I am learning actually Terraform and I have been trying to use it to create docker containers on a remote server. It is working but the problem is It keeps asking for the passphrase on each step. I want to enter the passphrase only once in the beginning and then have all my resources deployed. Here is my terraform code.
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = ">= 2.13.0"
}
}
}
provider "docker" {
host = "ssh://username@myserverip:22"
registry_auth {
address = "my.docker.repo"
config_file = pathexpand("~/.docker/config.json")
}
}
resource "docker_image" "nginx" {
name = "nginx:latest"
keep_locally = false
}
resource "docker_container" "nginx" {
image = docker_image.nginx.latest
name = "tutorial"
ports {
internal = 80
external = 8000
}
}
Here is the interactive output of the deployment, you can see that with each SSH command, I keep entering the passphrase.
PS C:\Users\lenovo\learn-terraform-docker-container> terraform apply
username@server's password:
docker_image.nginx: Refreshing state... [id=sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdeenginx:latest]
username@server's password:
docker_container.nginx: Refreshing state... [id=fab834920f1b0d1382be1e54a112124042e889b26fa86cbc82bb86cb9962a0f1]
username@server's password:
Unless you have made equivalent changes to your configuration, or ignored the relevant
attributes using ignore_changes, the following plan may include actions to undo or respond
to these changes.
────────────────────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# docker_container.nginx will be created
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
username@server's password
docker_container.nginx: Creating...
username@server's password:
docker_container.nginx: Still creating... [10s elapsed]
docker_container.nginx: Creation complete after 11s
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
I generated the SSH key with ssh-keygen command and I copied the key to the SSH configuration file on my local computer:
Répertoire : C:\Users\lenovo\.ssh
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 29/10/2021 15:33 316 config
-a---- 29/10/2021 15:10 1766 id_rsa
-a---- 29/10/2021 15:11 415 id_rsa.pub
-a---- 29/10/2021 14:01 5569 known_hosts
Here is the SSH config file
Host server_ip
HostName server_ip
IdentityFile "C:\Users\lenovo\.ssh\id_rsa"
User username
How can I be able to execute this code by only providing the SSH passphrase only once ?
you need to run an ssh-agent and add your identity attached to your private key to the agent. don't know how it works with windows. with linux it should work with calling each line separatly of the following code in the shell:
export DISPLAY=1 export SSH_ASKPASS=/path_to_the/script_that_echos_your_passphrase.sh eval $(ssh-agent -s) ssh-add "$HOME/.ssh/id_your_private_key" < $SSH_ASKPASS
pay attention, you also have to manage to accept the fingerprint of the ssh server at the first connection. with linux it would be something like that:
ssh-keyscan -H ip_of_your_ssh_server > ~/.ssh/known_hosts