Cannot have file provisioner working with Terraform on DigitalOcean

1
votes

I try to use Terraform to create a DigitalOcean node on which consul is installed.

I'm using the following .tf file but it hangs up and do not copy the consul .zip file onto the droplet.

I got the following error message after a couple of minutes:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

The droplets are correctly created though. I can login on command line with the key I specified (thus not specifying password). I'm guessing the connection part might be faulty but not sure what I'm missing.

Any idea ? 

variable "do_token" {}

# Configure the DigitalOcean Provider
provider "digitalocean" {
    token = "${var.do_token}"
}

# Create nodes
resource "digitalocean_droplet" "consul" {
    count = "1"
    image = "ubuntu-14-04-x64"
    name = "consul-${count.index+1}"
    region = "lon1"
    size = "1gb"
    ssh_keys = ["7b:51:d3:e3:ae:6e:c6:e2:61:2d:40:56:17:54:fc:e3"]

    connection {
        type = "ssh"
        user = "root"
        agent = true
    }

    provisioner "file" {
        source = "consul_0.7.1_linux_amd64.zip"
        destination = "/tmp/consul_0.7.1_linux_amd64.zip"
    }

    provisioner "remote-exec" {
        inline = [
          "sudo unzip -d /usr/local/bin /tmp/consul_0.7.1_linux_amd64.zip"
        ]
    }
}
2
sshdigital-oceanterraform
I am not knowledable about DO, but ssh_keys = ["7b:51:d3:e3:ae:6e:c6:e2:61:2d:40:56:17:54:fc:e3"] does not look like ssh key. - Jakuje
in the resource, Terraform allow to put the fingerprints of the keys. This part is working fine though as I'm able to issue a ssh with this key to the droplet once it's created. - Luc
Have you tried passing the private key explicitly in the connection provisioner? - Paul Tyng
When I look at the source it looks like its also looking for the SSH env var SSH_AUTH_SOCK to be set. Is that set on your system appropriately? - Paul Tyng
@PaulTyng it seems that SSH_AUTH_SOCK is exported when issuing a ssh-agent - Luc

2 Answers

1
votes

Terraform requires that you specify the private SSH key to use for the connection with private_key You can create a new variable containing the path to your private key for use with Terraform's file interpolation function:

connection {
    type = "ssh"
    user = "root"
    agent = true
    private_key = "${file("${var.private_key_path}")}"
}
1
votes

You face this issue, because you have a ssh key protected by a password. To solve this issue you should generate a key without password.