New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for SSH jump hosts #1162
Conversation
Seems there might still be some issues with this in more realistic deployments. Waiting for SSH when bootstrapping or rebooting a machine will always fail as it tries TCP checks on the hosts SSH interface which may be private. Additionally it seems when deploying the new |
Anyone know how I might be able to get deployment.jumpHost to evaluate earlier so it is not empty/default when nixops evaluates it. It appears to only get evaluated at the moment when the machine profile itself is being built. |
@Nekroze did you manage to get any further with this? I have infrastructure built with terraform, would your current changes work in that scenario? |
@shmish111 That is one of my primary use cases so I hope so :) Actually that is the one use case that would work so far. It is the scenario in which the jumpbox is created at the same time as the machines that sit behind it that does not work due to the options not existing that early in the build process. |
Hello! Thank you for this PR. In the past several months, some major changes have taken place in
This is all accumulating in to what I hope will be a NixOps 2.0 My hope is that by adding types and more thorough automated testing, However, because of the major changes, it has become likely that this If you would like to see this merge, please bring it up to date with Thank you again for the work you've done here, I am sorry to be Graham |
Hello, I have since started utilizing a nix terraform provider to do this instead and have been migrating away from NixOps as it showed its age and fragility especially related to complex AWS deployments. I still dream about one day replacing Terraform's horrid HCL with Nix though so I am really happy to hear this project is moving forward and hope to get amongst it and where possible contribute to the core or perhaps some of these new plugins which I think is a great idea! Really excited to see how this progresses now, you have made my day with this news! |
Adds a new option
deployment.jumpHost
that can be used with any backend to tunnel SSH connections through a bastion/jump host. Tested with the newly created example network using libvirtd backend.Also fixes a bug I encountered in
ssh_util.py
where the flags fromMachineState.get_ssh_flag
where included twice.Closes #1150