How to get knife to bootstrap an EC2 instance in a public VPC

amazon ec2amazon-vpcchefknife

I don't know much about routing and subnets and vpc's, I never had to use those with my old AWS account.
In my new AWS account, I started a new Amazon Linux AMI instance (ami-043a5034). The security group it is attached to includes allowing port 22. The VPC settings are all default, which I thought meant it is supposed to work like the 'legacy' style EC2 config without VPCs.
I'm using knife-ec2 gem version 0.8.0. My knife creation command is something like this (with region and other settings specified by knife.rb)

knife ec2 server create -r 'role[webserver]' -I 'ami-043a5034' -E development -G 'web-security-group' -N 'webserver1'

I've also tried

knife ec2 server create -r 'role[webserver]' -I 'ami-043a5034' -E development -g 'sg-abcdef12' -N 'webserver1' --associate-public-ip --subnet subnet-abcdef12 --server-connect-attribute public_ip_address

Both with and without the server-connect-attribute parameter

Once it has created the instance, it is stuck at 'Waiting for sshd' (with no periods). I'm able to SSH into the new instance from the terminal, as well as the Java tool Amazon provides, so I know it is publicly available, but I'm not sure how to get knife/chef to connect properly to finish bootstrapping the new instance. Where do I start? Do I need an Elastic IP, or can I get away with using whatever public IP it is assigned?

Best Answer

I needed to add two more options.

-i ~/.ssh/key.pem

and

--ssh-user ec2-user

I assumed these were already working, since I was able to knife ec2 server list, and because I specified knife[:aws_ssh_key_id] in knife.rb, but that key id is referring specifically to the keypair name on AWS, you still need to connect to your newly created instance with that key on your own computer.

Related Solutions

Linux SSH – Permission Denied (publickey) from Ubuntu to Amazon EC2

The first thing to do in this situation is to use the -v option to ssh, so you can see what types of authentication is tried and what the result is. Does that help enlighten the situation?

In your update to your question, you mention "on another local Ubuntu". Have you copied over the ssh private key to the other machine?

How to configure knife and EC2 to create a new instance from the command line

I'm assuming that you are receiving this error while creating a new node and not when you try to set the security credentials in your knife.rb.

To be precise, the error should come up when you initiate:

knife ec2 server create -I <ami-id>

The error

ERROR: You did not provide a valid 'AWS SSH Key Id' value.

is due to a missing SSH Keypair in your knife ec2 server create command. You need to specify an SSH Keypair whenever you launch an Amazon EC2 instance. This SSH public key is added to a newly launched instance to enable a passwordless SSH login. Keypairs can either be created or imported. Keypairs (for US-East region) can be found at EC2 -> Keypairs section of your Amazon AWS console.

Once you pick an SSH Keypair, you could specify it's name in your knife ec2 create command as:

knife ec2 server create -I <ami-id> -S <your-ssh-keypair-name>

Note: This will launch an EC2 instance out of the specified ami-id and with the SSH keypair. Knife will proceed towards knife bootstrap once the instance is launched. To do so, you need to make sure the SSH keypair's private key is added to your ssh-agent session before initiating a knife ec2 server create. You might also want to specify your Chef server URL with --server-url option of knife ec2 server create.

Best Answer

Related Solutions

Linux SSH – Permission Denied (publickey) from Ubuntu to Amazon EC2

How to configure knife and EC2 to create a new instance from the command line

Related Topic