-
Notifications
You must be signed in to change notification settings - Fork 92
Conversation
613846d
to
dab03c3
Compare
Great work @mishak87!!
|
This verifies functionality but requires human to run it. I could automate it further but it requires quite odd test scaffolding: setup client and server ssh + docker engine and docker cli + setup client ssh + terraform. @mavogel if this is not good enough could you point me to where other tests suites for this provider are? # export your pub key(s) in terraform pub_key variable
export TF_VAR_pub_key="$(cat ~/.ssh/*.pub)"
# launch dind container with ssh and docker accepting your PK for root user
terraform apply -target docker_container.dind
# wait for few seconds/minutes
# ssh to container to remember server keys
ssh root@localhost -p 32822 uptime
# test docker host ssh protocol
terraform apply -target docker_image.test # test case
provider "docker" {
alias = "test"
host = "ssh://root@localhost:32822"
}
resource "docker_image" "test" {
provider = "docker.test"
name = "busybox:latest"
}
# scaffolding
variable "pub_key" {
type = "string"
}
provider "docker" {}
resource "docker_image" "dind" {
name = "docker:18.09.0-dind"
}
resource "docker_container" "dind" {
depends_on = [
"docker_image.dind",
]
name = "dind"
image = "docker:18.09.0-dind"
privileged = true
start = true
command = ["/bin/sh", "-c",
<<SH
set -e
apk --no-cache add openrc
# setup sshd
apk --no-cache add openssh-server
rc-update add sshd
# setup dockerd
apk --no-cache add docker-openrc
echo DOCKERD_BINARY=/usr/local/bin/dockerd > /etc/conf.d/docker
echo DOCKERD_OPTS=--host=unix:///var/run/docker.sock >> /etc/conf.d/docker
rc-update add docker
# setup ssh for root
mkdir -p ~/.ssh
# link docker cli so root can see it
ln -s /usr/local/bin/docker /usr/bin/
# start ssh and docker
exec /sbin/init
SH
,
]
ports {
internal = 22
external = 32822
}
upload {
content = <<AUTHORIZED_KEYS
${var.pub_key}
AUTHORIZED_KEYS
file = "/root/.ssh/authorized_keys"
}
} |
ping |
FWIW, also looking forward to this! |
Looking at docker's implementation of the Ninja edit: Looks like you can define host-specific overrides in your |
Will merge this in #153 :) Thank for contributing and your patience. We will provider now updates of the provider more frequently |
Chiming in if it's possible to support bastion_host options? similar to : https://www.terraform.io/docs/provisioners/connection.html#connecting-through-a-bastion-host-with-ssh This would resolve the issue of SSH keys as well |
@PicoCreator I already had POC (which was a bit hacky) a year back: https://github.com/terraform-providers/terraform-provider-docker/tree/feat/bastion-host-new-dclient To add a jump host for providers is a bit trickier than adding for tf itself, but I'll add it in the future. A clean way would be to add to directly to the provider sdk, which every provider uses. |
This is my late night attempt to solve #112.
I tried to avoid fetching newer docker/docker/client but failed because
connhelper.GetConnectionHelper
is used forclient.WithDialContext
. It can not be hacked intoclient.WithDialer
because that requires type*net.Dialer
and not an interface 😞.I have fetched dependencies without specific version. Would be probably better to lock it to something older.
client.WithDialContext
was implemented in moby/moby@edac9240 and not changed sincegithub.com/docker/cli/cli/connhelper
package has not changed since docker/cli@99f336a5