cmd/kola: teach spawn to put local SSH keys into userdata #796
Conversation
|
Yes yes yes! I haven't looked into what the go library support for this would be, but it would be better to connect to the ssh-agent or maybe do that and read the files in .ssh? Just reading the files wont support users (like me) with gpg-derived ssh keys. |
|
You could copy your public key to |
|
I think using the ssh-agent would be nice; if you don't want to implement it, I will as a followup. I just checked whether it's easy to talk to the agent in golang, and it seems pretty simple; here's the sample program I wrote which prints public keys. |
| @@ -405,6 +421,13 @@ func (c *Conf) copyKeysIgnitionV21(keys []*agent.Key) { | |||
| for _, key := range keys { | |||
| keyObjs = append(keyObjs, v21types.SSHAuthorizedKey(key.String())) | |||
| } | |||
| for i := range c.ignitionV21.Passwd.Users { | |||
There was a problem hiding this comment.
note, in all these loops we can use for _, user := ... The usual iter-value-reused thing doesn't apply to us here because of the early return.
I think it is a bit more readable to do that in all these loops
There was a problem hiding this comment.
That's what I had first and it was broken. Those are slices of structs, not slices of references to structs, and we're modifying one of them in place.
There was a problem hiding this comment.
Oh, whoops. Missed that '&' there, you're right.
cmd/kola/spawn.go
Outdated
| cmdSpawn.Flags().IntVarP(&spawnNodeCount, "nodecount", "c", 1, "number of nodes to spawn") | ||
| cmdSpawn.Flags().StringVarP(&spawnUserData, "userdata", "u", "", "file containing userdata to pass to the instances") | ||
| cmdSpawn.Flags().BoolVarP(&spawnDetach, "detach", "t", false, "-v --shell=false --remove=false, plus -k if -u not set") |
There was a problem hiding this comment.
I can see how this flag is useful, but the -k conditionally defaulting is kinda weird. Maybe -k should always default true, and have the restriction of conflicting with -u removed?
I'm not going to argue particularly strongly since it only seems a little odd
cmd/kola/spawn.go
Outdated
| if spawnNodeCount <= 0 { | ||
| return fmt.Errorf("Cluster Failed: nodecount must be one or more") | ||
| } | ||
|
|
||
| var userdata *conf.UserData | ||
| if spawnUserData != "" { | ||
| if spawnSetSSHKeys && spawnUserData != "" { | ||
| return fmt.Errorf("Cannot set SSH keys if userdata is specified") |
There was a problem hiding this comment.
It seems like we could support -k -u... by merging in the user's ssh keys. Is there a reason not to do that? Just simplicity?
It is true that if -u is used it generally should already have ssh keys, but it doesn't seem like they have to conflict
When adding the agent's SSH keys to an Ignition config that already has some, add them to the existing "core" user object rather than creating another object that overrides the existing one.
Add them to the Conf during UserData.Render().
|
Updated. Now supports keys from SSH agent and doesn't conflict with custom userdata. |
cmd/kola/spawn.go
Outdated
| } | ||
| for _, name := range []string{"id_rsa.pub", "id_dsa.pub", "id_ecdsa.pub", "id_ed25519.pub"} { | ||
| path := filepath.Join(userInfo.HomeDir, ".ssh", name) | ||
| if _, err := os.Stat(path); !os.IsNotExist(err) { |
There was a problem hiding this comment.
I think we want err == nil here; as is this check would pass if there were a different error (such as permission denied)
There was a problem hiding this comment.
In that case, the current code causes an error an when we try to read the file later on, which I think is the right thing? The alternative is silently ignoring key files that are broken in some way.
There was a problem hiding this comment.
Since this is in "guess the keys" code anyways, it seems to me like silently ignoring fs errors fits, but my opinion isn't all that strong
Disable the functionality by default. Co-authored-by: Euan Kemp <euan.kemp@coreos.com>
If --remove=false, the ID is useful for terminating the machine afterward.
Sugar for launching a machine with local SSH keys, printing its ID and IP, and exiting.
To use, run
kola spawn -k.Also add
kola spawn {-t,--detach}, which is sugar for starting a machine, injecting local SSH keys, printing its ID and IP, and exiting.