Update SSH keys via MCD #115
Conversation
openshift-ci-robot
added
do-not-merge/work-in-progress
|
/assign @ashcrow |
kikisdeliveryservice
force-pushed
the
mco-ssh-keys
branch
from
e4d3b04
to
325ad23
Compare
openshift-ci-robot
added
size/L
kikisdeliveryservice
force-pushed
the
mco-ssh-keys
branch
2 times, most recently
from
b4e1633
to
fc55bb4
Compare
pkg/daemon/update.go
Outdated
| break | ||
| } | ||
| } | ||
| // length of Users is different, we don't do those kinds of changes, so nope. |
There was a problem hiding this comment.
I'm stuck between an attempted addition of a new user should noop (as it's doing here) or if we should raise the irreconcilable flag as the user was attempting to do something we are not going to do. @sdemos thoughts?
pkg/daemon/update.go
Outdated
| // ssh keys are in PasswdUser.HomeDir/.ssh | ||
| path = filepath.Join(oldUsers[idx].HomeDir, ".ssh") | ||
| glog.V(2).Infof("Writing SSHKeys at %q:", path) | ||
| // write the SSHKeys |
pkg/daemon/update.go
Outdated
| glog.V(2).Infof("Writing SSHKeys at %q:", path) | ||
| // write the SSHKeys | ||
| } else { | ||
| return fmt.Errorf("Failed to write SSHKeys") |
There was a problem hiding this comment.
Once the ssh key writing is added I recommend returning the error that is bubbled up from that work OR adding a log statement with details before this return
|
Thanks @ashcrow for your thoughts! I'll incorporate them into the PR. 😺 |
kikisdeliveryservice
force-pushed
the
mco-ssh-keys
branch
from
fc55bb4
to
80b6983
Compare
openshift-ci-robot
added
size/M
kikisdeliveryservice
force-pushed
the
mco-ssh-keys
branch
from
80b6983
to
24acfda
Compare
|
/test e2e-aws |
|
/cc @openshift/sig-security |
kikisdeliveryservice
force-pushed
the
mco-ssh-keys
branch
3 times, most recently
from
0f2b84a
to
2d52841
Compare
openshift-ci-robot
added
size/L
kikisdeliveryservice
force-pushed
the
mco-ssh-keys
branch
7 times, most recently
from
a55c95d
to
bfbc6d0
Compare
|
/retest |
|
Passed manual testing, only changes made since last review:
|
|
/lgtm |
| msg := "Ignition passwd user section contains unsupported changes" | ||
| } else if len(oldIgn.Passwd.Users) > 0 && len(newIgn.Passwd.Users) >= 1 { | ||
| for _, user := range newIgn.Passwd.Users { | ||
| if user.Name != "core" { |
There was a problem hiding this comment.
Short explanation: the way Ignition works the newUsers array is actually the compilation of all the Users from all of the machineconfigs in oc get machineconfigs.
I spoke with @kikisdeliveryservice and this is a well known issue with the current ignition. She is going to write up some doc text around this as well.
| msg := "Ignition passwd user section contains unsupported changes" | ||
| } else if len(oldIgn.Passwd.Users) > 0 && len(newIgn.Passwd.Users) >= 1 { | ||
| for _, user := range newIgn.Passwd.Users { | ||
| if user.Name != "core" { |
There was a problem hiding this comment.
/cc @dustymabe, @ajeddeloh, and @darkmuggle just for visibility
| @@ -233,6 +244,29 @@ func (dn *Daemon) reconcilable(oldConfig, newConfig *mcfgv1.MachineConfig) *stri | |||
| return nil | |||
| } | |||
|
|
|||
| // verifyUserFields returns nil if the user Name = "core", if 1 or more SSHKeys exist for | |||
|
/retest |
|
Looks like @cgwalters reviewed at the same time. /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ashcrow, cgwalters The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Infra failure flake |
|
/test images |
1 similar comment
|
/test images |
|
/retest |
|
We are hitting the same image build failures in #249 Something is up with the registry in api.ci |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
/retest |
3 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/test e2e-aws |
|
My tests finally all passed and now they are rerunning. |
|
CI MERGED! 🎉 |
Allow MCD to update SSH Keys.
We are only allowing one user named "core" and only updating the field SSHAuthorizedKeys for this user.