[英]Having problems with Packer: amazon-ebs: Timeout waiting for SSH
我是 Packer 的新手,我正在嘗試使用 VPC 的專用網絡創建映像,但我不斷遇到錯誤*amazon-ebs: Timeout waiting for SSH.*
使用的 Packer 版本是1.3.4
,私有子網可以通過公共子網和路由表訪問 NAT 網關。 但是由於問題無法到達實例,所以我也嘗試過使用其他參數,例如: ssh_interface和private_dns
和associate_public_ip_address
的值。 但即使是改變我也得到同樣的錯誤。
我正在使用的模板有下一個內容
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `region`}}",
"source_ami": "{{user `source_ami`}}",
"instance_type": "{{user `instance_type`}}",
"iam_instance_profile": "{{user `role`}}",
"ssh_username": "{{user `ssh_username`}}",
"ssh_timeout": "15m",
"vpc_id": "{{user `vpc_id`}}",
"subnet_id": "{{user `subnet_id`}}",
"associate_public_ip_address": true,
"ami_name": "{{user `name`}}.{{isotime \"2006-01-02T150405Z\"}}",
"ami_description": "based on {{user `source_ami`}}",
"tags": {
"Name": "{{user `name`}}"
}]
在模板中我沒有定義安全組,但在 Packer 的日志中我看到它能夠創建一個臨時安全組,那么對端口 22 的訪問也應該可用
==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue.
==> amazon-ebs: Creating temporary security group for this instance: packer_5
c6b3667-c41f-92bc-aa89-efc5f3a2d8a8
==> amazon-ebs: Authorizing access to port 22 from 0.0.0.0/0 in the temporary security group...
==> amazon-ebs: Pausing after run of step 'StepSecurityGroup'. Press enter to continue.
==> amazon-ebs: Pausing after run of step 'StepCleanupVolumes'. Press enter to continue.
==> amazon-ebs: Launching a source AWS instance...
但問題仍然存在。 模板中是否缺少某些內容? 或者我應該做些什么來生成AMI?
您無法通過 NAT 網關訪問 ec2。 AWS 中的 NAT 網關用於提供從 VPC 而非 VPC 的 Internet 訪問。
您有多種選擇:
問候
我面臨着同樣的問題。 我發現的問題是我的所有實例都在默認 VPC 中啟動。 即使我已經設置了 SG 和路由表以允許來自0.0.0.0/0 的入口 ssh 流量。 即使從控制台訪問仍然不舒服。 所以必須使用適當的互聯網網關、安全組和路由表創建自定義 VPC,我的最終構建器是這樣的。
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-******",
"source_ami": "ami-*********",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-example {{timestamp}}",
"vpc_id": "{VPC id i had created}",
"subnet_id": "{Subnet i had created}",
"security_group_id": "sg with proper ingress port 22 rule enabled from 0.0.0.0"
}],
希望能解決您的問題並原諒我的詞匯量:)
還有一種可能是打包程序無法找到登錄堡壘主機的密鑰並等待其他方法登錄。
使用 export PACKER_LOG=1 收集的日志如下。
==> amazon-ebs: Waiting for SSH to become available...
2020/07/30 12:19:22 packer: 2020/07/30 12:19:22 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/07/30 12:19:27 packer: 2020/07/30 12:19:27 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:32 packer: 2020/07/30 12:19:32 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:37 packer: 2020/07/30 12:19:37 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:43 packer: 2020/07/30 12:19:43 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/07/30 12:19:48 packer: 2020/07/30 12:19:48 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
此外,驗證ssh-add -l
不應列出密鑰,然后我們知道加殼程序無法找到登錄密鑰。
在這種情況下,我們只需要使用ssh-add <path to your ssh keys>
,它應該可以解決問題。
我遇到了同樣的問題,導致它的原因是使用加密的 AMI,而我明確指出“錯誤”。
"builders": [
{
"launch_block_device_mappings": [
{
"device_name": "/dev/sda1",
"volume_type": "gp2",
"encrypted": true <-- I was setting it to 'false' while only 'true' works
}
],
...
}
],
我有一個安全組(防火牆)設置,阻止了來自移動網絡的連接。 當我從受信任的(允許的)網絡連接時,它運行良好。
請注意以下步驟:
2022/07/31 05:58:15 packer-builder-amazon-ebs plugin: Using specified security groups: [sg-0123456789abcd sg-0123456789abce]
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.