Shell out to local SSH client as alternative to a paramiko connection

[aiordache]

We have several issues raised for failures of the paramiko SSH connection, support for SSH config option etc. Shelling out to the local ssh client may provide a better experience and it mirrors the behaviour of docker cli. We keep the paramiko connection as the default one.

To use the local ssh client instead of paramiko, we must set the parameter use_ssh_client when creating the docker client as below:

def test_ssh_client():
    client = APIClient(base_url='ssh://remote', use_ssh_client=True)

    containers = client.containers()
    print("Running container IDs:")
    for c in containers:
        print("\t{}".format(c['Id']))

Make sure we have configured key-based ssh login to the target docker host:

Host remote
	Hostname 192.168.0.10
	User root
	IdentityFile ~/test/id_rsa
	Port 22

Output

Running container IDs:
        bd07c66651afc84f4223df96f59c4ffb3ba4ebb425feb6a6e0365e1a8987a024
        8625e8663fcaaa512d54444c08d99057ca893c806e05dd702cbd1dc86764065e

Closes #2659

[chris-crone]

This might be included in the python:3.x image

[thaJeztah]

better to move this to the top of this stage, so that it doesn't re-install with every code change.

Also needs a apt-get update, --no-install-recommends, and cleaning up after

[chris-crone]

nit: \n

[chris-crone]

nit: \n

[chris-crone]

Thanks @aiordache! I think we're nearly there

[chris-crone]

nit: 19.03.13 is out now

[chris-crone]

Can we remove this? Do we know why it was added originally?

[chris-crone]

Re-ping on this as I see it's still here

[aiordache]

Undid it by mistake.

[chris-crone]

I think that curl and ssh are already in the Python 3.7 Debian image:

docker run --rm python:3.7 sh -c "which curl && which ssh"
/usr/bin/curl
/usr/bin/ssh

If there's another reason you need them, I prefer having lists like this sorted so that it's easy to check if something's being installed.

[thaJeztah]

I think with engine 20.x, we'll be able to use COPY --chmod moby/buildkit#1492

would a chmod -R work for this?

Suggested change

	RUN chmod 600 /root/.ssh/id_rsa && \
	chmod 600 /root/.ssh/id_rsa.pub
	RUN chmod -R 600 /root/.ssh/

[thaJeztah]

Suggested change

	RUN chmod 600 /root/.ssh/id_rsa && \
	chmod 600 /root/.ssh/id_rsa.pub
	RUN chmod -R 600 /root/.ssh

[chris-crone]

Once my comments are addressed, this LGTM! Thanks @aiordache!

[chris-crone]

nit: To avoid having to compute the message length separately, I would call send from sendall and use the byte count from the write() function's return.

Suggested change

	if not self.proc or self.proc.stdin.closed:
	raise Exception('SSH subprocess not initiated.'
	'connect() must be called first.')
	self.proc.stdin.write(msg)
	self.proc.stdin.flush()
	def send(self, msg):
	self.sendall(msg)
	return len(msg)
	self.send(msg)
	def send(self, msg):
	if not self.proc or self.proc.stdin.closed:
	raise Exception('SSH subprocess not initiated.'
	'connect() must be called first.')
	written = self.proc.stdin.write(msg)
	self.proc.stdin.flush()
	return written

[aiordache]

Py2.7 request library seems to have a problem if we call send from sendall. Moved the logic intro a private method to be called in these two.

[chris-crone]

Re-ping on this as I see it's still here

[chris-crone]

I haven't dived into the code but why this change?

[aiordache]

The self.run_container already appends it to the list so there is no need to do it after.