commit 510d181754d2c0f4e3a4b19bea2f253ad775d632
parent 9a7063871700c3294b52b52528801785674932fb
Author: Andreas Gruhler <andreas.gruhler@adfinis-sygroup.ch>
Date: Thu, 22 Aug 2019 10:11:25 +0200
add ssh public key
Diffstat:
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/Readme.md b/Readme.md
@@ -49,7 +49,7 @@ terraform output inventory > ../ansible/inventory
terraform output qemu_config > ../ansible/qemu-config.yml
# inspect the name of the key file, see instructions below
-terraform output ssh_keyfile
+terraform output ssh_private_keyfile
```
## 4 Ansible
@@ -60,7 +60,7 @@ Ansible depends on the following files written by Terraform, see section "2 Run
2. `./ansible/qemu-config.yml`: The mapping of Qemu VM ids to hostnames
Adjust variables in `./ansible/group_vars/all.yml`:
-* `ssh_identity_file`: Relative path name to the SSH privat key (output of `terraform output ssh_keyfile`)
+* `ssh_identity_file`: Relative path name to the SSH privat key (output of `terraform output ssh_private_keyfile`)
* Set `ssh_proxy_jump` and `ssh_user` if necessary
* Ensure `pve_api` points to your compiled PVE API binary
* Define `additional_users` as needed
@@ -98,7 +98,7 @@ terraform refresh
### 5.3 Retrive private key without running Terraform
If needed, retrieve the SSH key (again) without re-applying changes:
```
-terraform output ssh_key > ../ssh/id_rsa
+terraform output ssh_private_key > ../ssh/id_rsa
```
Terraform takes care of writing this private key file the first time you run `terraform apply`, however, you might want to retrieve the key again without re-running Terraform.
@@ -107,3 +107,4 @@ Terraform takes care of writing this private key file the first time you run `te
## Dependencies
* PVE API: https://github.com/Telmate/proxmox-api-go
* Terraform provider for Proxmox: https://github.com/Telmate/terraform-provider-proxmox
+
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -6,11 +6,20 @@ output "qemu_config" {
value = "${templatefile("${path.module}/templates/qemu-config.yml.tpl", { hosts = proxmox_vm_qemu.host })}"
}
-output "ssh_key" {
+output "ssh_private_key" {
value = "${tls_private_key.id_rsa.private_key_pem}"
sensitive = true
}
-output "ssh_keyfile" {
- value = "${local_file.ssh_key.filename}"
-}
-\ No newline at end of file
+output "ssh_private_keyfile" {
+ value = "${local_file.ssh_private_key.filename}"
+}
+
+output "ssh_public_key" {
+ value = "${tls_private_key.id_rsa.public_key_openssh}"
+ sensitive = true
+}
+
+output "ssh_public_keyfile" {
+ value = "${local_file.ssh_public_key.filename}"
+}
diff --git a/terraform/vms.tf b/terraform/vms.tf
@@ -56,10 +56,14 @@ resource "null_resource" "update_inventory" {
resource "tls_private_key" "id_rsa" {
algorithm = "RSA"
}
-resource "local_file" "ssh_key" {
+resource "local_file" "ssh_private_key" {
sensitive_content = "${tls_private_key.id_rsa.private_key_pem}"
filename = "${path.module}/../ssh/id_rsa"
provisioner "local-exec" {
command = "chmod 600 ${path.module}/../ssh/id_rsa"
}
-}
-\ No newline at end of file
+}
+resource "local_file" "ssh_public_key" {
+ sensitive_content = "${tls_private_key.id_rsa.public_key_openssh}"
+ filename = "${path.module}/../ssh/id_rsa.pub"
+}
