How to use provisioned private key for `connection` / `provisioner` API
ephemer opened this issue · comments
Hi, just wondering what you consider the best way to use the provisioner "file" / "remote-exec" APIs with an ssh private key provisioned with the lambdalabs provider?
Right now I have this, which doesn't work:
resource "lambdalabs_ssh_key" "primary" {
name = "terraform"
}
resource "local_sensitive_file" "ssh_private_key" {
content = lambdalabs_ssh_key.primary.private_key
filename = "~/.ssh/${lambdalabs_ssh_key.primary.name}.pem"
file_permission = 0600
}
resource "lambdalabs_instance" "my_instance" {
region_name = "us-west-1"
instance_type_name = "gpu_1x_a10"
ssh_key_names = [
lambdalabs_ssh_key.primary.name
]
connection {
type = "ssh"
user = "ubuntu"
private_key = local_sensitive_file.ssh_private_key.filename
host = self.ip
}
provisioner "file" {
source = "requirements.txt"
destination = "~/"
}
provisioner "remote-exec" {
inline = [
"pip3 install -r requirements.txt",
]
}
}
It would be ideal if we could just write:
connection {
...
private_key = lambdalabs_ssh_key.primary.private_key
}
directly, but there is a mismatch in the datatypes currently.
How do you normally achieve this? In the example you are referencing a local private key directly, but that goes against the recommendation of the repo to use a private key provisioned by the provider.
I think you should use private_key = file(local_sensitive_file.ssh_private_key.filename)
to get the content of your private key. The private_key
isn't a file path.
Ok so lambdalabs_ssh_key.primary.private_key
will just work then probably, which is what I was looking for in the first place. Thanks!