K
Q

Terraform 0.11 google_compute_instance file provisionner ssh authentication failure

11/21/2019

I'm attempting to deploy k8s "the hard way" using a terraform deployment. Please find the repo here: https://github.com/aidanSoles/kubernetes-the-hard-way-terraform

It was written using Terraform 0.11 so I elected not to upgrade the code to 0.12.

The deployment creates Google Cloud Platform virtual machines and attempts to run scripts on them.

The error message I get when applying the configuration is:

Error: Error applying plan:

2 errors occurred:
        * google_compute_instance.k8s_worker: timeout - last error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
        * google_compute_instance.k8s_controller: timeout - last error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Here's a snippet of the google_compute_instance provisionner:

resource "google_compute_instance" "k8s_controller" {
  boot_disk {
    auto_delete = true

    initialize_params {
      image = "${var.controller_image}"
      size  = "${var.controller_size}"
    }
  }

  can_ip_forward = true
  count          = "${var.controller_count}"
  machine_type   = "${var.controller_type}"
  name           = "k8s-controller${count.index}"

  network_interface {
    access_config = {}
    subnetwork    = "${google_compute_subnetwork.k8s_subnet.name}"
  }

  metadata {
    creator = "${var.user}"
  }

  provisioner "file" {
    connection {
      private_key = "${file(var.ssh_path)}"
      user        = "${var.user}"
      type        = "ssh"
    }

    destination = "add-ssh-keys.sh"
    source      = "${var.scripts_path}/add-ssh-keys.sh"
  }
}

You could find the full script here: https://github.com/aidanSoles/kubernetes-the-hard-way-terraform/blob/master/compute.tf

I ensured that the user and ssh_path variable values are correct by doing ssh -i. I also tried adding the agent = false parameter to the file provisionner with no avail.

Any idea what could be the root of the issue? Many thanks.

-- StrayPointer
google-cloud-platform
kubernetes
ssh
terraform

Similar Questions

Submit Spark job through "spark-on-k8s-operator" from inside a different pod
unable to recognize "kube-flannel.yml": no matches for kind "DaemonSet" in version "extensions/v1beta1"
Openshift/Kubernetes ssh Secret doesn't work with Camel SFTP component
Is there a performance advantage to mounting a volume as readonly?

1 Answer

12/2/2019

Regarding the documentation:

I have followed that guide and confirm that it's working.

I have attempted that with terraform-0.11.14 . It appeared that the config files aren't compatible with terraform 0.12 at the moment.

Regarding the error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Please check the following:

  • if your <username>@<hostname> combination matches the ones you have in your public key provided on step "5. Create a service account". You can get these with hostname and whoami commands.

    $ whoami && hostname
superman
my_pc

$ cat ~/.ssh/tform_rsa.pub | awk '{print $3}'
superman@my_pc

    I succeed reproducing exact same symptoms only when made typo in a public key I pasted under Metadata/SSH Keys on GCP. That is why either there is a typo or mismatch between private key you specified in variables.tf and public key uploaded to GCP.

  • permissions on your private key (the one you are using for ssh ). It shall be set to 600 (-rw-------) as well as permissions on key files in certs directory.

Hope that helps :-)

-- Nick
Source: StackOverflow