Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make machine driver compatible with Rancher #13

Open
blackwood821 opened this issue Apr 27, 2022 · 0 comments · May be fixed by #14
Open

Make machine driver compatible with Rancher #13

blackwood821 opened this issue Apr 27, 2022 · 0 comments · May be fixed by #14

Comments

@blackwood821
Copy link

I tried adding this machine driver as a custom node driver in the Rancher UI and then provisioning a node with it but I had issues trying to give Rancher access to my Triton SSK key. I have Rancher running in a Docker container on an Ubuntu bhyve VM in Triton. I installed my Triton SSH key on the bhyve VM hosting the Rancher docker container and then tried both of these options:

  1. Mounting the SSH key inside the rancher docker container
  2. Adding the SSH key to the SSH agent in the bhyve VM and recreated the rancher docker container with the following arguments: -v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK so that the rancher docker container could access the SSH key via the SSH agent.

With option 1 I was able to see the SSH key when I exec into the docker container but the machine driver still couldn't access the key because Rancher runs the machine driver inside a jail and the jail doesn't have access to the SSH key path (https://forums.rancher.com/t/how-to-pass-ssh-key-to-custom-node-driver/37325).

With option 2 I was able to see the SSH key when I ran ssh-add -l from inside the rancher docker container and I could also echo $SSH_AUTH_SOCK and see that it’s set but $SSH_AUTH_SOCK was still not accessible to the machine driver since Rancher runs it in a jail. I also tried setting ssh_agent_auth: true with no luck.

Since I was unsuccessful in giving the machine driver access to the SSH key via a file path I decided to modify the driver and add a new optional -triton-key-material argument that accepts a base64 encoded private key string. I looked at the other driver implementations that ship with Rancher such as digitialocean and amazonec2 and it seems that most of them accept strings such as AccessKey and SecretKey rather than a path to a SSH key. Since Triton's CloudAPI requires requests to be signed with a SSH key then it seems that's the only credential needed/available so having the ability to pass that to the machine driver as a string rather than a file path seems advantageous and more inline with how the other drivers work.

Once I modified the machine driver and added it as a custom node driver in the Rancher UI I created a new node template with my base64 encoded private key and then Rancher was able to successfully provision new nodes (Triton bhyve VMs) without issue.

In addition to passing in the base64 encoded private key I also had to add code to wait for the IP to be available so that Rancher doesn't try to SSH into the node until it has all the necessary info.

I'm open to suggestions on improving what I've done but so far this works without issue.

vrcis@f2125d5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@blackwood821