user_data 未在 EC2 中执行,在 cloud-init thru terraform 中出现错误
Posted
技术标签:
【中文标题】user_data 未在 EC2 中执行,在 cloud-init thru terraform 中出现错误【英文标题】:user_data is not executed in EC2 with error in cloud-init thru terraform 【发布时间】:2021-11-05 13:55:48 【问题描述】:我在私有网络中通过 terraform 简单部署了一个 EC2 实例,通过 NAt gw 对其进行互联网访问,一切都很好,只是我使用 user_data 解析脚本以在这个 ubuntu 实例上安装一个简单的 Web 服务器但我在相关实例中的 cloud-init 上看到以下错误:
/var/log/cloud-init-output.log
96 Cloud-init v. 21.1-19-gbad84ad4-0ubuntu1~20.04.2 running 'modules:config' at Wed, 08 Sep 2021 18:17:18 +0000. Up 58.79 seconds.
97 *** Installing apache2
98 Err:1 http://security.ubuntu.com/ubuntu focal-security InRelease
99 Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the conn ection to security.ubuntu.com:80 (2001:67c:1562::15). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.18 9.91.38), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out
100 Err:2 http://us-east-2.ec2.archive.ubuntu.com/ubuntu focal InRelease
101 Could not connect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.155.232), connection timed out Could not connect to us-east-2.ec2.archive.ubun tu.com:80 (52.15.107.13), connection timed out Could not connect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.106.142), connection timed out Co uld not connect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.102.108), connection timed out Could not connect to us-east-2.ec2.archive.ubuntu.c om:80 (52.15.159.198), connection timed out Could not connect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.158.54), connection timed out
102 Err:3 http://us-east-2.ec2.archive.ubuntu.com/ubuntu focal-updates InRelease
103 Unable to connect to us-east-2.ec2.archive.ubuntu.com:http:
104 Err:4 http://us-east-2.ec2.archive.ubuntu.com/ubuntu focal-backports InRelease
105 Unable to connect to us-east-2.ec2.archive.ubuntu.com:http:
106 Reading package lists...
107 W: Failed to fetch http://us-east-2.ec2.archive.ubuntu.com/ubuntu/dists/focal/InRelease Could not connect to us-east-2.ec2.archive.ubuntu.com:8 0 (52.15.155.232), connection timed out Could not connect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.107.13), connection timed out Could not connect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.106.142), connection timed out Could not connect to us-east-2.ec2.archive.ubuntu.com:80 (5 2.15.102.108), connection timed out Could not connect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.159.198), connection timed out Could not con nect to us-east-2.ec2.archive.ubuntu.com:80 (52.15.158.54), connection timed out
108 W: Failed to fetch http://us-east-2.ec2.archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease Unable to connect to us-east-2.ec2.archive.ubun tu.com:http:
这是我通过 terraform 执行此操作的方式:
resource "aws_instance" "vray_instance"
ami = "ami-00399ec92321828f5"
instance_type = "t2.micro"
key_name = aws_key_pair.vray_key_pair.key_name
vpc_security_group_ids = [aws_security_group.vray_security_group_web.id]
subnet_id = aws_subnet.vray_privated_subnet[0].id
user_data = file("$path.cwd/install_el_apache.sh")
tags =
Name = "Instance Web Server"
这是我的 shell 脚本的内容:
│ File: install_el_apache.sh
───────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 ~ │ #!/bin/bash
2 ~ │ echo "*** Installing apache2"
3 ~ │ sudo apt-get update
4 ~ │ sudo apt-get install -y apache2
5 ~ │ sudo systemctl start apache2
6 ~ │ sudo systemctl enable apache2
7 ~ │ echo "<h1>Web server Task2 with Terraform</h1>" | sudo tee /var/www/html/index.html
8 ~ │ echo "*** Completed Installing apache2"
非常欢迎对此提供任何线索或指责,有人指出,在执行脚本时未创建 NAT,但我检查了其他类似问题,不需要执行 cath 错误或输入脚本中的延迟,以便等待创建此脚本以处理脚本步骤。
提前致谢
+vRay
【问题讨论】:
您在其中部署实例的子网似乎没有通往 Internet 的路由?是否配置了到 NAT 网关的路由? 其实它的路线是我所有来自 terraform 的核心:link 一个简单的验证方法是将ssh 进入服务器并尝试手动运行这些命令,或者只运行curl 或其他东西来检查互联网访问。如果这不起作用,那么您需要查看您的网络配置。
是的,我还通过运行所有这些进行了测试,并在我创建的用于托管 Web 服务的实例中运行正常,我使用的 jumbox 也可以正常连接并从网络服务器
进展如何?仍然不清楚是什么问题?
【参考方案1】:
有人指出,执行脚本时并未创建 NAT
你几乎是正确的。但就您而言,这与您的vray_vpc_us_east2a_privated_association 有关。基本上,您的实例是在建立关联之前创建的,因此它们会超时。你应该可以用depends_on 解决这个问题:
resource "aws_instance" "vray_instance"
ami = "ami-00399ec92321828f5"
instance_type = "t2.micro"
key_name = aws_key_pair.vray_key_pair.key_name
vpc_security_group_ids = [aws_security_group.vray_security_group_web.id]
subnet_id = aws_subnet.vray_privated_subnet[0].id
user_data = file("$path.cwd/install_el_apache.sh")
tags =
Name = "Instance vRay Web Server"
depends_on = [aws_route_table_association.vray_vpc_us_east2a_privated_association]
#-------------------Creation of the JumpBox in Privated Subnet---------------------------
#not possible to reach Privated subnet within the VPC!!!
resource "aws_instance" "vray_jumpbox"
ami = "ami-00399ec92321828f5"
instance_type = "t2.micro"
key_name = aws_key_pair.vray_key_pair.key_name
vpc_security_group_ids = [aws_security_group.vray_security_group.id]
subnet_id = aws_subnet.vray_public_subnet[0].id
associate_public_ip_address = true
tags =
Name = "Jumpbox vRay"
depends_on = [aws_route_table_association.vray_vpc_us_east2a_privated_association]
您的应用仍然无法通过 Internet 访问,因为它位于私有子网中,但至少该实例应仅在 存在到 NAT 的路由之后启动。
【讨论】:
不幸的是,我没有足够的声望给你们积分,当我得到足够的时候会回来给你们。【参考方案2】:我明白你为什么感到困惑。如果您可以在从跳转框连接到实例的同时运行更新,则说明您有 Internet 连接。但是,错误消息表明当时该实例没有互联网连接。
那么这可能是时间问题吗(我对此表示怀疑,但值得一试)?如果在 Terraform 代码中添加“依赖于”Internet 网关会怎样?
【讨论】:
以上是关于user_data 未在 EC2 中执行,在 cloud-init thru terraform 中出现错误的主要内容,如果未能解决你的问题,请参考以下文章
未在 Aws Ec2 实例上为 PHP 7.2 执行 PHP 代码