Implement data volume via block store

[zonca]

Implementation of #14

[zonca]

see https://github.com/det-lab/jupyterhub-deploy-kubernetes-jetstream/pull/15/files#diff-04c6e90faac2675aa89e2176d2eec7d8 for how this works.

[zonca]

See how I can ssh from an outside machine:

then that folder is mounted in Jupyter:

[zonca]

I have uploaded the ssh private key to the secrets repository

https://github.com/det-lab/jupyterhub-deploy-kubernetes-jetstream/pull/15/files#diff-04c6e90faac2675aa89e2176d2eec7d8

@pibion or @ziqinghong, can you test if you can copy data there?

[pibion]

@zonca when I try to log in I get asked for a password.

[pibion]

@zonca ah sorry it appears the permissions on my key are too open.

[pibion]

@zonca yes, I'm able to connect via ssh! I updated the instructions in the secrets repository a bit.

[pibion]

@zonca when I try to use scp to copy a file I get asked for a password. Is this expected?

I'm specifying the identity file the same as when I successfully ssh.

[zonca]

when I need to understand an issue you are having I need all information you can provide. For example here can you paste the command you are running? mask out the full address

[pibion]

Okay, it appears the way I'm passing the identity key to scp isn't working.

(base) aroberts@rhel6-64j:~> scp -v ~/secrets/ssh/cdms_nfs_ssh_key -p 30022 helloAmy.txt root@xxxxxxx.jetstream-cloud.org:/cvmfs/data
Executing: program /usr/bin/ssh host xxxxxxxx.jetstream-cloud.org, user root, command scp -v -d -t /cvmfs/data
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /u/dm/aroberts/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 20: Deprecated option "FallBackToRsh"
debug1: Connecting to xxxxxxx.jetstream-cloud.org [149.165.156.119] port 22.
debug1: Connection established.
debug1: identity file /u/dm/aroberts/.ssh/identity type -1
debug1: identity file /u/dm/aroberts/.ssh/identity-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa type 1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'xxxxxxxxx.jetstream-cloud.org' is known and matches the RSA host key.
debug1: Found key in /u/dm/aroberts/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Server not found in Kerberos database

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /u/dm/aroberts/.ssh/identity
debug1: Trying private key: /u/dm/aroberts/.ssh/id_dsa
debug1: Offering public key: /u/dm/aroberts/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
root@xxxxxxxx.jetstream-cloud.org's password:

[pibion]

I'll try setting up my .ssh/config properly and report back.

[zonca]

identity is -i

[pibion]

Okay, the identity verification is working. I'm now getting a new error:

(base) aroberts@rhel6-64j:~> scp -v helloAmy.txt root@xxxxxxx.jetstream-cloud.org:/cvmfs/data
Executing: program /usr/bin/ssh host xxxxxxx.jetstream-cloud.org, user root, command scp -v -t /cvmfs/data
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /u/dm/aroberts/.ssh/config
debug1: Applying options for xxxxxxxx.jetstream-cloud.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 20: Deprecated option "FallBackToRsh"
debug1: Connecting to xxxxxxxx.jetstream-cloud.org [yyy] port 30022.
debug1: Connection established.
debug1: identity file /u/dm/aroberts/jupyterhub-deploy-kubernetes-jetstream-secrets/ssh/cdms_nfs_ssh_key type 1
debug1: identity file /u/dm/aroberts/jupyterhub-deploy-kubernetes-jetstream-secrets/ssh/cdms_nfs_ssh_key-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/identity type -1
debug1: identity file /u/dm/aroberts/.ssh/identity-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa type 1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: Host '[xxxxxxxx.jetstream-cloud.org]:30022' is known and matches the RSA host key.
debug1: Found key in /u/dm/aroberts/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Server not found in Kerberos database

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /u/dm/aroberts/jupyterhub-deploy-kubernetes-jetstream-secrets/ssh/cdms_nfs_ssh_key
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending command: scp -v -t /cvmfs/data
bash: scp: command not found
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2520, received 3464 bytes, in 0.2 seconds
Bytes per second: sent 11211.8, received 15411.7
debug1: Exit status 127
lost connection
(base) aroberts@rhel6-64j:~>

[zonca]

ok, fixed this, scp needed openssh-clients installed

[zonca]

also implemented fix in image https://github.com/zonca/docker-cvmfs-client/commit/8e198eb7d0a2b95d53bfde6f84253afa531e30dd

[pibion]

@zonca wonderful, I'm able to scp data over and have informed my test analyzers. Also added scp examples in secrets repository README.

[zonca]

thank you very much for helping out with the docs!