Skip to content

Add missing project SSH key to on-prem instances #1716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
un-def merged 2 commits into from
Sep 24, 2024
Merged

Add missing project SSH key to on-prem instances #1716

un-def merged 2 commits into from
Sep 24, 2024

Conversation

@un-def
Copy link
Collaborator

@un-def un-def commented Sep 23, 2024

Fixes: #1640

@un-def un-def requested review from jvstme and r4victor September 23, 2024 15:29
@r4victor
Copy link
Collaborator

r4victor commented Sep 24, 2024

It'd be nice to refactor the code to use project.ssh_private_key when connecting to remote instances such as here:

dstack/src/dstack/_internal/server/background/tasks/process_running_jobs.py

Lines 136 to 146 in 1ce1243

server_ssh_private_key = project.ssh_private_key
if (
job_model.instance is not None
and job_model.instance.remote_connection_info is not None
and job_provisioning_data.dockerized
):
remote_conn_info: RemoteConnectionInfo = RemoteConnectionInfo.__response__.parse_raw(
job_model.instance.remote_connection_info
)
server_ssh_private_key = remote_conn_info.ssh_keys[0].private

It may not be ideal doing in this release since it may break connecting to old instances. @un-def, maybe leave TODOs for that?

@jvstme
Copy link
Collaborator

jvstme commented Sep 24, 2024

This may also mean that other project users cannot use the on-prem instance for any runs but it needs to be verified.

@un-def, if this is still the case, please also add a new issue to fix it later by using the project key for remote instance connections from server and CLI.

@un-def
Copy link
Collaborator Author

un-def commented Sep 24, 2024

@jvstme, it is not and was not the case, when a run is submitted to the shim, the user's public key (either provided by the user or generated by dstack), which is a part of the submitted task body, is dynamically added to authorized_keys.

The project key, as far as I understand, it's not even available to the user.

@un-def un-def merged commit fe272d3 into master Sep 24, 2024
@un-def un-def deleted the issue_1640_fix_gateway_on_prem_instance_ssh_key branch September 24, 2024 11:02
un-def added a commit that referenced this pull request Feb 12, 2025
@un-def
Add head node support for SSH fleets
a52d504 
* Add `proxy_jump` property
* Store configuration as part of `RemoteConnectionInfo`
* Always use a project key to connect to SSH instances,
  drop backward compatibility code (previously,
  the user-provided key was used, as the project key
  was not added to the SSH instance, this was fixed in
  #1716)

NOTE: services are not currently supported, proxy support will be added
in a separate PR.

Part-of: #2010
@un-def un-def mentioned this pull request Feb 12, 2025
Merged
un-def added a commit that referenced this pull request Feb 12, 2025
@un-def
Add head node support for SSH fleets
195c37e 
* Add `proxy_jump` property
* Store configuration as part of `RemoteConnectionInfo`
* Always use a project key to connect to SSH instances,
  drop backward compatibility code (previously,
  the user-provided key was used, as the project key
  was not added to the SSH instance, this was fixed in
  #1716)

NOTE: services are not currently supported, proxy support will be added
in a separate PR.

Part-of: #2010
un-def added a commit that referenced this pull request Feb 13, 2025
@un-def @r4victor
Add head node support for SSH fleets (#2292)
5cc97ae 
* Add `proxy_jump` property
* Store configuration as part of `RemoteConnectionInfo`
* Always use a project key to connect to SSH instances,
  drop backward compatibility code (previously,
  the user-provided key was used, as the project key
  was not added to the SSH instance, this was fixed in
  #1716)

Part-of: #2010
Co-authored-by: Victor Skvortsov <vds003@gmail.com>
pranitnaik43 pushed a commit to bahaal-tech/dstack that referenced this pull request Mar 4, 2025
@un-def @r4victor @pranitnaik43
Add head node support for SSH fleets (dstackai#2292)
19123c0 
* Add `proxy_jump` property
* Store configuration as part of `RemoteConnectionInfo`
* Always use a project key to connect to SSH instances,
  drop backward compatibility code (previously,
  the user-provided key was used, as the project key
  was not added to the SSH instance, this was fixed in
  dstackai#1716)

Part-of: dstackai#2010
Co-authored-by: Victor Skvortsov <vds003@gmail.com>
pranitnaik43 pushed a commit to bahaal-tech/dstack that referenced this pull request Mar 5, 2025
@un-def @r4victor @pranitnaik43
Add head node support for SSH fleets (dstackai#2292)
694380d 
* Add `proxy_jump` property
* Store configuration as part of `RemoteConnectionInfo`
* Always use a project key to connect to SSH instances,
  drop backward compatibility code (previously,
  the user-provided key was used, as the project key
  was not added to the SSH instance, this was fixed in
  dstackai#1716)

Part-of: dstackai#2010
Co-authored-by: Victor Skvortsov <vds003@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r4victor r4victor r4victor approved these changes

@jvstme jvstme jvstme approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Cannot run services on on-prem instances

4 participants

@un-def @r4victor @jvstme