hashicorp / terraform-provider-azure-classic

Terraform Azure Classic (Service Management) provider
https://www.terraform.io/docs/providers/azure/
Mozilla Public License 2.0
2 stars 11 forks source link

Azure ssh key issue #1

Closed hashibot closed 6 years ago

hashibot commented 7 years ago

This issue was originally opened by @tayzlor as hashicorp/terraform#2419. It was migrated here as part of the provider split. The original body of the issue is below.


Hi there, I'm trying out the azure provider in the latest master branch and receiving the following issue when trying to provision an instance -

* Error creating instance NAME: Error response from Azure. Code: BadRequest, Message: The certificate with thumbprint THUMBPRINT_HERE was not found.

My azure_instance looks something like this -

resource "azure_instance" "master" {
  name          = "instance-${count.index}"
  count          = "${var.masters}"
  image                       = "custom-image-name"
  size                          = "${var.instance_type.master}"
  security_group    = "${azure_security_group.default.name}"
  location               = "${var.region}"
  username           = "${var.username}"
  ssh_key_thumbprint = "${var.ssh_key_thumbprint}"

  endpoint {
    name         = "SSH"
    protocol     = "tcp"
    public_port  = 22
    private_port = 22
  }
}

I'm using a Linux host and building with a custom Ubuntu based image i've baked using the Packer azure plugin.

I've followed this guide to create an SSH key for Azure - https://azure.microsoft.com/en-gb/documentation/articles/virtual-machines-linux-use-ssh-key/

and uploaded it to https://manage.windowsazure.com/@myusername#Workspaces/AdminTasks/ListManagementCertificates

I'm wondering if this is just a user error (i've missed a step) or if there is something wrong here. Following the docs for azure i'm using the AZURE_SETTINGS_FILE downloaded from https://manage.windowsazure.com/publishsettings

How do I associate an SSH key with my instance, is this possible via terraform in a similar way to http://terraform.io/docs/providers/aws/r/key_pair.html ?

hashibot commented 7 years ago

This comment was originally opened by @tayzlor as https://github.com/hashicorp/terraform/issues/2419#issuecomment-114155050. It was migrated here as part of the provider split. The original comment is below.


As an aside if I use a password instead of an ssh_key_thumbprint the instances provision fine.

hashibot commented 7 years ago

This comment was originally opened by @stonevil as https://github.com/hashicorp/terraform/issues/2419#issuecomment-125384576. It was migrated here as part of the provider split. The original comment is below.


This same issue

hashibot commented 7 years ago

This comment was originally opened by @stonevil as https://github.com/hashicorp/terraform/issues/2419#issuecomment-125408982. It was migrated here as part of the provider split. The original comment is below.


Look like this is issue with azure-sdk-for-go. This same issue with small Go app created with azure-sdk-for-go.

hashibot commented 7 years ago

This comment was originally opened by @keymon as https://github.com/hashicorp/terraform/issues/2419#issuecomment-135862402. It was migrated here as part of the provider split. The original comment is below.


In #3099 we request a feature to be able to upload the ssh key from terraform.

In this commit you can see that we implemented automation around this using a local_exec provisioner in the azure_hosted_service which calls the azure-cli. You might find this useful.

hashibot commented 7 years ago

This comment was originally opened by @xied75 as https://github.com/hashicorp/terraform/issues/2419#issuecomment-160133033. It was migrated here as part of the provider split. The original comment is below.


Guys, all wrong direction. For those of you who made the correct decision to stick with TF for Azure, here is what I found after a whole day wasted on this:

0, we are talking about classic ASM mode here. 1, the "Management Certificates" you can see and upload in the classic portal, as the name suggests, are for Management purpose only, things like authenticate you via Visual Studio or azure-cli to reach the api endpoint. 2, what you need for ssh login to your deployed Linux VM, is Certificates that belong to a Cloud Service, i.e. the Cloud Service you are deploying your VM into. 3, during deploy, Azure simply get your public key from the cert and put it under /home/you/.ssh/authorized_keys

It's very strange to understand consider AWS/CloudStack would let you create ssh public key as an object and reference that in your deployment. But anyway, this is Microsoft we are talking about.

So the proper procedure: 1, you create id_rsa, id_rsa.pub as normal. 2, you generate a .cer file. 3, you upload the .cer file into your Cloud Service. 4, reference its thumbprint in your tf. 5, login via -i id_rsa

If you are making your own image, leave the id_rsa.pub in authorized_keys as normal. Otherwise for Azure images, I believe they all have some kind of cloud init in it to fetch keys at boot time.

Things TF doesn't do: upload .cer step. Will look further as otherwise this is not full automation.

vancluever commented 6 years ago

Hello!

Thank you for opening this issue and participating in the discussion. Today (December 19, 2017) we’ve announced the deprecation and archival of the Azure Classic Provider. Matching Microsoft’s commitment to gradually remove access to Azure Classic (or Service Management) which is outlined in this blog post, we are closing all open PR's and Issues here. This repository will remain available here on GitHub, but in an archived state, and no longer receiving support or new releases.

The Azure (Resource Manager) Provider remains fully supported and is our recommended approach for managing Azure with Terraform. More information about this process is available in the blog post linked above.

Thanks! The Terraform Team