Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SSH jump host support #1283

Merged
merged 1 commit into from Jun 10, 2020
Merged

Conversation

adisbladis
Copy link
Member

@adisbladis adisbladis commented Apr 15, 2020

This work is based on #1270 because they touch a lot of the same code.

Additionally as a requisite for this work I have changed the "TCP ping" to actually log in to the remote host and run a command instead of just checking the TCP port availability.

Closes #1150
Closes #784

@adisbladis adisbladis force-pushed the ssh-jump-host branch 2 times, most recently from 2ced90d to 0fa4fcc Compare April 16, 2020 13:25
@grahamc grahamc added this to In progress in kanban Apr 20, 2020
@grahamc grahamc added this to the 2.0 milestone Apr 20, 2020
@grahamc grahamc moved this from In progress to To do in kanban Apr 23, 2020
@adisbladis adisbladis force-pushed the ssh-jump-host branch 3 times, most recently from d2c8fa6 to ce9c1c1 Compare May 1, 2020 12:29
@adisbladis adisbladis force-pushed the ssh-jump-host branch 2 times, most recently from 2910ba4 to 187fecb Compare May 5, 2020 11:27
@adisbladis
Copy link
Member Author

Rebased on master since #1270 was merged.

@adisbladis adisbladis force-pushed the ssh-jump-host branch 3 times, most recently from 7e6c2de to ff180f4 Compare May 15, 2020 15:27
Comment on lines 112 to 113
# TODO: Use a better method that works with bastion hosts
res.is_up = nixops.util.ping_tcp_port(self.target_host, self.ssh_port)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're guaranteed to have a working SSH, so let's just use the same "ssh and run true" strategy as in other places. @aanderse mentioned some backends might not need to use SSH, but that is a big enough thing to be a whole feature request and "epic".

nixops/util.py Outdated Show resolved Hide resolved
Copy link
Member

@grahamc grahamc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, with just a few comments. Let's work on getting those dots back together? I think the UI feedback is important. Sometimes it can take like 30min for it to finish, and wow it is scary enough with the dots showing nixops isn't dead.

@grahamc
Copy link
Member

grahamc commented May 15, 2020

Since we're opting to go for more of a user-supplied "use sshOptions to do it", we'll need to bolster this use case by writing a user's guide on how to deploy with a jump host.

@adisbladis adisbladis force-pushed the ssh-jump-host branch 4 times, most recently from ea2cbbe to 5f235f3 Compare June 10, 2020 11:15
…r host liveness

This is in preparation for bastion (jump host) support where this
method would only check that the bastion is up and not the actual host
on the other end.
@adisbladis adisbladis merged commit 235a689 into NixOS:master Jun 10, 2020
kanban automation moved this from To do to Done Jun 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
kanban
  
Done
Development

Successfully merging this pull request may close these issues.

Bastion/Jump host support Incorrect logic for checking for ssh port availability on nixops deploy
3 participants