From 1236bbe6f3a8919143232e35bed278328483e611 Mon Sep 17 00:00:00 2001 From: phaer Date: Sun, 23 Jan 2022 14:05:41 +0100 Subject: [PATCH] make private key optional Setting private_key to null uses the local ssh-agent as a fallback for authentication. Using the public_key instead of the private_key for ssh -i lets the agent select the right identity if loaded. tested with a yubikey --- agents.tf | 6 ++++-- master.tf | 8 +++++--- servers.tf | 6 ++++-- variables.tf | 1 + 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/agents.tf b/agents.tf index 8ca5cc7..c3aff0c 100644 --- a/agents.tf +++ b/agents.tf @@ -28,7 +28,8 @@ resource "hcloud_server" "agents" { connection { user = "root" - private_key = file(var.private_key) + private_key = var.private_key == null ? null : file(var.private_key) + agent_identity = var.private_key == null ? file(var.public_key) : null host = self.ipv4_address } } @@ -39,7 +40,8 @@ resource "hcloud_server" "agents" { connection { user = "root" - private_key = file(var.private_key) + private_key = var.private_key == null ? null : file(var.private_key) + agent_identity = var.private_key == null ? file(var.public_key) : null host = self.ipv4_address } } diff --git a/master.tf b/master.tf index 8da0368..7b957c8 100644 --- a/master.tf +++ b/master.tf @@ -24,7 +24,8 @@ resource "hcloud_server" "first_control_plane" { connection { user = "root" - private_key = file(var.private_key) + private_key = var.private_key == null ? null : file(var.private_key) + agent_identity = var.private_key == null ? file(var.public_key) : null host = self.ipv4_address } } @@ -35,7 +36,8 @@ resource "hcloud_server" "first_control_plane" { connection { user = "root" - private_key = file(var.private_key) + private_key = var.private_key == null ? null : file(var.private_key) + agent_identity = var.private_key == null ? file(var.public_key) : null host = self.ipv4_address } } @@ -43,7 +45,7 @@ resource "hcloud_server" "first_control_plane" { # Wait for k3os to be ready and fetch kubeconfig.yaml provisioner "local-exec" { command = <<-EOT - sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${var.private_key} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml + sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${var.private_key == null ? var.public_key : var.private_key} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml EOT } diff --git a/servers.tf b/servers.tf index 1510017..8972903 100644 --- a/servers.tf +++ b/servers.tf @@ -27,7 +27,8 @@ resource "hcloud_server" "control_planes" { connection { user = "root" - private_key = file(var.private_key) + private_key = var.private_key == null ? null : file(var.private_key) + agent_identity = var.private_key == null ? file(var.public_key) : null host = self.ipv4_address } } @@ -38,7 +39,8 @@ resource "hcloud_server" "control_planes" { connection { user = "root" - private_key = file(var.private_key) + private_key = var.private_key == null ? null : file(var.private_key) + agent_identity = var.private_key == null ? file(var.public_key) : null host = self.ipv4_address } } diff --git a/variables.tf b/variables.tf index 4b5c424..49756b8 100644 --- a/variables.tf +++ b/variables.tf @@ -12,6 +12,7 @@ variable "public_key" { variable "private_key" { description = "SSH private Key." type = string + default = null } variable "location" {