I'm trying to run the below code on IBM cloud to provision different resources, all of them get created but the VSI/VM instance is having issues with the public key but not sure whats going on, here is the code test.tf:
# Configure the IBM Cloud Provider
provider "ibm" {
ibmcloud_api_key = "${var.ibmcloud_api_key}"
generation = 2
region = "us-south"
}
###################Reources###################
#VPC
resource "ibm_is_vpc" "vpc1" {
name = "vpc1"
}
#Subnet for the VPC
resource "ibm_is_subnet" "subnet1" {
name = "subnet1"
vpc = ibm_is_vpc.vpc1.id
zone = "${var.zone1}"
ipv4_cidr_block = "10.240.0.0/24"
}
#Second Subnet for bastion VSI
resource "ibm_is_subnet" "subnet2" {
name = "subnet2"
vpc = ibm_is_vpc.vpc1.id
zone = "${var.zone1}"
ipv4_cidr_block = "10.240.1.0/24"
public_gateway = "${ibm_is_public_gateway.gateway.id}"
}
#Public Gateway
resource "ibm_is_public_gateway" "gateway" {
name = "gateway"
vpc = ibm_is_vpc.vpc1.id
zone = "${var.zone1}"
}
#data SSH
resource "ibm_is_ssh_key" "ssh_public_key" {
name = "testssh"
public_key = var.ssh_public_key
}
#VSI
resource "ibm_is_instance" "vm1" {
name = "vm1"
image = "${var.image}"
profile = "${var.profile}"
zone = "${var.zone1}"
keys = [ibm_is_ssh_key.ssh_public_key.id]
vpc = ibm_is_vpc.vpc1.id
primary_network_interface {
subnet = ibm_is_subnet.subnet2.id
}
network_interfaces {
name = "eth1"
subnet = ibm_is_subnet.subnet2.id
}
}
Here is the variables file variables.tf:
#variables
#API Key top connect to my IBM Cloud
variable "ibmcloud_api_key" {
default = "9lsRdBjb70PlwxxxxxxxxxxxxxxxxxxxLdf6"
}
##What zone I want to use
#IBMcloud regions would help to get the regions/zones
variable "zone1" {
default = "us-south-1"
}
#SVSI image template
#ibmcloud is image command
variable "image" {
default = "6aec77ca-ab4a-459e-81dc-6e5ec9f99d4a" #centos minimal
}
#SSH key for the VMs/VSIs for provisioning
variable "ssh_public_key" {
default = "C:/Users/User.Name/ibmkey.pub"
}
#VSI config
#ibmcloud is instance-profiles command
variable "profile" {
default = "bc1-2x8" #2CPUs and 8GB of RAM
}
Here is the Error output after running apply:
Error: [DEBUG] Create SSH Key illegal base64 data at input byte 1
{
"StatusCode": 400,
"Headers": {
"Cache-Control": [
"max-age=0, no-cache, no-store, must-revalidate"
],
"Cf-Cache-Status": [
"DYNAMIC"
],
"Cf-Ray": [
"5b8ab320e9c4b959-MIA"
],
"Cf-Request-Id": [
"042a8e48910000b959aa8fe200000001"
],
"Connection": [
"keep-alive"
],
"Content-Length": [
"187"
],
"Content-Security-Policy": [
"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"
],
"Content-Type": [
"application/json; charset=utf-8"
],
"Date": [
"Sun, 26 Jul 2020 02:30:37 GMT"
],
"Expect-Ct": [
"max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\""
],
"Expires": [
"-1"
],
"Pragma": [
"no-cache"
],
"Server": [
"cloudflare"
],
"Set-Cookie": [
"__cfduid=dab8eaaa41dc1d2e24658e3191d0e3d881595730636; expires=Tue, 25-Aug-20 02:30:36 GMT; path=/; domain=.iaas.cloud.ibm.com; HttpOnly; SameSite=Lax; Secure"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
],
"Vary": [
"Accept-Encoding"
],
"X-Content-Type-Options": [
"nosniff"
],
"X-Request-Id": [
"7ff3ada5-02e8-4fb2-a1f2-5fa9ca4da415"
],
"X-Trace-Id": [
"7108b437f9d18820"
],
"X-Xss-Protection": [
"1; mode=block"
]
},
"Result": {
"errors": [
{
"code": "key_parse_failure",
"message": "illegal base64 data at input byte 1",
"target": {
"name": "key.public_key",
"type": "field"
}
}
],
"trace": "7ff3ada5-02e8-4fb2-a1f2-5fa9ca4da415"
},
"RawResult": null
}
on test1.tf line 51, in resource "ibm_is_ssh_key" "ssh_public_key":
51: resource "ibm_is_ssh_key" "ssh_public_key" {
Any idea???
I think what's happening here is that you're specifying your SSH public key as a filename rather than as an actual public key definition, so the provider is sending the literal string C:/Users/User.Name/ibmkey.pub as your key, rather than the contents of that file.
I'm not familiar enough with this provider to be sure, but I think it is expecting you to already have read that file and to pass its content as the public_key argument of ibm_is_ssh_key.
The two main options for how to proceed here would be to either pass the content of the file when you set the ssh_public_key variable, making it the caller's responsibility to read the file into memory first, or to change your module to read the given file into memory itself:
resource "ibm_is_ssh_key" "ssh_public_key" {
name = "testssh"
public_key = file(var.ssh_public_key)
}
According to the provider source code, most of this error message is being returned directly from the remote API, so if reading the file also doesn't work you may need to consult the documentation for this POST /keys API operation to learn what format it is expecting for its key.public_key argument, and then match that format in your Terraform configuration.