KVM with Terraform: SSH permission denied (Cloud-Init)

Question

I have a KVM host. I'm using Terraform to create some virtual servers using KVM provider. Here's the relevant section of the Terraform file:

provider "libvirt" {
  uri = "qemu+ssh://root@192.168.60.7"
}

resource "libvirt_volume" "ubuntu-qcow2" {
  count = 1
  name = "ubuntu-qcow2-${count.index+1}"
  pool = "default"
  source = "https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img"
  format = "qcow2"
}

resource "libvirt_network" "vm_network" {
   name = "vm_network"
   mode = "bridge"
   bridge = "br0"
   addresses = ["192.168.60.224/27"]
   dhcp {
    enabled = true
   }
}

# Use CloudInit to add our ssh-key to the instance
resource "libvirt_cloudinit_disk" "commoninit" {
    name = "commoninit.iso"
    pool = "default" 
    user_data = "data.template_file.user_data.rendered"
    network_config = "data.template_file.network_config.rendered"
}

data "template_file" "user_data" {
  template = file("${path.module}/cloud_config.yaml")
}

data "template_file" "network_config" {
  template = file("${path.module}/network_config.yaml")
}

The cloud_config.yaml file contains the following info:

manage_etc_hosts: true
users:
  - name: ubuntu
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    home: /home/ubuntu
    shell: /bin/bash
    lock_passwd: false
    ssh-authorized-keys:
      - ${file("/path/to/keyfolder/homelab.pub")}
ssh_pwauth: false
disable_root: false
chpasswd:
  list: |
     ubuntu:linux
  expire: False
package_update: true
packages:
    - qemu-guest-agent
growpart:
  mode: auto
  devices: ['/']

The server gets created successfully, I can ping the device from the host on which I ran the Terraform script. I cannot seem to login through SSH though despite the fact that I pass my SSH key through the cloud-init file.

From the folder where all my keys are stored I run:

homecomputer:keyfolder wim$ ssh -i homelab ubuntu@192.168.80.86
ubuntu@192.168.60.86: Permission denied (publickey).

In this command, homelab is my private key.

Any reasons why I cannot login? Any way to debug? I cannot login to the server now to debug. I tried setting the passwd in the cloud-config file but that also does not work

*** Additional information

1) the rendered template is as follows:

 > data.template_file.user_data.rendered

manage_etc_hosts: true
users:
  - name: ubuntu
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: users, admin
    home: /home/ubuntu
    shell: /bin/bash
    lock_passwd: false
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1y***Homelab_Wim
ssh_pwauth: false
disable_root: false
chpasswd:
  list: |
     ubuntu:linux
  expire: False
package_update: true
packages:
    - qemu-guest-agent
growpart:
  mode: auto
  devices: ['/']

Answer 1

i , i had the same problem . i had resolved in this way:

• user_data = data.template_file.user_data.rendered

without double quote!

Answer 2

I also faced the same problem, because i'm missing the fisrt line

#cloud-config 

in the cloudinit.cfg file

Answer 3

You need to add libvirt_cloudinit_disk resource to add ssh-key to VM, code from my TF-script:

# Use CloudInit ISO to add ssh-key to the instance
resource "libvirt_cloudinit_disk" "commoninit" {
          count = length(var.hostname)
          name = "${var.hostname[count.index]}-commoninit.iso"
          #name = "${var.hostname}-commoninit.iso"
          # pool = "default"
          user_data = data.template_file.user_data[count.index].rendered
          network_config = data.template_file.network_config.rendered