Add support for a rhel9 based bastion
manojnkumar opened this issue · 4 comments
Beta versions of rhel9 indicate that the preferred remote login over ssh is with a cloud-user id.
There could be other changes required to fully support a rhel9 based bastion/helper-node.
We need a sudo user access to configure bastion for OCP deployment without a password prompt.
If the concern is using a non-root user, we can now set it via the Terraform variable rhel_username.
Agree with complete test using RHEL9 to claim full support.
@manojnkumar I have tested Terraform SSH provisioner with v1.2.0 which worked with the CentOS 9 image given by @Shilpi-Das1.
So we need to just add it to the doc to use Terraform v1.2.0 or later for working with newer version of RHEL or CentOS.
Terraform v1.1.9:
│ Error: remote-exec provisioner error
│
│ with null_resource.bastion_init,
│ on main.tf line 10, in resource "null_resource" "bastion_init":
│ 10: provisioner "remote-exec" {
│
│ interrupted - last error: SSH authentication failed (root@<ip>:22): ssh: handshake failed:
│ ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Terraform v1.2.0:
$ cat main.tf
resource "null_resource" "bastion_init" {
connection {
type = "ssh"
user = "root"
host = "<ip>"
private_key = file(coalesce("~/.ssh/id_rsa", "/dev/null"))
agent = false
timeout = "2m"
}
provisioner "remote-exec" {
inline = [
"whoami",
"cat /etc/redhat-release"
]
}
}
$ terraform apply -auto-approve
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
Terraform will perform the following actions:
# null_resource.bastion_init will be created
+ resource "null_resource" "bastion_init" {
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
null_resource.bastion_init: Creating...
null_resource.bastion_init: Provisioning with 'remote-exec'...
null_resource.bastion_init (remote-exec): Connecting to remote host via SSH...
null_resource.bastion_init (remote-exec): Host: <ip>
null_resource.bastion_init (remote-exec): User: root
null_resource.bastion_init (remote-exec): Password: false
null_resource.bastion_init (remote-exec): Private key: true
null_resource.bastion_init (remote-exec): Certificate: false
null_resource.bastion_init (remote-exec): SSH Agent: false
null_resource.bastion_init (remote-exec): Checking Host Key: false
null_resource.bastion_init (remote-exec): Target Platform: unix
null_resource.bastion_init (remote-exec): Connected!
null_resource.bastion_init (remote-exec): root
null_resource.bastion_init (remote-exec): CentOS Stream release 9
null_resource.bastion_init: Creation complete after 4s [id=7421883950020013377]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
This one is resolved.