[arvados] created: 2.6.0-192-g4d095628f
git repository hosting
git at public.arvados.org
Tue May 23 17:56:25 UTC 2023
at 4d095628f05fae2d2609b91dc12d0f44434b8aa2 (commit)
commit 4d095628f05fae2d2609b91dc12d0f44434b8aa2
Author: Tom Clegg <tom at curii.com>
Date: Tue May 23 13:56:06 2023 -0400
20522: Load dispatch key from file if configured as file:///...
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>
diff --git a/lib/cloud/cloudtest/cmd.go b/lib/cloud/cloudtest/cmd.go
index 0ec79e117..95fb2b50c 100644
--- a/lib/cloud/cloudtest/cmd.go
+++ b/lib/cloud/cloudtest/cmd.go
@@ -18,7 +18,6 @@ import (
"git.arvados.org/arvados.git/lib/dispatchcloud"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
- "golang.org/x/crypto/ssh"
)
var Command command
@@ -65,9 +64,9 @@ func (command) RunCommand(prog string, args []string, stdin io.Reader, stdout, s
if err != nil {
return 1
}
- key, err := ssh.ParsePrivateKey([]byte(cluster.Containers.DispatchPrivateKey))
+ key, err := config.LoadSSHKey(cluster.Containers.DispatchPrivateKey)
if err != nil {
- err = fmt.Errorf("error parsing configured Containers.DispatchPrivateKey: %s", err)
+ err = fmt.Errorf("error loading Containers.DispatchPrivateKey: %s", err)
return 1
}
driver, ok := dispatchcloud.Drivers[cluster.Containers.CloudVMs.Driver]
diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index 8203a94de..197d3c37b 100644
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -1051,6 +1051,10 @@ Clusters:
# cloud dispatcher for executing containers on worker VMs.
# Begins with "-----BEGIN RSA PRIVATE KEY-----\n"
# and ends with "\n-----END RSA PRIVATE KEY-----\n".
+ #
+ # Use "file:///absolute/path/to/key" to load the key from a
+ # separate file instead of embedding it in the configuration
+ # file.
DispatchPrivateKey: ""
# Maximum time to wait for workers to come up before abandoning
diff --git a/lib/config/load.go b/lib/config/load.go
index 9269ddf27..d504f7796 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -26,6 +26,7 @@ import (
"github.com/imdario/mergo"
"github.com/prometheus/client_golang/prometheus"
"github.com/sirupsen/logrus"
+ "golang.org/x/crypto/ssh"
"golang.org/x/sys/unix"
)
@@ -690,3 +691,17 @@ func (ldr *Loader) RegisterMetrics(reg *prometheus.Registry) {
vec.WithLabelValues(hash).Set(float64(ldr.loadTimestamp.UnixNano()) / 1e9)
reg.MustRegister(vec)
}
+
+// Load an SSH private key from the given confvalue, which is either
+// the literal key or an absolute path to a file containing the key.
+func LoadSSHKey(confvalue string) (ssh.Signer, error) {
+ if fnm := strings.TrimPrefix(confvalue, "file://"); fnm != confvalue && strings.HasPrefix(fnm, "/") {
+ keydata, err := os.ReadFile(fnm)
+ if err != nil {
+ return nil, err
+ }
+ return ssh.ParsePrivateKey(keydata)
+ } else {
+ return ssh.ParsePrivateKey([]byte(confvalue))
+ }
+}
diff --git a/lib/config/load_test.go b/lib/config/load_test.go
index a19400c19..9a0417908 100644
--- a/lib/config/load_test.go
+++ b/lib/config/load_test.go
@@ -912,3 +912,10 @@ func (s *LoadSuite) TestGetFilesystemSize(c *check.C) {
c.Check(err, check.IsNil)
c.Logf("getFilesystemSize(%q) == %v", path, size)
}
+
+func (s *LoadSuite) TestLoadSSHKey(c *check.C) {
+ cwd, err := os.Getwd()
+ c.Assert(err, check.IsNil)
+ _, err = LoadSSHKey("file://" + cwd + "/../dispatchcloud/test/sshkey_dispatch")
+ c.Check(err, check.IsNil)
+}
diff --git a/lib/dispatchcloud/dispatcher.go b/lib/dispatchcloud/dispatcher.go
index 06a558d5f..217ee3950 100644
--- a/lib/dispatchcloud/dispatcher.go
+++ b/lib/dispatchcloud/dispatcher.go
@@ -15,6 +15,7 @@ import (
"time"
"git.arvados.org/arvados.git/lib/cloud"
+ "git.arvados.org/arvados.git/lib/config"
"git.arvados.org/arvados.git/lib/controller/dblock"
"git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/lib/dispatchcloud/container"
@@ -137,7 +138,7 @@ func (disp *dispatcher) initialize() {
disp.stop = make(chan struct{}, 1)
disp.stopped = make(chan struct{})
- if key, err := ssh.ParsePrivateKey([]byte(disp.Cluster.Containers.DispatchPrivateKey)); err != nil {
+ if key, err := config.LoadSSHKey(disp.Cluster.Containers.DispatchPrivateKey); err != nil {
disp.logger.Fatalf("error parsing configured Containers.DispatchPrivateKey: %s", err)
} else {
disp.sshKey = key
diff --git a/lib/dispatchcloud/worker/pool.go b/lib/dispatchcloud/worker/pool.go
index 4bf969358..1cb02b3cf 100644
--- a/lib/dispatchcloud/worker/pool.go
+++ b/lib/dispatchcloud/worker/pool.go
@@ -906,6 +906,9 @@ func (wp *Pool) Instances() []InstanceView {
// KillInstance destroys a cloud VM instance. It returns an error if
// the given instance does not exist.
func (wp *Pool) KillInstance(id cloud.InstanceID, reason string) error {
+ wp.setupOnce.Do(wp.setup)
+ wp.mtx.Lock()
+ defer wp.mtx.Unlock()
wkr, ok := wp.workers[id]
if !ok {
return errors.New("instance not found")
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list