Merge "zuul - add ssh_config on the scheduler pod to avoid 'ssh -i'"

softwarefactory-project · Dec 8, 2023 · 79f6aae · 79f6aae
2 parents 10e3e73 + ef43080
commit 79f6aae
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/controllers/static/zuul/ssh_config b/controllers/static/zuul/ssh_config
@@ -0,0 +1,3 @@
+Host *
+    IdentityFile /var/lib/zuul-ssh/priv
+    UserKnownHostsFile /var/lib/zuul/known_hosts
diff --git a/controllers/zuul.go b/controllers/zuul.go
@@ -54,6 +54,9 @@ var (
 	// Common config sections for all Zuul components
 	commonIniConfigSections = []string{"zookeeper", "keystore", "database"}
 
+	//go:embed static/zuul/ssh_config
+	sshConfig string
+
 	zuulFluentBitLabels = []logging.FluentBitLabel{
 		{
 			Key:   "COMPONENT",
@@ -130,6 +133,12 @@ func (r *SFController) mkZuulContainer(service string) []apiv1.Container {
 				Name:      "tooling-vol",
 				SubPath:   "generate-zuul-tenant-yaml.sh",
 				MountPath: "/usr/local/bin/generate-zuul-tenant-yaml.sh"},
+			apiv1.VolumeMount{
+				Name:      "extra-config",
+				SubPath:   "ssh_config",
+				MountPath: "/var/lib/zuul/.ssh/config",
+				ReadOnly:  true,
+			},
 		)
 		envs = append(envs, r.getTenantsEnvs()...)
 	}
@@ -169,6 +178,7 @@ func mkZuulVolumes(service string, r *SFController) []apiv1.Volume {
 			},
 		},
 		base.MkVolumeCM("statsd-config", "zuul-statsd-config-map"),
+		base.MkVolumeCM("extra-config", "zuul-extra-config-map"),
 	}
 	if !isStatefulset(service) {
 		// statefulset already has a PV for the service-name,
@@ -325,6 +335,7 @@ func (r *SFController) EnsureZuulScheduler(cfg *ini.File) bool {
 		"statsd_mapping":        utils.Checksum([]byte(zuulStatsdMappingConfig)),
 		"serial":                "3",
 		"zuul-logging":          utils.Checksum([]byte(r.getZuulLoggingString("zuul-scheduler"))),
+		"zuul-extra":            utils.Checksum([]byte(sshConfig)),
 		"zuul-connections":      utils.IniSectionsChecksum(cfg, utils.IniGetSectionNamesByPrefix(cfg, "connection")),
 	}
 
@@ -926,6 +937,11 @@ func (r *SFController) DeployZuul() bool {
 		monitoring.StatsdExporterConfigFile: zuulStatsdMappingConfig,
 	})
 
+	// create extra config config map
+	r.EnsureConfigMap("zuul-extra", map[string]string{
+		"ssh_config": sshConfig,
+	})
+
 	// Update base config to add connections
 	cfgINI := LoadConfigINI(zuulDotconf)
 	for _, conn := range r.cr.Spec.Zuul.GerritConns {

diff --git a/doc/deployment/nodepool.md b/doc/deployment/nodepool.md
@@ -1,4 +1,4 @@
-# Nodepool
+ # Nodepool
 
 Here you will find information about managing the Nodepool service when deployed with the SF Operator.
 It does not replace [Nodepool's documentation](https://zuul-ci.org/docs/nodepool/latest/),
@@ -155,7 +155,7 @@ $ kubectl exec -ti nodepool-launcher-$uuid -c launcher -- nodepool list
 Look for the node's IP address then from the Zuul executor pod, run:
 
 ```sh
-$kubectl exec -ti zuul-executor-0 -- ssh -o "StrictHostKeyChecking no" -i /var/lib/zuul-ssh/..data/priv <user>@<ip>
+$ kubectl exec -ti zuul-executor-0 -- ssh -o "StrictHostKeyChecking no" <user>@<ip>
 Warning: Permanently added '$public_ip' (ED25519) to the list of known hosts.
 $ hostname
 np0000000001