-
Notifications
You must be signed in to change notification settings - Fork 459
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible regression: Connection to libvirt via SSH fails with provider version 0.6.14 #939
Comments
I was thinking I'm affected by this issue too, however in my case locking the version to an older one does not fix it. After more testing on the current release version I found that using:
Note it needed to have |
@dmacvicar FYI, I just confirmed the same issue in v0.6.14 as reported by @tuxpeople. Tried successfully with v0.6.13, but same failure as above with v0.6.14. Client machine and target server are both Centos 7.9.2009. Here's my uri string: Also, tried this from command line successfully: Also tested appending But, again, works fine from the command line:
Let me know if there is any other information that would be helpful. |
Hello, no fixed this problem? |
@tiknick - you may want to try debugging the client and server side configs. As noted if you are using ssh keys you should try adding |
@mallardduck I have tried all the methods described in this thread or in other questions. This link in uri "qemu+ssh://root@<romote_ip>/system" works in Virtual Machine Manager, works on terminal with virsh. "Error: failed to dial libvirt: ssh: handshake failed: ssh: unable to authenticate, attempted methods [no publickey], no supported methods remain". Error from remote server in /var/log/secure: |
@tiknick - That's really odd but unfortunately there's not enough info for me to go off of to help more. It sounds as though you've tried a lot more things already so any more suggestions will probably just overlap with things you attempted. Nothing more about what you've shared here. The only remaining bits of advice that stick out are:
Based on the logs you found on the server it's not even getting an auth from the client - that's generally what that line means. As it's saying it was still in Given that this seems just as likely to be a terraform/client bug as potential to be a server bug, you may want to consider trying to capture more logging on the terraform side too. You can follow this resource: https://www.terraform.io/internals/debugging To try and enable more logging on your client before attempting further debugging. I'd suspect these logs could lead you to find more areas to investigate. |
@mallardduck thank you for your answer.
SSH key generate is default and correct privileges.
and i see all virtual mashines on remote server. And I use Virtual Machine Manager with this link for connect to remote_server. And if I want go to remote server via SSH, i use standart SSH-connect: ssh root@<remote_server> without problem. |
Just curious, but does it work with:
- provider registry.terraform.io/dmacvicar/libvirt v0.6.13
Because in my case, the exact same config and tf works with v0.6.13, but
not v0.6.14.
On Fri, Jul 22, 2022 at 08:01 tiknick ***@***.***> wrote:
@mallardduck <https://github.com/mallardduck> thank you for your answer.
Host - ubuntu 22.04
Remote_server - centos 7
SSH key generate is default and correct privileges.
Virsh by terminal is work: virsh -> then "connect qemu+ssh://root@<remote_server>/system"
-> then "list" and i see all virtual mashines on remote server.
And I use Virtual Machine Manager with this link for connect to
remote_server.
And if I want go to remote server via SSH, i use standart SSH-connect: ssh
root@<remote_server> without problem.
`Terraform v1.2.5
on linux_amd64
- provider registry.terraform.io/dmacvicar/libvirt v0.6.14
- provider registry.terraform.io/hashicorp/template v2.2.0`
—
Reply to this email directly, view it on GitHub
<#939 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZNOK6MVXZGSEZ3KFS3UZYLVVKSUHANCNFSM5SBI7GMA>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Kind regards,
Jordan
…--
Jordan Olin
Senior Solution Engineer
508-982-4872
*...It’s all connected*
|
It doesn't work on 0.6.9-pre3, 0.6.10-0.6.14. |
Sorry, I didn't find a spoiler option here :)
|
Can you make sure you use the URI format I suggested? The SSH client used by this provider needs you to set the keyfile parameter. In the debug logs I see you're just using the raw Please use Just because using the more simple URI works with QEMU client doesn't mean it will work with this. I would suggest you keep this suggested URI consistent thru your further testing. If you read this providers source code you will find this is required unless you are using
terraform-provider-libvirt/libvirt/uri/ssh.go Lines 32 to 34 in e5bec5d
|
I tried all possible methods and combinations. Now I use the standard id_rsa key, but I also tried id_ed25519 in my link. Both keys are already flushed to remote_server in the authorized_keys file. |
|
Hi @dmacvicar confirming similar issue, works with "virsh -c" and not with terraform --> but adding more details maybe it helps - would appreciate some help, if some workaround is found or so... <-- kinda tried everything (no other key works, like ed25519, swapped also provider versions - same issue ) terraform: 1.3.2 Tested on:
terraform plan
╵ Destination server(..*.5) --> key is accepted but does not go forward
SSHD_CONFIG
|
I had the same issue on Centos 7.9.2009. The problem is due to openssh 7.4 on CentOS/RHEL not allowing root user ssh tunnel on a socket. References: I have resolved it by creating a new user and adding it to libvirt group: Hope this does the trick also for you! |
I'm not sure if this is related, but I had a similar issue with SSH failing and it ended up being caused by incomplete support for the EtM (Encrypt-then-MAC) HMAC ciphers in the Go ssh libraries. I came across golang/go#32075 where I found the following comment:
As a work-around, I disabled those HMAC ciphers by adding the following line to the /etc/ssh/sshd_config file on the libvirt host. This way the SSH server will never use EtM.
I got the list by running |
It's work on 0.7.1 version, thanks. I created other user and added him on libvirt group. |
Works on Mac and Ubuntu 22.04. No need to specify the key since id_rsa is the default.
|
I think this issue is already fixed with latest provider version. |
System Information
Linux distribution
Terraform is running on MacOS 12.3
Libvirt is running on Red Hat Enterprise Linux Server release 7.9 (Maipo)
Terraform version
Description of Issue/Question
Setup
This is the
.tf
i use:Steps to Reproduce Issue
If I specify
version = "=0.6.13"
in above Terraform file, it works:If I change it to
version = "=0.6.14"
it fails:The text was updated successfully, but these errors were encountered: