search

radekg / terraform-provisioner-ansible

Ansible with Terraform 0.14.x
Apache License 2.0
572 stars 100 forks source link

issue with private key. #155

Open MetalJacx opened 4 years ago

MetalJacx commented 4 years ago

Can seem to figure out what I am doing wrong here. With the server having forced settings of public key. I can't get it to leverage it. Seems to try to interact with username/password.

...
null_resource.tz["phx-dsctbas0"] (ansible): fatal: [tz]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'phx-dsctbas0,10.111.142.82' (ECDSA) to the list of known hosts.\r\nAuthorized uses only. All activity may be monitored and reported.\ndevops@phx-dsctbas0: Permission denied (keyboard-interactive).", "unreachable": true}
...
null_resource.tz["phx-dsctbas0"]: Creating...
 null_resource.tz["phx-dsctbas0"]: Provisioning with 'ansible'...
 null_resource.tz["phx-dsctbas0"] (ansible): Writing temprary PEM to '/tmp/0c503b51-4101-4894-a063-8c1b24e76488885501534'...
 null_resource.tz["phx-dsctbas0"] (ansible): Ansible inventory written.
 null_resource.tz["phx-dsctbas0"] (ansible): StrictHostKeyChecking=no specified or set for null_resource, not verifying host keys
 null_resource.tz["phx-dsctbas0"] (ansible): Write known hosts
 null_resource.tz["phx-dsctbas0"] (ansible): Write known hosts
 null_resource.tz["phx-dsctbas0"] (ansible): Generating temporary ansible inventory...
 null_resource.tz["phx-dsctbas0"] (ansible): Writing temporary ansible inventory to '/tmp/temporary-ansible-inventory288299935'...
 null_resource.tz["phx-dsctbas0"] (ansible): Ansible inventory written.
 null_resource.tz["phx-dsctbas0"] (ansible): running local command: ANSIBLE_FORCE_COLOR=true ANSIBLE_ROLES_PATH=ansible-data/roles ansible-playbook ./ansible-data/playbooks/playbook.yml --inventory-file='/tmp/temporary-ansible-inventory288299935' --become --become-method='sudo' --become-user='root' --extra-vars='{"ansible_become_pass":"[MASKED]"}' --forks=5 --verbose --user='devops' --private-key='/tmp/0c503b51-4101-4894-a063-8c1b24e76488885501534' --ssh-extra-args='-p 22 -o ConnectTimeout=10 -o ConnectionAttempts=10 -o StrictHostKeyChecking=no'
 null_resource.tz["phx-dsctbas0"] (ansible): Executing: ["/bin/sh" "-c" "ANSIBLE_FORCE_COLOR=true ANSIBLE_ROLES_PATH=ansible-data/roles ansible-playbook ./ansible-data/playbooks/playbook.yml --inventory-file='/tmp/temporary-ansible-inventory288299935' --become --become-method='sudo' --become-user='root' --extra-vars='{\"ansible_become_pass\":\"[MASKED]\"}' --forks=5 --verbose --user='devops' --private-key='/tmp/0c503b51-4101-4894-a063-8c1b24e76488885501534' --ssh-extra-args='-p 22 -o ConnectTimeout=10 -o ConnectionAttempts=10 -o StrictHostKeyChecking=no'"]
 null_resource.tz["phx-dsctbas0"] (ansible): No config file found; using defaults
 null_resource.tz["phx-dsctbas0"] (ansible): 
 null_resource.tz["phx-dsctbas0"] (ansible): PLAY [all] *********************************************************************
 null_resource.tz["phx-dsctbas0"] (ansible): TASK [Gathering Facts] *********************************************************
 null_resource.tz["phx-dsctbas0"] (ansible): /usr/lib/python3.8/site-packages/Crypto/Random/Fortuna/FortunaGenerator.py:28: SyntaxWarning: "is" with a literal. Did you mean "=="?
 null_resource.tz["phx-dsctbas0"] (ansible):   if sys.version_info[0] is 2 and  sys.version_info[1] is 1:
 null_resource.tz["phx-dsctbas0"] (ansible): /usr/lib/python3.8/site-packages/Crypto/Random/Fortuna/FortunaGenerator.py:28: SyntaxWarning: "is" with a literal. Did you mean "=="?
 null_resource.tz["phx-dsctbas0"] (ansible):   if sys.version_info[0] is 2 and  sys.version_info[1] is 1:
 null_resource.tz["phx-dsctbas0"] (ansible): fatal: [tz]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'phx-dsctbas0,10.111.142.82' (ECDSA) to the list of known hosts.\r\nAuthorized uses only. All activity may be monitored and reported.\ndevops@phx-dsctbas0: Permission denied (keyboard-interactive).", "unreachable": true}
 null_resource.tz["phx-dsctbas0"] (ansible): 
 null_resource.tz["phx-dsctbas0"] (ansible): PLAY RECAP *********************************************************************
 null_resource.tz["phx-dsctbas0"] (ansible): tz                         : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Expected behavior

Expect to connect to host leveraging private key instead of username password.

Actual behavior

Looks to be leveraging keyboard interactive to log in. Instead of private key. ...

resource "null_resource" "tz" {
  for_each = toset(var.list_hosts)

  connection {
    host                = each.key
    type                = "ssh"
    user                = "devops"
    private_key         = file("${var.git_project_path}.tmp/devops_cert")
  }

  provisioner "ansible" {
    plays {
      playbook {
        file_path       = "./ansible-data/playbooks/playbook.yml"
        roles_path      = ["./ansible-data/roles"]
      }
      become            = true
      verbose           = true
      extra_vars        = {
        ansible_become_pass = "${var.vcd_template_pass}"
      }
    }

    ansible_ssh_settings {
      insecure_no_strict_host_key_checking = "true"
      insecure_bastion_no_strict_host_key_checking = "false"
    }
  }

}