Provisioner Example works only with CentOS for remote-exec

[tmallikarjuna]

Hello,

I have tried executing same example for Debian 10 template UUID "b624bf02-e2df-401d-9c00-49d8ce8d4192". It looks like there is some problem with the template released.

I get the below failure message

null_resource.devkafka01a_provisioner: Still creating... [1m40s elapsed] null_resource.devkafka01a_provisioner: Still creating... [1m50s elapsed] null_resource.devkafka01a_provisioner (remote-exec): Connecting to remote host via SSH... null_resource.devkafka01a_provisioner (remote-exec): Host: 45.12.49.175 null_resource.devkafka01a_provisioner (remote-exec): User: root null_resource.devkafka01a_provisioner (remote-exec): Password: false null_resource.devkafka01a_provisioner (remote-exec): Private key: false null_resource.devkafka01a_provisioner (remote-exec): Certificate: false null_resource.devkafka01a_provisioner (remote-exec): SSH Agent: false null_resource.devkafka01a_provisioner (remote-exec): Checking Host Key: false null_resource.devkafka01a_provisioner: Still creating... [2m0s elapsed] Error: timeout - last error: SSH authentication failed (root@45.12.49.175:22): ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

Can someone help me here.

I also tried using ssh-agent true but it fails with below result

ocal_file.ansible_inventory: Creation complete after 0s [id=3ff0486f1f661ffe06bf304ee7d137fc822f7a8c] Error: SSH agent requested but SSH_AUTH_SOCK not-specified

[bkircher]

Hey there. Seems like there is trouble reaching the machine. Can you ping or reach the machine with ssh from your computer?

Does it work if you destroy the resource with terraform destroy and run terraform apply again?

[bkircher]

Ah, sorry. On second look, I missed the

 ssh: handshake failed

So forget my previous question :roll_eyes: . The problem is that you do not have the SSH private key in your ssh agent or otherwise do not give the identity to ssh.

One way of doing it (and this is totally missing in the example, I just saw) is to add your key to your SSH agent.

This is easy, just run

$ ssh-add ~/.ssh/id_rsa

whereas ~/.ssh/id_rsa is the path to your private SSH key (it really can be named anything). You can check if the key is loaded by again running ssh-add with -L, e.g.:

$ ssh-add -L
ssh-ed25519 AAAAC3NzaC1lZDI1NTE <snip/> 9ZwXl john@example.com

If it shows you something here it has the key loaded and ssh will consider that key when connecting to servers.

There are other ways to achieve the same thing but I find using SSH agents more convenient. The line where you can change SSH connection options is this in server.tf example.

Let me know if this works!

[tmallikarjuna]

@bkircher thanks for the input. I will work on it and get back to you :)

[tmallikarjuna]

@bkircher I tried using ssh-add and it works absolutely fine. But, I was trying to execute this inside an alpine image container with minimal resources supported on shell. I tried with too many ways of using a local provisioner to add ssh key but the agent tries to open a connection and fails. Hence it is better or easy to point your private key inside the connection details. I can provide you an example and you may also include this in the document.

connection { user = "root" port = 22 private_key = file("/root/.ssh/id_rsa") host = gridscale_ipv4.ipv4_address.ip timeout = "2m" }

Maybe this will be useful if someone tries to build CI/CD using k8s agent on Jenkins or Gitlab runners.