Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: implement RFC 16 to allow emergency node access #3557

Draft
wants to merge 45 commits into
base: main
Choose a base branch
from
Draft

feat: implement RFC 16 to allow emergency node access #3557

wants to merge 45 commits into from

Conversation

miampf
Copy link
Contributor

@miampf miampf commented Dec 19, 2024
edited
Loading

Context

This PR aims to implement RFC 16: Node access.

Proposed change(s)

This PR only implements part of the RFC. Currently, the following is implemented:

  • The openssh-server package was added to the node image
  • OpenSSH was configured to only allow public key authentication and use a CA public key as a user certificate
    • The derivation of this certificate will be handled in another PR.
  • A new terraform variable emergency_ssh was added to allow control over load balancing ports. Currently, this is implemented (and tested) for
    • azure
    • aws
    • gcp
    • openstack

Additional info

  • working E2E tests:

Checklist

  • Run the E2E tests that are relevant to this PR's changes
  • Update docs
  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?
  • Link to Milestone

@miampf miampf added dependencies Pull requests that update a dependency file feature This introduces new functionality hold This cannot be merged right now labels Dec 19, 2024
@miampf miampf requested a review from burgerdev December 19, 2024 14:13
@netlify Netlify
Copy link

netlify bot commented Dec 19, 2024
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit 269e68f
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/67b742656bb1da000801ad33

@miampf miampf force-pushed the miampf/basic-node-access branch from 6dd69c2 to 95f1f94 Compare December 19, 2024 14:14
@miampf miampf force-pushed the miampf/basic-node-access branch from bd15153 to 897662d Compare January 2, 2025 09:58
burgerdev
burgerdev reviewed Jan 2, 2025
View reviewed changes
@miampf miampf force-pushed the miampf/basic-node-access branch 2 times, most recently from 05eef85 to c5acd89 Compare January 7, 2025 10:20
@miampf miampf mentioned this pull request Jan 7, 2025
Merged
5 tasks
@miampf miampf force-pushed the miampf/basic-node-access branch 7 times, most recently from 607c62e to 7e9315f Compare January 16, 2025 10:41
@miampf miampf force-pushed the miampf/basic-node-access branch 2 times, most recently from b5849db to 37b42ea Compare January 21, 2025 11:20
@daniel-weisse daniel-weisse removed the dependencies Pull requests that update a dependency file label Jan 24, 2025
@miampf miampf force-pushed the miampf/basic-node-access branch 5 times, most recently from fadd6c5 to 643a93f Compare January 30, 2025 12:09
@miampf miampf force-pushed the miampf/basic-node-access branch 4 times, most recently from 2cb1e71 to d074b98 Compare February 11, 2025 10:18
miampf added 26 commits February 20, 2025 11:51
@miampf
update package hashes again
68d0e50
@miampf
Use correct pathing and improve CLI tip
4d80e75
@miampf
fix certificate formatting
0f2d4bd
@miampf
wrote ssh config specific info into docs
6f2f5b5
@miampf
adjusted code accordingly
0718f14
@miampf
Fix some vale errors
eaaa8a5
@miampf
bazel run //:generate
c8472b1
@miampf
Added loadbalancer_address output (important for e2e)
8d76abc
@miampf
Wrote structure for e2e test
bd3c259
@miampf
Wrote e2e_emergency_ssh action
6031b22
@miampf
Transfer constellation workspace through actions
90c4bc3
@miampf
Implemented e2e-ssh workflow
c04c84e
@miampf
added emergency ssh test option
ab47947
@miampf
added forgotten machine type
f9df38c
@miampf
ordered steps into step key
950c854
@miampf
fix indentation
ae197d5
@miampf
don't error on "emergency ssh" input in e2e test action
a64f8a8
@miampf
fix indentation again :)
fb0563a
@miampf
No custom working directory
1926133
@miampf
use ssh command more appropriate for scripting
6298de9
@miampf
loadbalancer address outputs for other GCP + AWS
d0b3bdb
@miampf
install terraform for e2e test
452b168
@miampf
correct location for nixTools
bcaf376
@miampf
fix referenced variable names
b205b23
@miampf
do terraform stuff in terraform dir
d88b1ae
@miampf
[no ci] debug prints
13fdf9b
@miampf miampf force-pushed the miampf/basic-node-access branch from e607926 to 13fdf9b Compare February 20, 2025 10:51
@github-actions GitHub Actions
Copy link
Contributor

Coverage report

Package Old New Trend
cli/internal/cmd 58.10% 58.10% ↔️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@burgerdev burgerdev burgerdev left review comments

@msanft msanft Awaiting requested review from msanft msanft will be requested when the pull request is marked ready for review msanft is a code owner

@thomasten thomasten Awaiting requested review from thomasten thomasten will be requested when the pull request is marked ready for review thomasten is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
feature This introduces new functionality hold This cannot be merged right now
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@miampf @burgerdev @daniel-weisse