From 5c1ed37ff5e26d19a6092c19d909315b2856f944 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 14 Oct 2017 20:35:41 -0700 Subject: [PATCH] Add SSH key to user "debug" during disk-install phase * Avoid adding SSH authorized key for user "core" during the disk install, so that terraform apply cannot SSH until post-install --- .../kubernetes/cl/container-linux-install.yaml.tmpl | 7 ++++++- bare-metal/container-linux/pxe-worker/ssh.tf | 2 +- docs/bare-metal.md | 3 --- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/bare-metal/container-linux/kubernetes/cl/container-linux-install.yaml.tmpl b/bare-metal/container-linux/kubernetes/cl/container-linux-install.yaml.tmpl index 6fed906f..1371ec76 100644 --- a/bare-metal/container-linux/kubernetes/cl/container-linux-install.yaml.tmpl +++ b/bare-metal/container-linux/kubernetes/cl/container-linux-install.yaml.tmpl @@ -32,6 +32,11 @@ storage: systemctl reboot passwd: users: - - name: core + # Avoid using standard name "core" so terraform apply cannot SSH until post-install. + - name: debug + create: + groups: + - sudo + - docker ssh_authorized_keys: - {{.ssh_authorized_key}} diff --git a/bare-metal/container-linux/pxe-worker/ssh.tf b/bare-metal/container-linux/pxe-worker/ssh.tf index 77263b65..3d57ac1c 100644 --- a/bare-metal/container-linux/pxe-worker/ssh.tf +++ b/bare-metal/container-linux/pxe-worker/ssh.tf @@ -1,5 +1,5 @@ # Secure copy kubeconfig to all nodes to activate kubelet.service -resource "null_resource" "copy-kubeconfig" { +resource "null_resource" "copy-secrets" { count = "${length(var.worker_names)}" connection { diff --git a/docs/bare-metal.md b/docs/bare-metal.md index f84f3c55..b4548afb 100644 --- a/docs/bare-metal.md +++ b/docs/bare-metal.md @@ -243,9 +243,6 @@ module.bare-metal-mercury.null_resource.copy-secrets.1: Still creating... (10s e Apply will then loop until it can successfully copy credentials to each machine and start the one-time Kubernetes bootstrap service. Proceed to the next step while this loops. -!!! note "" - You may see `terraform apply` fail to `copy-secrets` if it connects before the disk install has completed. Run terraform apply until it reconciles successfully. - ### Power Power on each machine with the boot device set to `pxe` for the next boot only.