github.com/atsaki/terraform@v0.4.3-0.20150919165407-25bba5967654/website/source/docs/provisioners/connection.html.markdown (about)

     1  ---
     2  layout: "docs"
     3  page_title: "Provisioner Connections"
     4  sidebar_current: "docs-provisioners-connection"
     5  description: |-
     6    Many provisioners require access to the remote resource. For example, a provisioner may need to use SSH or WinRM to connect to the resource.
     7  ---
     8  
     9  # Provisioner Connections
    10  
    11  Many provisioners require access to the remote resource. For example,
    12  a provisioner may need to use SSH or WinRM to connect to the resource.
    13  
    14  Terraform uses a number of defaults when connecting to a resource, but these
    15  can be overridden using `connection` block in either a `resource` or `provisioner`.
    16  Any `connection` information provided in a `resource` will apply to all the
    17  provisioners, but it can be scoped to a single provisioner as well. One use case
    18  is to have an initial provisioner connect as root to setup user accounts, and have
    19  subsequent provisioners connect as a user with more limited permissions.
    20  
    21  ## Example usage
    22  
    23  ```
    24  # Copies the file as the root user using SSH
    25  provisioner "file" {
    26      source = "conf/myapp.conf"
    27      destination = "/etc/myapp.conf"
    28      connection {
    29          user = "root"
    30          password = "${var.root_password}"
    31      }
    32  }
    33  
    34  # Copies the file as the Administrator user using WinRM
    35  provisioner "file" {
    36      source = "conf/myapp.conf"
    37      destination = "C:/App/myapp.conf"
    38      connection {
    39          type = "winrm"
    40          user = "Administrator"
    41          password = "${var.admin_password}"
    42      }
    43  }
    44  ```
    45  
    46  ## Argument Reference
    47  
    48  **The following arguments are supported by all connection types:**
    49  
    50  * `type` - The connection type that should be used. Valid types are "ssh" and "winrm"
    51    This defaults to "ssh".
    52  
    53  * `user` - The user that we should use for the connection. Defaults to "root" when
    54    using type "ssh" and defaults to "Administrator" when using type "winrm".
    55  
    56  * `password` - The password we should use for the connection. In some cases this is
    57    provided by the provider.
    58  
    59  * `host` - The address of the resource to connect to. This is provided by the provider.
    60  
    61  * `port` - The port to connect to. Defaults to 22 when using type "ssh" and defaults
    62    to 5985 when using type "winrm".
    63  
    64  * `timeout` - The timeout to wait for the connection to become available. This defaults
    65    to 5 minutes. Should be provided as a string like "30s" or "5m".
    66  
    67  * `script_path` - The path used to copy scripts to meant for remote execution.
    68  
    69  **Additional arguments only supported by the "ssh" connection type:**
    70  
    71  * `key_file` - The SSH key to use for the connection. This takes preference over the
    72    password if provided.
    73  
    74  * `agent` - Set to false to disable using ssh-agent to authenticate.
    75  
    76  **Additional arguments only supported by the "winrm" connection type:**
    77  
    78  * `https` - Set to true to connect using HTTPS instead of HTTP.
    79  
    80  * `insecure` - Set to true to not validate the HTTPS certificate chain.
    81  
    82  * `cacert` - The CA certificate to validate against.
    83  
    84  <a id="bastion"></a>
    85  ## Connecting through a Bastion Host with SSH
    86  
    87  The `ssh` connection additionally supports the following fields to facilitate a
    88  [bastion host](https://en.wikipedia.org/wiki/Bastion_host) connection.
    89  
    90  * `bastion_host` - Setting this enables the bastion Host connection. This host
    91    will be connected to first, and the `host` connection will be made from there.
    92  
    93  * `bastion_port` - The port to use connect to the bastion host. Defaults to the
    94    value of `port`.
    95  
    96  * `bastion_user` - The user to use to connect to the bastion host. Defaults to
    97    the value of `user`.
    98  
    99  * `bastion_password` - The password we should use for the bastion host.
   100    Defaults to the value of `password`.
   101  
   102  * `bastion_key_file` - The SSH key to use for the bastion host. Defaults to the
   103    value of `key_file`.