Skip to content

Optionally use ssh settings only with vagrant ssh command#1575

Open
wbclark wants to merge 1 commit intotheforeman:masterfrom
wbclark:use_ssh_settings_vagrant_ssh_only
Open

Optionally use ssh settings only with vagrant ssh command#1575
wbclark wants to merge 1 commit intotheforeman:masterfrom
wbclark:use_ssh_settings_vagrant_ssh_only

Conversation

@wbclark
Copy link
Contributor

@wbclark wbclark commented Sep 5, 2022

This allows bootstrapping the user on a base image, by using
default ssh settings during provisioning and user defined
ssh settings when doing vagrant ssh.

TESTING INSTRUCTIONS:

  1. Create user_playbooks/ssh-test.yml to bootstrap the user (edit the usernames to match those you will test):
---
- hosts: all
  become: true
  vars:
    unprivileged_user_username: wclark
    unprivileged_user_import_ssh_pub_key_github: wbclark

    - name: "Include unprivileged_user role"
      ansible.builtin.include_role:
        name: unprivileged_user

NOTE: As written, this requires the feature to add the user's ssh public key to authorized_keys directly from github via their github username, from #1570

  1. Add the following within vagrant/boxes.d:
fedora34-ssh-test:
  box: fedora34
  ssh_forward_agent: true
  ssh_username: wclark
  ssh_keys_only: false
  use_ssh_settings_vagrant_ssh_only: true
  ansible:
    playbook:
      - 'user_playbooks/ssh-test.yml'

  1. Make sure ssh-agent is started and your private key has been added to it

  2. Run vagrant up fedora34-ssh-test and observe this still uses the default vagrant user to run provisioning tasks, including creating the new user and managing its authorized_keys.

  3. Run vagrant ssh-config fedora34-ssh-test and observe the ssh_username from the box definition defined here, even though it was not used in step 4.

  4. Run vagrant ssh fedora34-ssh-test and observe that it authenticates as the ssh_username with credentials from the ssh-agent.

  5. As the ssh_username user, logged in on fedora34-ssh-test box, test that the ssh-agent was forwarded to the box by using the stored credentials to authenticate to github: ssh -T [email protected]

EXPECTED RESULTS: vagrant up uses the default vagrant user instead of ssh_username, while vagrant ssh-config and vagrant ssh use ssh_username. all above steps are successful

ACTUAL RESULTS (prior to this commit): vagrant up fails as it tries to use the ssh_username which doesn't exist until after provisioning has been run. It will appear to hang on waiting for ssh to become available while adding VAGRANT_LOG=debug will show it attempting the connection with the not-yet-existing user.

@wbclark wbclark force-pushed the use_ssh_settings_vagrant_ssh_only branch 6 times, most recently from a06ef31 to 992c9e3 Compare September 6, 2022 12:47
@wbclark
Copy link
Contributor Author

wbclark commented Sep 6, 2022

Pushed a fix of a bug I introduced while appeasing the linter. After re-testing it, it is once again working.

@wbclark
Optionally use ssh settings only with vagrant ssh command
485d9b1 
This allows bootstrapping the user on a base image, by using
default ssh settings during provisioning and user defined
ssh settings when doing `vagrant ssh`.
@wbclark wbclark force-pushed the use_ssh_settings_vagrant_ssh_only branch from 992c9e3 to 485d9b1 Compare September 8, 2022 09:28
@kirubeltadesse1
Copy link

kirubeltadesse1 commented Dec 11, 2022

Good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wbclark @kirubeltadesse1