Mat*_*ard 5 amazon-ec2 terraform
使用Terraform 0.7.7.
我有一个简单的Terraform文件,其中包含以下内容:
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
region = "${var.region}"
}
resource "aws_instance" "personal" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "t2.micro"
}
resource "aws_eip" "ip" {
instance = "${aws_instance.personal.id}"
}
resource "aws_key_pair" "personal" {
key_name = "mschuchard-us-east"
public_key = "${var.public_key}"
}
Terraform apply 产生以下错误:
aws_key_pair.personal: Creating...
fingerprint: "" => "<computed>"
key_name: "" => "mschuchard-us-east"
public_key: "" => "ssh-rsa pubkey hash mschuchard-us-east"
aws_instance.personal: Creating...
ami: "" => "ami-c481fad3"
availability_zone: "" => "<computed>"
ebs_block_device.#: "" => "<computed>"
ephemeral_block_device.#: "" => "<computed>"
instance_state: "" => "<computed>"
instance_type: "" => "t2.micro"
key_name: "" => "<computed>"
network_interface_id: "" => "<computed>"
placement_group: "" => "<computed>"
private_dns: "" => "<computed>"
private_ip: "" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "" => "<computed>"
security_groups.#: "" => "<computed>"
source_dest_check: "" => "true"
subnet_id: "" => "<computed>"
tenancy: "" => "<computed>"
vpc_security_group_ids.#: "" => "<computed>"
aws_instance.personal: Creation complete
aws_eip.ip: Creating...
allocation_id: "" => "<computed>"
association_id: "" => "<computed>"
domain: "" => "<computed>"
instance: "" => "i-0ab94b58b0089697d"
network_interface: "" => "<computed>"
private_ip: "" => "<computed>"
public_ip: "" => "<computed>"
vpc: "" => "<computed>"
aws_eip.ip: Creation complete
Error applying plan:
1 error(s) occurred:
* aws_key_pair.personal: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'mschuchard-us-east' already exists.
status code: 400, request id: 51950b9a-55e8-4901-bf35-4d2be234abbf
我用谷歌搜索找到的唯一帮助是吹走*.tfstate文件,我试过,但没有帮助.我可以使用带有这个密钥对的gui启动一个EC2实例并轻松地进入它,但Terraform在尝试使用相同的全功能密钥对时出错.
yda*_*coR 12
该错误告诉您,您的AWS账户中已存在密钥对,但Terraform在其状态文件中不知道它,因此每次都尝试创建密钥对.
您有两种选择.首先,您可以简单地从AWS账户中删除它,并允许Terraform上传它,从而允许它由Terraform管理并保存在其状态文件中.
或者,您可以使用Terraform import命令将预先存在的资源导入到您的状态文件中:
terraform import aws_key_pair.personal mschuchard-us-east
使用 ${uuid()} 函数在生成时始终获取密钥对的随机 id,所选/生成的 UUID 会将其放入状态文件中,因此您仍然可以删除,但无法更新。每次应用 terraform 文件时,都会生成一个新的密钥对......
虽然您确实无法使用 AWS 提供商从头开始生成密钥对,但您可以使用 TLS 提供商生成的 RSA 私钥在 AWS 中生成新的密钥对对象。
resource "aws_key_pair" "test" {
key_name = "${uuid()}"
public_key = "${tls_private_key.t.public_key_openssh}"
}
provider "tls" {}
resource "tls_private_key" "t" {
algorithm = "RSA"
}
provider "local" {}
resource "local_file" "key" {
content = "${tls_private_key.t.private_key_pem}"
filename = "id_rsa"
provisioner "local-exec" {
command = "chmod 600 id_rsa"
}
}
使用 tls 提供程序生成密钥,并每次将其作为新对象导入。然后导出私钥,以便您稍后可以使用它访问服务器。
值得注意的是,这打破了 Terraform 尝试使用的范式之一(基础设施即代码),但从实际开发的角度来看,这可能有点过于理想化...... Terraform 构建中途失败,状态失效。更好的解决方案可能是 AWS 插件收到自动导入的“已存在”错误,或者这是可以设置的可选行为。
该错误表明该密钥对已存在于 AWS 中,并且没有说明它是使用 Terraform 还是使用控制台创建的。
您应该在 AWS 控制台中看到它的EC2 -> Key Pairs正确区域。您应该先使用控制台删除它,然后再尝试使用 Terraform 导入它。
| 归档时间: |
|
| 查看次数: |
8402 次 |
| 最近记录: |