Terraform remote-exec 无法上传脚本:scp: /tmp 权限被拒绝
Terraform remote-exec Failed to upload script: scp: /tmp permission denied
我正在为 Terraform 的 local-exec 苦苦挣扎。
我正在使用来自 amazon-linux-2.
的自己构建的 AMI 部署一个 EC2 实例
我有这个代码:
locals {
ssh_user_home = "/home/ec2-user"
}
resource "null_resource" "rerun" {
triggers = {
rerun = uuid()
}
provisioner "file" {
source = "${path.module}/sources"
destination = "${local.ssh_user_home}/tmp"
connection {
type = "ssh"
user = "${var.aws_ssh_user}"
private_key = "${data.aws_secretsmanager_secret_version.kibana_proxy_ssh_value.secret_string}"
host = "${aws_instance.logstash.private_ip}"
}
}
provisioner "file" {
source = "./creds"
destination = "${local.ssh_user_home}/tmp"
connection {
type = "ssh"
user = "${var.aws_ssh_user}"
private_key = "${data.aws_secretsmanager_secret_version.kibana_proxy_ssh_value.secret_string}"
host = "${aws_instance.logstash.private_ip}"
}
}
provisioner "remote-exec" {
inline = [
"cd ${local.ssh_user_home}/tmp",
"cp creds/.htpasswd.${var.aws_env} creds/.htpasswd",
"bash -x sources/ansible.sh ${var.es_fqdn} ${var.kibana_domain}",
# "rm -r /tmp/creds/",
# "rm -r /tmp/sources/",
]
connection {
type = "ssh"
user = "${var.aws_ssh_user}"
private_key = "${data.aws_secretsmanager_secret_version.kibana_proxy_ssh_value.secret_string}"
host = "${aws_instance.logstash.private_ip}"
#script_path = "${local.ssh_user_home}"
}
}
}
总是出现这个错误:
module.logstash-instance.null_resource.rerun (remote-exec): Connecting to remote host via SSH...
module.logstash-instance.null_resource.rerun (remote-exec): Host: 10.135.202.29
module.logstash-instance.null_resource.rerun (remote-exec): User: ec2-user
module.logstash-instance.null_resource.rerun (remote-exec): Password: false
module.logstash-instance.null_resource.rerun (remote-exec): Private key: true
module.logstash-instance.null_resource.rerun (remote-exec): Certificate: false
module.logstash-instance.null_resource.rerun (remote-exec): SSH Agent: false
module.logstash-instance.null_resource.rerun (remote-exec): Checking Host Key: false
mmodule.logstash-instance.null_resource.rerun (remote-exec): Connected!
Failed to upload script: scp: /tmp: Permission denied
不知道我做错了什么,因为 terraform 使用 ec2-user 作为用户,所有内容都被复制到 /home/ec2-user/tmp
我找到问题了。 amazon linux 2 以一种不允许从开箱即用的外部源进行 ssh 的方式进行了强化。我没有找到减轻此限制的解决方案,但我使用了 user_data(使用 cloud-init,这意味着 ec2 实例在重启后运行 user_data 脚本)现在一切正常:)
我正在为 Terraform 的 local-exec 苦苦挣扎。 我正在使用来自 amazon-linux-2.
的自己构建的 AMI 部署一个 EC2 实例我有这个代码:
locals {
ssh_user_home = "/home/ec2-user"
}
resource "null_resource" "rerun" {
triggers = {
rerun = uuid()
}
provisioner "file" {
source = "${path.module}/sources"
destination = "${local.ssh_user_home}/tmp"
connection {
type = "ssh"
user = "${var.aws_ssh_user}"
private_key = "${data.aws_secretsmanager_secret_version.kibana_proxy_ssh_value.secret_string}"
host = "${aws_instance.logstash.private_ip}"
}
}
provisioner "file" {
source = "./creds"
destination = "${local.ssh_user_home}/tmp"
connection {
type = "ssh"
user = "${var.aws_ssh_user}"
private_key = "${data.aws_secretsmanager_secret_version.kibana_proxy_ssh_value.secret_string}"
host = "${aws_instance.logstash.private_ip}"
}
}
provisioner "remote-exec" {
inline = [
"cd ${local.ssh_user_home}/tmp",
"cp creds/.htpasswd.${var.aws_env} creds/.htpasswd",
"bash -x sources/ansible.sh ${var.es_fqdn} ${var.kibana_domain}",
# "rm -r /tmp/creds/",
# "rm -r /tmp/sources/",
]
connection {
type = "ssh"
user = "${var.aws_ssh_user}"
private_key = "${data.aws_secretsmanager_secret_version.kibana_proxy_ssh_value.secret_string}"
host = "${aws_instance.logstash.private_ip}"
#script_path = "${local.ssh_user_home}"
}
}
}
总是出现这个错误:
module.logstash-instance.null_resource.rerun (remote-exec): Connecting to remote host via SSH...
module.logstash-instance.null_resource.rerun (remote-exec): Host: 10.135.202.29
module.logstash-instance.null_resource.rerun (remote-exec): User: ec2-user
module.logstash-instance.null_resource.rerun (remote-exec): Password: false
module.logstash-instance.null_resource.rerun (remote-exec): Private key: true
module.logstash-instance.null_resource.rerun (remote-exec): Certificate: false
module.logstash-instance.null_resource.rerun (remote-exec): SSH Agent: false
module.logstash-instance.null_resource.rerun (remote-exec): Checking Host Key: false
mmodule.logstash-instance.null_resource.rerun (remote-exec): Connected!
Failed to upload script: scp: /tmp: Permission denied
不知道我做错了什么,因为 terraform 使用 ec2-user 作为用户,所有内容都被复制到 /home/ec2-user/tmp
我找到问题了。 amazon linux 2 以一种不允许从开箱即用的外部源进行 ssh 的方式进行了强化。我没有找到减轻此限制的解决方案,但我使用了 user_data(使用 cloud-init,这意味着 ec2 实例在重启后运行 user_data 脚本)现在一切正常:)