-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ref(builder): remove etcd and confd #148
Conversation
0e702af
to
371e58f
Compare
ping @arschles |
To test deis/workflow#352 is required |
I'm very highly in favor of this, however, it looks like there are commits in this PR that aren't directly part of the narrow concern of removing etcd and confd. It's all good stuff, but should this be broken up into a few separate PRs for easier review and traceability? |
log.Info(c, "Woke up.") | ||
return true, nil | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm very happy that this is being removed!
💯
The changes in the code removes dependencies in packages (etcd and confd), the use of docker, multiples packages now are not required (Dockerfile), tests that makes no sense (interaction with workflow to read app configuration for instance), etc. which make this a difficult PR to break a part. I can remove the "replace current log with github.com/deis/pkg/log commit" but that makes no sense since I already need to update the dependencies for this PR. That said if this PR is not accepted in the current form please indicate the way to open multiples PR that depends one on another. |
|
||
client "k8s.io/kubernetes/pkg/client/unversioned" | ||
) | ||
builder_conf "github.com/deis/builder/pkg/conf" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you avoid using _
in the package name and rename this builderconf
?
@aledbf reviewed and left some comments. Also, I agree with @krancour, it would be very helpful if you could split some things out into different pull requests. Below is a list of some ideas for things to split out, each into separate PRs.
Thanks again for this change! |
a48280a
to
d2bec45
Compare
- name: github.com/aws/aws-sdk-go | ||
version: 87b1e60a50b09e4812dee560b33a238f67305804 | ||
version: "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you may have to run make glideup
to get this version back
thanks @aledbf |
func UserInfoFromKey(key string) (*UserInfo, error) { | ||
keyB64 := base64.RawURLEncoding.EncodeToString([]byte(key)) | ||
url, err := controllerURLStr("v2", "hooks", "key", keyB64) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@helgi is this the correct url endpoint /v2/hooks/key/key-base64
to get user info ? Just wanna cross check.
I think its the /v2/keys
calls keyview set
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah it's key
, I dropped the plural so the old hooks worked still under keys
(the one we will remove). It also made sense since we were querying on a singular key instead of getting many keys back.
Over the long run we should tighten up security on the controller endpoint, but that's a task for a different day. I am 💯 behind this one. I am so glad to see etcd and confd pulled out. I also did a very careful read through the SSH handling, and I think this method is good. |
And thanks, @aledbf. This was a huge PR to work through. |
@aledbf I'm testing this now |
@aledbf I tested with a deis/workflow#352 build and a build of this branch. The [info] Checking closer.
[info] Accepted connection.
[debug] Starting ssh authentication
