How to launch amazon ec2 instance inside vpc using chef without using a gateway machine?

3
votes

I am using chef to create amazon EC2 instances inside a VPC. I have alloted an elastic IP to new instance using --associate-eip option in knife ec2 server create. How do I bootstrap it without a gateway machine? It gets stuck at "Waiting for sshd" as it uses the private IP of newly created server to ssh into it, though it has an elastic IP allocated? Am I missing anything? Here is the command I used.

bundle exec knife ec2 server create --subnet <subnet> --security-group-ids 
<security_group> --associate-eip <EIP>  --no-host-key-verify --ssh-key <keypair>
--ssh-user ubuntu --run-list "<role_list>" 
--image ami-59590830 --flavor m1.large --availability-zone us-east-1b  
--environment staging --ebs-size 10 --ebs-no-delete-on-term --template-file 
<bootstrap_file> --verbose

Is there any other work-around/patch to solve this issue?

Thanks in advance

2
amazon-web-servicesamazon-ec2chef-infraknifeamazon-vpc

2 Answers

4
votes

I finally got around the issue by using the --server-connect-attribute option, which is supposed to be used along with a --ssh-gateway attribute.

Add --server-connect-attribute public_ip_address to above knife ec2 create server command, which will make knife use public_ip_address of your server.

Note: This hack works using knife-ec2 (0.6.4). Refer def ssh_connect_host here

1
votes

Chef will always use the private IP while registering the EC2 nodes. You can get this working by having your chef server inside the VPC as well. Definitely not a best practice.

The other workaround is, let your chef server be out side of VPC. Instead of bootstrapping the instance using knife ec2 command follow the instructions over here. This way you will bootstrap your node from the node itself and not from the Chef-server/workstation.