SSH authentication issues (but almost at the end of the provisioning process) about terraform-provider-proxmox HOT 5 CLOSED

My nodes are setup to use publickey verification. Would that be the issue? I'm not fond of enabling ssh password authentication for my root accounts.

Ah.. yes, that could be a problem. If ssh server allows only keys authentication then the current version of the provider won't be able to connect as it explicitly uses the password auth. I think adding the key auth as a main method and password as a fallback is doable 🤔

In a meantime you could try adding a separate PAM user account on PVE host to use with terraform, probably with Administrator rights, there are some examples in PVE Wiki. Then allow password auth over ssh for this user.

Also all nodes have different root passwords, so i'm wondering how that would be handled when i'm going to be provisioning across multiple nodes.

Clustered PVE is the area that I haven't really explored. I guess it would require an Authentication Server (either integrated in PVE, or external LDAP), so you can share a same user account across multiple hosts. I don't think this type of user accounts would work without tweaking pam / ssh server configs on each PVE host... But if we add the ssh key auth I mentioned earlier then this won't be an issue.

from terraform-provider-proxmox.

Hey @brutesque! 👋🏼
I think there are few things you could check.

First, the provider is using password authentication for SSH. I know, the documentation is not super clear why and how SSH is used, and updating it is on my radar. Essentially, we must use real Linux user accounts (i.e. PAM) via username:password credentials with the provider if operating on VM resources. While provider supports authentication with tokens or non-PAM users, it can't be used with SSH, and we still need SSH to do a few operations with VM disks.

Secondly, I have a slight suspicious that the issues you're having could be due to #217 introduced in v0.12.0. Though I don't see much of relevant errors in your logs, it worth double-checking. Could you try v0.11.0 to see if it works better in your environment?

from terraform-provider-proxmox.

Hi, thanks for the quick response!

I have tried version 0.11.0, but it gave me the same result.
I think i've setup password authentication correctly (it's using it for all the other resources).
I have this part in my main.tf

provider "proxmox" {
  virtual_environment {
    insecure = true
  }
}

And i'm injecting a credentials.env into the docker container environment that runs the terraform command:

PROXMOX_VE_ENDPOINT=https://pve-12core-xeon.redacted.com:8006/
PROXMOX_VE_USERNAME=root@pam
PROXMOX_VE_PASSWORD=myrootpassword

My nodes are setup to use publickey verification. Would that be the issue? I'm not fond of enabling ssh password authentication for my root accounts. Also all nodes have different root passwords, so i'm wondering how that would be handled when i'm going to be provisioning across multiple nodes.

from terraform-provider-proxmox.

Using key auth sounds like a good way to go.

from terraform-provider-proxmox.

Closing this in favour of #307

from terraform-provider-proxmox.