Support native ssh client #615

lucklove · 2020-07-20T12:03:26Z

At current we use easyssh as the ssh tunnel. However, sometimes users will use some ssh plugin such as LDAP. In this case the easyssh client can't work.

This PR introduces an option for users to choose the native ssh client in his host as the ssh client to connect the cluster. This can enable any ssh plugins once the user configs them correctly.

TODOLIST:

codecov-commenter · 2020-07-22T07:09:05Z

Codecov Report

Merging #615 into master will decrease coverage by 0.05%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #615      +/-   ##
==========================================
- Coverage   47.95%   47.90%   -0.06%     
==========================================
  Files         225      224       -1     
  Lines       16787    16818      +31     
==========================================
+ Hits         8051     8057       +6     
- Misses       7610     7631      +21     
- Partials     1126     1130       +4

Flag	Coverage Δ
#coverage	`47.90% <ø> (-0.06%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ithub.com/pingcap/tiup/pkg/cluster/executor/ssh.go	`31.92% <0.00%> (-33.51%)`	⬇️
...om/pingcap/tiup/components/cluster/command/root.go	`42.77% <0.00%> (-0.63%)`	⬇️
...ngcap/tiup/components/cluster/command/scale_out.go	`9.05% <0.00%> (-0.04%)`	⬇️
...rc/github.com/pingcap/tiup/pkg/cluster/task/ssh.go	`71.05% <0.00%> (ø)`
...om/pingcap/tiup/pkg/cluster/operation/operation.go	`72.72% <0.00%> (ø)`
.../pingcap/tiup/components/playground/utils/utils.go
...m/pingcap/tiup/components/playground/utils/http.go
go/src/github.com/pingcap/tiup/pkg/utils/exec.go	`61.53% <0.00%> (ø)`
.../pingcap/tiup/components/cluster/command/deploy.go	`77.22% <0.00%> (+0.08%)`	⬆️
...ithub.com/pingcap/tiup/pkg/cluster/task/builder.go	`87.14% <0.00%> (+0.10%)`	⬆️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4ce9c65...07663f3. Read the comment docs.

lonng · 2020-07-22T08:03:58Z

pkg/cluster/executor/ssh.go

+		args = append(args, "-i", e.Config.KeyFile)
+	}
+	if e.Config.Passphrase != "" {
+		args = append([]string{"sshpass", "-p", e.Config.Passphrase, "-P", "passphrase"}, args...)


Are you sure the sshpass always exists in the user environment?

No, It's a tradeoff. I think it's not a hard task to install it in the bastion host. It's not economical enough for us to implement sshpass in our code.

components/cluster/command/root.go

docker/secret/control.env

lonng · 2020-07-27T06:01:47Z

pkg/cluster/executor/ssh.go

+			Sudo:   sudo,
+		}
+		if c.Password != "" || (c.KeyFile != "" && c.Passphrase != "") {
+			_, _, e.ConnectionTestResult = e.Execute(connectionTestCommand, false, executeDefaultTimeout)


I think we shouldn't try to connect remote when we create the instance of SSHExecutor.

If we don't try it this time when the user actually executes the command, it may block as long as the command timeout value since the wrong prompt of ssh. What's worse is that there will be no possibility to get clear what happened at that time.

For example, the user can change the ssh prompt to:

root@172.16.5.141's secret:

But the sshpass may expect it be:

root@172.16.5.141's password:

And then the command will hang forever (until receiving the kill signal).

pkg/localdata/constant.go

pkg/utils/exec.go

tests/tiup-cluster/test_cmd.sh

lonng

Rest LGTM
Well done.

.github/workflows/integrate.yaml

components/cluster/command/root.go

pkg/cluster/executor/ssh.go

pkg/exec/run.go

Signed-off-by: lucklove <gnu.crazier@gmail.com>

- Support password Signed-off-by: lucklove <gnu.crazier@gmail.com>

Signed-off-by: lucklove <gnu.crazier@gmail.com>

Co-authored-by: Lonng <heng@lonng.org>

Signed-off-by: lucklove <gnu.crazier@gmail.com>

AstroProfundis

LGTM

document for pingcap/tiup#615 Signed-off-by: lucklove <gnu.crazier@gmail.com>

* Add document for tiup-cluster document for pingcap/tiup#615 Signed-off-by: lucklove <gnu.crazier@gmail.com> * Update tiup/tiup-cluster.md Co-authored-by: Lonng <heng@lonng.org> * Address comment Signed-off-by: lucklove <gnu.crazier@gmail.com> * Update tiup/tiup-cluster.md Co-authored-by: Lonng <heng@lonng.org> Co-authored-by: TomShawn <41534398+TomShawn@users.noreply.github.com>

lonng added the type/new-feature Categorizes pr as related to a new feature. label Jul 20, 2020

lonng linked an issue Jul 20, 2020 that may be closed by this pull request

Support ssh LDAP extension #528

Closed

lucklove force-pushed the ssh branch from fe88545 to f5a8c62 Compare July 22, 2020 06:34

lonng reviewed Jul 22, 2020

View reviewed changes

lucklove added this to the v1.1.0 milestone Jul 22, 2020

lucklove self-assigned this Jul 22, 2020

lucklove force-pushed the ssh branch from 6954500 to b67db77 Compare July 23, 2020 05:43

lucklove force-pushed the ssh branch 5 times, most recently from 08c7e12 to c5feef7 Compare July 23, 2020 10:39

lucklove changed the title ~~Support native ssh~~ Support native ssh client Jul 23, 2020

lucklove marked this pull request as ready for review July 24, 2020 02:31

lucklove requested a review from july2993 July 27, 2020 04:05