search

acm-uiuc / liquid

ACM@UIUC's website code (Django)
acm.uiuc.edu
15 stars 33 forks source link

Implement forcevend script #351

Closed ace-n closed 8 years ago

ace-n commented 8 years ago

@milanocookies93 Care to review?

@ajmadsen or Rohan Kapoor may need to set up an SSH key to the Caffeine machine (dep-03?) for this to work.

rohankapoorcom commented 8 years ago

Yeah, this will need an ssh key to allow (web-02?) for siebl-1106-05

ace-n commented 8 years ago

Yeah, Liquid runs on web-02.

ajmadsen commented 8 years ago

Yeah, but the ssh connection will be opened from inside docker. The container needs the key.

colegleason commented 8 years ago

You can mount the container with access to the host's key. Anyone with access to deploy docker containers to that host can already access it anyways, so it shouldn't be a security risk.

On Mon, Feb 1, 2016 at 7:34 PM Adam Madsen notifications@github.com wrote:

Yeah, but the ssh connection will be opened from inside docker. The container needs the key.

— Reply to this email directly or view it on GitHub https://github.com/acm-uiuc/liquid/pull/351#issuecomment-178273324.

ace-n commented 8 years ago

Merging this now (to test @rohankapoorcom's SSH key setup); @sskhandek @colegleason let me know if I missed something.

colegleason commented 8 years ago

This is incorrect, as it restricts building the docker image to the machine with the key. If you did build and push, it would expose the key. I meant you should mount the file at runtime, not in the build.

https://docs.docker.com/engine/userguide/containers/dockervolumes/

colegleason commented 8 years ago

You should just add -v /root/.ssh:/root/.ssh to the docker run command on the server-specific deploy command. I think there is a file for this on the liquid webserver.

ace-n commented 8 years ago

@colegleason OK, thanks for letting me know. I ran into this problem earlier, but wasn't sure how to fix it.

And yes, there is a "deploy.sh" that we can add this to.

On Thu, Feb 4, 2016 at 6:02 PM, Cole Gleason notifications@github.com wrote:

You should just add -v /root/.ssh:/root/.ssh to the docker run command on the server-specific deploy command. I think there is a file for this on the liquid webserver.

— Reply to this email directly or view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_acm-2Duiuc_liquid_pull_351-23issuecomment-2D180112038&d=BQMCaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=xrSN-UXXowwKcdDyhdMK-aLiGWW6m2c6-QCsb8cp7Us&m=aBhB_OIolU_sRMNHCgtccYqQkOJn4q-3GyOn5L-6BmQ&s=8sa0Wwe3EmzfYLLmoHXafEzDVgzBLR6bLZmUGajdfpA&e= .