我正在使用 terraform 配置 ec2 实例后尝试安装软件包,但我无法通过 ssh 获得访问权限。这是我下面的配置,如果有人能发现我做错了什么。 我已经尝试了很多方法,但我的所有尝试都没有成功。但是,我让它来预置 ec2 实例,设置所有网络内容、安全组和负载均衡器。我正在尝试做的是创建 2 个 ec2 实例并在它们两个实例上安装 Nginx,然后使用 elb 对它们进行负载平衡。
provider "aws" {
region = "${var.aws_region}"
}
# OS image
data "aws_ami" "ubuntu-18_04" {
most_recent = true
owners = ["${var.ubuntu_account_number}"]
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
}
}
# Create a VPC to launch our instances into
resource "aws_vpc" "default" {
cidr_block = "10.0.0.0/16"
}
# Create an internet gateway to give our subnet access to the outside world
resource "aws_internet_gateway" "default" {
vpc_id = "${aws_vpc.default.id}"
}
# Grant the VPC internet access on its main route table
resource "aws_route" "internet_access" {
route_table_id = "${aws_vpc.default.main_route_table_id}"
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
# Create a subnet to launch our instances into
resource "aws_subnet" "default" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true
}
# A security group for the ELB so it is accessible via the web
resource "aws_security_group" "elb" {
name = "my_elb"
description = "Used in the terraform"
vpc_id = "${aws_vpc.default.id}"
# HTTP access from anywhere
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Our default security group to access
# the instances over SSH and HTTP
resource "aws_security_group" "default" {
name = "my_test"
description = "Used in the terraform"
vpc_id = "${aws_vpc.default.id}"
# SSH access from anywhere
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["10.0.0.0/16"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_elb" "web" {
name = "terraform-example-elb"
subnets = ["${aws_subnet.default.id}"]
security_groups = ["${aws_security_group.elb.id}"]
instances = ["${aws_instance.web.id}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
}
resource "aws_instance" "web" {
connection {
# The default username for our AMI
user = "ubuntu"
host = "${self.public_ip}"
type = "ssh"
private_key = "${file("/Users/me/Downloads/my-test-key.pem")}"
}
instance_type = "t2.nano"
ami = data.aws_ami.ubuntu-18_04.id
vpc_security_group_ids = [aws_security_group.default.id,]
subnet_id = aws_subnet.default.id
provisioner "remote-exec" {
inline = [
"sudo apt-get -y update",
"sudo apt-get -y install nginx",
"sudo service nginx start",
]
}
}
以下是您在实例上拥有的内容:
resource "aws_instance" "web" {
connection {
# The default username for our AMI
user = "ubuntu"
host = "${self.public_ip}"
type = "ssh"
private_key = "${file("/Users/me/Downloads/my-test-key.pem")}"
}
instance_type = "t2.nano"
ami = data.aws_ami.ubuntu-18_04.id
vpc_security_group_ids = [aws_security_group.default.id,]
subnet_id = aws_subnet.default.id
provisioner "remote-exec" {
inline = [
"sudo apt-get -y update",
"sudo apt-get -y install nginx",
"sudo service nginx start",
]
}
}
这里应该是什么样的
resource "aws_instance" "web" {
instance_type = "t2.nano"
ami = data.aws_ami.ubuntu-18_04.id
vpc_security_group_ids = [aws_security_group.default.id,]
subnet_id = aws_subnet.default.id
provisioner "remote-exec" {
connection {
# The default username for our AMI
user = "ubuntu"
host = "${self.public_ip}"
type = "ssh"
private_key = "${file("/Users/me/Downloads/my-test-key.pem")}"
}
inline = [
"sudo apt-get -y update",
"sudo apt-get -y install nginx",
"sudo service nginx start",
]
}
}
如您所见,连接嵌套在配置器上.
我这里有一些例子:
https://github.com/heldersepu/hs-scripts/blob/master/TerraForm/ec2_ubuntu.tf
你可以做的其他事情是使用user_data:
https://www.terraform.io/docs/providers/aws/r/instance.html#user_data
我这里有一个例子:
https://github.com/heldersepu/hs-scripts/blob/master/TerraForm/ec2_ubuntu.tf#L8