Reputation: 1754
Terraform/GCP: ssh-keys not being added to metdata
I'm trying to add ssh-keys to my Google Cloud project at the project level with terraform:
resource "google_compute_project_metadata_item" "oslogin" {
project = "${google_project_services.myproject.project}"
key = "enable-oslogin"
value = "false"
}
resource "google_compute_project_metadata_item" "block-project-ssh-keys" {
project = "${google_project_services.myproject.project}"
key = "block-project-ssh-keys"
value = "false"
}
resource "google_compute_project_metadata_item" "ssh-keys" {
key = "ssh-keys"
value = "user:ssh-rsa myverylongpublickeythatireplacewithtexthereforobviousreasons [email protected]"
depends_on = [
"google_project_services.myproject",
]
}
I tried all types of combinations of the 2 metadata flags oslogin and block-project-ssh-keys, which always get set without issues. But the ssh keys never appear in GCPs web GUI let alone the authorized_keys file. I even tried adding the depends_on, to make sure the project is existent before adding the keys, but that didn't help either.
Yet, Terraform says:
google_compute_project_metadata_item.ssh-keys: Creation complete after 8s (ID: ssh-keys)
Adding the exact same key manually on the web GUI works fine. At this point I believe I have tried everything, read all the first page Google results to 'terraform gcp add ssh key' and similar queries ... I'm at my wits end.
Upvotes: 1
Views: 2574
Answers (1)
Reputation: 1754
The issue was that the ssh key was being added to a different project. I started with Google's tutorial on GCP/Terraform. This creates a generic project with the gcloud tool first. Then proceeds to create accounts using that generic project. This is necessary because you need a user to run terraform against their API. Then they create a new project facilitating these users with terraform each time you apply. The generic project created with gcloud is not being touched after the initial creation. If you omit the "project" parameter from the google_compute_project_metadata_item.ssh-keys resource, it used the generic project and added the ssh keys there - at least in my case.
Solution: explicitly add the project parameter to the metadata resource item to make sure it's being added to the right project
Upvotes: 2
Related Questions
- How to add an ssh key to an GCP instance using terraform?
- How to use Project wide ssh keys with terraform
- GCP ssh: handshake failed: ssh: unable to authenticate, attempted │ methods [none publickey], no supported methods remain
- Allow SSH access to GCP VM instances provisioned with Terraform
- How to Enable Block project-wide SSH keys in GCP using terraform
- GCP Terraform Lifecycle to ignore ssh-keys from instance metadata
- SSH connect GCP
- Terraform 0.11 google_compute_instance file provisionner ssh authentication failure
- Adding a ssh key to an GCP instance using terraform works but shows error on the console
- Terraform: can't remote-exec on a compute engine VM with generated SSH key