Knife-ec2 - SSH connection is failing after starting EC2 instance successfully


#1

Hi there,
I’m running a knife ec2 server create command that looks like this:
knife ec2 server create --associate-public-ip -N ‘foo’ --ebs-volume-type
gp2 -E foo-prod -f t2.small -i ~/.ssh/prod1.pem -I ami-b66ed3de --region
us-east-1 -r ‘recipe[foo]’ -g sg-56530433,sg-5547b331 -S prod1 -s
subnet-1f9eac37 --ssh-user ec2-user

After creating the instance successfully, it gets stuck on this line:
“Waiting for sshd access to become available”.

I’ve tried waiting several minutes for sshd to become “available” while I
SSH into the same instance manually in a separate terminal, so I know I can
get to the instance from my machine.

My hunch is that it’s trying to connect to the public DNS name of the
instance, which isn’t going to work in my situation, I need it to connect
to the private IP.
I’m sorry if I missed it in the knife ec2 help, but is there a way to tell
it to connect using the private IP, not the public one?

Or what else can I do? Provision the instance without a public IP so
knife-ec2 will be forced to use the private IP to do its thing, and then
add the EIP myself? I’m fine with that in this case because it’s a one-off,
but then this begs the question: how could I do it if I really needed this
to be fully automated and to work on a large scale?

Thanks!
Fabien


#2

So I may have been having the opposite problem myself recently (attempting
to automatically connect to private ip, not Elastic IP I assigned it).

Ultimately you’ll find out exactly which address it is connecting to by
adding -VV to your knife request. Ultimately what fixed it for me was
adding “–server-connect-attribute public_ip_address”, so in your case,
perhaps private_ip_address?

On Mon, Mar 9, 2015 at 8:36 AM, Fabien Delpierre <fabien.delpierre@gmail.com

wrote:

Hi there,
I’m running a knife ec2 server create command that looks like this:
knife ec2 server create --associate-public-ip -N ‘foo’ --ebs-volume-type
gp2 -E foo-prod -f t2.small -i ~/.ssh/prod1.pem -I ami-b66ed3de --region
us-east-1 -r ‘recipe[foo]’ -g sg-56530433,sg-5547b331 -S prod1 -s
subnet-1f9eac37 --ssh-user ec2-user

After creating the instance successfully, it gets stuck on this line:
“Waiting for sshd access to become available”.

I’ve tried waiting several minutes for sshd to become “available” while I
SSH into the same instance manually in a separate terminal, so I know I can
get to the instance from my machine.

My hunch is that it’s trying to connect to the public DNS name of the
instance, which isn’t going to work in my situation, I need it to connect
to the private IP.
I’m sorry if I missed it in the knife ec2 help, but is there a way to tell
it to connect using the private IP, not the public one?

Or what else can I do? Provision the instance without a public IP so
knife-ec2 will be forced to use the private IP to do its thing, and then
add the EIP myself? I’m fine with that in this case because it’s a one-off,
but then this begs the question: how could I do it if I really needed this
to be fully automated and to work on a large scale?

Thanks!
Fabien


#3

I’ll have to test it, but apparently you are correct!

Funny, --server-connect-attribute is pretty much the only argument of knife
ec2 server create that is not documented, as far as I can tell.

On Mon, Mar 9, 2015 at 12:35 PM, Michael Lindsay mlindsay@metrodigi.com
wrote:

So I may have been having the opposite problem myself recently (attempting
to automatically connect to private ip, not Elastic IP I assigned it).

Ultimately you’ll find out exactly which address it is connecting to by
adding -VV to your knife request. Ultimately what fixed it for me was
adding “–server-connect-attribute public_ip_address”, so in your case,
perhaps private_ip_address?

On Mon, Mar 9, 2015 at 8:36 AM, Fabien Delpierre <
fabien.delpierre@gmail.com> wrote:

Hi there,
I’m running a knife ec2 server create command that looks like this:
knife ec2 server create --associate-public-ip -N ‘foo’ --ebs-volume-type
gp2 -E foo-prod -f t2.small -i ~/.ssh/prod1.pem -I ami-b66ed3de --region
us-east-1 -r ‘recipe[foo]’ -g sg-56530433,sg-5547b331 -S prod1 -s
subnet-1f9eac37 --ssh-user ec2-user

After creating the instance successfully, it gets stuck on this line:
“Waiting for sshd access to become available”.

I’ve tried waiting several minutes for sshd to become “available” while I
SSH into the same instance manually in a separate terminal, so I know I can
get to the instance from my machine.

My hunch is that it’s trying to connect to the public DNS name of the
instance, which isn’t going to work in my situation, I need it to connect
to the private IP.
I’m sorry if I missed it in the knife ec2 help, but is there a way to
tell it to connect using the private IP, not the public one?

Or what else can I do? Provision the instance without a public IP so
knife-ec2 will be forced to use the private IP to do its thing, and then
add the EIP myself? I’m fine with that in this case because it’s a one-off,
but then this begs the question: how could I do it if I really needed this
to be fully automated and to work on a large scale?

Thanks!
Fabien


#4

I also had trouble with this and mentioned it in a comment on this issue
https://github.com/chef/knife-ec2/issues/244#issuecomment-58066209. Maybe
we just need a separate ticket filed for documenting
–server-connect-attribute ?

On Mon, Mar 9, 2015 at 11:45 AM, Fabien Delpierre <
fabien.delpierre@gmail.com> wrote:

I’ll have to test it, but apparently you are correct!

https://github.com/chef/knife-ec2/blob/master/lib/chef/knife/ec2_server_create.rb#L839-L849

Funny, --server-connect-attribute is pretty much the only argument of knife
ec2 server create that is not documented, as far as I can tell.

On Mon, Mar 9, 2015 at 12:35 PM, Michael Lindsay mlindsay@metrodigi.com
wrote:

So I may have been having the opposite problem myself recently
(attempting to automatically connect to private ip, not Elastic IP I
assigned it).

Ultimately you’ll find out exactly which address it is connecting to by
adding -VV to your knife request. Ultimately what fixed it for me was
adding “–server-connect-attribute public_ip_address”, so in your case,
perhaps private_ip_address?

On Mon, Mar 9, 2015 at 8:36 AM, Fabien Delpierre <
fabien.delpierre@gmail.com> wrote:

Hi there,
I’m running a knife ec2 server create command that looks like this:
knife ec2 server create --associate-public-ip -N ‘foo’ --ebs-volume-type
gp2 -E foo-prod -f t2.small -i ~/.ssh/prod1.pem -I ami-b66ed3de --region
us-east-1 -r ‘recipe[foo]’ -g sg-56530433,sg-5547b331 -S prod1 -s
subnet-1f9eac37 --ssh-user ec2-user

After creating the instance successfully, it gets stuck on this line:
“Waiting for sshd access to become available”.

I’ve tried waiting several minutes for sshd to become “available” while
I SSH into the same instance manually in a separate terminal, so I know I
can get to the instance from my machine.

My hunch is that it’s trying to connect to the public DNS name of the
instance, which isn’t going to work in my situation, I need it to connect
to the private IP.
I’m sorry if I missed it in the knife ec2 help, but is there a way to
tell it to connect using the private IP, not the public one?

Or what else can I do? Provision the instance without a public IP so
knife-ec2 will be forced to use the private IP to do its thing, and then
add the EIP myself? I’m fine with that in this case because it’s a one-off,
but then this begs the question: how could I do it if I really needed this
to be fully automated and to work on a large scale?

Thanks!
Fabien