mirror of
https://github.com/NixOS/nix
synced 2025-07-08 02:43:54 +02:00
Merge pull request #4593 from grahamc/builder-host-key-stable
(Backport #4574) distributed builds: load remote builder host key from the machines file
This commit is contained in:
John Ericson
GitHub
commit
619e9758bb
5 changed files with 22 additions and 4 deletions
|
|
@ -192,6 +192,8 @@ static int _main(int argc, char * * argv)
|
||||||
storeParams["log-fd"] = "4";
|
storeParams["log-fd"] = "4";
|
||||||
if (bestMachine->sshKey != "")
|
if (bestMachine->sshKey != "")
|
||||||
storeParams["ssh-key"] = bestMachine->sshKey;
|
storeParams["ssh-key"] = bestMachine->sshKey;
|
||||||
|
if (bestMachine->sshPublicHostKey != "")
|
||||||
|
storeParams["base64-ssh-public-host-key"] = bestMachine->sshPublicHostKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
sshStore = openStore(bestMachine->storeUri, storeParams);
|
sshStore = openStore(bestMachine->storeUri, storeParams);
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ struct LegacySSHStore : public Store
|
||||||
{
|
{
|
||||||
const Setting<int> maxConnections{this, 1, "max-connections", "maximum number of concurrent SSH connections"};
|
const Setting<int> maxConnections{this, 1, "max-connections", "maximum number of concurrent SSH connections"};
|
||||||
const Setting<Path> sshKey{this, "", "ssh-key", "path to an SSH private key"};
|
const Setting<Path> sshKey{this, "", "ssh-key", "path to an SSH private key"};
|
||||||
|
const Setting<std::string> sshPublicHostKey{this, "", "base64-ssh-public-host-key", "The public half of the host's SSH key"};
|
||||||
const Setting<bool> compress{this, false, "compress", "whether to compress the connection"};
|
const Setting<bool> compress{this, false, "compress", "whether to compress the connection"};
|
||||||
const Setting<Path> remoteProgram{this, "nix-store", "remote-program", "path to the nix-store executable on the remote system"};
|
const Setting<Path> remoteProgram{this, "nix-store", "remote-program", "path to the nix-store executable on the remote system"};
|
||||||
const Setting<std::string> remoteStore{this, "", "remote-store", "URI of the store on the remote system"};
|
const Setting<std::string> remoteStore{this, "", "remote-store", "URI of the store on the remote system"};
|
||||||
|
|
@ -48,6 +49,7 @@ struct LegacySSHStore : public Store
|
||||||
, master(
|
, master(
|
||||||
host,
|
host,
|
||||||
sshKey,
|
sshKey,
|
||||||
|
sshPublicHostKey,
|
||||||
// Use SSH master only if using more than 1 connection.
|
// Use SSH master only if using more than 1 connection.
|
||||||
connections->capacity() > 1,
|
connections->capacity() > 1,
|
||||||
compress,
|
compress,
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ class SSHStore : public RemoteStore
|
||||||
public:
|
public:
|
||||||
|
|
||||||
const Setting<Path> sshKey{(Store*) this, "", "ssh-key", "path to an SSH private key"};
|
const Setting<Path> sshKey{(Store*) this, "", "ssh-key", "path to an SSH private key"};
|
||||||
|
const Setting<std::string> sshPublicHostKey{(Store*) this, "", "base64-ssh-public-host-key", "The public half of the host's SSH key"};
|
||||||
const Setting<bool> compress{(Store*) this, false, "compress", "whether to compress the connection"};
|
const Setting<bool> compress{(Store*) this, false, "compress", "whether to compress the connection"};
|
||||||
|
|
||||||
SSHStore(const std::string & host, const Params & params)
|
SSHStore(const std::string & host, const Params & params)
|
||||||
|
|
@ -24,6 +25,7 @@ public:
|
||||||
, master(
|
, master(
|
||||||
host,
|
host,
|
||||||
sshKey,
|
sshKey,
|
||||||
|
sshPublicHostKey,
|
||||||
// Use SSH master only if using more than 1 connection.
|
// Use SSH master only if using more than 1 connection.
