#Dagger + terraform init command using modules in private git repositories

1 messages · Page 1 of 1 (latest)

steep thunder
#

Hello guys, we have an issue using terraform commands in a Dagger pipeline, we have a git repository that contains terraform modules written in house, the issue is when terraform init command is executed from a Dagger container we receive an error like:

Cloning into 'gitrepository-terraform-modules'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

We try the following things to solve it, without success:

  1. Setup ssh agent socket, snippet code:

Collect value of SSH_AUTH_SOCK env var, to retrieve auth socket path

ssh_auth_path = os.environ.get("SSH_AUTH_SOCK", "")

Retrieve authentication socket from host

ssh_agent_socket = client.host().unix_socket(ssh_auth_path)

out = (
c
.container()
.from_("ubuntu:latest")
.with_directory("/infrastructure", src)
.with_directory("/root/.ssh", ssh_keys, exclude=["config", "known_hosts"])
.with_workdir("/infrastructure")
.with_exec([
"wget", "https://releases.hashicorp.com/terraform/1.2.9/terraform_1.2.9_linux_amd64.zip"
])
.with_exec(["unzip", "terraform_1.2.9_linux_amd64.zip", "-d", "/usr/local/bin"])
.with_unix_socket("/tmp/ssh-agent/", ssh_agent_socket )
)

  1. Point 2 in the first comment.
#
  1. Move the ssh keys from host to dagger container:

ssh_keys = c.host().directory("/home/circleci/.ssh")

out = (
c
.container()
.from_("ubuntu:latest")
.with_directory("/infrastructure", src)
.with_directory("/root/.ssh", ssh_keys, exclude=["config", "known_hosts"])
.with_workdir("/infrastructure")
.with_exec(["apt", "update"])
.with_exec(["apt", "install", "curl", "-y"])
.with_exec(["apt", "install", "unzip", "-y"])
.with_exec(["apt", "install", "wget", "-y"])
.with_exec(["apt", "install", "git", "-y"])
.with_exec(["apt", "install", "openssh-client", "-y"])
.with_exec(["curl", "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip", "-o" "awscliv2.zip"])
.with_exec(["unzip", "awscliv2.zip"])
.with_exec(["./aws/install"])
.with_exec([
"wget", "https://releases.hashicorp.com/terraform/1.2.9/terraform_1.2.9_linux_amd64.zip"
])
.with_exec(["unzip", "terraform_1.2.9_linux_amd64.zip", "-d", "/usr/local/bin"])
.with_exec(["ssh-keyscan", "github.com", ">>", "/root/.ssh/known_hosts"])
.with_exec(["chmod", "-R", "600", "/root/.ssh"])
)

I really appreciate your help.

fleet laurel
#

Hello 👋 I'm surprised the first snippet didn't work. I'm wondering if there's some environment variables needed or something. I'll see if I can repro!

#

The line .with_exec(["ssh-keyscan", "github.com", ">>", "/root/.ssh/known_hosts"]) probably needs to be .with_exec(["sh", "-c", "ssh-keyscan github.com >> /root/.ssh/known_hosts"]) to work as expected, but I don't know if that will fully solve the issue or not

steep thunder
#

I really appreciate your help @fleet laurel , if you have a guide to follow to achieve run terraform commands like init command in a Dagger container, could be really helpful.

fleet laurel
#

I don't think we have a guide out there at the moment, but there is the #terraform channel where this user's snippet may help you #terraform message