Skip to content

Instantly share code, notes, and snippets.

@smford22

smford22/main.tf

Created May 21, 2018 19:15
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save smford22/54aa5e96701430f1bb0ea6e1a502d23a to your computer and use it in GitHub Desktop.
Save smford22/54aa5e96701430f1bb0ea6e1a502d23a to your computer and use it in GitHub Desktop.
Download ZIP
terraform GCP remote exec
Raw
main.tf
/*
This is a test server definition for GCE+Terraform for GH-9564
*/
provider "google" {
project = "${var.project}" // Your project ID here.
region = "${var.region}"
}
resource "google_compute_firewall" "gh-9564-firewall-externalssh" {
name = "gh-9564-firewall-externalssh"
network = "default"
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["externalssh"]
}
resource "google_compute_instance" "dev1" {
name = "gcp-rhel7-dev1-tf"
machine_type = "f1-micro"
zone = "us-central1-a"
tags = ["externalssh"]
boot_disk {
initialize_params {
image = "centos-cloud/centos-7"
}
}
network_interface {
network = "default"
access_config {
# Ephemeral
}
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = "${var.user}"
timeout = "500s"
private_key = "${file("~/.ssh/google_compute_engine")}"
}
inline = [
"touch /tmp/temp.txt",
]
}
# Ensure firewall rule is provisioned before server, so that SSH doesn't fail.
depends_on = ["google_compute_firewall.gh-9564-firewall-externalssh"]
service_account {
scopes = ["compute-ro"]
}
metadata {
ssh-keys = "USERNAME:${file("~/.ssh/google_compute_engine.pub")}"
}
}
@rhencke
Copy link

rhencke commented Jul 17, 2019

Thank you for figuring out the SSH part of how to make remote-exec work!

@mattnworb
Copy link

I believe that connection requires a host field since Terraform 0.12

Error: Missing required argument

  on monitoring.tf line 166, in resource "google_compute_instance" "monitoring":
 166:     connection {

The argument "host" is required, but no definition was found.

this should work:

  connection {
    type        = "ssh"
    host        = self.network_interface[0].access_config[0].nat_ip

also, I believe the SSH key needs to not have a passphrase:

google_compute_instance.monitoring: Creating...
google_compute_instance.monitoring: Still creating... [10s elapsed]
google_compute_instance.monitoring: Provisioning with 'remote-exec'...


Error: Failed to parse ssh private key: ssh: cannot decode encrypted private keys

@Shriyut
Copy link

Shriyut commented Jul 30, 2020

@mattnworb I'm trying the same thing with no passphrase but I get key mismatch error even though I'm using a valid key pair.
How syntax do I use for remote-exec provisioner in terraform v0.12 ?

@vaibhavjpr
Copy link

I used below one..

provisioner "file" {
source = "scripts/bootstrap.sh"
destination = "/tmp/bootstrap.sh"
}
provisioner "remote-exec" {
inline = [
"chmod +x /tmp/bootstrap.sh",
"sudo sed -i -e 's/\r$//' /tmp/bootstrap.sh", # Remove the spurious CR characters.
"sudo /tmp/bootstrap.sh",
]
}
connection {
type = "ssh"
host = "${google_compute_instance.vm_instance.network_interface.0.access_config.0.nat_ip}"
user = var.username
private_key = file(var.private_key_path)
}

@rohan-199
Copy link

how to fetch private key path

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment