运行 terraform apply 时遇到超时错误。这就是我正在尝试做的事情:
我想在 Ubuntu 服务器上托管我的应用程序。为此,我使用 Terraform 创建所有必需的资源。但是,当我运行 terraform apply 时,遇到以下错误
│超时 - 最后一个错误:拨打 tcp 3.81.61.64:22:i/o 超时 代码: https://privatebin.net/?78a142719701b8ed#6dU3aLZdL9DEBBNEPbYmAokEbQT71ZaH17yJS8nTUvMx
Error: file provisioner error
with aws_instance.myinstance,
on main.tf line 97, in resource "aws_instance" "myinstance":
97: provisioner "file" {
timeout - last error: dial tcp 2.21.32.222: i/o timeout
# Specify the AWS provider and region for deploying the resources
provider "aws" {
region = "us-east-1" # AWS region where resources will be created
}
# Create an AWS key pair to allow SSH access to EC2 instances
resource "aws_key_pair" "keyone" {
key_name = "my-key" # Name of the key pair
public_key = file("C:/Users/.ssh/xsec.pub") # Path to the public key file
}
# Create a VPC (Virtual Private Cloud)
resource "aws_vpc" "cityvpc" {
cidr_block = var.cidr # CIDR block for the VPC, passed via a variable
enable_dns_support = true
enable_dns_hostnames = true
}
# Create a subnet within the VPC
resource "aws_subnet" "citysub" {
cidr_block = var.cidr_256 # Subnet CIDR block, passed via a variable
vpc_id = aws_vpc.cityvpc.id
tags = {
Name = "citysub"
}
}
# Create an internet gateway to allow public internet access
resource "aws_internet_gateway" "citygate" {
vpc_id = aws_vpc.cityvpc.id
tags = {
Name = "citygate"
}
}
# Create a route table to define routing rules
resource "aws_route_table" "cityroute" {
vpc_id = aws_vpc.cityvpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.citygate.id
}
}
# Associate the route table with the subnet
resource "aws_route_table_association" "cityrouteassn" {
route_table_id = aws_route_table.cityroute.id
subnet_id = aws_subnet.citysub.id
}
# Create a security group in the VPC
resource "aws_security_group" "citysecurity" {
name = "TLS Allow"
description = "Allow TLS traffic"
vpc_id = aws_vpc.cityvpc.id
}
# Ingress rule to allow HTTP traffic (port 80)
resource "aws_vpc_security_group_ingress_rule" "allowHTTP" {
security_group_id = aws_security_group.citysecurity.id
cidr_ipv4 = "0.0.0.0/0"
from_port = 80
to_port = 80
ip_protocol = "tcp"
}
# Ingress rule to allow SSH traffic (port 22)
resource "aws_vpc_security_group_ingress_rule" "allowSSH" {
security_group_id = aws_security_group.citysecurity.id
cidr_ipv4 = "0.0.0.0/0"
from_port = 22
to_port = 22
ip_protocol = "tcp"
}
# Create an EC2 instance
resource "aws_instance" "myinstance" {
ami = "ami-0e2c8caa4b6378d8c"
instance_type = "t2.micro"
subnet_id = aws_subnet.citysub.id
key_name = aws_key_pair.keyone.id
associate_public_ip_address = true
# SSH connection settings
connection {
type = "ssh"
user = "admin"
private_key = file("C:\\Users\\.ssh\\xsec")
host = self.public_ip
}
# Provisioner to copy a file
provisioner "file" {
source = "app.py"
destination = "/home/admin/app.py"
}
# Provisioner to run remote commands
provisioner "remote-exec" {
inline = [
"echo 'Hello from remote server'",
"sudo apt-get update -y",
"sudo apt-get install python3-pip -y"
]
}
}
在 Terraform 中的 EC2 实例上使用文件配置程序和远程执行配置程序被认为是一种不好的做法,只能作为最后的手段。问题在于,如果 EC2 实例位于私有子网中,则您运行 Terraform 的计算机可能无法通过 SSH 网络访问 EC2 实例,或者可能只是在等待实例启动或其他情况时超时。更强大的解决方案是使用 EC2 user-data 来配置文件并运行启动脚本。
EC2 用户数据功能实际上使用 cloud-init,它支持文件创建、启动脚本等。有一个 Terraform provider 用于创建 cloud-init 配置,然后您可以将其传递到 EC2 实例的
user-datadata "cloudinit_config" "my_user_data" {
...
}
resource "aws_instance" "myinstance" {
...
user_data = data.cloudinit_config.my_user_data.rendered
}