gridscale / terraform-examples

Template files to help you get started with Terraform and gridscale
https://gridscale.io
MIT License
4 stars 2 forks source link

Provisioner Example works only with CentOS for remote-exec #12

Closed tmallikarjuna closed 3 years ago

tmallikarjuna commented 3 years ago

Hello,

I have tried executing same example for Debian 10 template UUID "b624bf02-e2df-401d-9c00-49d8ce8d4192". It looks like there is some problem with the template released.

I get the below failure message

null_resource.devkafka01a_provisioner: Still creating... [1m40s elapsed] null_resource.devkafka01a_provisioner: Still creating... [1m50s elapsed] null_resource.devkafka01a_provisioner (remote-exec): Connecting to remote host via SSH... null_resource.devkafka01a_provisioner (remote-exec): Host: 45.12.49.175 null_resource.devkafka01a_provisioner (remote-exec): User: root null_resource.devkafka01a_provisioner (remote-exec): Password: false null_resource.devkafka01a_provisioner (remote-exec): Private key: false null_resource.devkafka01a_provisioner (remote-exec): Certificate: false null_resource.devkafka01a_provisioner (remote-exec): SSH Agent: false null_resource.devkafka01a_provisioner (remote-exec): Checking Host Key: false null_resource.devkafka01a_provisioner: Still creating... [2m0s elapsed] Error: timeout - last error: SSH authentication failed (root@45.12.49.175:22): ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

Can someone help me here.

I also tried using ssh-agent true but it fails with below result

ocal_file.ansible_inventory: Creation complete after 0s [id=3ff0486f1f661ffe06bf304ee7d137fc822f7a8c] Error: SSH agent requested but SSH_AUTH_SOCK not-specified

bkircher commented 3 years ago

Hey there. Seems like there is trouble reaching the machine. Can you ping or reach the machine with ssh from your computer?

Does it work if you destroy the resource with terraform destroy and run terraform apply again?

bkircher commented 3 years ago

Ah, sorry. On second look, I missed the

 ssh: handshake failed

So forget my previous question :roll_eyes: . The problem is that you do not have the SSH private key in your ssh agent or otherwise do not give the identity to ssh.

One way of doing it (and this is totally missing in the example, I just saw) is to add your key to your SSH agent.

This is easy, just run

$ ssh-add ~/.ssh/id_rsa

whereas ~/.ssh/id_rsa is the path to your private SSH key (it really can be named anything). You can check if the key is loaded by again running ssh-add with -L, e.g.:

$ ssh-add -L
ssh-ed25519 AAAAC3NzaC1lZDI1NTE <snip/> 9ZwXl john@example.com

If it shows you something here it has the key loaded and ssh will consider that key when connecting to servers.

There are other ways to achieve the same thing but I find using SSH agents more convenient. The line where you can change SSH connection options is this in server.tf example.

Let me know if this works!

tmallikarjuna commented 3 years ago

@bkircher thanks for the input. I will work on it and get back to you :)

tmallikarjuna commented 3 years ago

@bkircher I tried using ssh-add and it works absolutely fine. But, I was trying to execute this inside an alpine image container with minimal resources supported on shell. I tried with too many ways of using a local provisioner to add ssh key but the agent tries to open a connection and fails. Hence it is better or easy to point your private key inside the connection details. I can provide you an example and you may also include this in the document.

connection { user = "root" port = 22 private_key = file("/root/.ssh/id_rsa") host = gridscale_ipv4.ipv4_address.ip timeout = "2m" }

Maybe this will be useful if someone tries to build CI/CD using k8s agent on Jenkins or Gitlab runners.