Terraformed Ubuntu VM on GCP instance not accessible by SSH session or private key (missing Terraform code?)

When I ssh or console to a Debian or Ubuntu VM created by Terraform, I get a prompt but cannot log in. Any suggestions? Here is what I’ve tried, and what I suspect is the issue…

  • Hitting other VMs that I manually create (“ssh -i privatekey user@ipaddress”) works (assuming I have the pub key in the VM instance), but using the Terraform code below doesn’t work.
  • I’m wondering if I need some sort of metatag or something with a user/private key and could use a nudge in the right direction.
  • From a remote computer on the same network (VPN to GCP environment), I can ping the Ubuntu VM, so I can rule out general networking issues.
  • I also tried the Google Cloud command line ( gcloud compute ssh INSTANCe_ID --zone us-east1-b"), but that didn’t work on the VMs created by Terraform, unlike VMs that I had created manually (which takes me straight to root).
esource "google_compute_instance" "web-server" {
    name                     = "web-server"
    machine_type             = "g1-small"
    zone                     = "${var.zone}"

metadata_startup_script = "echo hi > /test.txt"

service_account {
    email                = "${data.google_compute_default_service_account.default.email}"
    scopes               = ["https://www.googleapis.com/auth/devstorage.read_only",
                            "https://www.googleapis.com/auth/logging.write",
                            "https://www.googleapis.com/auth/monitoring.write",
                            "https://www.googleapis.com/auth/pubsub",
                            "https://www.googleapis.com/auth/service.management.readonly",
                            "https://www.googleapis.com/auth/servicecontrol",
                            "https://www.googleapis.com/auth/trace.append"]
}

boot_disk {
    initialize_params {
        image = "ubuntu-os-cloud/ubuntu-1804-lts"
    }
}

network_interface {
    subnetwork           = "${google_compute_subnetwork.protected-subnet.self_link}"
    network_ip           = "10.10.2.10"
access_config {
    network_tier     = "STANDARD"
}
}

scheduling {
    preemptible          = true
    automatic_restart    = false
}

metadata = {
    serial-port-enable   = "1"

    }

}

terraform --version

Terraform v0.12.12

  • provider.google v2.17.0