unexpected EOF whenver using bastion with user/key

cryptiklemur commented 6 years ago

Steps to reproduce

Have a bastion server: (https://github.com/guimove/terraform-aws-bastion)
Attempt to locally provision a server through the bastion server using the user and key you used to set up the bastion

My example:

resource "aws_instance" "main" {
    ami                         = "${data.aws_ami.ami.id}"
    instance_type               = "t3.nano"
    key_name                    = "${var.ssh_key_pair}"
    associate_public_ip_address = false
    subnet_id                   = "${var.subnet_id}"
    vpc_security_group_ids      = ["${var.ssh_security_group_id}"]

    provisioner "ansible" {
        connection {
           agent               = false

            port                = 22
            user                = "ubuntu"
            private_key         = "${base64decode("${var.private_key}")}"

            bastion_host        = "${var.bastion_host_ip}"
            bastion_user        = "${var.bastion_user}"
            bastion_private_key = "${base64decode("${var.bastion_private_key}")}"
        }

        plays {
            playbook      = {
                file_path = "${path.module}/provision.yml"
            }
            become        = true
            become_method = "sudo"
            become_user   = "root"
        }
    }
}

Expected behavior

Ansible correctly Provisions

...

Actual behavior

Get an error: unexpected EOF

...

Configuration

Terraform version: Terraform v0.11.8

terraform-provisioner-ansible version/SHA: v2.0.1

Terraform file / provisioner configuration: Shown above

Terraform run log:

// ...

[0m[1mmodule.letsencrypt.aws_instance.main: Provisioning with 'ansible'...[0m[0m
2018/10/28 23:44:55 [TRACE] dag/walk: vertex "root", waiting for: "meta.count-boundary (count boundary fixup)"
2018/10/28 23:44:55 [TRACE] dag/walk: vertex "provisioner.ansible (close)", waiting for: "module.letsencrypt.aws_instance.main"
2018/10/28 23:44:55 [TRACE] dag/walk: vertex "provider.aws (close)", waiting for: "module.letsencrypt.aws_instance.main"
2018/10/28 23:44:55 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "module.letsencrypt.aws_instance.main"
2018-10-28T23:44:56.069-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: panic: runtime error: invalid memory address or nil pointer dereference
2018-10-28T23:44:56.069-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x18f8a80]
2018-10-28T23:44:56.069-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: 
2018-10-28T23:44:56.069-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: goroutine 38 [running]:
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc00047e680, 0xc00009ec30, 0x0, 0xa)
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh/client_auth.go:54 +0x450
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc00047e680, 0xc0000fe0f0, 0x50, 0xc00009ec30, 0x0, 0x0)
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh/client.go:113 +0x2b4
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh.NewClientConn(0x1cffc40, 0xc000464050, 0xc0000fe0f0, 0x50, 0xc00009e0d0, 0x1cffc40, 0xc000464050, 0x0, 0x0, 0xc0000fe0f0, ...)
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh/client.go:83 +0xf8
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh.Dial(0x1b6d06d, 0x3, 0xc0000fe0f0, 0x50, 0xc00009e0d0, 0xc0000fe0f0, 0x50, 0xc0001c6090)
2018-10-28T23:44:56.070-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/vendor/golang.org/x/crypto/ssh/client.go:177 +0xb3
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/mode.(*bastionHost).connect(0xc000464018, 0xc000464020, 0x198efc9, 0x1d)
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/mode/ssh_bastion_host.go:64 +0x1bc
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/mode.(*LocalMode).Run(0xc00017c240, 0xc00017b0c8, 0x1, 0x1, 0xc00049ab80, 0x0, 0x0)
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/mode/mode_local.go:98 +0xc6a
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: main.applyFn(0x1cfa280, 0xc0004b40f0, 0x19cf260, 0xc0004ab040)
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/resource_provisioner.go:120 +0x44f
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/vendor/github.com/hashicorp/terraform/helper/schema.(*Provisioner).Apply(0xc000462000, 0x1ced360, 0xc000464008, 0xc00044e7d0, 0xc000449830, 0x0, 0x295d6c0)
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/vendor/github.com/hashicorp/terraform/helper/schema/provisioner.go:179 +0x4c2
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: github.com/radekg/terraform-provisioner-ansible/vendor/github.com/hashicorp/terraform/plugin.(*ResourceProvisionerServer).Apply(0xc0003d2040, 0xc0004683c0, 0xc00017ad40, 0x0, 0x0)
2018-10-28T23:44:56.071-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /golang/src/github.com/radekg/terraform-provisioner-ansible/vendor/github.com/hashicorp/terraform/plugin/resource_provisioner.go:142 +0x168
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: reflect.Value.call(0xc000175560, 0xc00000c2a0, 0x13, 0x1b6d338, 0x4, 0xc0000a7f18, 0x3, 0x3, 0xc000173b80, 0x1013087, ...)
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /usr/local/go/src/reflect/value.go:447 +0x449
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: reflect.Value.Call(0xc000175560, 0xc00000c2a0, 0x13, 0xc00018ef18, 0x3, 0x3, 0x12a05f200, 0xc00018ef10, 0xc00018efb8)
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /usr/local/go/src/reflect/value.go:308 +0xa4
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: net/rpc.(*service).call(0xc00007a880, 0xc0003d42d0, 0xc000032368, 0xc000032380, 0xc0003f6200, 0xc00000a800, 0x199f500, 0xc0004683c0, 0x16, 0x199f540, ...)
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /usr/local/go/src/net/rpc/server.go:384 +0x14e
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1: created by net/rpc.(*Server).ServeCodec
2018-10-28T23:44:56.072-0700 [DEBUG] plugin.terraform-provisioner-ansible_v2.0.1:   /usr/local/go/src/net/rpc/server.go:481 +0x47e
2018/10/28 23:44:56 [ERROR] root.letsencrypt: eval: *terraform.EvalApplyProvisioners, err: unexpected EOF
2018/10/28 23:44:56 [ERROR] root.letsencrypt: eval: *terraform.EvalSequence, err: unexpected EOF

// ...

cryptiklemur commented 6 years ago

fwiw, doing a normal remote-exec works fine

provisioner "remote-exec" {
    connection {
        agent               = false

        port                = 22
        user                = "ubuntu"
        private_key         = "${base64decode("${var.private_key}")}"

        bastion_host        = "${var.bastion_host_ip}"
        bastion_user        = "${var.bastion_user}"
        bastion_private_key = "${base64decode("${var.bastion_private_key}")}"
    }
    inline = ["uname -a"]
}

I have this right above the ansible provisioner and it runs, then i get the panic when it trys to run ansible.

cryptiklemur commented 6 years ago

A full file, for testing:

resource "aws_instance" "main" {
    ami                         = "${data.aws_ami.ami.id}"
    instance_type               = "t3.nano"
    key_name                    = "${var.ssh_key_pair}"
    associate_public_ip_address = false
    subnet_id                   = "${var.subnet_id}"
    vpc_security_group_ids      = ["${var.ssh_security_group_id}"]

    connection {
        agent               = false

        port                = 22
        user                = "ubuntu"
        private_key         = "${base64decode("${var.private_key}")}"

        bastion_host        = "${var.bastion_host_ip}"
        bastion_user        = "${var.bastion_user}"
        bastion_private_key = "${base64decode("${var.bastion_private_key}")}"
    }

    provisioner "remote-exec" {
        inline = ["uname -a"]
    }

    provisioner "ansible" {
        plays {
            playbook      = {
                file_path = "${path.module}/provision.yml"
            }
            extra_vars    = {
                bucket  = "${aws_s3_bucket.bucket.bucket}"
            }
            become        = true
            become_method = "sudo"
            become_user   = "root"
        }
    }
}

radekg commented 6 years ago

Hi @aequasi, thank you for the report. I will take a look at this.

radekg / terraform-provisioner-ansible