Generating an ssh-config as output
879 views
Skip to first unread message
Giovanni Toraldo
Jun 11, 2015, 10:47:45 AM6/11/15
to terrafo...@googlegroups.com
Hi,
I am searching a clever way to generate the equivalent of an ssh_config file for all the hosts actually running via terraform, something like:
Host ${instance_name}-${count}
Hostname ${public_ip}
Username ubuntu
and so on, for each instance.
I've made it only via an ugly copy-paste on a output variable. The ideal would be to define something like a template and then reuse it to build a local file or output text that can be easily copy-pasted in my actual ssh_config.
Thanks.
Carlos Peñas
Jun 12, 2015, 4:48:51 AM6/12/15
to terrafo...@googlegroups.com
SSH access to the terraformed machines depends a lot on the things you provision on it, terraform does not control the user the port even the availability of an SSH daemon.
Instead of an ugly copy paste you can do this with an ugly script made to suit your needs. "terraform.tfstate" is a valid json you can load via ruby (or the poison of your choice) and manipulate it the way you need, perhaps to build the sshconfig files you need. But I'm afraid this script can't be generic enough, it depends a lot on how you define your architecture, the, providers used etc.
Giovanni Toraldo
Jun 12, 2015, 5:14:19 AM6/12/15
to Carlos Peñas, terrafo...@googlegroups.com
Hi Carlos,
On Fri, Jun 12, 2015 at 10:48 AM, Carlos Peñas <thei...@gmail.com> wrote:
> Instead of an ugly copy paste you can do this with an ugly script made to
> suit your needs. "terraform.tfstate" is a valid json you can load via ruby
> (or the poison of your choice) and manipulate it the way you need, perhaps
> to build the sshconfig files you need. But I'm afraid this script can't be
> generic enough, it depends a lot on how you define your architecture, the,
> providers used etc.
in facts it is easier than I thought, thanks for the tip!
I just need to iterate over all the instances grabbing name and public IPs.
Moreover, I could try to connect with my ssh-key to found the proper
user to connect with, and then put it in the ssh-config.
(however I am using ubuntu and the default user among most provider is
simply `ubuntu`)
Have a nice day!
--
Giovanni Toraldo
Lead Developer
https://cloudesire.com
On Fri, Jun 12, 2015 at 10:48 AM, Carlos Peñas <thei...@gmail.com> wrote:
> Instead of an ugly copy paste you can do this with an ugly script made to
> suit your needs. "terraform.tfstate" is a valid json you can load via ruby
> (or the poison of your choice) and manipulate it the way you need, perhaps
> to build the sshconfig files you need. But I'm afraid this script can't be
> generic enough, it depends a lot on how you define your architecture, the,
> providers used etc.
I just need to iterate over all the instances grabbing name and public IPs.
Moreover, I could try to connect with my ssh-key to found the proper
user to connect with, and then put it in the ssh-config.
(however I am using ubuntu and the default user among most provider is
simply `ubuntu`)
Have a nice day!
--
Giovanni Toraldo
Lead Developer
https://cloudesire.com
Giovanni Toraldo
Jun 12, 2015, 5:30:23 PM6/12/15
to terrafo...@googlegroups.com
Hi all,
Cheers,
--
Giovanni Toraldo
Lead developer
Alex Dupuy
Jun 23, 2015, 4:50:05 AM6/23/15
to terrafo...@googlegroups.com
Giovanni Toraldo posted a link:
If anyone is interested, I've put the ruby script to generate the ssh_config by parsing the terraform.tfstate file on a gist:
This is quite nice. Another approach to the problem in general would be to have a local_exec provisioner that runs and updates ssh_config - this could be expanded from your script but could also go further and e.g. update known_hosts file with new host keys as well, if those were present as outputs.
Miguel Cruz
Jun 23, 2015, 5:00:18 AM6/23/15
to Alex Dupuy, terrafo...@googlegroups.com
I know this is a Terraform distro but... Why not use exported resources in puppet? Pretty sure chef and ansible have something like that too.
I've used exported resources to populate and manage hosts files.
Just a suggestion ;)
-Miguel
--
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To post to this group, send email to terrafo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/1748b614-56fe-4cc1-bfdb-e16e412a9c9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Dave Cunningham
Jun 23, 2015, 1:48:44 PM6/23/15
to Miguel Cruz, Alex Dupuy, terrafo...@googlegroups.com
Since we're sharing stories, I use Terraform to create a public DNS record for everything that has a public ip. That's sufficient for debugging (particularly for ssh access). For actual discovery of services I put the load balancer ip in the /etc/hosts file of everything that needs to use it. The load balancer ip is a separate ip resource so never gets changed (even if you recreate the loadbalancer).
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAA-WovFXayjN16DrMDqLhbcHqC36jdgrikqtFtaFdPnCGqLTFA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages