We have finished a basic terraform recipe in #118660 for provisioning an EC2 instance, but it is still missing ssh support.
- AC1: It is known how to enable SSH access in a terraform setup
- AC2: An instance that is created allows access with an SSH key
- Check best practices for managing EC2 ssh keys
- Look at the existing implementation https://github.com/os-autoinst/openQA/pull/4880
#4 Updated by cdywan about 2 months ago
That's something we tried out and it didn't work. It's totally possible that it wasn't added correctly, though. Or maybe the networking isn't setup correctly. Feel free to use the existing branch and try it out.
#6 Updated by tinita about 1 month ago
I made only very small progress. Before we had the problem that the specified key was created, but the instance didn't use it.
We need to tell aws which key_name to use.
Then it also shows up in the AWS Console.
Still I couldn't ssh (permission denied).
What I did:
ssh-keygen -t rsa -m PEM -f webuidemo.pem ssh-keygen -y -f webuidemo.pem >webuidemo.pub
I used the content of webuidemo.pub for the public_key value.
ssh -i webuidemo.pem -o IdentitiesOnly=yes ec2-user@ip -v ssh -i webuidemo.pem -o IdentitiesOnly=yes root@ip -v ... debug1: Next authentication method: publickey debug1: Trying private key: webuidemo.pem debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. ec2-user@ip: Permission denied (publickey).
I also tried with a key that I created over the webui.
I had to comment out the usser_data because with it the instance
never opened its ssh port, so I assume user_data must have a
different type of content, or the script failed for some reason,
but we never see the output anywhere, so we can just guess.
Also I had to use a new image_id as it failed to find the one
we had before.
I also tried to create an instance from the image via the webui. It resulted in the same problem.
SSH port was open, but I got permission denied.
cd container/terraform docker run --rm -it --name terraform -v $(pwd):/workspace -w /workspace hashicorp/terraform:light validate docker run --rm -it --name terraform -v $(pwd):/workspace -w /workspace hashicorp/terraform:light init ## this needs to be run once; providers will be downloaded to a local folder docker run --rm -it --name localstack -p 4566:4566 -p 4510-4559:4510-4559 -v $(pwd):/workspace -w /workspace localstack/localstack:latest docker run --rm -it --network host --name terraform -v $(pwd):/workspace -w /workspace hashicorp/terraform:light apply # this will create the instance on aws
#9 Updated by tinita about 1 month ago
- Status changed from In Progress to Feedback
I got it working.
It turns out I used the wrong image all the time.
I looked at the "AMIs" in the navigation and found 3 images called "openqa-..." and I thought I had to use one of those. But instead we should use a Leap image.
I was pointed to https://pint.suse.com/?resource=images&csp=amazon&state=active®ion=eu-central-1&search=leap to find a supported image.
Like I assumed before, to get ssh working, the key_name was still missing in the aws_instance section.
With that also the user_data script is now working.
If you create the instance, you can download the webui-... key from the aws console (save as webuidemo.pem) and login via:
ssh -i webuidemo.pem -o IdentitiesOnly=yes ec2-user@ip
sudo bash tail -f /var/log/cloud-init-output.log
to watch the openqa-bootstrap output.
When finished, you should be able to connect via http and see the webui.