github.com/adrian-bl/terraform@v0.7.0-rc2.0.20160705220747-de0a34fc3517/website/source/docs/provisioners/connection.html.markdown

github.com/adrian-bl/terraform@v0.7.0-rc2.0.20160705220747-de0a34fc3517/website/source/docs/provisioners/connection.html.markdown (about)

     1  ---
     2  layout: "docs"
     3  page_title: "Provisioner Connections"
     4  sidebar_current: "docs-provisioners-connection"
     5  description: |-
     6    Many provisioners require access to the remote resource. For example, a provisioner may need to use SSH or WinRM to connect to the resource.
     7  ---
     8  
     9  # Provisioner Connections
    10  
    11  Many provisioners require access to the remote resource. For example,
    12  a provisioner may need to use SSH or WinRM to connect to the resource.
    13  
    14  Terraform uses a number of defaults when connecting to a resource, but these
    15  can be overridden using `connection` block in either a `resource` or `provisioner`.
    16  Any `connection` information provided in a `resource` will apply to all the
    17  provisioners, but it can be scoped to a single provisioner as well. One use case
    18  is to have an initial provisioner connect as root to setup user accounts, and have
    19  subsequent provisioners connect as a user with more limited permissions.
    20  
    21  ## Example usage
    22  
    23  ```
    24  # Copies the file as the root user using SSH
    25  provisioner "file" {
    26      source = "conf/myapp.conf"
    27      destination = "/etc/myapp.conf"
    28      connection {
    29          user = "root"
    30          password = "${var.root_password}"
    31      }
    32  }
    33  
    34  # Copies the file as the Administrator user using WinRM
    35  provisioner "file" {
    36      source = "conf/myapp.conf"
    37      destination = "C:/App/myapp.conf"
    38      connection {
    39          type = "winrm"
    40          user = "Administrator"
    41          password = "${var.admin_password}"
    42      }
    43  }
    44  ```
    45  
    46  ## Argument Reference
    47  
    48  **The following arguments are supported by all connection types:**
    49  
    50  * `type` - The connection type that should be used. Valid types are "ssh" and "winrm"
    51    This defaults to "ssh".
    52  
    53  * `user` - The user that we should use for the connection. Defaults to "root" when
    54    using type "ssh" and defaults to "Administrator" when using type "winrm".
    55  
    56  * `password` - The password we should use for the connection. In some cases this is
    57    provided by the provider.
    58  
    59  * `host` - The address of the resource to connect to. This is provided by the provider.
    60  
    61  * `port` - The port to connect to. Defaults to 22 when using type "ssh" and defaults
    62    to 5985 when using type "winrm".
    63  
    64  * `timeout` - The timeout to wait for the connection to become available. This defaults
    65    to 5 minutes. Should be provided as a string like "30s" or "5m".
    66  
    67  * `script_path` - The path used to copy scripts meant for remote execution.
    68  
    69  **Additional arguments only supported by the "ssh" connection type:**
    70  
    71  * `private_key` - The contents of an SSH key to use for the connection. These can
    72    be loaded from a file on disk using the [`file()` interpolation
    73    function](/docs/configuration/interpolation.html#file_path_). This takes
    74    preference over the password if provided.
    75  
    76  * `agent` - Set to false to disable using ssh-agent to authenticate. On Windows the
    77    only supported SSH authentication agent is
    78    [Pageant](http://the.earth.li/~sgtatham/putty/0.66/htmldoc/Chapter9.html#pageant)
    79  
    80  **Additional arguments only supported by the "winrm" connection type:**
    81  
    82  * `https` - Set to true to connect using HTTPS instead of HTTP.
    83  
    84  * `insecure` - Set to true to not validate the HTTPS certificate chain.
    85  
    86  * `cacert` - The CA certificate to validate against.
    87  
    88  <a id="bastion"></a>
    89  ## Connecting through a Bastion Host with SSH
    90  
    91  The `ssh` connection additionally supports the following fields to facilitate a
    92  [bastion host](https://en.wikipedia.org/wiki/Bastion_host) connection.
    93  
    94  * `bastion_host` - Setting this enables the bastion Host connection. This host
    95    will be connected to first, and the `host` connection will be made from there.
    96  
    97  * `bastion_port` - The port to use connect to the bastion host. Defaults to the
    98    value of `port`.
    99  
   100  * `bastion_user` - The user to use to connect to the bastion host. Defaults to
   101    the value of `user`.
   102  
   103  * `bastion_password` - The password we should use for the bastion host.
   104    Defaults to the value of `password`.
   105  
   106  * `bastion_private_key` - The contents of an SSH key file to use for the bastion
   107    host. These can be loaded from a file on disk using the [`file()`
   108    interpolation function](/docs/configuration/interpolation.html#file_path_).
   109    Defaults to the value of `private_key`.
   110  
   111  ## Deprecations
   112  
   113  These are supported for backwards compatibility and may be removed in a
   114  future version:
   115  
   116  * `key_file` - A path to or the contents of an SSH key to use for the
   117    connection. These can be loaded from a file on disk using the [`file()`
   118    interpolation function](/docs/configuration/interpolation.html#file_path_).
   119    This takes preference over the password if provided.
   120  
   121  * `bastion_key_file` - The contents of an SSH key file to use for the bastion
   122    host. These can be loaded from a file on disk using the [`file()`
   123    interpolation function](/docs/configuration/interpolation.html#file_path_).
   124    Defaults to the value of `key_file`.