(AWS Opsworks) Terraform Chef provisioning: ERROR:未能验证

Question

对于Terraform来说，我是新手，在创建实例之后，我正在尝试将一个节点引导为厨师。

以下是文件：

resource "aws_instance" "jenkinsNode" {

provisioner "remote-exec" {
connection {
  user = "ubuntu"
  private_key = "${file("~/key/mykey.pem")}"
  host = "${aws_instance.jenkinsNode.public_ip}" 
}

inline = [
  "sudo mkdir -p /etc/chef/trusted_certs",
  "sudo curl --silent --show-error --retry 3 --location --output 
\"/etc/chef/trusted_certs/opsworks-cm-ca-2016-root.pem\" 
\"https://opsworks-cm-us-assets.s3.amazonaws.com/misc/opsworks-cm-ca-2016-root.pem\""
 ]
}

provisioner "chef" {

environment     = "_default"
run_list        = ["android-aws-nodes::updateAndroidSdk"]
node_name       = "jenkinsNodeOnDemandUpdate"
secret_key      = "${file("~/chef/mobile-chef-aws/.chef/private.pem")}"
server_url      = "https://my-opsworks-server.io/organizations/default"
recreate_client = true
user_name       = "delivery"
user_key        = "${file("~/chef/mobile-chef-aws/.chef/private.pem")}"
version         = "12.8.1"
}

connection {
user = "ubuntu"
private_key = "${file("~/key/jenkins-main.pem")}"
}

 count = 1
 instance_type = "c4.8xlarge"
 ami = "ami-0000000"
 key_name = "mykey"
 subnet_id = "subnet-00000000"
 vpc_security_group_ids = ["sg-00000000"]
}

当我试图应用上述代码时，当我运行时，我收到以下错误。我连接并启动了引导进程，但是它一直抱怨它找不到私有的(我认为这是在运行“客户端创建”时创建的)。我对实例进行了修改，并且没有看到/etc/ ubuntu.pem /目录中的：

更新的aws_instance.jenkinsNode (厨师)：错误:未能通过密钥/etc/厨师/交付品认证到https://mobile-b9oer25dyrts1qor.us-east-1.opsworks-cm.io/organizations/default/ (厨师)：响应:用户或客户端‘传递’aws_instance.jenkinsNode (厨师)的签名无效:清除用户密钥.

Error applying plan:

1 error(s) occurred:

* aws_instance.jenkinsNode: 1 error(s) occurred:

* Command "sudo knife client create jenkinsNodeOnDemandUpdate -d -f /etc/chef/client.pem -c /etc/chef/client.rb -u ubuntu --key /etc/chef/ubuntu.pem" exited with non-zero exit status: 100

Answer 1

登录时没有密钥，因为它是在引导失败后立即删除的。

aws_instance.jenkinsNode (chef): Cleanup user key...

运行Terraform的机器上的双检查键(~/key/mykey.pem)是否采用正确的格式。另外，它应该用$file加载，或者以字符串的形式放置：

user_key        = "${file("~/key/mykey.pem")}"

只需再次检查Terraform是否支持~。