Gathering ssh config connection issues #601
Labels
No Label
abra
abra-gandi
awaiting-feedback
backups
bug
build
ci/cd
community organising
contributing
coopcloud.tech
democracy
design
documentation
duplicate
enhancement
finance
funding
good first issue
help wanted
installer
kadabra
performance
proposal
question
recipes.coopcloud.tech
security
test
wontfix
No Milestone
No project
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/organising#601
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
First of all, why does abra even gather connection details from the ssh config? It uses
ssh -G
to parse the ssh config and reads the following connection details:hostname
,user
,port
andIdentityFile
.I came across a bug, because a user of one server was called
user
. And if you look at this lined5ac3958a4/pkg/ssh/ssh.go (L49)
it leads to crash abra with anindex out of range
Error.The next issue I came across is that I can only access my server using the
ProxyCommand
parameter. So at the moment I can not use abra deploy anything on my server.Therefore I wonder if it's not possible to let abra be completely independent of the ssh config connection details. And use ssh with the user config instead of extracting specific connection details and reusing them. I think every custom ssh config can introduce some more issues if we try to extract all necessary connection details, instead of relying on the whole ssh config.
@moritz AFAIR the
ssh -G ...
trick is to gather connection details to makeabra server add ...
gather the correct details. If we didn't do this, we'd need to add a series of flags toabra server add
which supported feeding these details in? E.g.--username
,--port
, etc.Checking the code again, I see we are invoking
/usr/bin/ssh
with some flags:DEBU[0000] commandconn: starting ssh with [-o ConnectTimeout=60 -l <user> -p <port> -- <domain> docker system dial-stdio] caller="/drone/src/pkg/upstream/commandconn/commandconn.go:49 New"
In this case,
<user>
,<port>
and<domain>
is parsed from the Docker context, not the SSH configuration. You can verify by runningdocker context ls
to see the connection details contained in a list based on whatabra server add
fed in fromssh -G ...
.So, IIUC, you're proposing to drop all flags on the
/usr/bin/ssh
invocation? And then we potentially use flags onabra server add ...
to feed inusername
,port
andhostname
?Something in this direction would be good because our tight coupling / re-working of SSH led to endless bugs and de-coupling has been better for us. This could help further. Could this also solve #482?
Ok maybe my question was the wrong one. Why does abra need these details, when are they part of the ssh config?
If you connect to a host with ssh you also don't need to specify all these flags, if you have them in your ssh config.
Why not leave and been handled by ssh?
Does docker context need these details?
From what I see in
DEBU[0000] commandconn: starting ssh with [-o ConnectTimeout=60 -l <user> -p <port> -- <domain> docker system dial-stdio] caller="/drone/src/pkg/upstream/commandconn/commandconn.go:49 New"
couldn't the ssh command use the ssh config instead of-l <user> -p <port>
?@moritz there are two needs here 1.
abra server add
2. "general ssh connectivity"For 2. I think yes, let's try to drop all options and rely on the
.ssh/config
, to be tested.For 1. this is what
abra server add
runs under the hood:docker context create --docker host=ssh://<user>@<host>:<port> <host>
and for that, we need those details. I don't know how to get them other than parsingssh -G ...
or passing them as CLI flags. Ideas?@moritz can Docker connect to this server which requires
ProxyCommand
?Yes it works also docker doesn't need all these details.
I just run:
docker context create myhostname --docker 'host=ssh://myhostname'
And I configured
myhostname
inside the~/.ssh/config
withProxyCommand
, a username and a different port and docker is able to connect.I think abra doesn't need to handle any connection details other than the hostname.
@decentral1se sounds like we can drop all options in both cases? 🤞
Oh dear dog, I've played us for absolute fools 😆 Will try rip it all out folks, thanks!
EDIT: trying to drum up some budget for this 🤑