This Juju layer is intended to ease the development of charms that need to execute commands over SSH, such as [proxy charms].
The initial version of this charm exposed configuration values for
ssh-private-key; this approach was deeply flawed. As of TK, these fields are deprecated and only there for backwards compatibility.
On install, the layer will generate a new keypair, and expose the public key via the
ssh-public-key configuration element.
- Deploy charm that includes sshproxy layer
- Call the
ssh-public-keyaction and add it's
pubkeyoutput to the user and machine specified by
verify-ssh-credentialsaction to verify the unit can connect to the
After you've created your charm, open
interfaces.yaml and add
layer:sshproxy to the includes stanza, as shown below:
includes: ['layer:basic', 'layer:sshproxy']
This layer will set the following states:
sshproxy.configuredThis state is set when SSH credentials have been supplied to the charm.
reactive/mycharm.py, you can add logic to execute commands over SSH. This
example is run via a
start action, and starts a service running on a remote
... import charms.sshproxy @when('sshproxy.configured') @when('actions.start') def start(): """ Execute's the command, via the start action` using the configured SSH credentials """ sshproxy.ssh("service myservice start")
This layer includes a built-in
run action useful for debugging or running arbitrary commands:
$ juju run-action mycharm/0 run command=hostname Action queued with id: 014b72f3-bc02-4ecb-8d38-72bce03bbb63 $ juju show-action-output 014b72f3-bc02-4ecb-8d38-72bce03bbb63 results: output: juju-66a5f3-11 status: completed timing: completed: 2016-10-27 19:53:49 +0000 UTC enqueued: 2016-10-27 19:53:44 +0000 UTC started: 2016-10-27 19:53:48 +0000 UTC
Known Limitations and Issues
- Password-based authentication is supported, with the caveat that it is stored plaintext within the Juju controller.
- The previously-supported use of
ssh-private-keyis now DEPRECATED.
It's recommended that you implement the public key-based workflow documented above.
Configuration and Usage
This layer adds the following configuration options:
Once configure those values at any time. Once they are set, the
sshproxy.configured state flag will be toggled:
$ juju deploy mycharm ssh-hostname=10.10.10.10 ssh-username=ubuntu $ juju run-action mycharm/0 get-ssh-public-key Action queued with id: d2afaf3c-3c5a-4bc6-872b-fdb2ad4d6a45 $ juju show-action-output d2afaf3c-3c5a-4bc6-872b-fdb2ad4d6a45 results: pubkey: | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJaWMK+/wb23mPQ+5Rb0gtljpE3DkAoJQ9oU3TWppDqJGX [...] MV1DQGijCcWQ== user@myhost status: completed timing: completed: 2017-08-03 15:39:21 +0000 UTC enqueued: 2017-08-03 15:39:16 +0000 UTC started: 2017-08-03 15:39:20 +0000 UTC