is_ssh_key.testacc_sshkey.id]
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]
//User can configure timeouts
timeouts {
create = "90m"
delete = "30m"
}
}
resource "ibm_is_floating_ip" "fip1" {
name = "fip1"
target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}
output "sshcommand" {
value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}
有人发现安全规则有问题吗?我是否缺少一些额外的配置?
先谢谢大家了!
需要在 terraform 文件中进行一些更改
- 您需要将实例 (vsi) 附加到安全组。
- 如果您要定义主网络接口,则不需要
network interface。以防万一,如果您需要一个,请记住使用security_groups 使用 - 遥控器应该是
0.0.0.0/0,不是127.0.0.1 - 传递 SSH 公钥值
cat ~/.ssh/id_rsa.pub或从 UI 创建 SSH 密钥然后传递密钥名称
ssh 规则附加安全组
data "ibm_is_ssh_key" "ds_key" {
name = "test"
}
这是包含所有 above-mentioned 更改的更新后的 Terraform 文件。有关文档,请参阅 here
provider "ibm" {
ibmcloud_api_key = ""
region="eu-gb"
generation = 2
}
resource "ibm_is_vpc" "testacc_vpc" {
name = "testvpc"
}
resource "ibm_is_subnet" "testacc_subnet" {
name = "testsubnet"
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
ipv4_cidr_block = "10.242.0.0/24"
}
resource "ibm_is_ssh_key" "testacc_sshkey" {
name = "testssh"
public_key = "ssh-rsa xxxxxxx"
}
resource "ibm_is_security_group" "testacc_security_group" {
name = "test"
vpc = ibm_is_vpc.testacc_vpc.id
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "0.0.0.0/0"
depends_on = [ibm_is_security_group.testacc_security_group]
}
resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
group = ibm_is_security_group.testacc_security_group.id
direction = "inbound"
remote = "0.0.0.0/0"
icmp {
code = 22
type = 22
}
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
name = "testinstance"
image = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
profile = "cx2-2x4"
primary_network_interface {
subnet = ibm_is_subnet.testacc_subnet.id
security_groups = [ibm_is_security_group.testacc_security_group.id]
}
vpc = ibm_is_vpc.testacc_vpc.id
zone = "eu-gb-1"
keys = [ibm_is_ssh_key.testacc_sshkey.id]
depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]
//User can configure timeouts
timeouts {
create = "90m"
delete = "30m"
}
}
resource "ibm_is_floating_ip" "fip1" {
name = "fip1"
target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}
output "sshcommand" {
value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}