Terraform: SSH / remote-exec provisioner fails to connect to Azure instance

Created on 21 May 2017 · 9Comments · Source: hashicorp/terraform

SSH provisioner fails to connect to Azure instance

Terraform Version

Terraform v0.9.5

Affected Resource(s)

resource "azurerm_virtual_machine"

Terraform Configuration Files

resource "azurerm_virtual_machine" "xxx01" {
name = "xxx01"
location = "xxx"
resource_group_name = "${azurerm_resource_group.xxx.name}"
network_interface_ids = ["${azurerm_network_interface.xxx.id}"]
vm_size = "Standard_A2_V2"

connection {
type = "ssh"
host = "${azurerm_public_ip.xxx_ip_pub.ip_address}"
user = "${var.ADMIN_USER}"
password = "${var.ADMIN_CREDS}"
}

provisioner "remote-exec" {
inline = [
"echo ${var.ADMIN_CREDS} | sudo -S yum update -y",
"sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm",
"sudo yum -y install puppet-agent",
"export PATH=/opt/puppetlabs/bin:$PATH"
]
}

Debug Output

Panic Output

Expected Behavior

SSH provisioner should connect to instance on the dynamically assigned public IP and run the specified commands

Actual Behavior

SSH provisioner tries to connect to a different public IP

azurerm_virtual_machine.xxx (remote-exec): Connecting to remote host via SSH...
azurerm_virtual_machine.xxx (remote-exec): Host: x.x.x.x
azurerm_virtual_machine.xxx (remote-exec): User: xxx
azurerm_virtual_machine.xxx (remote-exec): Password: true
azurerm_virtual_machine.xxx (remote-exec): Private key: false
azurerm_virtual_machine.xxx (remote-exec): SSH Agent: true

I've also tried leaving the Host details out, but the SSH provisioner still fails to connect (this time gives connection refused error message despite the fact that SSH is allowed on the VM NSG

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

terraform apply

Important Factoids

I haven't been able to confirm, but I wonder if the SSH provisioner is trying to connect to a public IP previously assigned to the VM

References

bug provideazurerm

Source

stevehwinwood

Most helpful comment

Use ${azurerm_public_ip.xxx_ip_pub.fqdn} instead.

vrenjith on 31 May 2017

👍4

All 9 comments

Just re-tested and confirmed that the SSH provisioner tries to connect to the last previously assigned (dynamic) IP that was assigned to the VM/NIC and not the currently assigned IP

stevehwinwood on 21 May 2017

I should have said originally that I'm using dynamically assigned public IPs

stevehwinwood on 21 May 2017

Confirmed that issue doesn't occur when using static public IP

stevehwinwood on 21 May 2017

Use ${azurerm_public_ip.xxx_ip_pub.fqdn} instead.

vrenjith on 31 May 2017

👍4

Hi Steve, Does the workaround that @vrenjith proposed above work for you? Please let us know if this is a blocker or if you have a workaround for the same. This will help us prioritize this appropriately.

rcarun on 2 Jun 2017

Hi, yes the workaround proposed by @vrenjith works for me, thanks both

stevehwinwood on 2 Jun 2017

Thanks Steve. Could you please go ahead and close this issue?

rcarun on 12 Jun 2017

For future travelers, I found that using fqdn didn't work unless I had the domain_name_label property on the azurerm_public_ip resource.

Obvious in retrospect, but it took me a little bit to figure out why ${azurerm_public_ip.xxx_ip_pub.fqdn} was empty.

cori on 1 Mar 2018

👍2

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.