SSH config support

[stacab]

/kind enhacement

Using this provider, one can use SSH to connect to libvirt daemon on remote host. It can be done via connection uri with parameters like user, hostname, keyfile, etc.

It would be very helpful to be able to provider Host, as defined in ~/.ssh/config which already has these parameters (user, hostname, keyfile) defined. AFAIK, native Go's ssh client library cannot do this, however, there's ssh_config which can parse OpenSSH config files.

Example:

Given that functionality is implemented, following uri: uri = "qemu-ssh://root@host.example.org/system?keyfile=/home/myuser/.ssh/id_rsa"

is equivalent to uri = "qemu-ssh://machine" given that in ~/.ssh/config there's following content:

Host machine
        HostName host.example.org
        User root
        IdentityFile /home/myuser/.ssh/id_rsa

Motivation: in AWS provider, one can specify multiple ways of connecting to AWS API. One of them is profile. If there's profile named foo configured on machine of engineer John with his credentials and profile with different credentials for engineer Daphne on her machine also named foo, they can share the same Terraform configuration with ease because profile name is the same. I wanted something similar for this provider.

I do know it might be very specific usage and you may not be keen on including feature. However, if it is okay with you, I can implement this.

[inflatador]

Not sure if this covers your use case, but a similar feature request was just merged to main . Apologies in advance if you are looking for something else.

[stacab]

Hi @inflatador I did look at mentioned PR but AFAIK, this does not implement what I want. It does implement support for SSH agent but configuration file is parsed by client (ssh command in case of openssh) - at least from what I was able to get from investigation.

[frgomes]

@inflatador :: The latest 0.6.11 presented a regression in my case.

This is the connection string I was using with 0.6.10:

qemu+ssh://rgomes@host.example.com/system?keyfile=$HOME/.ssh/id_ed25519_laptop.example.com

Now it is failing with 0.6.11.

In more than 25 years using more than 12 flavors of Unixes, I've never had to use ssh-agent and I do not feel comfortable with the idea of being forced to use it at this point. I'm reverting to 0.6.10.

Probably the most powerful approach and arguably most popular approach for configuring a ssh client is populating ~/.ssh/config.

[stacab]

@dmacvicar WDYT?

[dmacvicar]

@inflatador :: The latest 0.6.11 presented a regression in my case.

This is the connection string I was using with 0.6.10:

qemu+ssh://rgomes@host.example.com/system?keyfile=$HOME/.ssh/id_ed25519_laptop.example.com

Now it is failing with 0.6.11.

In more than 25 years using more than 12 flavors of Unixes, I've never had to use ssh-agent and I do not feel comfortable with the idea of being forced to use it at this point. I'm reverting to 0.6.10.

Probably the most powerful approach and arguably most popular approach for configuring a ssh client is populating ~/.ssh/config.

@frgomes can you please read https://github.com/dmacvicar/terraform-provider-libvirt/issues/886#issuecomment-933228205 check if that solves it for you, and contribute to data in #886. It is clear that I will not add a feature only because another functionality is not working as expected.

[dmacvicar]

@dmacvicar WDYT?

In general I like the use-case you describe, about sharing a terraform configuration and keeping the user-specific settings local to the user.

I am only worried about this changing the ssh settings behinds user backs and then generating bug reports. Any idea how to avoid that?

[frgomes]

@dmacvicar : I will test along the week and give feedback. I'm sorry for delay. Thanks a lot for your support. :100:

[matrohon]

@dmacvicar @frgomes is #933 a potential fix for this issue?