search

dmacvicar / terraform-provider-libvirt

Terraform provider to provision infrastructure with Linux's KVM using libvirt
Apache License 2.0
1.54k stars 457 forks source link

I'm using version 0.7.1 and still get errors when trying to "terraform plan" on remote host #1005

Closed LavBU closed 1 year ago

LavBU commented 1 year ago

System Information

terraform { required_providers { libvirt = { source = "dmacvicar/libvirt" version = "0.7.1" } } }

Linux distribution

CentOS Linux release 7.9.2009 (Core)

Terraform version

on linux_amd64
+ provider registry.terraform.io/dmacvicar/libvirt v0.7.1
+ provider registry.terraform.io/hashicorp/template v2.2.0

Description of Issue/Question

Provisioning a libvirt VM is working fine when running "terraform apply" on the local host. But when trying to do the same from another server to remote host (same host that is working locally), I'm getting the following errors: Using: uri = "qemu+ssh://root@/system" getting: Error: failed to dial libvirt: could not configure SSH authentication methods Using: uri = "qemu+ssh://root@/system?keyfile=/root/.ssh/id_ed25519" getting: Error: failed to dial libvirt: failed to connect to libvirt on the remote host: ssh: rejected: administratively prohibited (open failed) (Same with rsa key).

On the target host in /var/log/secure, I can see this error: "refused streamlocal port forward: originator port 0, target /var/run/libvirt/libvirt-sock"

Setup

Relevant main.tf section:

provider "libvirt" { uri = "qemu+ssh://root@/system?keyfile=/root/.ssh/id_ed25519" }

Thanks, Lavi

LavBU commented 1 year ago

Issue is fixed: When host is oracle-8, it is working with no issues. When Host is Centos-7, there is a need to create a dedicated user on that host and add it to libvirt group: usermod -a -G libvirt

then to add .ssh and authorized_keys file into it (with the right permission. Works like a charm.