can CircleCI provision a node, retrieve SSH keys from said node, and utilize them to spin up packer?
taking some time to read the Isolation project RFC WIP.
Solutions:
going heads down at ~10:15a after talking to barry about yesterday's progress. suggested looking into remote execution/SSH via Circle
Make sure to find relevant SSH documentation for the provisioned node not the Circle environment
currently unsure, got some feedback from nathan and alvin about it:
nathan: you'd want to get that from an env var that is manually set with the private key, or create a new one in the workflow and use it for the packet node in the tf code and persist the private key to the workspace.
alvin: you'll need to have it set to a static path that your TF code looks at https://www.terraform.io/docs/providers/packet/r/ssh_key.html#public_key
got some insight into some existing code that may help from blalor here. thinking that I will dissect this block of code to ensure I know what it means.
resource "local_file" "ssh_config" { filename = "${path.module}/work/ssh-config"Generates a local file with the given content.content = <<__eof ,Content comes before the end of the file?Host default HostName ${module.elb.endpoint}Provides an Elastic Load Balancer resource, also known as a "Classic Load Balancer" after the release of Application/Network Load Balancers.User ${var.ssh_user}variable set for ssh_userPort 22The port to connect to. Defaults to 22 when using type ssh.UserKnownHostsFile /dev/nullThe UserKnownHostsFile parameter specifies the database file to use for storing the user host keys (default is ~/.ssh/known_hosts).
The /dev/null file is a special system device file that discards anything and everything written to it, and when used as the input file, returns End Of File immediately.StrictHostKeyChecking noIf this flag is set to no, ssh will automatically add new host key to the user known hosts files.PasswordAuthentication nono need to verify passwordIdentityFile ${module.common.ssh_priv_key_file}module (A module is a container for multiple resources that are used together.) that manages multiple SSH private keysIdentitiesOnly yesSpecifies that ssh(1) should only use the authentication identity files configured in the ssh_config files, even if ssh-agent(1) offers more identitiesLogLevel FATALThe FATAL level designates very severe error events that will lead the application to abort.
__eof
}
alvin was kind enough to pair with me, and we found the terraform docs for packet_project_ssh_key. from there, we were able to adapt the example to run when alvin ran through the steps one-by-one. we removed a lot of the code that we took from here because it's more robust that we needed. we walked through the ssh key creation process, and some helpful tips on maneuvering circleci.
since you can't pass in any information into circle, got the recommendation to use the following for the ssh key work ssh keygen -t rsa -f file/path/ -N ””
Issues/Questions:
how does CircleCI handle remote execution?
can CircleCI provision a node, retrieve SSH keys from said node, and utilize them to spin up packer?
taking some time to read the Isolation project RFC WIP.
Solutions:
going heads down at ~10:15a after talking to barry about yesterday's progress. suggested looking into remote execution/SSH via Circle
currently unsure, got some feedback from nathan and alvin about it:
resource "local_file" "ssh_config" { filename = "${path.module}/work/ssh-config"
Generates a local file with the given content.content = <<__eof ,
Content comes before the end of the file?Host default HostName ${module.elb.endpoint}
Provides an Elastic Load Balancer resource, also known as a "Classic Load Balancer" after the release of Application/Network Load Balancers.User ${var.ssh_user}
variable set for ssh_userPort 22
The port to connect to. Defaults to 22 when using type ssh.UserKnownHostsFile /dev/null
The UserKnownHostsFile parameter specifies the database file to use for storing the user host keys (default is ~/.ssh/known_hosts). The /dev/null file is a special system device file that discards anything and everything written to it, and when used as the input file, returns End Of File immediately.StrictHostKeyChecking no
If this flag is set tono
, ssh will automatically add new host key to the user known hosts files.PasswordAuthentication no
no need to verify passwordIdentityFile ${module.common.ssh_priv_key_file}
module (A module is a container for multiple resources that are used together.) that manages multiple SSH private keysIdentitiesOnly yes
Specifies that ssh(1) should only use the authentication identity files configured in the ssh_config files, even if ssh-agent(1) offers more identitiesLogLevel FATAL
The FATAL level designates very severe error events that will lead the application to abort. __eof }alvin was kind enough to pair with me, and we found the terraform docs for packet_project_ssh_key. from there, we were able to adapt the example to run when alvin ran through the steps one-by-one. we removed a lot of the code that we took from here because it's more robust that we needed. we walked through the ssh key creation process, and some helpful tips on maneuvering circleci.
alvin's contributions can be found on this branch
since you can't pass in any information into circle, got the recommendation to use the following for the ssh key work
ssh keygen -t rsa -f file/path/ -N ””