Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot "ssh-add" since version 1.3 #10

Closed
mbrodala opened this issue Oct 7, 2019 · 6 comments
Closed

Cannot "ssh-add" since version 1.3 #10

mbrodala opened this issue Oct 7, 2019 · 6 comments
Assignees
@lmakarov
Labels
bug
Projects
Docksal 1.13.0

Comments

@mbrodala
Copy link

mbrodala commented Oct 7, 2019

We are using the following service setup in our docker-compose.yml:

version: 3

services:
  ssh-agent:
    image: docksal/ssh-agent:1.2
    volumes:
      - ssh-agent:/.ssh-agent

  ssh-key:
    image: docksal/ssh-agent:1.2
    command: ['bash', '-c', 'ssh-add - </tmp/host-ssh/id_rsa']
    depends_on:
      - ssh-agent
    volumes:
      - $HOME/.ssh:/tmp/host-ssh:ro
      - ssh-agent:/.ssh-agent

volumes:
  ssh-agent:

While this works perfectly fine it fails since version 1.3 of this image.

With version 1.2:

$ docker-compose ps
                Name                              Command                       State                         Ports               
---------------------------------------------------------------------------------------------------------------------------------- 
project_ssh-agent_1                    docker-entrypoint.sh ssh-agent   Up (healthy)                                     
project_ssh-key_1                      docker-entrypoint.sh bash  ...   Exit 0

With version 1.3:

$ docker-compose ps
                Name                              Command                       State                         Ports               
---------------------------------------------------------------------------------------------------------------------------------- 
project_ssh-agent_1                    docker-entrypoint.sh ssh-agent   Up (healthy)                                     
project_ssh-key_1                      docker-entrypoint.sh bash  ...   Exit 2                                
$ docker-compose logs ssh-key
Attaching to project_ssh-key_1
ssh-key_1        | Error connecting to agent: No such file or directory

The /.ssh-agent directory in the ssh-agent service looks fine if just that service is (re)started:

$ docker-compose exec ssh-agent ls -la /.ssh-agent
total 8
drwxr-xr-x    2 root     root          4096 Oct  7 12:48 .
drwxr-xr-x    1 root     root          4096 Oct  7 12:46 ..
srw-rw-rw-    1 root     root             0 Oct  7 12:48 proxy-socket
srw-------    1 root     root             0 Oct  7 12:48 socket

However, as soon as the ssh-key service is executed, the socket files in this directory disappear. The logs of ssh-agent do not show anything useful:

ssh-agent_1      | Creating proxy socket...
ssh-agent_1      | Launching ssh-agent...
ssh-agent_1      | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1      | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1      | echo Agent pid 1;

Any idea what's going on? For now we need to stick with version 1.2.
@lmakarov
Copy link
Member

lmakarov commented Oct 7, 2019

@mbrodala Looks like you are using this image outside of it's primary intended use case - with Docksal - which is exciting! Mind sharing some details? :)

However, as soon as the ssh-key service is executed, the socket files in this directory disappear.

Here's why:
https://github.com/docksal/service-ssh-agent/blob/develop/bin/docker-entrypoint.sh#L8-L9

That line moved in the entrypoint script of the image and is now executed unconditionally. You'd have to override the container ENTRYPOINT in the ssh-key service, so the stock one is not triggered, e.g.:

version: "3"

services:
  ssh-agent:
    image: docksal/ssh-agent:1.3
    volumes:
      - ssh-agent:/.ssh-agent

  ssh-key:
    image: docksal/ssh-agent:1.3
    entrypoint: ['bash', '-c']
    command: ['ssh-add - </tmp/host-ssh/id_rsa']
    depends_on:
      - ssh-agent
    volumes:
      - $HOME/.ssh:/tmp/host-ssh:ro
      - ssh-agent:/.ssh-agent

volumes:
  ssh-agent:

$ docker-compose up -d
Creating volume "ssh-agent_ssh-agent" with default driver
Creating ssh-agent_ssh-agent_1 ... done
Creating ssh-agent_ssh-key_1   ... done

$ docker-compose logs
Attaching to ssh-agent_ssh-key_1, ssh-agent_ssh-agent_1
ssh-agent_1  | Creating proxy socket...
ssh-agent_1  | Launching ssh-agent...
ssh-agent_1  | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1  | echo Agent pid 1;
ssh-agent_1  | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1  | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1  | debug1: process_message: socket 1 (fd=4) type 17
ssh-key_1    | Identity added: (stdin) ((stdin))

@lmakarov lmakarov self-assigned this Oct 7, 2019
@mbrodala
Copy link
Author

mbrodala commented Oct 8, 2019

@mbrodala Looks like you are using this image outside of it's primary intended use case - with Docksal - which is exciting! Mind sharing some details? :)

I didn't even know Docksal is a thing. ;-) We only use this for a basic local development setup, so basically something like Docksal. ;-)

However, as soon as the ssh-key service is executed, the socket files in this directory disappear.

Here's why:
https://github.com/docksal/service-ssh-agent/blob/develop/bin/docker-entrypoint.sh#L8-L9

That line moved in the entrypoint script of the image and is now executed unconditionally. You'd have to override the container ENTRYPOINT in the ssh-key service, so the stock one is not triggered, e.g.:

Thanks, I'll try that. However I think it would be a good idea to move the socket file cleanup right before the socat calls in the entrypoint.

@lmakarov lmakarov mentioned this issue Oct 8, 2019
Merged
@lmakarov
Copy link
Member

lmakarov commented Oct 8, 2019

However I think it would be a good idea to move the socket file cleanup right before the socat calls in the entrypoint.

@mbrodala agreed. Released a hotfix v1.3.1. docker pull docksal/ssh-agent:1.3 to update

@lmakarov lmakarov added the bug label Oct 8, 2019
@lmakarov lmakarov added this to To do in Docksal 1.13.0 via automation Oct 8, 2019
@lmakarov lmakarov moved this from To do to Done in Docksal 1.13.0 Oct 8, 2019
@lmakarov lmakarov removed the question label Oct 8, 2019
@mbrodala
Copy link
Author

Hm, for some reason the issue remains with version 1.3. And there is no tag for 1.3.1.

@lmakarov
Copy link
Member

@mbrodala did you do docker pull docksal/ssh-agent:1.3? We do not tag hotfix releases on Docker Hub.

@mbrodala
Copy link
Author

Yes, I tried that version but without any change. Here's the current state locally:

docker image ls docksal/ssh-agent
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docksal/ssh-agent   latest              335da72f134e        11 days ago         14.3MB
docksal/ssh-agent   1.3                 dba471f4f7f1        11 days ago         14.3MB
docksal/ssh-agent   1.2                 13bd896a38e9        6 months ago        14.3MB

Now that I saw that the ID is outdated I ran docker pull docksal/ssh-agent:1.3 and got the latest state now:

docker image ls docksal/ssh-agent
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docksal/ssh-agent   1.3                 1d4d27359922        5 days ago          14.3MB
docksal/ssh-agent   latest              335da72f134e        11 days ago         14.3MB
docksal/ssh-agent   <none>              dba471f4f7f1        11 days ago         14.3MB
docksal/ssh-agent   1.2                 13bd896a38e9        6 months ago        14.3MB

And now I can use version 1.3 just fine. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lmakarov lmakarov

Labels
bug
Projects
No open projects
Docksal 1.13.0
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lmakarov @mbrodala