search

radekg / terraform-provisioner-ansible

Ansible with Terraform 0.14.x
Apache License 2.0
572 stars 100 forks source link

insecure_no_strict_host_key_checking property not recognized #119

Closed joshschmitter closed 5 years ago

joshschmitter commented 5 years ago

Steps to reproduce

Expected behavior

terraform deploys vm (and supporting resources) and runs ansible provisioner on vm. ...

Actual behavior

terraform immediately complains about ansible_ssh_settings.insecure_no_strict_host_key_checking

Error: azurerm_virtual_machine.ubuntu: ansible_ssh_settings.0: invalid or unknown key: insecure_no_strict_host_key_checking ...

Configuration

Terraform version: 0.11.13 (also reproduced with 0.11.11)

terraform-provisioner-ansible version/SHA: 2.0.1 (running from docker image hashicorp/terraform:0.11.13)

Terraform file / provisioner configuration:

provider "azurerm" {}

variable "proj_name" {
  default = "spike-plat-394"
}

resource "azurerm_resource_group" "this" {
  name     = "${var.proj_name}"
  location = "westus2"
}

resource "azurerm_public_ip" "this" {
  name                = "${var.proj_name}-eip"
  location            = "${azurerm_resource_group.this.location}"
  resource_group_name = "${azurerm_resource_group.this.name}"
  allocation_method   = "Static"
  sku                 = "Basic"
}

resource "azurerm_virtual_network" "this" {
  name                = "${var.proj_name}-vnet"
  address_space       = ["my.net.ip.range/24"]
  location            = "${azurerm_resource_group.this.location}"
  resource_group_name = "${azurerm_resource_group.this.name}"
}

resource "azurerm_network_security_group" "this" {
  name                = "${var.proj_name}-nsg"
  location            = "${azurerm_resource_group.this.location}"
  resource_group_name = "${azurerm_resource_group.this.name}"

  security_rule {
    name                       = "SSHWoodburyAllow"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "my.net.ip.range/24"
    destination_address_prefix = "*"
  }
}

resource "azurerm_subnet" "this" {
  name                      = "${var.proj_name}-sn"
  resource_group_name       = "${azurerm_resource_group.this.name}"
  virtual_network_name      = "${azurerm_virtual_network.this.name}"
  address_prefix            = "my.net.ip.range/29"
  network_security_group_id = "${azurerm_network_security_group.this.id}"
}

resource "azurerm_network_interface" "this" {
  name                = "${var.proj_name}-ipconf"
  location            = "${azurerm_resource_group.this.location}"
  resource_group_name = "${azurerm_resource_group.this.name}"

  ip_configuration {
    name                          = "${var.proj_name}-ipconf"
    subnet_id                     = "${azurerm_subnet.this.id}"
    private_ip_address_allocation = "dynamic"
    public_ip_address_id          = "${azurerm_public_ip.this.id}"
  }
}

resource "azurerm_virtual_machine" "ubuntu" {
  name                  = "${var.proj_name}-vm"
  location              = "${azurerm_resource_group.this.location}"
  resource_group_name   = "${azurerm_resource_group.this.name}"
  network_interface_ids = ["${azurerm_network_interface.this.id}"]
  vm_size               = "Standard_B1ls"

  delete_os_disk_on_termination    = true
  delete_data_disks_on_termination = true

  storage_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "16.04-LTS"
    version   = "latest"
  }

  storage_os_disk {
    name              = "myosdisk1"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = "Standard_LRS"
  }

  os_profile {
    computer_name  = "joshtestvm"
    admin_username = "myusername"
    admin_password = "mypassword"
  }

  os_profile_linux_config {
    disable_password_authentication = false

    ssh_keys = [
      {
        key_data = "ssh-rsa ... my pub key ..."
        path     = "/home/myusername/.ssh/authorized_keys"
      },
    ]
  }

  provisioner "ansible" {
    connection {
      type = "ssh"
      user = "myusername"
      password = "mypassword"
      host = "${azurerm_public_ip.this.ip_address}"
    }

    plays {
      playbook = {
        file_path = "./file.yml"
      }

      inventory_file = "./inventory"
    }

    ansible_ssh_settings {
      insecure_no_strict_host_key_checking = false
    }
  }
}

output "vm_ip" {
  value = "${azurerm_public_ip.this.ip_address}"
}

Terraform run log: Screen Shot 2019-04-05 at 9 35 22 AM

Note: I created my own docker image, which is identical to yours except it also installs the azure cli (for cli authentication to azure). I feel confident this is unrelated to the issue. Just wanted to point it out so you don't have to ask about it.

Dockerfile:

FROM hashicorp/terraform:0.11.13
ARG TAP_VERSION=2.0.1
RUN apk update && apk add ansible bash
RUN apk add make bash py-pip && apk add --virtual=build gcc libffi-dev musl-dev openssl-dev python-dev && pip install --upgrade pip && pip install azure-cli && apk del --purge build
ADD https://github.com/radekg/terraform-provisioner-ansible/releases/download/v${TAP_VERSION}/terraform-provisioner-ansible-linux-amd64_v${TAP_VERSION} /root/.terraform.d/plugins/terraform-provisioner-ansible
RUN chmod 755 /root/.terraform.d/plugins/terraform-provisioner-ansible
radekg commented 5 years ago

Hi @joshschmitter, thank you for the report. I see the version used is 2.0.1. Could you please try with radekg/terraform-ansible:2.1.0? Thee setting has been added in 2.1.0: https://github.com/radekg/terraform-provisioner-ansible/releases/tag/v2.1.0.

joshschmitter commented 5 years ago

Yes, that seems to have solved it. Thanks!

radekg commented 5 years ago

Thank you for letting me know!