Open brianantonelli opened 7 years ago
walterking
commented
7 years ago So first, I'd consider that branch WIP. Want to get it working but I don't think anyone has it deployed anywhere. Is there an error on your client in /var/log/hologram/hologram.log? I'd guess the agent got some response it didnt like and closed the connection there
brianantonelli
commented
7 years ago Here's the agent log (I added a bunch of debug statements):
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:51) get agent request
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:61) SSH_AUTH_SOCK included in this request: /private/tmp/com.apple.launchd.vH14PCyzO0/Listeners
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:66) SSH keyfile included in this request.
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:72) Handling AssumeRole request.
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:74) ran dr.GetAssumeRole()
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:75) hologram
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/client.go:158) in client.AssumeRole()
[DEBUG ] 2017-05-03T12:12:23-04:00 (/go/src/github.com/AdRoll/hologram/agent/client.go:177) in c.requestCredentials()
[DEBUG ] 2017-05-03T12:12:24-04:00 (/go/src/github.com/AdRoll/hologram/agent/client.go:196) got err
[DEBUG ] 2017-05-03T12:12:24-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:77) ran client.AssumeRole()
[DEBUG ] 2017-05-03T12:12:24-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:84) got an error from client.AssumeRole()
[ERROR ] 2017-05-03T12:12:24-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:85) EOF
[DEBUG ] 2017-05-03T12:12:24-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:94) set agentResponse
[DEBUG ] 2017-05-03T12:12:24-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:96) wrote message
[DEBUG ] 2017-05-03T12:12:24-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:47) error from readAlso, here's my server config (I guessed at the config for a keys file):
{
"userstorage": "file",
"keysfile": {
"filepath": "/etc/hologram/keys",
"roleattr": "businessCategory",
"defaultroleattr": "employeeType"
},
"aws": {
"account": "xxxxx",
"defaultrole": "hologram"
},
"listen": "0.0.0.0:3100",
"cachetimeout": 3600,
"debug": true
}And keys file:
{
"keys": [
{
"username": "bantonelli",
"password": "foo",
"sshPublicKeys": [ "ssh-rsa xxxxxx OpenShift-Key" ]
}
]
}It looks like the error is happening when the client agent is attempting to do the read:
https://github.com/AdRoll/hologram/blob/credential_keys_in_text_file/agent/client.go#L185
walterking
commented
7 years ago The keys file should be:
{
"ssh-rsa xxxxxx OpenShift-Key":
{
"username": "bantonelli",
"roles": ["engineer"]
}
]
}and in the server.json:
{
"userstorage": "file",
"keysfile": {
"filepath": "/etc/hologram/keys",
"roleattr": "roles",
"userattr": "username"
},
"aws": {
"account": "xxxx",
"defaultrole": "hologram"
},
"listen": "0.0.0.0:3100",
"cachetimeout": 3600,
"debug": true,
"enableServerRoles": true
}(the line in each about roles being optional)
brianantonelli
commented
7 years ago I made the changes you noted, but I'm still hitting the same error.
hologram use hologram
Client Log:
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:75) hologram
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/client.go:158) in client.AssumeRole()
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/client.go:177) in c.requestCredentials()
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/client.go:196) got err
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:77) ran client.AssumeRole()
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:84) got an error from client.AssumeRole()
[ERROR ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:85) EOF
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:94) set agentResponse
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:96) wrote message
[DEBUG ] 2017-05-18T11:07:39-04:00 (/go/src/github.com/AdRoll/hologram/agent/cli_handler.go:47) error from readServer Log:
[INFO ] 2017-05-18T15:06:59Z Enabling debug mode.
[DEBUG ] 2017-05-18T15:07:22Z (/go/src/github.com/AdRoll/hologram/server/server.go:59) Opening new connection handler.
[DEBUG ] 2017-05-18T15:07:22Z (/go/src/github.com/AdRoll/hologram/server/usercache.go:328) Could not find derp in the keys file cache; updating from the file.
[ERROR ] 2017-05-18T15:07:22Z (/go/src/github.com/AdRoll/hologram/server/server.go:65) Error reading data from stream: read tcp x.x.x.x:3100->y.y.y.y:15647: use of closed network connection
I have deployed the Hologram server to an EC2 instance running Debian and when I run
hologram use fooI see the connection opened on the server but then something is closing it. BTW, I'm building the binaries from thecredential_keys_in_text_filebranch.