Packer出现问题:amazon-ebs:SSH等待超时

时间:2019-02-19 18:18:31

标签: amazon-ec2 ssh packer

我是Packer的新手,我正在尝试使用VPC的专用网络创建映像,并且不断出现错误*amazon-ebs: Timeout waiting for SSH.*

使用的Packer版本为1.3.4,并且专用子网可以通过公用子网和路由表访问NAT网关。但是由于问题无法到达实例,因此我还尝试了其他参数,例如:值分别为private_dnsassociate_public_ip_address的{​​{3}}。但是即使是更改,我也会遇到相同的错误。

我正在使用的模板包含下一个内容

"builders": [
{
  "type": "amazon-ebs",
  "access_key": "{{user `aws_access_key`}}",
  "secret_key": "{{user `aws_secret_key`}}",
  "region": "{{user `region`}}",
  "source_ami": "{{user `source_ami`}}",
  "instance_type": "{{user `instance_type`}}",
  "iam_instance_profile": "{{user `role`}}",
  "ssh_username": "{{user `ssh_username`}}",
  "ssh_timeout": "15m",
  "vpc_id": "{{user `vpc_id`}}",
  "subnet_id": "{{user `subnet_id`}}",
  "associate_public_ip_address": true,
  "ami_name": "{{user `name`}}.{{isotime \"2006-01-02T150405Z\"}}",
  "ami_description": "based on {{user `source_ami`}}",
  "tags": {
    "Name": "{{user `name`}}"
  }]

在模板中,我没有定义安全组,但在Packer的日志中,我看到它能够创建临时安全组,那么对端口22的访问也应该可用

==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue. 
==> amazon-ebs: Creating temporary security group for this instance: packer_5
c6b3667-c41f-92bc-aa89-efc5f3a2d8a8
==> amazon-ebs: Authorizing access to port 22 from 0.0.0.0/0 in the temporary security group...
==> amazon-ebs: Pausing after run of step 'StepSecurityGroup'. Press enter to continue. 
==> amazon-ebs: Pausing after run of step 'StepCleanupVolumes'. Press enter to continue. 
==> amazon-ebs: Launching a source AWS instance...

但是问题仍然存在。模板中是否缺少某些内容?还是我应该做些不同的事情来生成AMI?

4 个答案:

答案 0 :(得分:1)

您无法通过NAT网关访问ec2。 AWS中的NAT网关用于提供从VPC到VPC的Internet访问。

您有几种选择:

  1. Make Packer在具有公共ip的公共子网中启动ec2。在VPC和路由表中正确配置了IGW
  2. 在AWS中部署了安全的堡垒主机,并使用它从带有打包程序的工作站跳到ec2。您将需要使用自定义通信器在packer.json中配置一些内容。这里的文档https://www.packer.io/docs/templates/communicator.html#ssh

致谢

答案 1 :(得分:0)

还有一种可能是打包程序无法找到要登录到堡垒主机的密钥,而无法等待其他方法登录。

收集的日志,其导出PACKER_LOG = 1如下。

$a = [1,2,3,4,5]; 

$a_one_shift = rotateRight($a, 1);
//  [5,1,2,3,4]; 

$a_two_shift = rotateRight($a_one_shift, 1);
// [4,5,1,2,3];

另外,要验证$a_new = rotateRight($a, 2); // [4,5,1,2,3]; 不应列出密钥,然后我们知道打包程序无法找到要登录的密钥。

在这种情况下,我们只需要使用==> amazon-ebs: Waiting for SSH to become available... 2020/07/30 12:19:22 packer: 2020/07/30 12:19:22 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain 2020/07/30 12:19:27 packer: 2020/07/30 12:19:27 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain 2020/07/30 12:19:32 packer: 2020/07/30 12:19:32 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain 2020/07/30 12:19:37 packer: 2020/07/30 12:19:37 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain 2020/07/30 12:19:43 packer: 2020/07/30 12:19:43 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain 2020/07/30 12:19:48 packer: 2020/07/30 12:19:48 [DEBUG] TCP connection to SSH ip/port failed: Error connecting to bastion: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain 添加ssh密钥即可解决此问题。

答案 2 :(得分:0)

我面临着同样的问题。我发现的问题是我的所有实例都在Default VPC中启动。即使我已设置SG和路由表以允许来自 0.0.0.0/0 的入口ssh通信。即使从控制台访问仍然不算麻烦。 因此必须使用适当的Internet网关,安全组和路由表创建自定义VPC,而我的最终建筑商就是这样。

  "builders": [{
        "type": "amazon-ebs",
        "access_key": "{{user `aws_access_key`}}",
        "secret_key": "{{user `aws_secret_key`}}",
        "region": "us-******",
        "source_ami": "ami-*********",
        "instance_type": "t2.micro",
        "ssh_username": "ubuntu",
        "ami_name": "packer-example {{timestamp}}",
        "vpc_id": "{VPC id i had created}",
        "subnet_id": "{Subnet i had created}",
        "security_group_id": "sg with proper ingress port 22 rule enabled from 0.0.0.0"

  }],

希望能解决您的问题,请原谅我的词汇量:)

答案 3 :(得分:0)

我遇到了同样的问题,导致它的原因是使用了加密的 AMI,而我明确指出“错误”。

  "builders": [
    {
      "launch_block_device_mappings": [
        {
          "device_name": "/dev/sda1",
          "volume_type": "gp2",
          "encrypted": true      <-- I was setting it to 'false' while only 'true' works
        }
      ],
      ...
    }
  ],
相关问题
最新问题