文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >不能通过terraform创建ssh到ibmcloud实例

不能通过terraform创建ssh到ibmcloud实例
EN

Stack Overflow用户
提问于 2020-09-08 21:06:03
回答 1查看 202关注 0票数 0

我可以通过Terraform在IBMCloud中成功地创建一个实例。问题是,在成功部署之后,我无法将ssh放到实例中。

terraform-provider-ibm的版本是:1.11.2

地形本身的版本是:v0.12.20

我使用的地形代码如下:

代码语言:javascript
复制
provider "ibm" {
  ibmcloud_api_key   = ""
  region="eu-gb"
  generation = 2
}

variable "ssh_public_key" {
  default = "~/.ssh/id_rsa.pub"
}

resource "ibm_is_vpc" "testacc_vpc" {
  name = "testvpc"
}

resource "ibm_is_subnet" "testacc_subnet" {
  name            = "testsubnet"
  vpc             = ibm_is_vpc.testacc_vpc.id
  zone            = "eu-gb-1"
  ipv4_cidr_block = "10.242.0.0/24"
}

resource "ibm_is_ssh_key" "testacc_sshkey" {
  name       = "testssh"
  public_key = "file(var.ssh_public_key)"
}


resource "ibm_is_security_group" "testacc_security_group" {
    name = "test"
    vpc = ibm_is_vpc.testacc_vpc.id
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "127.0.0.1"
    depends_on = [ibm_is_security_group.testacc_security_group]
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "127.0.0.1"
    icmp {
        code = 22
        type = 22
    }
    depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
  name    = "testinstance"
  image   = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
  profile = "cx2-2x4"

  primary_network_interface {
    subnet = ibm_is_subnet.testacc_subnet.id
  }

  network_interfaces {
    name   = "eth1"
    subnet = ibm_is_subnet.testacc_subnet.id
  }

  vpc  = ibm_is_vpc.testacc_vpc.id
  zone = "eu-gb-1"
  keys = [ibm_is_ssh_key.testacc_sshkey.id]
  depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]

  //User can configure timeouts
  timeouts {
    create = "90m"
    delete = "30m"
  }
}

resource "ibm_is_floating_ip" "fip1" {
  name   = "fip1"
  target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}

output "sshcommand" {
  value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}

有人发现安全规则有什么问题吗?我是不是遗漏了一些额外的配置?

提前谢谢大家!

cloud
terraform
ibm-cloud
terraform-provider-ibm
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2020-09-09 05:13:00

在terraform文件中需要进行一些更改。

  1. 您需要将实例(vsi)附加到安全组。
  2. 如果要定义主网络接口,则不需要network interface。如果需要,请记住使用ssh规则使用security_groups附加安全组。
  3. 遥控器应该是0.0.0.0/0,而不是127.0.0.1
  4. 传递SSH发布密钥值cat ~/.ssh/id_rsa.pub或从UI创建SSH密钥,然后传递密钥名。
代码语言:javascript
复制
data "ibm_is_ssh_key" "ds_key" {
    name = "test"
}

下面是更新后的Terraform文件,其中包含了上述所有更改。有关文档,请参阅这里

代码语言:javascript
复制
provider "ibm" {
  ibmcloud_api_key   = ""
  region="eu-gb"
  generation = 2
}


resource "ibm_is_vpc" "testacc_vpc" {
  name = "testvpc"
}

resource "ibm_is_subnet" "testacc_subnet" {
  name            = "testsubnet"
  vpc             = ibm_is_vpc.testacc_vpc.id
  zone            = "eu-gb-1"
  ipv4_cidr_block = "10.242.0.0/24"
}

resource "ibm_is_ssh_key" "testacc_sshkey" {
  name       = "testssh"
  public_key = "ssh-rsa xxxxxxx"
}


resource "ibm_is_security_group" "testacc_security_group" {
    name = "test"
    vpc = ibm_is_vpc.testacc_vpc.id
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_all" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "0.0.0.0/0"
    depends_on = [ibm_is_security_group.testacc_security_group]
}

resource "ibm_is_security_group_rule" "testacc_security_group_rule_ssh" {
    group = ibm_is_security_group.testacc_security_group.id
    direction = "inbound"
    remote = "0.0.0.0/0"
    icmp {
        code = 22
        type = 22
    }
    depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_all]
}
resource "ibm_is_instance" "testacc_instance" {
  name    = "testinstance"
  image   = "99edcc54-c513-4d46-9f5b-36243a1e50e2"
  profile = "cx2-2x4"

  primary_network_interface {
    subnet = ibm_is_subnet.testacc_subnet.id
    security_groups = [ibm_is_security_group.testacc_security_group.id]
  }

  vpc  = ibm_is_vpc.testacc_vpc.id
  zone = "eu-gb-1"
  keys = [ibm_is_ssh_key.testacc_sshkey.id]
  depends_on = [ibm_is_security_group_rule.testacc_security_group_rule_ssh]

  //User can configure timeouts
  timeouts {
    create = "90m"
    delete = "30m"
  }
}

resource "ibm_is_floating_ip" "fip1" {
  name   = "fip1"
  target = ibm_is_instance.testacc_instance.primary_network_interface[0].id
}

output "sshcommand" {
  value = "ssh root@${ibm_is_floating_ip.fip1.address}"
}
票数 1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/63801559

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档