Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optionally use ssh settings only with vagrant ssh command #1575

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

wbclark
Copy link
Contributor

@wbclark wbclark commented Sep 5, 2022

This allows bootstrapping the user on a base image, by using
default ssh settings during provisioning and user defined
ssh settings when doing vagrant ssh.

TESTING INSTRUCTIONS:

  1. Create user_playbooks/ssh-test.yml to bootstrap the user (edit the usernames to match those you will test):
---
- hosts: all
  become: true
  vars:
    unprivileged_user_username: wclark
    unprivileged_user_import_ssh_pub_key_github: wbclark

    - name: "Include unprivileged_user role"
      ansible.builtin.include_role:
        name: unprivileged_user

NOTE: As written, this requires the feature to add the user's ssh public key to authorized_keys directly from github via their github username, from #1570

  1. Add the following within vagrant/boxes.d:
fedora34-ssh-test:
  box: fedora34
  ssh_forward_agent: true
  ssh_username: wclark
  ssh_keys_only: false
  use_ssh_settings_vagrant_ssh_only: true
  ansible:
    playbook:
      - 'user_playbooks/ssh-test.yml'
  1. Make sure ssh-agent is started and your private key has been added to it

  2. Run vagrant up fedora34-ssh-test and observe this still uses the default vagrant user to run provisioning tasks, including creating the new user and managing its authorized_keys.

  3. Run vagrant ssh-config fedora34-ssh-test and observe the ssh_username from the box definition defined here, even though it was not used in step 4.

  4. Run vagrant ssh fedora34-ssh-test and observe that it authenticates as the ssh_username with credentials from the ssh-agent.

  5. As the ssh_username user, logged in on fedora34-ssh-test box, test that the ssh-agent was forwarded to the box by using the stored credentials to authenticate to github: ssh -T [email protected]

EXPECTED RESULTS: vagrant up uses the default vagrant user instead of ssh_username, while vagrant ssh-config and vagrant ssh use ssh_username. all above steps are successful

ACTUAL RESULTS (prior to this commit): vagrant up fails as it tries to use the ssh_username which doesn't exist until after provisioning has been run. It will appear to hang on waiting for ssh to become available while adding VAGRANT_LOG=debug will show it attempting the connection with the not-yet-existing user.

@wbclark wbclark force-pushed the use_ssh_settings_vagrant_ssh_only branch 6 times, most recently from a06ef31 to 992c9e3 Compare September 6, 2022 12:47
@wbclark
Copy link
Contributor Author

wbclark commented Sep 6, 2022

Pushed a fix of a bug I introduced while appeasing the linter. After re-testing it, it is once again working.

This allows bootstrapping the user on a base image, by using
default ssh settings during provisioning and user defined
ssh settings when doing `vagrant ssh`.
@wbclark wbclark force-pushed the use_ssh_settings_vagrant_ssh_only branch from 992c9e3 to 485d9b1 Compare September 8, 2022 09:28
@kirubeltadesse1
Copy link

Good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants