Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backends/none: don't use _ssh_private_key if its corresponding public key hasn't been deployed yet #364

Merged
merged 1 commit into from Dec 8, 2015

Conversation

basvandijk
Copy link
Member

@aszlig I think this should fix #361. I haven't tested it yet but will do that tomorrow.

The boolean attribute none.sshPublicKeyDeployed is added to the
NoneState and defaults to False. It indicates whether the SSH public key
has been deployed to the target. If it's False the get_ssh_flags()
function will not set the corresponding private key as the identity.

none.sshPublicKeyDeployed will be set to True after activating the
configuration. From then on get_ssh_flags() will set the identity to the
corresponding private key allowing nixops to authenticate itself using
the keypair stored in its DB.

… key hasn't been deployed yet

This should fix NixOS#361.

The boolean attribute none.sshPublicKeyDeployed is added to the
NoneState and defaults to False. It indicates whether the SSH public key
has been deployed to the target. If it's False the get_ssh_flags()
function will not set the corresponding private key as the identity.

none.sshPublicKeyDeployed will be set to True after activating the
configuration. From then on get_ssh_flags() will set the identity to the
corresponding private key allowing nixops to authenticate itself using
the keypair stored in its DB.
@basvandijk
Copy link
Member Author

I've now tested this and it works perfectly.

@aszlig aszlig self-assigned this Dec 1, 2015
@aszlig aszlig merged commit 8d7a4bf into NixOS:master Dec 8, 2015
aszlig added a commit that referenced this pull request Dec 8, 2015
Also closes #361.

This makes sure that machines that are already deployed using the "none"
backend get the right public key before even attempting to connect
blindly.

To make sure this works even with new deployments, I successfully ran
the VM test for the "none" backend.
@domenkozar
Copy link
Member

it's very unfortunate we track this state. I don't really understand why it's needed, what does -i prevent really?

@basvandijk
Copy link
Member Author

@domenkozar if -i is set and the corresponding public key hasn't been deployed yet SSH won't be able to sign in.

The motivation is described in #361.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Can't deploy none backend due to public key not being present
3 participants