lourenco/mgmt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cli, etcd, lib, setup: Support ssh hostkey logic

Browse Source 
This makes it easy to pass in the expected key so that we never have to
guess and risk MITM attacks.
This commit is contained in:
James Shubin
2025-06-07 17:55:41 -04:00
parent 55eeb50fb4
commit 1ccec72a7c
5 changed files with 113 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cli/deploy.go
View File

@@ -63,6 +63,11 @@ type DeployArgs struct {
// setup for things to work.
SSHURL string `arg:"--ssh-url" help:"transport the etcd client connection over SSH to this server"`
// SSHHostKey is the key part (which is already base64 encoded) from a
// known_hosts file, representing the host we're connecting to. If this
// is specified, then it overrides looking for it in the URL.
SSHHostKey string `arg:"--ssh-hostkey" help:"use this ssh known hosts key when connecting over SSH"`
Seeds []string `arg:"--seeds,separate,env:MGMT_SEEDS" help:"default etcd client endpoints"`
Noop bool `arg:"--noop" help:"globally force all resources into no-op mode"`
Sema int `arg:"--sema" default:"-1" help:"globally add a semaphore to all resources with this lock count"`
@@ -210,9 +215,10 @@ func (obj *DeployArgs) Run(ctx context.Context, data *cliUtil.Data) (bool, error
}
if obj.SSHURL != "" { // alternate world implementation over SSH
world = &etcdSSH.World{
URL: obj.SSHURL,
Seeds: obj.Seeds,
NS: lib.NS,
URL: obj.SSHURL,
HostKey: obj.SSHHostKey,
Seeds: obj.Seeds,
NS: lib.NS,
//MetadataPrefix: lib.MetadataPrefix,
//StoragePrefix: lib.StoragePrefix,
//StandaloneFs: ???.DeployFs, // used for static deploys

10
cli/util/args.go
View File

@@ -163,10 +163,12 @@ type SetupPkgArgs struct {
// SetupSvcArgs is the setup service CLI parsing structure and type of the
// parsed result.
type SetupSvcArgs struct {
BinaryPath string `arg:"--binary-path" help:"path to the binary"`
SSHURL string `arg:"--ssh-url" help:"transport the etcd client connection over SSH to this server"`
Seeds []string `arg:"--seeds,separate,env:MGMT_SEEDS" help:"default etcd client endpoints"`
NoServer bool `arg:"--no-server" help:"do not start embedded etcd server (do not promote from client to peer)"`
BinaryPath string `arg:"--binary-path" help:"path to the binary"`
SSHURL string `arg:"--ssh-url" help:"transport the etcd client connection over SSH to this server"`
SSHHostKey string `arg:"--ssh-hostkey" help:"use this ssh known hosts key when connecting over SSH"`
Seeds []string `arg:"--seeds,separate,env:MGMT_SEEDS" help:"default etcd client endpoints"`
NoServer bool `arg:"--no-server" help:"do not start embedded etcd server (do not promote from client to peer)"`
Install bool `arg:"--install" help:"install the systemd mgmt service"`
Start bool `arg:"--start" help:"start the mgmt service"`