Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the officially supported apache mina sshd in m2k-func #254

Merged
merged 1 commit into from
Jun 30, 2024
Merged

Use the officially supported apache mina sshd in m2k-func #254

merged 1 commit into from
Jun 30, 2024

Conversation

rgolangh
Copy link
Collaborator

The various git command we use in m2k func now uses the officially
supported ssh implementation for the transport.

Added tests to see the transport is working well with ed25519 keys

Notice - the StrictHost option is now set using a standard ssh_config
(see man ssh_config) file which is assumed to be where the key is located -
so now we can just drop the id_rsa file in a well known location along
with the rest of the .ssh files:

/etc/.ssh/config
/etc/.ssh/known_hosts
/etc/.ssh/id_rsa

Signed-off-by: Roy Golan [email protected]

@rgolangh rgolangh force-pushed the switch-to-apache-ssh branch from 47b6642 to 279096d Compare June 18, 2024 06:37
@gabriel-farache
Copy link
Collaborator

@rgolangh Please also update the manifest related to m2k-kfunc and make sure the newly needed file is also added in the initContainer and update the install readme accordingly

@rgolangh rgolangh mentioned this pull request Jun 18, 2024
Closed
1 task
@rgolangh
Copy link
Collaborator Author

@rgolangh Please also update the manifest related to m2k-kfunc and make sure the newly needed file is also added in the initContainer and update the install readme accordingly

ack , I'll also update the e2e resource in this repo

@rgolangh rgolangh force-pushed the switch-to-apache-ssh branch 3 times, most recently from 69608c3 to a3a4429 Compare June 20, 2024 12:34
rgolangh
rgolangh commented Jun 20, 2024
View reviewed changes
move2kube/m2k-func/src/main/java/dev/parodos/service/GitServiceImpl.java
session.setConfig("StrictHostKeyChecking", "no");
session.setConfig("PreferredAuthentications", "publickey");
}
var sshSessionFactory = new SshdSessionFactoryBuilder()
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that there's a good chance we don't need a custom session factory now that we can you proper .ssh config folder. If we mount the key in the supported defalt name , say id_rsa or id_ed25519 it should work out of the box. Alternatively we could say in the ssh config IdentityFile /path/to/key

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and of course make publickey the preferred auth

Host *
    PreferredAuthentications publickey

masayag
masayag reviewed Jun 23, 2024
View reviewed changes
e2e/resources/knative-service.yaml Outdated
kind: ConfigMap
metadata:
name: m2k-ssh-config
data:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ci complains for this:

Error from server (BadRequest): error when creating "e2e/resources/knative-service.yaml": ConfigMap in version "v1" cannot be handled as a ConfigMap: strict decoding error: unknown field "spec"
service.serving.knative.dev/m2k-save-transformation-func created

Copy link
Collaborator

@masayag masayag Jun 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

which is pretty funny since there isn't a real change from the previous version (only location of data was changed)

@rgolangh rgolangh force-pushed the switch-to-apache-ssh branch 5 times, most recently from 52e64d4 to 4b1aac7 Compare June 24, 2024 06:01
@rgolangh
Use the officially supported apache mina sshd in m2k-func
4b1aac7 
The various git command we use in m2k func now uses the officially
supported ssh implementation for the transport.

Added tests to see the transport is working well with ed25519 keys

Notice - the StrictHost option is now set using a standard ssh_config
(see man ssh_config) file which is assumed to be where the key is located -
so now we can just drop the id_rsa file in a well known location along
with the rest of the .ssh files:

/etc/.ssh/config
/etc/.ssh/known_hosts
/etc/.ssh/id_rsa

Signed-off-by: Roy Golan <[email protected]>
@rgolangh
Copy link
Collaborator Author

@gabriel-farache Fixed the e2e and now they run on the tip of of the PR
There is a race between the deployment of the m2k workflow and the e2e tests because there's no wait to see the workflow is visible from backstage, probably because it takes time till the data-index registers it. We should address that in another PR

@masayag masayag merged commit 49c070f into main Jun 30, 2024
5 checks passed
rgolangh added a commit to rhdhorchestrator/serverless-workflows-config that referenced this pull request Jun 30, 2024
@rgolangh
Automated PR from rhdhorchestrator/serverless-workflows#254
d6181ba
@rgolangh rgolangh mentioned this pull request Jun 30, 2024
Closed
@gabriel-farache gabriel-farache mentioned this pull request Jul 4, 2024
Merged
@masayag masayag deleted the switch-to-apache-ssh branch July 31, 2024 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@masayag masayag masayag approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rgolangh @gabriel-farache @masayag