[arvados] updated: 2.6.2-15-g2ff6936b4

git repository hosting git at public.arvados.org
Mon Jun 5 19:43:51 UTC 2023 

Summary of changes:
 lib/cloud/cloudtest/cmd.go       |  5 ++---
 lib/config/config.default.yml    |  4 ++++
 lib/config/load.go               | 15 +++++++++++++++
 lib/config/load_test.go          |  7 +++++++
 lib/dispatchcloud/dispatcher.go  |  3 ++-
 lib/dispatchcloud/worker/pool.go |  3 +++
 6 files changed, 33 insertions(+), 4 deletions(-)

       via  2ff6936b4275637dcb1b57274f0b8d3e57789534 (commit)
      from  be529d229fbc486e56a71628dd514e5e74455120 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 2ff6936b4275637dcb1b57274f0b8d3e57789534
Author: Tom Clegg <tom at curii.com>
Date:   Mon Jun 5 15:16:11 2023 -0400

    Merge branch '20522-load-dispatch-priv-key'
    
    closes #20522
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/cloud/cloudtest/cmd.go b/lib/cloud/cloudtest/cmd.go
index b3a262c7e..0c1049b76 100644
--- a/lib/cloud/cloudtest/cmd.go
+++ b/lib/cloud/cloudtest/cmd.go
@@ -18,7 +18,6 @@ import (
 	"git.arvados.org/arvados.git/lib/dispatchcloud"
 	"git.arvados.org/arvados.git/sdk/go/arvados"
 	"git.arvados.org/arvados.git/sdk/go/ctxlog"
-	"golang.org/x/crypto/ssh"
 )
 
 var Command command
@@ -65,9 +64,9 @@ func (command) RunCommand(prog string, args []string, stdin io.Reader, stdout, s
 	if err != nil {
 		return 1
 	}
-	key, err := ssh.ParsePrivateKey([]byte(cluster.Containers.DispatchPrivateKey))
+	key, err := config.LoadSSHKey(cluster.Containers.DispatchPrivateKey)
 	if err != nil {
-		err = fmt.Errorf("error parsing configured Containers.DispatchPrivateKey: %s", err)
+		err = fmt.Errorf("error loading Containers.DispatchPrivateKey: %s", err)
 		return 1
 	}
 	driver, ok := dispatchcloud.Drivers[cluster.Containers.CloudVMs.Driver]
diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 9dc1d3e47..3c5dce6ea 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -1050,6 +1050,10 @@ Clusters:
       # cloud dispatcher for executing containers on worker VMs.
       # Begins with "-----BEGIN RSA PRIVATE KEY-----\n"
       # and ends with "\n-----END RSA PRIVATE KEY-----\n".
+      #
+      # Use "file:///absolute/path/to/key" to load the key from a
+      # separate file instead of embedding it in the configuration
+      # file.
       DispatchPrivateKey: ""
 
       # Maximum time to wait for workers to come up before abandoning
diff --git a/lib/config/load.go b/lib/config/load.go
index 9269ddf27..d504f7796 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -26,6 +26,7 @@ import (
 	"github.com/imdario/mergo"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/crypto/ssh"
 	"golang.org/x/sys/unix"
 )
 
@@ -690,3 +691,17 @@ func (ldr *Loader) RegisterMetrics(reg *prometheus.Registry) {
 	vec.WithLabelValues(hash).Set(float64(ldr.loadTimestamp.UnixNano()) / 1e9)
 	reg.MustRegister(vec)
 }
+
+// Load an SSH private key from the given confvalue, which is either
+// the literal key or an absolute path to a file containing the key.
+func LoadSSHKey(confvalue string) (ssh.Signer, error) {
+	if fnm := strings.TrimPrefix(confvalue, "file://"); fnm != confvalue && strings.HasPrefix(fnm, "/") {
+		keydata, err := os.ReadFile(fnm)
+		if err != nil {
+			return nil, err
+		}
+		return ssh.ParsePrivateKey(keydata)
+	} else {
+		return ssh.ParsePrivateKey([]byte(confvalue))
+	}
+}
diff --git a/lib/config/load_test.go b/lib/config/load_test.go
index a19400c19..9a0417908 100644
--- a/lib/config/load_test.go
+++ b/lib/config/load_test.go
@@ -912,3 +912,10 @@ func (s *LoadSuite) TestGetFilesystemSize(c *check.C) {
 	c.Check(err, check.IsNil)
 	c.Logf("getFilesystemSize(%q) == %v", path, size)
 }
+
+func (s *LoadSuite) TestLoadSSHKey(c *check.C) {
+	cwd, err := os.Getwd()
+	c.Assert(err, check.IsNil)
+	_, err = LoadSSHKey("file://" + cwd + "/../dispatchcloud/test/sshkey_dispatch")
+	c.Check(err, check.IsNil)
+}
diff --git a/lib/dispatchcloud/dispatcher.go b/lib/dispatchcloud/dispatcher.go
index e982736ff..e3b4b251d 100644
--- a/lib/dispatchcloud/dispatcher.go
+++ b/lib/dispatchcloud/dispatcher.go
@@ -15,6 +15,7 @@ import (
 	"time"
 
 	"git.arvados.org/arvados.git/lib/cloud"
+	"git.arvados.org/arvados.git/lib/config"
 	"git.arvados.org/arvados.git/lib/controller/dblock"
 	"git.arvados.org/arvados.git/lib/ctrlctx"
 	"git.arvados.org/arvados.git/lib/dispatchcloud/container"
@@ -137,7 +138,7 @@ func (disp *dispatcher) initialize() {
 	disp.stop = make(chan struct{}, 1)
 	disp.stopped = make(chan struct{})
 
-	if key, err := ssh.ParsePrivateKey([]byte(disp.Cluster.Containers.DispatchPrivateKey)); err != nil {
+	if key, err := config.LoadSSHKey(disp.Cluster.Containers.DispatchPrivateKey); err != nil {
 		disp.logger.Fatalf("error parsing configured Containers.DispatchPrivateKey: %s", err)
 	} else {
 		disp.sshKey = key
diff --git a/lib/dispatchcloud/worker/pool.go b/lib/dispatchcloud/worker/pool.go
index 3de207ffa..1d600e370 100644
--- a/lib/dispatchcloud/worker/pool.go
+++ b/lib/dispatchcloud/worker/pool.go
@@ -908,6 +908,9 @@ func (wp *Pool) Instances() []InstanceView {
 // KillInstance destroys a cloud VM instance. It returns an error if
 // the given instance does not exist.
 func (wp *Pool) KillInstance(id cloud.InstanceID, reason string) error {
+	wp.setupOnce.Do(wp.setup)
+	wp.mtx.Lock()
+	defer wp.mtx.Unlock()
 	wkr, ok := wp.workers[id]
 	if !ok {
 		return errors.New("instance not found")

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list