Comments (8)
@gdubicki yes, of course.
resource "digitalocean_droplet" "example" {
ssh_keys = [
"${digitalocean_ssh_key.default.fingerprint}",
"${digitalocean_ssh_key.example.fingerprint}",
]
connection {
user = "root"
type = "ssh"
timeout = "60s"
agent = true
}
}
Supplying the connection settings resolved the issue of not updating SSH keys added/changed for me. Previously I only had ssh_keys
set. We're using it like this for almost half a year on production systems with no problems.
from terraform-provider-digitalocean.
This comment was originally opened by @cabbiepete as hashicorp/terraform#2733 (comment). It was migrated here as part of the provider split. The original comment is below.
This is more of a DO thing than a terraform thing. DO only provisions ssh keys when you create droplets it never updates them post this. You can use a provisioner such as remote exec, chef, puppet to ensure the full list of keys is there.
from terraform-provider-digitalocean.
This comment was originally opened by @apparentlymart as hashicorp/terraform#2733 (comment). It was migrated here as part of the provider split. The original comment is below.
Based @cabbiepete's comment, it sounds like the bug here is that we should have ForceNew
set on that attribute so that Terraform knows that it has to create a replacement droplet in order to implement an SSH key change.
from terraform-provider-digitalocean.
This comment was originally opened by @cabbiepete as hashicorp/terraform#2733 (comment). It was migrated here as part of the provider split. The original comment is below.
@apparentlymart I'd expect that to be an optional setting and default to not. There are other ways to get the new/updated ssh key to the server in less destructive ways which is a better default for anyone that does not quite know all the details of terraform and that particular provider.
from terraform-provider-digitalocean.
This comment was originally opened by @apparentlymart as hashicorp/terraform#2733 (comment). It was migrated here as part of the provider split. The original comment is below.
@cabbiepete is there something that Terraform could do automatically/programmatically when it detects a diff on this attribute? ForceNew
is how Terraform models things that can only be set at creation time and can't be updated later, so that's the right thing to do unless there's something less destructive that Terraform could do instead, to apply an update here.
Your earlier comment suggested that logging in to the machine and manually tweaking the keys was the only path. If so, this is a similar situation to Amazon EC2, where the corresponding attribute (key_pair
) is marked as ForceNew
as I described.
from terraform-provider-digitalocean.
This comment was originally opened by @danielsreichenbach as hashicorp/terraform#2733 (comment). It was migrated here as part of the provider split. The original comment is below.
Adding my two cents here. I just did this on an existing droplet, where I needed to extend set of SSH keys deployed.
This is actually working, if you supply a connection object in the droplet configuration, and then add further entries to the SSH configuration.
from terraform-provider-digitalocean.
What you mean by "supplying a connection object", @danielsreichenbach ? Can you share the code that is working for you?
from terraform-provider-digitalocean.
Closing this issue. Retroactively adding and removing SSH keys is not something the API allows us to do. I would recommend using a configuration management tool such as Ansible, Salt, or Puppet for managing identity past the initial provisioning step. The connection work around provided appears to work so that is another viable solution.
from terraform-provider-digitalocean.
Related Issues (20)
- Release v2.35.0 HOT 1
- Add droplet monitor alert for cloud-init completion
- digitalocean_spaces_bucket_cors_configuration: Updating allowed origins has no effect HOT 4
- Add optional "signature" field for `digitalocean_custom_image` resources
- Missing registry_credentials in digitalocean_app.service.image for registry_type = "GHCR" HOT 4
- feature: resource for firewall rule
- digitalocean_cdn custom domain certificate fails "invalid certificate issued by Cloudflare origin CA" HOT 1
- Add Postgres database attributes HOT 2
- digitalocean_spaces_bucket_cors_configuration: Does not allow to order CORS rules
- `digitalocean_project` created on failure, absent from TF state HOT 2
- App Platform image credentials set as required HOT 3
- Dedicated egress IP addresses support for App platform
- digitalocean_spaces_bucket NoSuchBucket while creating bucket HOT 3
- digitalocean_kubernetes_cluster. to support database operator HOT 2
- Consider adding GPG key to OpenTofu registry for the digitalocean provider HOT 2
- Support for database fork
- digitalocean_firewall blocks all ports
- digitalocean_ssh_key race condition (roduced an unexpected new value: Root object was present, but now absent) HOT 1
- digitalocean_database_cluster password is always empty HOT 5
- functions: feature: add resource, and data source for functions and namespaces
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-digitalocean.