-
Notifications
You must be signed in to change notification settings - Fork 3
Feature/trace-collector-service #12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#!/bin/bash | ||
set -e | ||
|
||
# Variables | ||
SITE="{{ site }}" | ||
SITE_CLEAN=$(echo "$SITE" | sed 's#^/##; s#/#_#g') # Eg. /edu/memphis get converted to edu_memphis | ||
SSH_DIR="/root/.ssh" | ||
PRIVATE_KEY="$SSH_DIR/id_rsa" | ||
PUBLIC_KEY="$SSH_DIR/id_rsa.pub" | ||
PUBKEY_EXPORT_PATH="/file-server/trace-collector-pubkey/id_rsa.pub" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just set this to the directory instead of the file name, it seems simpler. The file name should just be the standard one used by openssh (e.g. The same applies to the previous two variables. Specifying the file name seems pointless unless there's a way to pass a different identity to the container. If we don't have a use case for this, just keep it simple and use the default openssh naming conventions. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The file name has been referenced multiple times in the script: Checking existence, non-interactive generation with the file name specified, and during copying. Should we keep the private and public key variables? The export path I believe can just be a directory name. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
If you prefer to use a variable, that's fine. But one variable for the private key should be enough, the public key name should always be privatekey +
On second thought, we should really avoid using a dot in the NDN name of the pubkey (e.g. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
False. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Sure. |
||
|
||
# Ensure permissions | ||
mkdir -p "$SSH_DIR" | ||
chmod 700 "$SSH_DIR" | ||
Comment on lines
+12
to
+14
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ssh-keygen should already take care of this, no? |
||
|
||
# Generate SSH key pair if not already present | ||
if [[ ! -f "$PRIVATE_KEY" || ! -f "$PUBLIC_KEY" ]]; then | ||
echo "[trace-collector] No SSH key pair found. Generating a new one..." | ||
ssh-keygen -t rsa -b 4096 -N "" -f "$PRIVATE_KEY" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can we use ed25519 instead of rsa? |
||
else | ||
echo "[trace-collector] SSH key pair already exists." | ||
fi | ||
|
||
# Always export the public key | ||
mkdir -p "$(dirname "$PUBKEY_EXPORT_PATH")" | ||
cp "$PUBLIC_KEY" "$PUBKEY_EXPORT_PATH" | ||
echo "[trace-collector] Public key copied to $PUBKEY_EXPORT_PATH" | ||
|
||
# Run | ||
echo "[trace-collector] Starting trace collector..." | ||
exec python3.10 /app/scheduler.py --site "$SITE_CLEAN" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there an actual dependency on the file server?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I put this there I think from a documentary perspective, there is no actual dependency. It should be just
nfd
.