我已经向aws_launch_configuration资源中添加了一个文件配置器,并看到SSH超时。
1 error(s) occurred:
* module.dev-agooch.module.web.aws_launch_configuration.primary: timeout - last error: dial tcp :22: connect: connection refused
我已确保创建的安全组允许入站 ssh 流量。
这是我的相关配置:
data "template_file" "pg_service_conf" {
template = "${file("${path.module}/pg_service_conf.tpl")}"
vars {
db_host = "${var.db_host}"
db_port = "${var.db_port}"
}
}
resource "aws_launch_configuration" "primary" {
name_prefix = "${var.cluster_name}"
image_id = "${var.ami}"
instance_type = "${var.instance_type}"
security_groups = ["${aws_security_group.backend.id}"]
key_name = "${var.key_name}"
user_data = <<-EOF
#!/bin/bash
apt-get install nginx -y
echo "Hello from primary `hostname`" > /var/www/html/index.html
EOF
lifecycle {
create_before_destroy = true
}
provisioner "file" {
content = "${data.template_file.pg_service_conf.rendered}"
destination = "/home/admin/.pg_service.conf"
}
}
resource "aws_autoscaling_group" "primary" {
name = "${var.cluster_name}-primary"
launch_configuration = "${aws_launch_configuration.primary.id}"
availability_zones = ["${data.aws_availability_zones.all.names}"]
target_group_arns = ["${aws_alb_target_group.frontend.arn}"]
desired_capacity = 1
min_size = 1
max_size = 1
}
resource "aws_security_group" "backend" {
name = "${var.cluster_name}-backend-sg"
lifecycle {
create_before_destroy = true
}
}
resource "aws_security_group_rule" "backend_allow_http_inbound" {
type = "ingress"
security_group_id = "${aws_security_group.backend.id}"
from_port = "${local.http_port}"
to_port = "${local.http_port}"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "backend_allow_ssh_inbound" {
type = "ingress"
security_group_id = "${aws_security_group.backend.id}"
from_port = "${local.ssh_port}"
to_port = "${local.ssh_port}"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group_rule" "backend_allow_all_outbound" {
type = "egress"
security_group_id = "${aws_security_group.backend.id}"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
我正在使用Terraform v0.11.7,provider.aws v1.25.0,provider.template v1.0.0版本。
从Terraform获取有关该问题的更多信息的最佳方法是什么? 有什么我不知道的吗?
提前非常感谢!
我遇到了同样的问题,并决定根本不使用文件配置器,而是利用userdata脚本在启动脚本中引导文件的 base64 编码字符串,然后将它们解码回 VM 文件系统上的原始文本文件。
对于您的情况,您可以删除文件配置器并在userdata元素中添加单行:
echo ${base64encode(data.template_file.pg_service_conf.rendered)} | base64 --decode > /home/admin/.pg_service.conf
在现有代码的上下文中:
# ...
user_data = <<-EOF
#!/bin/bash
echo ${base64encode(data.template_file.pg_service_conf.rendered)} | base64 --decode > /home/admin/.pg_service.conf
apt-get install nginx -y
echo "Hello from primary `hostname`" > /var/www/html/index.html
EOF
# ...
详细信息:在不使用 Terraform 文件预配程序的情况下将本地文件部署到实例