-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[crmsh-4.6] Dev: bootstrap: implement ssh-agent support (jsc#PED-5774) #1261
[crmsh-4.6] Dev: bootstrap: implement ssh-agent support (jsc#PED-5774) #1261
Conversation
1cc801b
to
a984f5b
Compare
c05d44e
to
462d1b8
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## crmsh-4.6 #1261 +/- ##
=============================================
+ Coverage 52.52% 53.06% +0.53%
=============================================
Files 83 83
Lines 25354 25617 +263
=============================================
+ Hits 13317 13593 +276
+ Misses 12037 12024 -13 ☔ View full report in Codecov by Sentry. |
cbe3b69
to
c4c0153
Compare
7890220
to
d151367
Compare
After using ssh-agent to setup a cluster, some commands will fail without adding
How about check |
@liangxin1300 However, the old I will try enabling that exception by default. |
dea47d7
to
e6f22ec
Compare
544abcd
to
af4e45f
Compare
Compare with current crmsh-4.6 code:
Above 2 lines are missing while
Above line is missing while |
Works now, thanks! |
...
Agree, "hacluster" ssh-key should be inside the cluster nodes since hawk might call for it. |
crmsh/sh.py
Outdated
if 'SSH_AUTH_SOCK' not in os.environ: | ||
buf.write('Environment variable SSH_AUTH_SOCK does not exist.') | ||
if 'SUDO_USER' in os.environ: | ||
buf.write(' Please make sure environment variables are preserved across sudo calls.') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
buf.write(' Please make sure environment variables are preserved across sudo calls.') | |
buf.write(' Probably could consider, eg. sudo --preserve-env=SSH_AUTH_SOCK .') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lacking --preserve-env=SSH_AUTH_SOCK
is only one of the possible causes of SSH_AUTH_SOCK
not found in environment variables. How about Please check whether an ssh-agent is available and consider using "sudo --preserve-env=SSH_AUTH_SOCK"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check whether ssh-agent is available and consider using "sudo --preserve-env=SSH_AUTH_SOCK"
Use Cases ========= In a typical cloud-based deployment, a server may have password-based authentication disabled for ssh, and an adminstrator's ssh public key is added to authorized_keys during initialization. For this case, it is impossible for crmsh to log into cluster node with interactive authentication and create new key pairs for further operations. Instead, crmsh can make use of the administrator's key, by authenticating ssh session with ssh-agent forwarded form the adminstrator's PC. Usage Example ============= ```sh alice@alice-pc: ~> ssh -A root@node1 root@node1:~ # crm cluster init --use-ssh-agent -y root@node1:~ # exit alice@alice-pc: ~> ssh -A root@node2 root@node2:~ # crm cluster join --use-ssh-agent -c node1 -y ```
Newly implemented KeyFileManager and AuthorizedKeyManager allow faster key swap for user `hacluster`.
59bd4b3
to
2e6a15e
Compare
…oin --use-ssh-agent`
… ClusterShell fails with 255
2e6a15e
to
6a49af9
Compare
Use Cases
In a typical cloud-based deployment, a server may have password-based
authentication disabled for ssh, and an adminstrator's ssh public key
is added to authorized_keys during initialization.
For this case, it is impossible for crmsh to log into cluster node with
interactive authentication and create new key pairs for further
operations. Instead, crmsh can make use of the administrator's key, by
authenticating ssh session with ssh-agent forwarded form the
adminstrator's PC.
Usage Example