Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #803 containers keys upload #804

Merged
merged 3 commits into from
Dec 9, 2017
Merged

Fix #803 containers keys upload #804

merged 3 commits into from
Dec 9, 2017

Conversation

nh2
Copy link
Contributor

@nh2 nh2 commented Dec 8, 2017

This fixes the multiple issues I've found in #803 about stuff being broken in containers.py.

See commit messages for details.

@nh2 nh2 mentioned this pull request Dec 8, 2017
Closed
@nh2
Fix storeKeysOnMachine defaulting to True in MachineState. See NixO…
80a94c4 
…S#803.

This defaulted to True even though the nixops changelog for version 1.2
says that it was changed to False for security reasons.
@nh2
Fix keys not being deployed to containers. Fixes NixOS#803.
d625c71 
In the same fashion as in commit 985886c, container.py did not call
`set_common_state()`, so keys remained set to `{}` (and other attributes
to their default values likely as well).

`get_ssh_flags()` was incorrectly called twice, and the second time
with missing `**kwargs` thus leading to `scp` getting incorrect
parameters, such as `-p 22`, which is not a valid flag for scp,
which made uploading keys fail.
The failure error message was also very bad, I filed an OpenSSH
issue for scp at https://bugzilla.mindrot.org/show_bug.cgi?id=2809.

Finally, the code that set the home directory in container.py's
`run_command()` assumed that the passed command would be a single
command that can be prefixed like `HOME=/root ...command...`
which is not the case; the command may as well be a `(subshell)`,
in which case this failed (nixops uses a subshell for keys permission
settings to save roundtrips).
Fixed with an `export` and semicolon.
@nh2
Use a class instead of object() to model undefined.
e041873 
This has the same effect, but makes it be printed more obviously
when debugging.
@nh2 nh2 force-pushed the fix-803-containers-keys-upload branch from 1b65a9f to e041873 Compare December 8, 2017 16:04
@domenkozar
Copy link
Member

@nh2 #759 also calls send_keys(), I'd assume that's also needed.

@kevincox
Copy link
Contributor

kevincox commented Dec 8, 2017

Overall looks good. Pinging @johbo about the send_keys() call.

@johbo
Copy link
Contributor

johbo commented Dec 9, 2017

Let's merge this, we can add send_keys() also with another PR. This chunk looks good to me.

@mbld ping

@domenkozar domenkozar merged commit e7a2a8d into NixOS:master Dec 9, 2017
This was referenced Dec 9, 2017
Closed
Closed
@jraygauthier jraygauthier mentioned this pull request Dec 12, 2017
Closed
@nh2
Copy link
Contributor Author

nh2 commented Dec 22, 2017

#759 also calls send_keys(), I'd assume that's also needed.

@domenkozar @johbo @kevincox Hmm, for me it seems to have worked without an extra call to send_keys().

@johbo
Copy link
Contributor

johbo commented Dec 26, 2017

If I remember correctly, then the call to send_keys() was only needed when using nixops start to start an already existing container. Not 100% sure at the moment though, will have to give it a try.

@nh2
Copy link
Contributor Author

nh2 commented Dec 26, 2017

If I remember correctly, then the call to send_keys() was only needed when using nixops start to start an already existing container.

Ah, I see. I haven't tried nixops start with my fixes yet, only deploy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevincox kevincox kevincox approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nh2 @domenkozar @kevincox @johbo