Open jasperf opened 3 years ago
jasperf
commented
3 years ago Just saw we do have
ports:
- protocol: TCP
port: 2222
# targetport is the internal port where traffic is sent to
targetPort: 22in the workspace service so perhaps that is okay already. Just need to see that workspace can communicate with the laravel php image and or php worker.
jasperf
commented
3 years ago Workspace NPM and composer work. Accessing from outside the cluster is being investigated. Ingress now sends traffic to the web server but we need port 222 to go to 22 internally to access the workspace.
jasperf
commented
3 years ago testing deployer:
nmap 192.168.64.21
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-23 10:02 +07
Nmap scan report for smart48k8.local (192.168.64.21)
Host is up (0.10s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
2049/tcp open nfs
8443/tcp open https-altso somehow port is open, but I am asked for a password
ssh -vvv laradock@192.168.64.21
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/jasper/.ssh/config
debug1: /Users/jasper/.ssh/config line 3: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.64.21 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.64.21 [192.168.64.21] port 22.
debug1: Connection established.
debug1: identity file /Users/jasper/.ssh/id_rsa type 0
debug1: identity file /Users/jasper/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
....
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/jasper/.ssh/id_rsa RSA SHA256:ArFCaVQs4Kf9z+k6cTecYuHO61GpaS3LgJEZMpOdZvM explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: passwordand so I checked container and did see dummy keys added:
oot@workspace-566b747498-c6xs5:/etc/ssh# ll
total 588
drwxr-xr-x 1 root root 4096 Dec 15 01:24 ./
drwxr-xr-x 1 root root 4096 Dec 23 02:17 ../
-rw-r--r-- 1 root root 553122 Feb 10 2018 moduli
-rw-r--r-- 1 root root 1580 Feb 10 2018 ssh_config
-rw-r--r-- 1 root root 3801 Aug 16 2018 sshd_config
-rw------- 1 root root 227 Dec 15 01:24 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 179 Dec 15 01:24 ssh_host_ecdsa_key.pub
-rw------- 1 root root 411 Dec 15 01:24 ssh_host_ed25519_key
-rw-r--r-- 1 root root 99 Dec 15 01:24 ssh_host_ed25519_key.pub
-rw------- 1 root root 1675 Dec 15 01:24 ssh_host_rsa_key
-rw-r--r-- 1 root root 399 Dec 15 01:24 ssh_host_rsa_key.pubDoubt that Ingress port 22 goes to workspace container port 2222 yet though.
jasperf
commented
3 years ago We have not activated copying of keys for Workspace image
# ARG INSTALL_WORKSPACE_SSH=true
# Do not want to add the keys to the image. We will probably add them manually
# later on
# COPY insecure_id_rsa /tmp/id_rsa
# COPY insecure_id_rsa.pub /tmp/id_rsa.pub
# RUN if [ ${INSTALL_WORKSPACE_SSH} = true ]; then \
# rm -f /etc/service/sshd/down && \
# cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys \
# && cat /tmp/id_rsa.pub >> /root/.ssh/id_rsa.pub \
# && cat /tmp/id_rsa >> /root/.ssh/id_rsa \
# && rm -f /tmp/id_rsa* \
# && chmod 644 /root/.ssh/authorized_keys /root/.ssh/id_rsa.pub \
# && chmod 400 /root/.ssh/id_rsa \
# && cp -rf /root/.ssh /home/laradock \
# && chown -R laradock:laradock /home/laradock/.ssh \
# ;fi
As discussed workspace container should be accessible from the outside so a service has been added. But it needs to allow
ssh forge@domain.nland deploy using PHP Deployer. So we probably need to use port 2222 in Deployer to send it to port 22 on workspace container instead of Droplet. See https://github.com/deployphp/deployer/issues/1636#issuecomment-567115561