You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I moved the Linux Docker-based container images from Kubernetes to COS I accidentally broke gomote ssh support.
We used to ssh proxy to the POD's port 22, which worked, but now we ssh to the COS node's ssh server, which is the wrong one. We're also running an SSH server inside the container (which is also listening on port 22 in its private network namespace), and it's only that inner SSH server that's authenticated.
We need to configure the COS node's konlet YAML to either forward some different port (e.g. host 2200 to container 22) or just make the container image listen on 2200 instead, and then configure that in x/build/dashboard/builders.go and make the coordinator respect that in its remote.go when it calls rb.buildlet.ConnectSSH.
The text was updated successfully, but these errors were encountered:
When running in GCE's Container-Optimized OS (COS), we can't use
port 22, as the system's sshd is already using it. Our container
runs in the system network namespace, not isolated as is typical
in Docker or Kubernetes. So use port 2200 instead.
Remove an unnecessary type conversion.
Reviewed-by: Brad Fitzpatrick <email@example.com>
CL 129356 and deploying the new version of cmd/buildlet were sufficient to resolve the issue. We just needed to move the SSH server being started to a non-22 port to avoid overlapping with the host's sshd. The communication to the new port happens completely inside the cmd/buildlet's /connect-ssh HTTP handler. cmd/coordinator doesn't need to know about the new port, and hence there's nothing more do.
I tested, and gomote ssh now works for COS-based Linux images (e.g., linux-amd64).
Closing since the issue is resolved. Huge thanks to @bradfitz for the help with this.