#### Using your SSH private key
-In your local shell, simply:
+In your local shell, first:
```bash
-export SSH_PRIVKEY_PATH=$HOME/.ssh/id_rsa
+cp ~/.ssh/id_rsa{,.pub} .
+docker secret create id_rsa ~/.ssh/id_rsa
+docker secret create id_rsa.pub ~/.ssh/id_rsa.pub
```
-The teuthology container will write it to a file at runtime.
+Then, remove the entire top-level `secrets:` section from docker-compose.yml.
#### Reserving Machines in the Lab
To schedule tests in wait mode:
```bash
docker exec docker-compose_teuthology_1 /venv/bin/teuthology-suite ...
-```
\ No newline at end of file
+```
version: '3.8'
+
+secrets:
+ id_rsa:
+ file: id_rsa
+ id_rsa.pub:
+ file: id_rsa.pub
+
services:
postgres:
image: postgres:14
build:
context: ../../
dockerfile: ./containers/teuthology-dev/Dockerfile
- args:
- SSH_PRIVKEY_FILE: $SSH_PRIVKEY_FILE
depends_on:
paddles:
condition: service_healthy
- paddles
- beanstalk
environment:
- SSH_PRIVKEY:
- SSH_PRIVKEY_FILE:
MACHINE_TYPE:
TESTNODES:
TEUTHOLOGY_WAIT:
TEUTH_BRANCH:
+ secrets:
+ - id_rsa
testnode:
build:
context: ../testnode-docker-compose
- paddles
ports:
- "22"
- environment:
- SSH_PUBKEY:
+ secrets:
+ - id_rsa.pub
platform: linux/amd64
fi
# Generate an SSH keypair to use if necessary
-if [ -z "$SSH_PRIVKEY_PATH" ]; then
- SSH_PRIVKEY_PATH=$(mktemp -u /tmp/teuthology-ssh-key-XXXXXX)
- ssh-keygen -t rsa -N '' -f $SSH_PRIVKEY_PATH
- export SSH_PRIVKEY=$(cat $SSH_PRIVKEY_PATH)
- export SSH_PUBKEY=$(cat $SSH_PRIVKEY_PATH.pub)
- export SSH_PRIVKEY_FILE=id_rsa
-else
- export SSH_PRIVKEY=$(cat $SSH_PRIVKEY_PATH)
- export SSH_PRIVKEY_FILE=$(basename $SSH_PRIVKEY_PATH | cut -d. -f1)
+if [ ! -f id_rsa ]; then
+ ssh-keygen -t rsa -N '' -f id_rsa
fi
if [ -z "$TEUTHOLOGY_WAIT" ]; then
#!/usr/bin/bash
set -x
-echo "$SSH_PUBKEY" > /root/.ssh/authorized_keys
-echo "$SSH_PUBKEY" > /home/ubuntu/.ssh/authorized_keys
+cat /run/secrets/id_rsa.pub >> /root/.ssh/authorized_keys
+cat /run/secrets/id_rsa.pub >> /home/ubuntu/.ssh/authorized_keys
chown ubuntu /home/ubuntu/.ssh/authorized_keys
payload="{\"name\": \"$(hostname)\", \"machine_type\": \"testnode\", \"up\": true, \"locked\": false, \"os_type\": \"ubuntu\", \"os_version\": \"20.04\"}"
for i in $(seq 1 5); do
COPY testnode_stop.sh /
COPY testnode_sudoers /etc/sudoers.d/teuthology
RUN \
- ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' && \
+ ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' && \
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config && \
mkdir -p /root/.ssh && \
chmod 700 /root/.ssh && \
#!/usr/bin/bash
set -x
-echo "$SSH_PUBKEY" > /root/.ssh/authorized_keys
-echo "$SSH_PUBKEY" > /home/ubuntu/.ssh/authorized_keys
+cat /run/secrets/id_rsa.pub >> /root/.ssh/authorized_keys
+cat /run/secrets/id_rsa.pub >> /home/ubuntu/.ssh/authorized_keys
chown ubuntu /home/ubuntu/.ssh/authorized_keys
payload="{\"name\": \"$(hostname)\", \"machine_type\": \"testnode\", \"up\": true, \"locked\": false, \"os_type\": \"ubuntu\", \"os_version\": \"20.04\"}"
for i in $(seq 1 5); do
FROM ubuntu:latest
-ARG SSH_PRIVKEY_FILE=id_ed25519
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
apt-get install -y \
COPY containers/teuthology-dev/ansible_inventory/secrets /etc/ansible/
RUN \
mkdir $HOME/.ssh && \
- touch $HOME/.ssh/${SSH_PRIVKEY_FILE} && \
- chmod 600 $HOME/.ssh/${SSH_PRIVKEY_FILE} && \
+ touch $HOME/.ssh/id_rsa && \
+ chmod 600 $HOME/.ssh/id_rsa && \
echo "StrictHostKeyChecking=no" > $HOME/.ssh/config && \
echo "UserKnownHostsFile=/dev/null" >> $HOME/.ssh/config
-ENTRYPOINT /teuthology.sh
\ No newline at end of file
+ENTRYPOINT /teuthology.sh
#!/usr/bin/bash
set -e
-# We don't want -x yet, in case the private key is sensitive
-if [ -n "$SSH_PRIVKEY_FILE" ]; then
- echo "$SSH_PRIVKEY" > $HOME/.ssh/$SSH_PRIVKEY_FILE
-fi
source /teuthology/virtualenv/bin/activate
set -x
+cat /run/secrets/id_rsa > $HOME/.ssh/id_rsa
if [ -n "$TESTNODES" ]; then
for node in $(echo $TESTNODES | tr , ' '); do
teuthology-update-inventory -m $MACHINE_TYPE $node
projects / teuthology.git / commitdiff