Closed ckunki closed 1 year ago
E.g. paramiko? @tkilias recommends https://www.fabfile.org/ e.g. due to better usability. See https://docs.fabfile.org/en/stable/api/transfer.html
See SSH Connection with fabfile and Paramiko API for SSH Keys
For ensuring that the key files are accessed only by a single process at a time we evaluated ilock but since ilock's git repository doesn't contain ci-tests and the last update was 3 years ago we will prefer using ilock's base library portalocker directly.
Introduction
Currently ITDE uses
docker_exec
to access the Docker Container, e.g. to analyze the content of some logfiles. With version 8 and higher the format of the Docker Containers might change so thatdocker_exec
is no longer possible. Instead ITDE will then need to use SSH access.The current ticket therefore requests to enhance ITDE to generate a public/private SSH key pair for SSH key authentication.
Comparing the solution for Java
exasol-testcontainers for Java writes temporary private key file to files
$TMP/exasol-testcontainers/id_rsa
and$TMP/exasol-testcontainers/id_rsa.pub
And copies the public key into file
/root/.ssh/authorized_keys
inside the Docker Container containing the key type, and a a space as prefix, e.g.ssh-rsa
.With
$TMP
being the os-specific temp folder, read from Java system property java.io.tmpdirC:\Users\<user>\AppData\Local\Temp
/tmp
or/var/tmp
.Reusing Containers
Identical to the Java framework also the python ITDE will try to enable reusing Docker Containers. A Container can only be reused when the content is unchanged. Hence ITDE should try to reuse SSH keys once it created them to avoid unnecessary changes to the content of the Docker Container.
Concurrent processes
When creating the SSH key files in the host file system ITDE should prevent race conditions that could occur when multiple processes are running in parallel.
AC
ITDE will use ilock to ensure only a single process in the current system is accessing the key file(s) concurrently.