From 6818cebd7ca3797fdc8dde17adbc510263bce99e Mon Sep 17 00:00:00 2001 From: Dov Alperin Date: Mon, 30 Jan 2023 15:51:11 -0500 Subject: [PATCH 1/2] Do ssh_auth --- Dockerfile | 2 +- pkg/flypg/node.go | 50 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 59499758..1663e1d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ LABEL fly.pg-version=${PG_VERSION} LABEL fly.pg-manager=repmgr RUN apt-get update && apt-get install --no-install-recommends -y \ - ca-certificates iproute2 postgresql-$PG_MAJOR_VERSION-repmgr curl bash dnsutils vim procps jq pgbouncer \ + ca-certificates iproute2 postgresql-$PG_MAJOR_VERSION-repmgr curl bash dnsutils vim procps jq pgbouncer ssh \ && apt autoremove -y COPY --from=0 /fly/bin/* /usr/local/bin diff --git a/pkg/flypg/node.go b/pkg/flypg/node.go index e63edacc..0eef839a 100644 --- a/pkg/flypg/node.go +++ b/pkg/flypg/node.go @@ -188,6 +188,11 @@ func (n *Node) Init(ctx context.Context) error { } } + err := WriteSSHKey() + if err != nil { + return fmt.Errorf("failed initialize ssh. %v", err) + } + store, err := state.NewStore() if err != nil { return fmt.Errorf("failed initialize cluster state store: %s", err) @@ -240,6 +245,44 @@ func (n *Node) Init(ctx context.Context) error { return nil } +func WriteSSHKey() error { + err := os.Mkdir("/data/.ssh", 0700) + if err != nil && !os.IsExist(err) { + return err + } + + key := os.Getenv("SSH_KEY") + + keyFile, err := os.Create("/data/.ssh/id_rsa") + if err != nil { + return err + } + defer keyFile.Close() + _, err = keyFile.Write([]byte(key)) + if err != nil { + return err + } + + cert := os.Getenv("SSH_CERT") + + certFile, err := os.Create("/data/.ssh/id_rsa-cert.pub") + if err != nil { + return err + } + defer certFile.Close() + _, err = certFile.Write([]byte(cert)) + if err != nil { + return err + } + + err = setSSHOwnership() + if err != nil { + return err + } + + return nil +} + // PostInit are operations that should be executed against a running Postgres on boot. func (n *Node) PostInit(ctx context.Context) error { if ZombieLockExists() { @@ -702,6 +745,13 @@ func openConnection(parentCtx context.Context, host string, database string, cre return pgx.ConnectConfig(ctx, conf) } +func setSSHOwnership() error { + cmdStr := fmt.Sprintf("chmod 600 %s %s", "/data/.ssh/id_rsa", "/data/.ssh/id_rsa-cert.pub") + cmd := exec.Command("sh", "-c", cmdStr) + _, err := cmd.Output() + return err +} + func setDirOwnership() error { pgUser, err := user.Lookup("postgres") if err != nil { From a219eb4d378dfae9ecc14b0a93ed809c7ccc29a0 Mon Sep 17 00:00:00 2001 From: Dov Alperin Date: Tue, 31 Jan 2023 00:47:32 -0500 Subject: [PATCH 2/2] fix ssh opts for repmgr --- pkg/flypg/repmgr.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/flypg/repmgr.go b/pkg/flypg/repmgr.go index 754d7eb3..e69cb9f9 100644 --- a/pkg/flypg/repmgr.go +++ b/pkg/flypg/repmgr.go @@ -127,6 +127,7 @@ func (r *RepMgr) setDefaults() { "location": r.Region, "primary_visibility_consensus": true, "failover_validation_command": fmt.Sprintf("'/usr/local/bin/failover_validation -visible-nodes %%v -total-nodes %%t'"), + "ssh_options": "'-o \"StrictHostKeyChecking=no\"'", "priority": 100, }