Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spire: don't scan for supervisor keys during auto-launch #513

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

spire: don't scan for supervisor keys during auto-launch #513

wants to merge 5 commits into from

Conversation

cryslith
Copy link
Member

@cryslith cryslith commented Apr 20, 2020
edited by celskeggs
Loading

When launching an existing virtual cluster, don't attempt to
authenticate to the supervisor with the pre-keysystem method
of using the preseeded authorized ssh key.
Doing so won't work because that ssh key is no longer authorized
on the supervisor after the keysystem is set up.
(Previously, it sometimes appeared to work when the
keysystem-provided ssh keys were still loaded from a prior
auto-install.)

This also avoids unnecessarily pulling the host key
from the keysystem and verifying it using the fingerprint
displayed on the supervisor console; once the keysystem is
set up the supervisor can authenticate itself using the CA.

Checklist:

  • I have split up this change into one or more appropriately-delineated commits.
  • The first line of each commit is of the form "[component]: do something"
  • I have written a complete, multi-line commit message for each commit.
  • I have formatted any Go code that I have changed with gofmt.
  • I have written or updated appropriate documentation to cover this change.
  • I have confirmed that this change is covered by at least one appropriate test run by CI.
  • If my change includes new or modified functionality, I have tested that the changes work as expected.
  • I have assigned this issue to an appropriate reviewer. (Choose @celskeggs if you are not otherwise certain.)
  • I consider my PR complete and ready to be merged without my further input, assuming that it passes CI and code review.
  • My changes have passed CI, including an automatic Jenkins deploy.
  • My changes have passed code review.

@cryslith cryslith requested a review from celskeggs April 20, 2020 03:00
celskeggs
celskeggs previously approved these changes Apr 20, 2020
View reviewed changes
@celskeggs celskeggs added this to the Dev Cluster 7 milestone Apr 20, 2020
hyades-bors[bot] and others added 2 commits April 21, 2020 02:47
@cryslith
Merge sipb#511
ced57ff 
511: Add bors-ng configuration r=cryslith a=cryslith

- Configure bors-ng
- Run CircleCI only during bors merges
- Require branches to have linear git history

Closes sipb#491.



Co-authored-by: Lily Chung <[email protected]>
@cryslith
spire: don't scan for supervisor keys during auto-launch
c12588f 
When launching an existing virtual cluster, don't attempt to
authenticate to the supervisor with the pre-keysystem method
of using the preseeded authorized ssh key.
Doing so won't work because that ssh key is no longer authorized
on the supervisor after the keysystem is set up.
(Previously, it sometimes appeared to work when the
keysystem-provided ssh keys were still loaded from a prior
auto-install.)

This also avoids unnecessarily pulling the host key
from the keysystem and verifying it using the fingerprint
displayed on the supervisor console; once the keysystem is
set up the supervisor can authenticate itself using the CA.
@cryslith cryslith force-pushed the fix-497 branch 2 times, most recently from 83360ac to c12588f Compare April 21, 2020 05:40
@cryslith
Copy link
Member Author

bors r+
bors r-

@hyades-bors
Copy link

hyades-bors bot commented Apr 21, 2020

Canceled.

@cryslith
Copy link
Member Author

bors r+

(for science)

hyades-bors bot pushed a commit that referenced this pull request Apr 21, 2020
@cryslith
Merge #513
dcc313e 
513: spire: don't scan for supervisor keys during auto-launch r=cryslith a=cryslith

When launching an existing virtual cluster, don't attempt to
authenticate to the supervisor with the pre-keysystem method
of using the preseeded authorized ssh key.
Doing so won't work because that ssh key is no longer authorized
on the supervisor after the keysystem is set up.
(Previously, it sometimes appeared to work when the
keysystem-provided ssh keys were still loaded from a prior
auto-install.)

This also avoids unnecessarily pulling the host key
from the keysystem and verifying it using the fingerprint
displayed on the supervisor console; once the keysystem is
set up the supervisor can authenticate itself using the CA.



Co-authored-by: Lily Chung <[email protected]>
@cryslith
Copy link
Member Author

no, stop that.

bors r-

@hyades-bors
Copy link

hyades-bors bot commented Apr 21, 2020

Canceled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@celskeggs celskeggs celskeggs left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@cryslith cryslith

Labels
micro
Projects
None yet
Milestone
Dev Cluster 7
Development

Successfully merging this pull request may close these issues.
2 participants
@cryslith @celskeggs