Provisioning using a bastion does not work on a restricted shell #89
Comments
Hey @mcanevet, thank you for the report. Would the assumption be that the bastion has the known hosts file preconfigured? |
Unfortunately no. I still have the message saying that the authenticity of the host can't be established before first login to remote host. |
The only thing I can think of, is the following:
Additionally, having |
@radekg I think your solutions would work fine. |
Hi @mcanevet, I'm about to merge #94 which contains the code required for the above workflow. The example terraform apply -var "ami_id=${TERRAFORM_PROVISIONER_ANSIBLE_AMI_ID}" \
-var "region=${R_REGION}" -var "aws_admin_profile=${R_NAME}" \
-var "vpc_cidr_block=${R_VPC_CIDR_BLOCK}" \
-var "infrastructure_name=${R_NAME}-local" \
-var "insecure_no_strict_host_key_checking=true" Because it takes more than 30 seconds for the SSH to become available on the target, you will need a file like this one: https://github.com/radekg/terraform-provisioner-ansible/pull/94/files#diff-170acbfffb52268849488843675447d2R1. It seems that the usual SSH options for timeout and retries are not respected, what matters is the Of course, you'll need to set the environment up, as described in Getting started. |
* Add support for attributes discussed in #89. * Write bastion pem file to disk as well. Use the bastion PEM file in ProxyCommand when provisioning local via bastion. * Clarify newly added options apply to local provisioning only. * Local no bastion, use new settings. Save bastion known hosts file separate to target known hosts file. Use a UUID for known hosts file name. * Use bastion known hosts file for ProxyCommand. Construct command env variables regardless of the target being a playbook ar module. * Local ansible args: add BastionKnownHostsFile. * Use variables for insecure no host key checking in examples.
Resolved with #94. |
Provisioning using a bastion requires access to the
mkdir
command because of this.However, sometime the sysadmins who set up the bastion allowed only access to the
ssh
command, so that we can jump to the destination host.It would be great if this provider could work without trying to store the SSH public keys of the destination host on the bastion.
The text was updated successfully, but these errors were encountered: