You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ tf plan
Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: failed to connect: failed to connect to remote host 'vhost-1.lan': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
│
│ with provider["registry.terraform.io/dmacvicar/libvirt"],
│ on main.tf line 13, in provider "libvirt":
│ 13: provider "libvirt" {
│
╵
log.Printf("[WARN] unable to get IdentityFile values - ignoring")
} else {
sshKeyPaths=append(sshKeyPaths, keyPaths...)
}
In this section, the keyfile query param value is overwritten because ~/.ssh/config file is empty and then initializes with the defaultSSHKeyPath which is just ${HOME}/.ssh/id_rsa.
log.Printf("[DEBUG] found no ssh keys, using default keypath")
sshKeyPaths= []string{defaultSSHKeyPath}
}
Workaround
With the above understanding of the bug, there is one happy path. If the ~/.ssh/config includes any instance of IdentityFile for the given host, then it will also accept the query param keyfile.
In the terraform log below, see that it reads the ansible.key from the connection string, and the ~/.ssh/some-random.key from the ~/.ssh/config. It then connects to vhost-1 successfully.
$ tf plan
data.libvirt_node_info.node: Reading...
data.libvirt_node_info.node: Read complete after 0s [id=2357352559]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
The text was updated successfully, but these errors were encountered:
System Information
Linux distribution
Debian GNU/Linux 12
Terraform version
Provider and libvirt versions
$ terraform providers Providers required by configuration: . └── provider[registry.terraform.io/dmacvicar/libvirt] 0.8.0
Description of Issue/Question
I observed the
keyfile
query param is ignored, and only the~/.ssh/id_rsa
is added to the list of key files, when~/.ssh/config
is an empty file.I expect the
keyfile
provided in the query param to be included in the list of key files, even when~/.ssh/config
file is just an empty file.Problem Setup
The system setup:
~/.ssh/config
is an empty file. The file must exist.ansible.key
in the same folder as the Terraform workspace.The
main.tf
file:Steps to Reproduce Issue
Run
terraform plan
with the above system setup.Relevant logs
TF_LOG=debug tf plan
Relevant code section:
The bug appears to be here in this code block (v0.8.0).
terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 37 to 59 in 1a88931
Connection string for reference:
In this section, the
keyfile
query param value in the connection string is retrieved and added tosshKeyPaths
.terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 42 to 45 in 1a88931
In this section, the
~/.ssh/config
file is scanned for any instance ofIdentityFile
.terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 47 to 52 in 1a88931
In this section, the
keyfile
query param value is overwritten because~/.ssh/config
file is empty and then initializes with thedefaultSSHKeyPath
which is just${HOME}/.ssh/id_rsa
.terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 54 to 57 in 1a88931
Workaround
With the above understanding of the bug, there is one happy path. If the
~/.ssh/config
includes any instance ofIdentityFile
for the given host, then it will also accept the query paramkeyfile
.In the terraform log below, see that it reads the
ansible.key
from the connection string, and the~/.ssh/some-random.key
from the~/.ssh/config
. It then connects tovhost-1
successfully.The text was updated successfully, but these errors were encountered: