1. 首頁
  2. 問答
  3. Terraform無法將密鑰對導入Amazon EC2

Terraform無法將密鑰對導入Amazon EC2

2016-10-19 63 views
2

使用Terraform 0.7.7。Terraform無法將密鑰對導入Amazon EC2

我有以下簡單的Terraform文件:

provider "aws" { 
    access_key = "${var.access_key}" 
    secret_key = "${var.secret_key}" 
    region  = "${var.region}" 
} 

resource "aws_instance" "personal" { 
    ami   = "${lookup(var.amis, var.region)}" 
    instance_type = "t2.micro" 
} 

resource "aws_eip" "ip" { 
    instance = "${aws_instance.personal.id}" 
} 

resource "aws_key_pair" "personal" { 
    key_name = "mschuchard-us-east" 
    public_key = "${var.public_key}" 
}

Terraform apply產生以下錯誤:

aws_key_pair.personal: Creating... 
    fingerprint: "" => "<computed>" 
    key_name: "" => "mschuchard-us-east" 
    public_key: "" => "ssh-rsa pubkey hash mschuchard-us-east" 
aws_instance.personal: Creating... 
    ami:      "" => "ami-c481fad3" 
    availability_zone:  "" => "<computed>" 
    ebs_block_device.#:  "" => "<computed>" 
    ephemeral_block_device.#: "" => "<computed>" 
    instance_state:   "" => "<computed>" 
    instance_type:   "" => "t2.micro" 
    key_name:     "" => "<computed>" 
    network_interface_id:  "" => "<computed>" 
    placement_group:   "" => "<computed>" 
    private_dns:    "" => "<computed>" 
    private_ip:    "" => "<computed>" 
    public_dns:    "" => "<computed>" 
    public_ip:    "" => "<computed>" 
    root_block_device.#:  "" => "<computed>" 
    security_groups.#:  "" => "<computed>" 
    source_dest_check:  "" => "true" 
    subnet_id:    "" => "<computed>" 
    tenancy:     "" => "<computed>" 
    vpc_security_group_ids.#: "" => "<computed>" 
aws_instance.personal: Creation complete 
aws_eip.ip: Creating... 
    allocation_id:  "" => "<computed>" 
    association_id: "" => "<computed>" 
    domain:   "" => "<computed>" 
    instance:   "" => "i-0ab94b58b0089697d" 
    network_interface: "" => "<computed>" 
    private_ip:  "" => "<computed>" 
    public_ip:   "" => "<computed>" 
    vpc:    "" => "<computed>" 
aws_eip.ip: Creation complete 
Error applying plan: 

1 error(s) occurred: 

* aws_key_pair.personal: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'mschuchard-us-east' already exists. 
status code: 400, request id: 51950b9a-55e8-4901-bf35-4d2be234abbf

我發現谷歌搜索的唯一幫助是吹走*.tfstate文件,這些文件我試過了,但沒有幫助。我可以用這個密鑰對啓動一個帶有gui的EC2實例,並且可以很容易地進入它,但是Terraform在嘗試使用相同的全功能密鑰對時出錯。

來源

2016-10-19 Matt Schuchard

回答

5

錯誤是告訴您密鑰對已經存在於您的AWS賬戶中,但Terraform在其狀態文件中不知道它,所以每次都試圖創建它。

您在這裏有兩種選擇。首先,您可以簡單地從AWS賬戶中刪除它,並允許Terraform上傳它,從而允許它由Terraform進行管理並處於其狀態文件中。

另外,您可以使用Terraform import命令導入預先存在的資源到你的狀態文件:

terraform import aws_key_pair.personal mschuchard-us-east

來源

2016-10-19 13:53:41 ydaetskcoR

+1

在我的情況下,它將是'aws_key_pair.personal'的導入。無論如何,在與證書戰鬥一段時間後,放棄讓Terraform使用憑證文件後,我成功導入並運行了'terraform apply'。然後我意識到資源實際上在做什麼以及如何將'key_name'與實例相關聯。 Terraform對用戶非常不友好,確實需要更高級的教程。進行編輯導入命令,我會接受這個答案。 –

+0

也盯着EC2實例儀表板讓我意識到我也需要'vpc_security_group_ids'。現在我實際上可以成功地將ssh寫入由Terraform創建的EC2實例中,但是'$ {aws_instance.personal.public_dns}'的輸出是完全不準確的,所以我在我面前再有一次爆炸頭對話會話。 –

2

錯誤表示密鑰對已經存在於AWS中,並且沒有說明它是使用Terraform還是使用控制檯創建的。

您應該在AWS控制檯EC2 -> Key Pairs中看到正確的區域。在重試使用Terraform導入之前,應該使用控制檯將其刪除。

來源

2016-10-19 13:33:28

+0

等待,根據本https://www.terraform.io/docs/providers/aws /r/key_pair.html我無法使用Terraform創建密鑰對。另外,如果我從控制檯中刪除密鑰對,我如何知道公鑰在Terraform中指定它? –

+0

正確的是,您不能使用Terraform創建EC2密鑰對,但您可以在本地創建它(隱藏)並從中獲取公鑰('ssh-keygen -y -f myssh.key> myssh.pub')你可以把它放到資源'aws_key_pair'中。 –

相關問題

 相關問題