Closed Empty2k12 closed 3 months ago
Hi @Empty2k12 👋🏼
ssh user@10.176.95.110 sudo /usr/bin/tee
works.
I see you've configured username 'user' for SSH access, but the username argument is not specified in the provider's ssh
config. So the provider is using the default username instead, i.e. the one that is configured in the provider
block via var.PROXMOX_VE_USERNAME
As I see from the the debug log, that user is different, and most likely is not configured for sudo
.
You'd need to add username = "user"
to the ssh
block in the provider config, and everything should work:
ssh {
agent = true
username = "user"
}
Please let me know if it solves the issue.
Hello @bpg, thanks for your quick response. I have just renamed the user in this issue. The user is called gero
. Adding username = "gero"
(should not be necessary) does not solve the issue.
Actually, the permissions for the user gero
are broader than required:
gero ALL=(ALL) NOPASSWD: ALL
gero ALL=(root) NOPASSWD: /sbin/pvesm
gero ALL=(root) NOPASSWD: /sbin/qm
gero ALL=(root) NOPASSWD: /usr/bin/tee /var/lib/vz/*
Interesting... 🤔 Do you have the same user set up in the same way on all nodes in your PVE cluster?
Yes, I have.
That really puzzles me. Could you check the syslog on your node, perhaps we can find some clues in there. For example, on my test node I have these logs from the snippet upload:
May 02 20:44:03 pve sshd[1894819]: Accepted key ED25519 SHA256:ciWV4gSYzOwR7dxeBWt/UZq5dF2qXoJOeT8SFQzJFDM found at /home/terraform/.ssh/authorized_keys:1
May 02 20:44:03 pve sshd[1894819]: Accepted publickey for terraform from X.X.X.X port 63876 ssh2: ED25519 SHA256:ciWV4gSYzOwR7dxeBWt/UZq5dF2qXoJOeT8SFQzJFDM
May 02 20:44:03 pve sshd[1894819]: User child is on pid 1894830
May 02 20:44:03 pve sshd[1894830]: Starting session: command for terraform from X.X.X.X port 63876 id 0
May 02 20:44:03 pve sudo[1894833]: terraform : PWD=/home/terraform ; USER=root ; COMMAND=/sbin/pvesm apiinfo
May 02 20:44:03 pve sudo[1894833]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
May 02 20:44:03 pve sudo[1894833]: pam_unix(sudo:session): session closed for user root
May 02 20:44:03 pve sudo[1894837]: terraform : PWD=/home/terraform ; USER=root ; COMMAND=/usr/bin/tee /var/lib/vz/snippets/cloud-config.yaml
May 02 20:44:03 pve sudo[1894837]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
May 02 20:44:03 pve sudo[1894837]: pam_unix(sudo:session): session closed for user root
May 02 20:44:03 pve sshd[1894830]: Close session: user terraform from X.X.X.X port 63876 id 0
Also, what type of shell is configured for root
on your node?
I just came across this same problem, and changing my shell back to bash
from zsh
seems to have solved the problem.
I have some pretty custom zsh configs, so I wouldn't be entirely surprised if my issue was there, but I am now curious if the OP was using a shell that isn't bash. 🙂
Thank you @mattburchett for your comment! I faced same issue and yeah..this module is not fully compatible with ZSH.
The requirement for the default root
shell has been documented in #1329
Describe the bug Creating a snippet throws
Error: error transferring file: sudo: /usr/bin/tee /var/lib/vz/snippets/vendor-config.yaml: command not found
.To Reproduce
ssh user@10.176.95.110 sudo pvesm apiinfo
returnsAPIVER 10 APIAGE 1
ssh user@10.176.95.110 sudo /usr/bin/tee
works.try_sudo(){ if [ $(sudo -n pvesm apiinfo 2>&1 | grep "APIVER" | wc -l) -gt 0 ]; then sudo $1; else $1; fi }; t ry_sudo /usr/bin/tee
on the host works. I am not proficient enough in Go and did not dig deep enough in the source to determine if it is trying to runsudo: /usr/bin/tee
.Please note this example has been created as a minimal repro. I am using the Pulumi provider which uses the same plugin, but the same error happens.
Expected behavior A clear and concise description of what you expected to happen.
OpenTofu v1.7.0 on darwin_arm64
TF_LOG=DEBUG terraform apply
): tofu.log