Test kitchen ssh_key for use with vagrant


When setting up a vagrant test kitchen, it looks like by default authentication is done via password. I would like to do it using a keypair.
I added the driver_config and ssh_key lines to my .kitchen.yml:

  - name: ubuntu-14.04
      ssh_key: "/Users/mylogin/.ssh/id_rsa"

When I then run kitchen create I get many warnings like this:

default: Warning: Authentication failure. Retrying...

and finally a timeout. Although the VM is still accessible via password authentication.

So it looks like my modification to .kitchen.yml tells chef to try and connect to the box using that key pair, but it does not tell the box to have the corresponding public key in ~vagrant/.ssh/authorized_keys. What do I need to do to get this to work? And where is it documented (I couldn’t find it).

Also, in the ‘ssh_key’ line I hardcoded the path to my private key, but for other developers it will be different. Is there a way to avoid this hardcoding?


Adding a little more information. If I take the lines I added out of kitchen.yml and then destroy and recreate my kitchen, I see the following output:

 default: SSH address:
           default: SSH username: vagrant
           default: SSH auth method: private key
           default: Vagrant insecure key detected. Vagrant will automatically replace
           default: this with a newly generated keypair for better security.
           default: Inserting generated public key within guest...
           default: Removing insecure key from the guest if it's present...
           default: Key inserted! Disconnecting and reconnecting using new SSH key...

I assume that the insecure key it’s referring to is the one in
~/.vagrant.d/insecure_private_key, and indeed I cannot ssh using that key.
So where is the newly generated keypair that it’s talking about? If I can find the private key from that key pair, I’d be in business.

More info:

kitchen diagnose --all gives a path to a private key, but that private key does not work:

$ kitchen diagnose --all | grep ssh_key
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient- warning: already initialized constant HTTPClient::CookieManager
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient- warning: previous definition of CookieManager was here
      ssh_key: "/Users/mylogin/chef-repo/mycookbook/.kitchen/kitchen-vagrant/kitchen-mycookbook-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key"

(how do i silence those warnings?)

So then this ought to work, right? But it still prompts me for a password:

$ ssh -i /Users/mylogin/chef-repo/mycookbook/.kitchen/kitchen-vagrant/kitchen-mycookbook-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key -p 2222 vagrant@localhost
vagrant@localhost's password:

So it seems that chef can communicate with the VM using the keypair (?) but I cannot. Or at least I don’t yet know how.

Is part of the problem that the second definition of ssh_key in the output of kitchen diagnose --all is empty?

In the your cookbooks .kitchen/ directory there should be a yml file, something like default-centos-72.yml and it will look like this:

port: '2222'
username: vagrant
ssh_key: "$YOURCOOKBOOKPATH/motd_rhel/.kitchen/kitchen-vagrant/kitchen-motd_rhel-default-centos-72/.vagrant/machines/default/virtualbox/private_key"
last_action: create

Add the line password: vagrant so that it looks like this:

port: '2222'
username: vagrant
password: vagrant
ssh_key: "$YOURCOOKBOOKPATH/motd_rhel/.kitchen/kitchen-vagrant/kitchen-motd_rhel-default-centos-72/.vagrant/machines/default/virtualbox/private_key"
last_action: create

Then it will work.