From a5914f81e679b252b60e87f7baec47434cca1f5a Mon Sep 17 00:00:00 2001 From: phaer Date: Mon, 7 Feb 2022 13:08:47 +0100 Subject: [PATCH 1/2] fix ssh identity... Newly added ssh commands were missing the flag -i to pass an identity file. This means that those commands use different settings then the provisioners and their connection blocks around them. While adding this parameter, I decided it would be cleanest to add local.ssh_args. --- agents.tf | 4 ++-- locals.tf | 3 +++ master.tf | 6 +++--- servers.tf | 4 ++-- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/agents.tf b/agents.tf index 45caa3a..bf324a8 100644 --- a/agents.tf +++ b/agents.tf @@ -45,12 +45,12 @@ resource "hcloud_server" "agents" { # Issue a reboot command provisioner "local-exec" { - command = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" + command = "ssh ${local.ssh_args} ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" } # Wait for MicroOS to reboot and be ready provisioner "local-exec" { - command = "until ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" + command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" } # Generating and uploading the angent.conf file diff --git a/locals.tf b/locals.tf index bef6674..ee72769 100644 --- a/locals.tf +++ b/locals.tf @@ -11,6 +11,9 @@ locals { # if an ssh agent is used. ssh_identity_file = var.private_key == null ? var.public_key : var.private_key + # shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning. + ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root -i ${local.ssh_identity_file}" + MicroOS_install_commands = [ "set -ex", "apt-get install -y aria2", diff --git a/master.tf b/master.tf index bd5efba..d5945f4 100644 --- a/master.tf +++ b/master.tf @@ -43,12 +43,12 @@ resource "hcloud_server" "first_control_plane" { # Issue a reboot command provisioner "local-exec" { - command = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" + command = "ssh ${local.ssh_args} ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" } # Wait for MicroOS to reboot and be ready provisioner "local-exec" { - command = "until ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" + command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" } # Generating k3s master config file @@ -90,7 +90,7 @@ resource "hcloud_server" "first_control_plane" { command = <<-EOT set -ex sleep 30 - scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} root@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml + scp ${local.ssh_args} ${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml sleep 10 && until kubectl get node ${self.name}; do sleep 5; done EOT diff --git a/servers.tf b/servers.tf index 57393c5..a2aef5f 100644 --- a/servers.tf +++ b/servers.tf @@ -44,12 +44,12 @@ resource "hcloud_server" "control_planes" { # Issue a reboot command provisioner "local-exec" { - command = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" + command = "ssh ${local.ssh_args} ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" } # Wait for MicroOS to reboot and be ready provisioner "local-exec" { - command = "until ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" + command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" } # Generating k3s server config file From 1a50ace0d3c16c49378adc072b4581074cba4ea2 Mon Sep 17 00:00:00 2001 From: phaer Date: Mon, 7 Feb 2022 13:19:06 +0100 Subject: [PATCH 2/2] remove root from ssh_args... because scp does not take the username via -l, so we just re-add it to the commands themselves. --- agents.tf | 4 ++-- locals.tf | 2 +- master.tf | 6 +++--- servers.tf | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/agents.tf b/agents.tf index bf324a8..1767078 100644 --- a/agents.tf +++ b/agents.tf @@ -45,12 +45,12 @@ resource "hcloud_server" "agents" { # Issue a reboot command provisioner "local-exec" { - command = "ssh ${local.ssh_args} ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" + command = "ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" } # Wait for MicroOS to reboot and be ready provisioner "local-exec" { - command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" + command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true; do sleep 1; done" } # Generating and uploading the angent.conf file diff --git a/locals.tf b/locals.tf index ee72769..d29d10a 100644 --- a/locals.tf +++ b/locals.tf @@ -12,7 +12,7 @@ locals { ssh_identity_file = var.private_key == null ? var.public_key : var.private_key # shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning. - ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -l root -i ${local.ssh_identity_file}" + ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}" MicroOS_install_commands = [ "set -ex", diff --git a/master.tf b/master.tf index d5945f4..6e59496 100644 --- a/master.tf +++ b/master.tf @@ -43,12 +43,12 @@ resource "hcloud_server" "first_control_plane" { # Issue a reboot command provisioner "local-exec" { - command = "ssh ${local.ssh_args} ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" + command = "ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" } # Wait for MicroOS to reboot and be ready provisioner "local-exec" { - command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" + command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true; do sleep 1; done" } # Generating k3s master config file @@ -90,7 +90,7 @@ resource "hcloud_server" "first_control_plane" { command = <<-EOT set -ex sleep 30 - scp ${local.ssh_args} ${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml + scp ${local.ssh_args} root@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml sleep 10 && until kubectl get node ${self.name}; do sleep 5; done EOT diff --git a/servers.tf b/servers.tf index a2aef5f..8c71049 100644 --- a/servers.tf +++ b/servers.tf @@ -44,12 +44,12 @@ resource "hcloud_server" "control_planes" { # Issue a reboot command provisioner "local-exec" { - command = "ssh ${local.ssh_args} ${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" + command = "ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3" } # Wait for MicroOS to reboot and be ready provisioner "local-exec" { - command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 ${self.ipv4_address} true; do sleep 1; done" + command = "until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true; do sleep 1; done" } # Generating k3s server config file