search

dmacvicar / terraform-provider-libvirt

Terraform provider to provision infrastructure with Linux's KVM using libvirt
Apache License 2.0
1.54k stars 457 forks source link

${HOME}/.ssh/config support #929

Open jbeisser opened 2 years ago

jbeisser commented 2 years ago

As I fight my way through some issues with the URI syntax, I'd like to be able to recycle provider code as much as I can.

For example:

provider "libvirt" {
  alias = "vmhostA"
  uri = "qemu+ssh://vmA.domain.com/system?socket=/var/run/libvirt/libvirt-sock&sshauth=agent"
}
provider "libvirt" {
 alias = "vmhostB"
 uri = "qemu+ssh://vmB.domain.com/system?socket=/var/run/libvirt/libvirt-sock&sshauth=agent"
}

To make this work with a team of 10 users, it should load from ${HOME}/.ssh/config pull in the configuration, and avoid having a locked username in the URI. During a POC test with ssh_config has some promise for overriding usernames in 0.16.4 (https://github.com/jbeisser/terraform-provider-libvirt/tree/ssh-config-support)

The advantage is being able to recycle the local provider with any account that has access on the remote system's socket, without needing to fill in, or override, the URI with a user@host concern, and support the native SSH configuration. This also allows ${HOME}/.ssh/config to provide all the authentication information for the remote system.

jbeisser commented 2 years ago

@dmacvicar, I know issues with SSH are kind of a weird topic, I'm not sure writing your own ssh_config parser is fully necessary from what little I've read on the provider requirements for TF cloud.

dmacvicar commented 2 years ago

I am definitely interested in supporting ssh_config.

Not sure if using https://github.com/kevinburke/ssh_config or https://github.com/k1LoW/sshc

At the end the parser is the less important part, and the translation into a ClientConfig or even a Client seems to me where the complexity is, if there is any.