search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io
Other
42.78k stars 9.56k forks source link

Provision files via ssh connection : no such file or directory #28358

Open mungaij83 opened 3 years ago

mungaij83 commented 3 years ago

I have this on my connection. The goal is to copy a file to this server on ec2.

connection {
    type     = "ssh"
    host     = aws_instance.example[0].public_ip
    user     = "ec2-user"
    private_key ="${file(var.ssh_key_file_path)}"
  }

However terraform does not accept the content of the file as in the documentation. It tries to read the file content as if it were a file itself. Passing the file name also results in invalid key.

connection {
    type     = "ssh"
    host     = aws_instance.example[0].public_ip
    user     = "ec2-user"
    private_key =var.ssh_key_file_path
  }

The documentation says

private_key - The contents of an SSH key to use for the connection. These can be loaded from a file on disk using the file function. This takes preference over the password if provided.

Question Has this behavior been modified? Or Am I missing something

Terraform Version

Terraform v0.14.4
+ provider registry.terraform.io/hashicorp/aws v3.28.0
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.0.1
+ provider registry.terraform.io/hashicorp/template v2.2.0

Your version of Terraform is out of date! The latest version
is 0.14.10. You can update by downloading from https://www.terraform.io/downloads.html

Terraform Configuration Files

NA

Debug Output

Output: Error: stat -----BEGIN PRIVATE KEY----- . . . -----END PRIVATE KEY----- : no such file or directory

Crash Output

NA

Expected Behavior

Terraform should accept file content for SSH certificate

Actual Behavior

Rejects file name as it interprets it as a key content and tries to read content if I pass the actual output from file() function.

Steps to Reproduce

  1. Create terraform file with the sample content above
  2. Apply the file to AWS or other cloud with SSH

Additional Context

References

jbardin commented 3 years ago

Hi @mungaij83,

Sorry you're having trouble with this, but I'm not able to reproduce the error using Terraform 0.14. The code that decodes the private key does not use the private_key argument as a file path, so I'm not certain how you are arriving at this error.

Can you verify you are running the example with the same binary that output the version info, and possibly try the latest release to see if there is any additional information. The next step would probably be to look at the logs output by TF_LOG=trace to see if there is any indication of what is going on.

mungaij83 commented 3 years ago

This is my full resource definition:

resource "null_resource" "copy-pub-file" {

  connection {
    type     = "ssh"
    host     = aws_instance.abs[0].public_ip
    user     = "ec2-user"
    private_key ="${file(var.ssh_key_file_path)}"
  }

  provisioner "file" {
    source      = var.aws_data_priv_key
    destination = "/tmp/data_key.pem"
  }
}

Looking at the debug, I get the following output:


2021/04/16 10:42:54 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 1129
2021/04/16 10:42:54 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate
2021/04/16 10:42:54 [TRACE] vertex "module.compute.aws_route53_record.agency": visit complete
2021/04/16 10:42:54 [TRACE] dag/walk: upstream of "module.compute (close)" errored, so skipping
2021/04/16 10:42:54 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2021/04/16 10:42:54 [TRACE] dag/walk: visiting "provider[\"registry.terraform.io/hashicorp/aws\"] (close)"
2021/04/16 10:42:54 [TRACE] vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)": starting visit (*terraform.graphNodeCloseProvider)
2021/04/16 10:42:54 [TRACE] GRPCProvider: Close
2021-04-16T10:42:54.467+0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-04-16T10:42:54.471+0300 [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/3.28.0/linux_amd64/terraform-provider-aws_v3.28.0_x5 pid=17890
2021-04-16T10:42:54.471+0300 [DEBUG] plugin: plugin exited
2021/04/16 10:42:54 [TRACE] vertex "provider[\"registry.terraform.io/hashicorp/aws\"] (close)": visit complete
2021/04/16 10:42:54 [TRACE] dag/walk: upstream of "root" errored, so skipping
2021/04/16 10:42:54 [TRACE] statemgr.Filesystem: have already backed up original terraform.tfstate to terraform.tfstate.backup on a previous write
2021/04/16 10:42:54 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 1130
2021/04/16 10:42:54 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate

2021/04/16 10:42:54 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info
2021/04/16 10:42:54 [TRACE] statemgr.Filesystem: unlocking terraform.tfstate using fcntl flock
Error: stat -----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCSckq256D1E9FC
4g0iH5eDi2niFiHH077MaS2fr2C2J0DZco1Qkj6l9qOK4yXDc0pHFOtudhan4GIm
Gqhck/pXVBZfi4Vz+VvWyIUXnw7OzDOTKSCLZ4OdrxBL+hjvf4wPGAw6NMq9JAtr
fdL8SxltKQCKkeqk/tnHQSIuB5ttEUuTw3IIf3ZFH01CdfiQ8oaPZh62mhN+6tow
dAtrk/RF8qHufSQzJoS6Ws6F8yXSk6q+XSweFjbaENE2QZF6C34tMoFEFtlwSUfT
fj/sPnHruP/gL9wqyWHj3q4TuHr+P3UDMVZxDVjMVH1ud5gEI75+/tdxN0D/6kFd
2021-04-16T10:42:54.503+0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-04-16T10:42:54.503+0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-04-16T10:42:54.503+0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-04-16T10:42:54.503+0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"

You can see that I am passing the content of the file to this field, but it treats the content as if it were a file path and tries to read it.

jbardin commented 3 years ago

Thanks @mungaij83. The log output I'm interested in is not included here, it would be better to link to the complete output if possible.

Another idea I had was that you have a very old provisioner binary in your path somewhere that terraform is finding. You may be able to see its discovery in the logs, or find a terraform-provisioner-file binary somewhere on your system.