Terraform 文件配置程序无法通过 ssh 连接 ec2。超时 - 最后一个错误:拨打 tcp 92.242.xxx.xx:22:i/o 超时

问题描述 投票:0回答:3

我正在使用 terraform 脚本来: - 创建EC2实例 - 使用文件配置器连接到EC2实例并复制文件 我的脚本是:

脚本

provider "aws" {
  region = "us-east-1"
  shared_credentials_file = "~/.aws/credentials"
}

resource "aws_instance" "pd_terraform" {
  ami = "ami-03d315ad33b9d49c4"
  instance_type = "t2.micro"
  key_name = "pd_kp_tf"

  connection {
        type        = "ssh"
        host        = "${self.public_ip}.compute-1.amazonaws.com"
        user        = "ubuntu"
        private_key = "${file("~/.ssh/id_rsa")}"
    }

  provisioner "file" {

    content     = "touch pd_bash_file.txt"
    destination = "/tmp/script.sh"
  }
}

运行脚本的步骤:

terraform init 
terraform apply

预期输出:代码完全运行并将文件复制到EC2

实际结果: 我可以看到我的 TF 代码创建了一个 EC2 实例。然而它未能 通过 SSH 连接并将文件复制到 EC2 实例。
我最后收到此错误

Error: timeout - last error: dial tcp 92.242.140.21:22: i/o timeout

日志: 我开始了一个日志跟踪,该块重复:

file-provisioner (internal) 2021/03/03 12:44:55 [DEBUG] Connecting to 3.85.141.254.compute-1.amazonaws.com:22 for SSH
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:00 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:05 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:10 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    file-provisioner (internal) 2021/03/03 12:45:10 [ERROR] connection error: dial tcp 92.242.140.21:22: i/o timeout
    file-provisioner (internal) 2021/03/03 12:45:10 [WARN] retryable error: dial tcp 92.242.140.21:22: i/o timeout
    file-provisioner (internal) 2021/03/03 12:45:10 [INFO] sleeping for 20s
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:15 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:20 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip"
    2021/03/03 12:45:25 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "provisioner.file (close)" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "output.ip" is waiting for "aws_instance.pd_terraform"
    2021/03/03 12:45:30 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "output.ip

故障排除:我尝试使用相同的密钥连接到 terraform 创建的 ec2 实例。我能够毫无问题地连接。各种论坛上的一般讨论表明,这可能是与安全组相关的问题,但由于我能够连接到我的终端,所以不太可能。

amazon-web-services terraform terraform-provider-aws terraform0.12+
3个回答
5
投票

我在 github 存储库中找到了问题的解决方案:https://github.com/DeekshithSN/Terraform/blob/master/Provisioner/file-Provisioner/main.tf

我必须在我的 terraform 主文件中定义一个安全组。更新后的主文件如下:

    resource "aws_instance" "web" {
  ami           = "ami-04bf6dcdc9ab498ca"
  instance_type = "t2.micro"
  key_name      = "pd_kp_tf"
  user_data     = "${file("httpd.sh")}"
  vpc_security_group_ids = ["${aws_security_group.webSG.id}"]
  tags = {
    Name = "Test-file-provisioner"
  }

}

resource "null_resource" "copyhtml" {

    connection {
    type = "ssh"
    host = aws_instance.web.public_ip
    user = "ec2-user"
    private_key = file("pd_kp_tf.pem")
    }

  provisioner "file" {
    source      = "index.html"
    destination = "/tmp/index.html"
  }

  provisioner "file" {
    source      = "copy.sh"
    destination = "/tmp/copy.sh"
  }

  depends_on = [ aws_instance.web ]

  }

resource "aws_security_group" "webSG" {
  name        = "webSG"
  description = "Allow ssh  inbound traffic"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]

  }
}

我相信 WebSG 安全组中的入口和出口块允许您的实例接受 ssh 流量。如果您遇到任何问题,您还可以检查他的其他供应商。我能够从他的代码中运行所有配置程序。

分辨率: 定义允许端口 22 和 80 上的入口流量的安全组。

1
投票

DNS 名称应如下所示:

ec2-xx-xx-xx-xx.compute-1.amazonaws.com

正如你所看到的,如果你想使用 DNS 名称,即使你 

.
,你也需要用 
-
字符替换 
self.public_ip
,所以最好使用 
self.public_ip

resource "aws_instance" "pd_terraform" {
 ami = "ami-03d315ad33b9d49c4"
 instance_type = "t2.micro"
 key_name = "pd_kp_tf"

 connection {
       type        = "ssh"
       host        = self.public_ip
       user        = "ubuntu"
       private_key = "${file("~/.ssh/id_rsa")}"
   }

 provisioner "file" {

   content     = "touch pd_bash_file.txt"
   destination = "/tmp/script.sh"
 }
}

自我对象

0
投票

我在使用 terraform 部署时也遇到了这个错误。深入挖掘后,我的 IP 地址未列在允许列表安全组中。不知何故,我的 IP 地址无意中发生了变化。

添加 IP 地址后问题已解决。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.