When setting up a vagrant test kitchen, it looks like by default authentication is done via password. I would like to do it using a keypair.
I added the driver_config and ssh_key lines to my .kitchen.yml:
- name: ubuntu-14.04
When I then run
kitchen create I get many warnings like this:
default: Warning: Authentication failure. Retrying...
and finally a timeout. Although the VM is still accessible via password authentication.
So it looks like my modification to .kitchen.yml tells chef to try and connect to the box using that key pair, but it does not tell the box to have the corresponding public key in
~vagrant/.ssh/authorized_keys. What do I need to do to get this to work? And where is it documented (I couldn’t find it).
Also, in the ‘ssh_key’ line I hardcoded the path to my private key, but for other developers it will be different. Is there a way to avoid this hardcoding?
Adding a little more information. If I take the lines I added out of kitchen.yml and then destroy and recreate my kitchen, I see the following output:
default: SSH address: 127.0.0.1:2200
default: SSH username: vagrant
default: SSH auth method: private key
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
I assume that the insecure key it’s referring to is the one in
~/.vagrant.d/insecure_private_key, and indeed I cannot ssh using that key.
So where is the newly generated keypair that it’s talking about? If I can find the private key from that key pair, I’d be in business.
kitchen diagnose --all gives a path to a private key, but that private key does not work:
$ kitchen diagnose --all | grep ssh_key
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-184.108.40.206/lib/httpclient/webagent-cookie.rb:458: warning: already initialized constant HTTPClient::CookieManager
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/httpclient-220.127.116.11/lib/httpclient/cookie.rb:8: warning: previous definition of CookieManager was here
(how do i silence those warnings?)
So then this ought to work, right? But it still prompts me for a password:
$ ssh -i /Users/mylogin/chef-repo/mycookbook/.kitchen/kitchen-vagrant/kitchen-mycookbook-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key -p 2222 vagrant@localhost
So it seems that chef can communicate with the VM using the keypair (?) but I cannot. Or at least I don’t yet know how.
Is part of the problem that the second definition of
ssh_key in the output of
kitchen diagnose --all is empty?
In the your cookbooks
.kitchen/ directory there should be a yml file, something like
default-centos-72.yml and it will look like this:
Add the line
password: vagrant so that it looks like this:
Then it will work.