Project

General

Profile

Actions
Copy link

Feature #20485

closed

Option to skip automatic SSH key deployment on cloud VMs

Added by Tom Clegg 27 days ago. Updated about 12 hours ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tom Clegg
Category:
Crunch
Target version:
Development 2023-06-07
Start date:
06/01/2023
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
0.5
Release:
Arvados 2.6.3
Release relationship:
Auto

Description

When creating a new cloud instance, arvados-dispatch-cloud generates the public key counterpart of Containers.DispatchPrivateKey and installs it as an authorized SSH key for the relevant login account (LinuxConfiguration.SSH.PublicKeys on Azure, ImportKeyPair/KeyName on AWS).

Some sites may prefer to use a different approach (e.g., pre-install the public key on the worker image or retrieve it from some other source during instance boot). In that case the automatic deployment would be superfluous at best, and could prevent instance creation from working at all if the relevant cloud APIs are disabled by policy.

Proposed option

    CloudVMs:
      # Install the dispatcher's SSH public key (derived from                                                                                                                                                    
      # DispatchPrivateKey) when creating new cloud instances. Change                                                                                                                                            
      # this to false if you are using a different mechanism to                                                                                                                                                  
      # pre-install the public key on new instances.                                                                                                                                                                 
      DeployPublicKey: true

Subtasks 1 (0 open1 closed)

Task #20597: Review 20485-optional-deploy-ssh-keyResolvedTom Clegg06/01/2023

Actions
Actions
Copy link
 #1

Updated by Tom Clegg 27 days ago

  • Story points set to 0.5
Actions
Copy link
 #2

Updated by Tom Clegg 6 days ago

  • Target version changed from To be groomed to Development 2023-06-07
  • Assigned To set to Tom Clegg
Actions
Copy link
 #3

Updated by Tom Clegg 3 days ago

  • Status changed from New to In Progress
Actions
Copy link
 #4

Updated by Brett Smith 1 day ago

Tom Clegg wrote in #note-3:

20485-optional-deploy-ssh-key @ 5a148d937308202b392bd05a25b28f9fc2ca81cc -- developer-run-tests: #3672

This looks good to me. Tests would be nice but I understand if that's not reasonable. The changes are straightforward enough that I'm not too worried about it.

Actions
Copy link
 #6

Updated by Tom Clegg 1 day ago

Turns out it wasn't too hard to exercise the nil publickey option in tests.

20485-optional-deploy-ssh-key @ 756b80504e55ff7d9b9ec3f221bd11e231e9c1c6 -- developer-run-tests: #3681

developer-run-tests-apps-workbench-integration: #3976

Actions
Copy link
 #7

Updated by Brett Smith 1 day ago

Tom Clegg wrote in #note-6:

Turns out it wasn't too hard to exercise the nil publickey option in tests.

Awesome, this looks good too, I don't have anything else. Thanks again.

Actions
Copy link
 #8

Updated by Tom Clegg about 13 hours ago

  • % Done changed from 0 to 100
  • Status changed from In Progress to Resolved

Applied in changeset arvados-private:commit:arvados|d5c62f5e6473a225646d6ab0a7a8b1353dd5855b.

Actions
Copy link
 #9

Updated by Peter Amstutz about 12 hours ago

  • Release set to 64
Actions
Copy link

Also available in: Atom PDF