terraform-provider-libvirt: Possible regression: Connection to libvirt via SSH fails with provider version 0.6.14
- This is maybe related to #864
- This looks like a regression introduced in 0.6.14
System Information
Linux distribution
Terraform is running on MacOS 12.3 Libvirt is running on Red Hat Enterprise Linux Server release 7.9 (Maipo)
Terraform version
$ terraform -v
Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/dmacvicar/libvirt v0.6.14
+ provider registry.terraform.io/hashicorp/template v2.2.0
Description of Issue/Question
Setup
This is the .tf i use:
terraform {
required_version = ">= 0.13"
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "=0.6.13"
}
}
}
provider "libvirt" {
uri = "qemu+ssh://ansible@zzzzzz/system?keyfile=/Users/xxxxxx/.ssh/id_rsa"
}
module "vm" {
source = "MonolithProjects/vm/libvirt"
version = "1.9.0"
vm_hostname_prefix = "server"
vm_count = 3
memory = "2048"
vcpu = 1
pool = "terra_pool"
system_volume = 20
dhcp = true
local_admin = "local-admin"
ssh_admin = "ci-user"
ssh_private_key = "~/.ssh/id_rsa"
local_admin_passwd = "$6$rounds=4096$xxxxxxxxHASHEDxxxPASSWORD"
ssh_keys = [
"ssh-rsa AAAAB3NzaC1yxxxxxxxxJ68xkHrWxiQ== xxxxx@yyyyy",
]
time_zone = "CEST"
os_img_url = "http://mirror.chpc.utah.edu/pub/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-latest.x86_64.qcow2"
}
output "ip_addresses" {
value = module.vm
}
Steps to Reproduce Issue
If I specify version = "=0.6.13" in above Terraform file, it works:
$ terraform init -upgrade; terraform plan -out=out.plan
Upgrading modules...
Downloading registry.terraform.io/MonolithProjects/vm/libvirt 1.9.0 for vm...
- vm in .terraform/modules/vm
Initializing the backend...
Initializing provider plugins...
- Finding dmacvicar/libvirt versions matching ">= 0.6.9, 0.6.13"...
- Finding latest version of hashicorp/template...
- Installing dmacvicar/libvirt v0.6.13...
- Installed dmacvicar/libvirt v0.6.13 (self-signed, key ID 96B1FE1A8D4E1EAB)
- Using previously-installed hashicorp/template v2.2.0
(...)
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.vm.libvirt_cloudinit_disk.commoninit[0] will be created
+ resource "libvirt_cloudinit_disk" "commoninit" {
+ id = (known after apply)
+ name = "server_init01.iso"
(...)
If I change it to version = "=0.6.14" it fails:
$ terraform init -upgrade; terraform plan -out=out.plan
Upgrading modules...
Downloading registry.terraform.io/MonolithProjects/vm/libvirt 1.9.0 for vm...
- vm in .terraform/modules/vm
Initializing the backend...
Initializing provider plugins...
- Finding dmacvicar/libvirt versions matching ">= 0.6.9, 0.6.14"...
- Finding latest version of hashicorp/template...
- Installing dmacvicar/libvirt v0.6.14...
- Installed dmacvicar/libvirt v0.6.14 (self-signed, key ID 96B1FE1A8D4E1EAB)
- Using previously-installed hashicorp/template v2.2.0
(...)
╷
│ Error: failed to dial libvirt: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
│
│ with provider["registry.terraform.io/dmacvicar/libvirt"],
│ on test.tf line 11, in provider "libvirt":
│ 11: provider "libvirt" {
│
╵
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 2
- Comments: 19
I was thinking I’m affected by this issue too, however in my case locking the version to an older one does not fix it. After more testing on the current release version I found that using:
Note it needed to have
sshauth=privkeyotherwise would fail.@tiknick - you may want to try debugging the client and server side configs. As noted if you are using ssh keys you should try adding
&sshauth=privkey. Or potentially you may even need to add&no_verify=1too. While attempting to run the terraform plan you should consider SSHing into the target system and watching the system logs. Potentially you could find an error on the server that could give insight.I had the same issue on Centos 7.9.2009. The problem is due to openssh 7.4 on CentOS/RHEL not allowing root user ssh tunnel on a socket.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1527565 https://bugs.centos.org/view.php?id=14291
I have resolved it by creating a new user and adding it to libvirt group:
usermod -a -G libvirt <username>Hope this does the trick also for you!