|
||||||
connections->capacity() > 1,
|
connections->capacity() > 1,
|
||||||
compress)
|
compress)
|
||||||
|
|
|
||||||
|
|
@ -2,24 +2,37 @@
|
||||||
|
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
|
||||||
SSHMaster::SSHMaster(const std::string & host, const std::string & keyFile, bool useMaster, bool compress, int logFD)
|
SSHMaster::SSHMaster(const std::string & host, const std::string & keyFile, const std::string & sshPublicHostKey, bool useMaster, bool compress, int logFD)
|
||||||
: host(host)
|
: host(host)
|
||||||
, fakeSSH(host == "localhost")
|
, fakeSSH(host == "localhost")
|
||||||
, keyFile(keyFile)
|
, keyFile(keyFile)
|
||||||
|
, sshPublicHostKey(sshPublicHostKey)
|
||||||
, useMaster(useMaster && !fakeSSH)
|
, useMaster(useMaster && !fakeSSH)
|
||||||
, compress(compress)
|
, compress(compress)
|
||||||
, logFD(logFD)
|
, logFD(logFD)
|
||||||
{
|
{
|
||||||
if (host == "" || hasPrefix(host, "-"))
|
if (host == "" || hasPrefix(host, "-"))
|
||||||
throw Error("invalid SSH host name '%s'", host);
|
throw Error("invalid SSH host name '%s'", host);
|
||||||
|
|
||||||
|
auto state(state_.lock());
|
||||||
|
state->tmpDir = std::make_unique<AutoDelete>(createTempDir("", "nix", true, true, 0700));
|
||||||
}
|
}
|
||||||
|
|
||||||
void SSHMaster::addCommonSSHOpts(Strings & args)
|
void SSHMaster::addCommonSSHOpts(Strings & args)
|
||||||
{
|
{
|
||||||
|
auto state(state_.lock());
|
||||||
|
|
||||||
for (auto & i : tokenizeString<Strings>(getEnv("NIX_SSHOPTS")))
|
for (auto & i : tokenizeString<Strings>(getEnv("NIX_SSHOPTS")))
|
||||||
args.push_back(i);
|
args.push_back(i);
|
||||||
if (!keyFile.empty())
|
if (!keyFile.empty())
|
||||||
args.insert(args.end(), {"-i", keyFile});
|
args.insert(args.end(), {"-i", keyFile});
|
||||||
|
if (!sshPublicHostKey.empty()) {
|
||||||
|
Path fileName = (Path) *state->tmpDir + "/host-key";
|
||||||
|
auto p = host.rfind("@");
|
||||||
|
string thost = p != string::npos ? string(host, p + 1) : host;
|
||||||
|
writeFile(fileName, thost + " " + base64Decode(sshPublicHostKey) + "\n");
|
||||||
|
args.insert(args.end(), {"-oUserKnownHostsFile=" + fileName});
|
||||||
|
}
|
||||||
if (compress)
|
if (compress)
|
||||||
args.push_back("-C");
|
args.push_back("-C");
|
||||||
}
|
}
|
||||||
|
|
@ -87,8 +100,6 @@ Path SSHMaster::startMaster()
|
||||||
|
|
||||||
if (state->sshMaster != -1) return state->socketPath;
|
if (state->sshMaster != -1) return state->socketPath;
|
||||||
|
|
||||||
state->tmpDir = std::make_unique<AutoDelete>(createTempDir("", "nix", true, true, 0700));
|
|
||||||
|
|
||||||
state->socketPath = (Path) *state->tmpDir + "/ssh.sock";
|
state->socketPath = (Path) *state->tmpDir + "/ssh.sock";
|
||||||
|
|
||||||
Pipe out;
|
Pipe out;
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@ private:
|
||||||
const std::string host;
|
const std::string host;
|
||||||
bool fakeSSH;
|
bool fakeSSH;
|
||||||
const std::string keyFile;
|
const std::string keyFile;
|
||||||
|
const std::string sshPublicHostKey;
|
||||||
const bool useMaster;
|
const bool useMaster;
|
||||||
const bool compress;
|
const bool compress;
|
||||||
const int logFD;
|
const int logFD;
|
||||||
|
|
@ -29,7 +30,7 @@ private:
|
||||||
|
|
||||||
public:
|
public:
|
||||||
|
|
||||||
SSHMaster(const std::string & host, const std::string & keyFile, bool useMaster, bool compress, int logFD = -1);
|
SSHMaster(const std::string & host, const std::string & keyFile, const std::string & sshPublicHostKey, bool useMaster, bool compress, int logFD = -1);
|
||||||
|
|
||||||
struct Connection
|
struct Connection
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue