Skip to content
This repository has been archived by the owner on Dec 11, 2020. It is now read-only.

Add support for ssh protocol #113

Closed
wants to merge 2 commits into from

Conversation

mishak87
Copy link

@mishak87 mishak87 commented Dec 23, 2018

This is my late night attempt to solve #112.

I tried to avoid fetching newer docker/docker/client but failed because connhelper.GetConnectionHelper is used for client.WithDialContext. It can not be hacked into client.WithDialer because that requires type *net.Dialer and not an interface 😞.

I have fetched dependencies without specific version. Would be probably better to lock it to something older.
client.WithDialContext was implemented in moby/moby@edac9240 and not changed since
github.com/docker/cli/cli/connhelper package has not changed since docker/cli@99f336a5

@mishak87 mishak87 changed the title Add support for ssh protocol #112 Add support for ssh protocol Dec 23, 2018
@mavogel mavogel added this to the v1.2.0 milestone Dec 26, 2018
@mavogel mavogel mentioned this pull request Dec 26, 2018
3 tasks
@mavogel
Copy link
Contributor

mavogel commented Dec 26, 2018

Great work @mishak87!!

  • Could you provide a test or test setup to verify that it is working as expected? Maybe a terraform file with setting up an EC2 instance (this may help you). Or a Docker machine or Vagrant setup.
  • I opened Update to Docker 18.09 #114 to update to the latest docker version

@mishak87
Copy link
Author

mishak87 commented Dec 27, 2018

This verifies functionality but requires human to run it. I could automate it further but it requires quite odd test scaffolding: setup client and server ssh + docker engine and docker cli + setup client ssh + terraform.

@mavogel if this is not good enough could you point me to where other tests suites for this provider are?

# export your pub key(s) in terraform pub_key variable
export TF_VAR_pub_key="$(cat ~/.ssh/*.pub)"

# launch dind container with ssh and docker accepting your PK for root user
terraform apply -target docker_container.dind

# wait for few seconds/minutes

# ssh to container to remember server keys
ssh root@localhost -p 32822 uptime

# test docker host ssh protocol
terraform apply -target docker_image.test
# test case
provider "docker" {
  alias = "test"

  host = "ssh://root@localhost:32822"
}

resource "docker_image" "test" {
  provider = "docker.test"
  name     = "busybox:latest"
}

# scaffolding
variable "pub_key" {
  type = "string"
}

provider "docker" {}

resource "docker_image" "dind" {
  name = "docker:18.09.0-dind"
}

resource "docker_container" "dind" {
  depends_on = [
    "docker_image.dind",
  ]

  name  = "dind"
  image = "docker:18.09.0-dind"

  privileged = true

  start    = true

  command = ["/bin/sh", "-c",
    <<SH
    set -e
    apk --no-cache add openrc
    
    # setup sshd
    apk --no-cache add openssh-server
    rc-update add sshd

    # setup dockerd
    apk --no-cache add docker-openrc
    echo DOCKERD_BINARY=/usr/local/bin/dockerd > /etc/conf.d/docker
    echo DOCKERD_OPTS=--host=unix:///var/run/docker.sock >> /etc/conf.d/docker
    rc-update add docker

    # setup ssh for root
    mkdir -p ~/.ssh

    # link docker cli so root can see it
    ln -s /usr/local/bin/docker /usr/bin/

    # start ssh and docker
    exec /sbin/init
    SH
    ,
  ]

  ports {
    internal = 22
    external = 32822
  }

  upload {
    content = <<AUTHORIZED_KEYS
      ${var.pub_key}
      AUTHORIZED_KEYS

    file = "/root/.ssh/authorized_keys"
  }
}

@mishak87
Copy link
Author

ping

@jareware
Copy link

jareware commented Mar 5, 2019

FWIW, also looking forward to this!

@jareware
Copy link

jareware commented Mar 7, 2019

Looking at docker's implementation of the ssh:// protocol for DOCKER_HOST, doesn't look like you can provide a specific SSH key with it..? I assume that would be quite useful, as the host probably has a non-default SSH key used to provision it.

Ninja edit: Looks like you can define host-specific overrides in your ~/.ssh/config, but still not incredibly convenient.

@mavogel mavogel modified the milestones: v1.4.0, v1.2.0 May 26, 2019
@mavogel mavogel mentioned this pull request May 26, 2019
@mavogel
Copy link
Contributor

mavogel commented May 26, 2019

Will merge this in #153 :) Thank for contributing and your patience. We will provider now updates of the provider more frequently

@mavogel mavogel closed this May 26, 2019
@PicoCreator
Copy link

Chiming in if it's possible to support bastion_host options? similar to : https://www.terraform.io/docs/provisioners/connection.html#connecting-through-a-bastion-host-with-ssh

This would resolve the issue of SSH keys as well

@mavogel
Copy link
Contributor

mavogel commented Jun 6, 2019

@PicoCreator I already had POC (which was a bit hacky) a year back: https://github.com/terraform-providers/terraform-provider-docker/tree/feat/bastion-host-new-dclient

To add a jump host for providers is a bit trickier than adding for tf itself, but I'll add it in the future. A clean way would be to add to directly to the provider sdk, which every provider uses.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants