terraform-provider-docker
terraform-provider-docker copied to clipboard
kreuzwerker
Connecting to docker via ssh results in host key verification error
This issue was originally opened by @yellowmegaman as https://github.com/hashicorp/terraform-provider-docker/issues/170. It was migrated here as a result of the community provider takeover from @kreuzwerker. The original body of the issue is below.
Terraform Version
Terraform v0.12.5 terraform-providers/docker 2.1.0
Affected Resource(s)
- docker provider itself
Terraform Configuration Files
provider "docker" {
host = "ssh://cloud@${google_compute_instance.testinstance.0.network_interface.0.access_config.0.nat_ip}:22"
}
resource "google_compute_instance" "testinstance" {
allow_stopping_for_update = true
count = "1"
name = "testinstance"
machine_type = "n1-standard-1"
zone = "europe-west3-a"
boot_disk {
initialize_params {
size = "30"
}
}
service_account {
scopes = ["compute-rw", "storage-ro"]
}
network_interface {
network = "default"
access_config {
nat_ip = google_compute_address.testinstance-static-ip-address.address
}
}
}
- valid key is present on the machine
- can ssh to target host with docker daemon listening on 2375
Debug Output
...
Error: Error pinging Docker server: error during connect: Get http://docker/_ping: command [ssh -l cloud -p 22 XX.XX.XX.XXX -- docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=Host key verification failed.
on 69.tf line 3, in provider "docker":
3: provider "docker" {
2019-07-30T19:54:55.369Z [DEBUG] plugin: plugin process exited: path=/drone/src/.terraform/plugins/linux_amd64/terraform-provider-docker_v2.1.0_x4 pid=206
2019-07-30T19:54:55.369Z [DEBUG] plugin: plugin exited
Expected Behavior
Successful connection to docker daemon
Actual Behavior
Connection error
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
- Machine already created
- Add docker configuration
-
terraform apply
Thanks a bunch in advance!
I am very interested in contributing to this. I get the exact same error from terraform cloud.
I have the following set up: Public Network Load Balancer with Elastic IP -> Listener on port 22 -> Target group type IP that forwards traffic to Private IP in private subnet and different availability zone
I can SSH to the instance by using my SSH key.
In terraform cloud I don't know how to get/extract the public SSH key to register in the EC2 instance.
This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This is labelled as "stale" but this is still an issue. I see the same issue, eventually after running the apply command multiple times it will work for some reason.
This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.
I am facing the same issue with terraform cloud as there is no way to upload and use the ssh key before initializing docker provider.
This is quite an old topic as I decided to give a try to Terraform Cloud. So I had this issue about how to authenticate terraform docker provider over ssh. There's no way.
My workaround was to enable TLS over HTTPS.
I could set ca_material, cert_material & key_material as terraform variable strings sourced from Terraform Cloud variables. It's not the best thing around but it works in a good manner.