[debug] Checking auth for user key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIqRuNwhjntdJWuAVykr/873X8zzKo6Ms1Vx70BQx0wir8TpaLZEY6CqqKDrMbHZ2Z0ZV2ZITs9fC81GqIdmmDFXZxNfx+B1lSR3ZpmZpQpprtSCevZXihIgy+ND50Hp/wk+3VU54FxhudIlJgpPjb/o5vQFhiyM3ynR5gH3slWVaq9C0TkgXCnTzukGzSTeL7wYPNmLomkrAS0nk0yRfoUZcwmD++HMgEmYlhTbnMlkB3nxzEf/JQxhY6xCHrbtNbRkINCY21dHrsrr/MvBvD8FoKnKpxHX2+HNXZbe7Xl87L9o1OuXrtR1crvq+r+1fPjaynGir07zr9mgJPxouPL/e4ppxTL//vt1kVkWWkh/B+GyXEmP38bQGYMpEA7cAndlxPlOki35JYwDNn5CENQpDp8F4+JsKIzAF1zmkBIA7ngg0cSHHilNgwZXmX7h+7nngLgFIpP8h7A9fCpAKhHUfFUj+Zgl9Xm44+sZOwVBnVijK326TgVDFTUXjE/Xwny+3ERgYwBfOwOKmusNFnS0XHbmh+qa/+D8qge5bKilq48pKHzwngM/U6OwMxmSXTuHclLLen3Ime30TOiPzAhokrVNz/Z3VAkfBuJHby68SAKUgczUEU81wz5wFEt1n1sIJ5V49KMRGaSWb+eWvW81yA7NkDSjnsMLa/IF/ADQ==
[error] Failed handshake: EOF (&{{0xc820226770}}) And this in the workflow logs: 10.168.1.1 "GET /v2/hooks/key/c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFESXFSdU53aGpudGRKV3VBVnlrci84NzNYOHp6S282TXMxVng3MEJReDB3aXI4VHBhTFpFWTZDcXFLRHJNYkhaMlowWlYyWklUczlmQzgxR3FJZG1tREZYWnhOZngrQjFsU1IzWnBtWnBRcHBydFNDZXZaWGloSWd5K05ENTBIcC93ayszVlU1NEZ4aHVkSWxKZ3BQamIvbzV2UUZoaXlNM3luUjVnSDNzbFdWYXE5QzBUa2dYQ25UenVrR3pTVGVMN3dZUE5tTG9ta3JBUzBuazB5UmZvVVpjd21EKytITWdFbVlsaFRibk1sa0Izbnh6RWYvSlF4aFk2eENIcmJ0TmJSa0lOQ1kyMWRIcnNyci9NdkJ2RDhGb0tuS3B4SFgyK0hOWFpiZTdYbDg3TDlvMU91WHJ0UjFjcnZxK3IrMWZQamF5bkdpcjA3enI5bWdKUHhvdVBML2U0cHB4VEwvL3Z0MWtWa1dXa2gvQitHeVhFbVAzOGJRR1lNcEVBN2NBbmRseFBsT2tpMzVKWXdETm41Q0VOUXBEcDhGNCtKc0tJekFGMXpta0JJQTduZ2cwY1NISGlsTmd3WlhtWDdoKzdubmdMZ0ZJcFA4aDdBOWZDcEFLaEhVZkZVaitaZ2w5WG00NCtzWk93VkJuVmlqSzMyNlRnVkRGVFVYakUvWHdueSszRVJnWXdCZk93T0ttdXNORm5TMFhIYm1oK3FhLytEOHFnZTViS2lscTQ4cEtIenduZ00vVTZPd014bVNYVHVIY2xMTGVuM0ltZTMwVE9pUHpBaG9rclZOei9aM1ZBa2ZCdUpIYnk2OFNBS1VnY3pVRVU4MXd6NXdGRXQxbjFzSUo1VjQ5S01SR2FTV2IrZVd2VzgxeUE3TmtEU2puc01MYS9JRi9BRFE9PQo HTTP/1.1" 400 - "deis-builder" And, expected output from the actual ^CENG000656:example-go aaronschlesinger$ git push deis master
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists. Any ideas on what went wrong? |
@arschles yes
yes, here https://github.com/deis/builder/pull/148/files#diff-7549650024dfe83fbb2b4fdf653c2d49R43
|
…print to controller Instead of encoded public key
…for fingerprint back
Can we just put the key in the body and not base64 encode it? Edit: I'm okay with the fingerprint strategy, too. |
@technosophos yes, we could do that, but I'd like to keep this as a standard Using a build of aledbf#1 against the standard |
Packing a huge amount of data into the URL is not good design. |
It was a huge amount of data, but now it a standard public key fingerprint. I wouldn't consider that a huge amount of data, and certainly doesn't come close to any path length restrictions I know of. |
I am definitely okay with the fingerprint, provided @helgi does not object. |
Already implemented and merged into workflow using fingerprint |
💯 @helgi |
ref(pkg/controller/utils.go,pkg/sshd/sshd.go): send public key fingerprint to the controller
type UserInfo struct { | ||
Username string | ||
Key string | ||
FingerPrint string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be Fingerprint
without InterCaps (like Username
). Not worth holding up this PR though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mboersma can you file an issue for that?
ref(builder): remove etcd and confd
@aledbf FYI I forgot to mark as |
closes #122
closes #81
Requires deis/workflow#352(merged)