Closed akamalov closed 6 years ago
Further debug is showing the following:
2017-12-11T13:24:01.224-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:01 connecting to TCP connection for SSH
2017-12-11T13:24:01.224-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:01 [DEBUG] Connecting to bastion: XXXXXX-bastion.XXXXX.cloudapp.azure.com:22
2017/12/11 13:24:01 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "azurerm_virtual_machine.broker[1]"
2017-12-11T13:24:02.759-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:02 [DEBUG] Connecting via bastion (XXXXXX-bastion.XXXXX.cloudapp.azure.com:22) to host: :22
2017-12-11T13:24:02.816-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:02 connection error: ssh: rejected: administratively prohibited (open failed)
2017-12-11T13:24:02.816-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:02 Retryable error: ssh: rejected: administratively prohibited (open failed)
2017/12/11 13:24:04 [TRACE] dag/walk: vertex "provisioner.remote-exec (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:04 [TRACE] dag/walk: vertex "provisioner.file (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:04 [TRACE] dag/walk: vertex "provider.azurerm (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:04 [TRACE] dag/walk: vertex "root", waiting for: "provisioner.file (close)"
2017-12-11T13:24:05.817-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:05 connecting to TCP connection for SSH
2017-12-11T13:24:05.817-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:05 [DEBUG] Connecting to bastion: XXXXXX-bastion.XXXXX.cloudapp.azure.com:22
2017-12-11T13:24:06.370-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:06 [DEBUG] Connecting via bastion (XXXXXX-bastion.XXXXX.cloudapp.azure.com:22) to host: :22
2017/12/11 13:24:06 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "azurerm_virtual_machine.broker[1]"
2017-12-11T13:24:06.602-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:06 connection error: ssh: rejected: administratively prohibited (open failed)
2017-12-11T13:24:06.602-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:06 Retryable error: ssh: rejected: administratively prohibited (open failed)
2017-12-11T13:24:09.603-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:09 connecting to TCP connection for SSH
2017-12-11T13:24:09.603-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:09 [DEBUG] Connecting to bastion: XXXXXX-bastion.XXXXX.cloudapp.azure.com:22
2017/12/11 13:24:09 [TRACE] dag/walk: vertex "provisioner.file (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:09 [TRACE] dag/walk: vertex "provisioner.remote-exec (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:09 [TRACE] dag/walk: vertex "provider.azurerm (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:09 [TRACE] dag/walk: vertex "root", waiting for: "provisioner.file (close)"
2017-12-11T13:24:10.008-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:10 [DEBUG] Connecting via bastion (XXXXXX-bastion.XXXXX.cloudapp.azure.com:22) to host: :22
2017-12-11T13:24:10.234-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:10 connection error: ssh: rejected: administratively prohibited (open failed)
2017-12-11T13:24:10.235-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:10 Retryable error: ssh: rejected: administratively prohibited (open failed)
2017/12/11 13:24:11 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "azurerm_virtual_machine.broker[1]"
2017-12-11T13:24:13.235-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:13 connecting to TCP connection for SSH
2017-12-11T13:24:13.235-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:13 [DEBUG] Connecting to bastion: XXXXXX-bastion.XXXXX.cloudapp.azure.com:22
2017-12-11T13:24:13.460-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:13 [DEBUG] Connecting via bastion (XXXXXX-bastion.XXXXX.cloudapp.azure.com:22) to host: :22
2017-12-11T13:24:13.695-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:13 connection error: ssh: rejected: administratively prohibited (open failed)
2017-12-11T13:24:13.695-0500 [DEBUG] plugin.terraform: file-provisioner (internal) 2017/12/11 13:24:13 Retryable error: ssh: rejected: administratively prohibited (open failed)
2017/12/11 13:24:14 [TRACE] dag/walk: vertex "provisioner.remote-exec (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:14 [TRACE] dag/walk: vertex "provisioner.file (close)", waiting for: "azurerm_virtual_machine.bastion"
2017/12/11 13:24:14 [TRACE] dag/walk: vertex "provider.azurerm (close)", waiting for: "azurerm_virtual_machine.bastion"
I found an existing ticket referencing the same type of an error (not sure if it is AzureRM or AWS): https://github.com/hashicorp/terraform/issues/13830
My SSH rules are open to bastion server. Not sure what is causing SSH rejected errors...
Solved the problem. It looks like it has nothing to do with Terraform, but the actual OS image being used where SSHD is not configured to allow "AllowTcpForwarding"
. So, using packer I had to add the following line:
"sed -i -e \"s/^# AllowTcpForwarding no/AllowTcpForwarding yes/g\" /etc/ssh/sshd_config"
...which configures SSH daemon to allow TCP forwarding and consequently used this image for the OS in Terraform.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!
Environment:
Greetings,
Trying to issue SSH to execute inline commands, but getting failures:
From terraform debug log:
Here is the code snippet:
Any pointers on what is it I am doing incorrectly or perhaps other way of doing it ?