From ef43080a5b5ab5f21c29fcb916c014d0ed41aaf1 Mon Sep 17 00:00:00 2001 From: Fabien Boucher Date: Tue, 28 Nov 2023 10:35:16 +0000 Subject: [PATCH] zuul - add ssh_config on the scheduler pod to avoid 'ssh -i' This change provides a facility to ssh on nodepool' nodes from the zuul-scheduler pod by avoiding the need to provide the path to the ssh private key. Change-Id: I7ded343daeeb1f4a71ed021110825a250ea23991 --- controllers/static/zuul/ssh_config | 3 +++ controllers/zuul.go | 16 ++++++++++++++++ doc/deployment/nodepool.md | 4 ++-- 3 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 controllers/static/zuul/ssh_config diff --git a/controllers/static/zuul/ssh_config b/controllers/static/zuul/ssh_config new file mode 100644 index 00000000..977ef5eb --- /dev/null +++ b/controllers/static/zuul/ssh_config @@ -0,0 +1,3 @@ +Host * + IdentityFile /var/lib/zuul-ssh/priv + UserKnownHostsFile /var/lib/zuul/known_hosts diff --git a/controllers/zuul.go b/controllers/zuul.go index 1ff13c4d..6fbe7021 100644 --- a/controllers/zuul.go +++ b/controllers/zuul.go @@ -54,6 +54,9 @@ var ( // Common config sections for all Zuul components commonIniConfigSections = []string{"zookeeper", "keystore", "database"} + //go:embed static/zuul/ssh_config + sshConfig string + zuulFluentBitLabels = []logging.FluentBitLabel{ { Key: "COMPONENT", @@ -130,6 +133,12 @@ func (r *SFController) mkZuulContainer(service string) []apiv1.Container { Name: "tooling-vol", SubPath: "generate-zuul-tenant-yaml.sh", MountPath: "/usr/local/bin/generate-zuul-tenant-yaml.sh"}, + apiv1.VolumeMount{ + Name: "extra-config", + SubPath: "ssh_config", + MountPath: "/var/lib/zuul/.ssh/config", + ReadOnly: true, + }, ) envs = append(envs, r.getTenantsEnvs()...) } @@ -169,6 +178,7 @@ func mkZuulVolumes(service string, r *SFController) []apiv1.Volume { }, }, base.MkVolumeCM("statsd-config", "zuul-statsd-config-map"), + base.MkVolumeCM("extra-config", "zuul-extra-config-map"), } if !isStatefulset(service) { // statefulset already has a PV for the service-name, @@ -325,6 +335,7 @@ func (r *SFController) EnsureZuulScheduler(cfg *ini.File) bool { "statsd_mapping": utils.Checksum([]byte(zuulStatsdMappingConfig)), "serial": "3", "zuul-logging": utils.Checksum([]byte(r.getZuulLoggingString("zuul-scheduler"))), + "zuul-extra": utils.Checksum([]byte(sshConfig)), "zuul-connections": utils.IniSectionsChecksum(cfg, utils.IniGetSectionNamesByPrefix(cfg, "connection")), } @@ -926,6 +937,11 @@ func (r *SFController) DeployZuul() bool { monitoring.StatsdExporterConfigFile: zuulStatsdMappingConfig, }) + // create extra config config map + r.EnsureConfigMap("zuul-extra", map[string]string{ + "ssh_config": sshConfig, + }) + // Update base config to add connections cfgINI := LoadConfigINI(zuulDotconf) for _, conn := range r.cr.Spec.Zuul.GerritConns { diff --git a/doc/deployment/nodepool.md b/doc/deployment/nodepool.md index 2098206b..0ab48bc2 100644 --- a/doc/deployment/nodepool.md +++ b/doc/deployment/nodepool.md @@ -1,4 +1,4 @@ -# Nodepool + # Nodepool Here you will find information about managing the Nodepool service when deployed with the SF Operator. It does not replace [Nodepool's documentation](https://zuul-ci.org/docs/nodepool/latest/), @@ -155,7 +155,7 @@ $ kubectl exec -ti nodepool-launcher-$uuid -c launcher -- nodepool list Look for the node's IP address then from the Zuul executor pod, run: ```sh -$kubectl exec -ti zuul-executor-0 -- ssh -o "StrictHostKeyChecking no" -i /var/lib/zuul-ssh/..data/priv @ +$ kubectl exec -ti zuul-executor-0 -- ssh -o "StrictHostKeyChecking no" @ Warning: Permanently added '$public_ip' (ED25519) to the list of known hosts. $ hostname np0000000001