terraform-azurerm-compute icon indicating copy to clipboard operation
terraform-azurerm-compute copied to clipboard

Published 20 hours ago verified publisher icon Azure

Passing numerous ssh_keys doesn't work

Open jack1902 opened this issue 3 years ago • 2 comments

  • Terraform Version: 1.1.4
  • OS Version: Ubuntu 20.04

Bug description: When using the compute module, no matter what ssh variables i set, it always uses my local id_rsa.pub key file which is undesirable as i wish to set additional ssh_keys on the VMs created.

Also unsure of how the dynamic_block impacts this since i don't know if multiple ssh_key blocks with the same path are appended together in the final path or if the last item within the for_each always wins?

Steps to reproduce:

  1. Pass ssh_key_values = ["key1", "key2"] into the module and observe that only ~/.ssh/id_rsa.pub is set within a linux VM at the path /home/azureuser/.ssh/authorized_keys

I can see that a new linux and windows resource also exist hence raising https://github.com/Azure/terraform-azurerm-compute/issues/176 but i can see a reason for not moving to it yet listed in https://github.com/Azure/terraform-azurerm-compute/issues/148#issuecomment-730812514

jack1902 avatar Feb 02 '22 17:02 jack1902

Thanks for opening this issue!

azureterraformbot[bot] avatar Feb 02 '22 17:02 azureterraformbot[bot]

this feels like a really old issue but potentially related to https://github.com/hashicorp/terraform-provider-azurerm/issues/652

jack1902 avatar Feb 02 '22 18:02 jack1902

Hello @jack1902, thanks for opening this issue and apology for this late reply, I've tried the latest version of example code(example/complete), with the following main.tf, and I found that the generated open ssh key was set properly in vm:

resource "random_id" "ip_dns" {
  byte_length = 4
}

resource "azurerm_resource_group" "test" {
  location = var.location
  name     = "host${random_id.ip_dns.hex}-rg"
}

locals {
  vnet_address_space = "10.0.0.0/16"
}

resource "azurerm_virtual_network" "vnet" {
  address_space       = [local.vnet_address_space]
  location            = var.location_alt
  name                = "host${random_id.ip_dns.hex}-vn"
  resource_group_name = azurerm_resource_group.test.name
}

resource "azurerm_subnet" "subnet" {
  count = 3

  # tflint-ignore: terraform_count_index_usage
  address_prefixes     = [cidrsubnet(local.vnet_address_space, 8, count.index)]
  name                 = "host${random_id.ip_dns.hex}-sn-${count.index + 1}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.vnet.name
}

resource "azurerm_network_security_rule" "ssh" {
  access                      = "Allow"
  direction                   = "Inbound"
  name                        = "ssh"
  network_security_group_name = module.ubuntuservers.network_security_group_name
  priority                    = 100
  protocol                    = "Tcp"
  resource_group_name         = azurerm_resource_group.test.name
  destination_address_prefix  = "*"
  destination_port_range      = "22"
  source_address_prefix       = "*"
  source_port_range           = "*"
}

resource "azurerm_user_assigned_identity" "test" {
  location            = azurerm_resource_group.test.location
  name                = "host${random_id.ip_dns.hex}-id"
  resource_group_name = azurerm_resource_group.test.name
}

locals {
  ubuntu_ssh_keys = fileexists("~/.ssh/id_rsa.pub") ? [] : ["monica_id_rsa.pub"]
}

resource "random_password" "admin_password" {
  length      = 20
  lower       = true
  min_lower   = 1
  min_numeric = 1
  min_special = 1
  min_upper   = 1
  numeric     = true
  special     = true
  upper       = true
}

locals {
  admin_password = coalesce(var.admin_password, random_password.admin_password.result)
}

resource "tls_private_key" "example" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

module "ubuntuservers" {
  source                           = "../.."
  vm_hostname                      = "${random_id.ip_dns.hex}-u"
  resource_group_name              = azurerm_resource_group.test.name
  location                         = var.location_alt
  admin_username                   = var.admin_username
  admin_password                   = local.admin_password
  vm_os_simple                     = var.vm_os_simple_1
  public_ip_dns                    = ["ubuntusimplevmips-${random_id.ip_dns.hex}"]
  vnet_subnet_id                   = azurerm_subnet.subnet[0].id
  allocation_method                = "Static"
  public_ip_sku                    = "Standard"
  enable_accelerated_networking    = true
  delete_data_disks_on_termination = true
  delete_os_disk_on_termination    = true
  ssh_key                          = fileexists("~/.ssh/id_rsa.pub") ? "~/.ssh/id_rsa.pub" : ""
  ssh_key_values                   = [tls_private_key.example.public_key_openssh]
  extra_ssh_keys                   = local.ubuntu_ssh_keys
  vm_size                          = "Standard_DS2_V2"
  nb_data_disk                     = 2
  identity_type                    = "UserAssigned"
  identity_ids                     = [azurerm_user_assigned_identity.test.id]
  os_profile_secrets               = [
    {
      source_vault_id = azurerm_key_vault.test.id
      certificate_url = azurerm_key_vault_certificate.test.secret_id
    }
  ]
}

Would you please give it another try with latest version of module and AzureRM provider? Thanks!

lonegunmanb avatar Nov 24 '22 08:11 lonegunmanb

I'm closing this issue since we don't have feedback from our user. Please feel free to reopen it and ping me if you have any further questions @jack1902.

lonegunmanb avatar Dec 07 '22 09:12 lonegunmanb

Will look to see if this now maintained module is working for myself.

I forked this about 7 months ago due to seeing zero activity on this repo but will try to fold the repo back in for how I'm actively using it

jack1902 avatar Dec 07 '22 17:12 jack1902