Comments (12)
The solution makes total sense to me. Please feel free to submit a PR with the fix you suggested.
(Do not forget to do task update-chart
) after making changes in the chart.
from pv-migrate.
@utkuozdemir It appears that I underestimated this issue. SSH key is being mounted from a secret and apparently in Kubernetes secret mounts are always ReadOnly (kubernetes/kubernetes#62099). Since mounted SSH Key is always ReadOnly, trying to chmod it gives chmod: /root/.ssh/id_ed25519: Read-only file system
error. That said, I think the only solution would be to copy the SSH key somewhere (/tmp
maybe?) and somehow pass the -i /tmp/<PrivateKey>
option to ssh command. That said, I need your guidance on what would be the best way to add that -i
option to ssh? I see sshArgs defined in
Line 34 in b563c1b
--ssh-key-path
and use the passed string to set the -i
option to ssh and add it to sshArgsStr
(https://github.com/utkuozdemir/pv-migrate/blob/master/rsync/cmd.go#L42)? In addition, the current rsync.fixPrivateKeyPerms
option will probably need another option rsync.privateKeyCopyPath
to be used together, so that we can fix permissions on the copy of the private key file.P.S. We can also rename
rsync.fixPrivateKeyPerms
to rsync.copyPrivateKey
to better match rsync.privateKeyCopyPath
to be used together?from pv-migrate.
I see. No problem. What if we do something like:
- Always mount the private key to
/tmp
or/opt
or something - On rsync job, we
mkdir -p ~/.ssh
- Copy it from
/tmp
into~/.ssh
chmod
if the flag is specified
Also, I'll ask you to please build and test manually & change/add integration tests for the further changes so we avoid further broken functionality.
from pv-migrate.
@utkuozdemir I like your idea, but I think it would be advantageous to not have a flag for chmod. I think chmod of the private key after copying should be done always by default. It wouldn't hurt anything and wouldn't require people to provide any extra flag for things to work correctly. WDYT?
from pv-migrate.
Yep, actually that sounds reasonable - always mount it to a temp path, always copy and chmod 400. Should work just fine and less complexity. We can give it a shot.
from pv-migrate.
@utkuozdemir In my usecase, I don't need any changes for sshd
deployment, but I see that sshd.privateKeyMountPath
exists. I should skip modifying anything for sshd
, right?
from pv-migrate.
I had to look into the code to remember what it was used for, it seems I use it in the local strategy. Let's also change it to be the new way.
from pv-migrate.
We'll probably have to pass a command
to its container just like the rsync
one.
from pv-migrate.
@utkuozdemir I also assume I would be removing the rsync.fixPrivateKeyPerms
with this change, right?
from pv-migrate.
Yep, we'll just make a minor release because of the breaking change and it should be fine.
from pv-migrate.
@utkuozdemir I was trying to verify that setting sshd.privateKeyMount=true
is working, but even without any of my latest changes running pv-migrate
with --helm-set sshd.privateKeyMount=true
seems to fail (for any strategy).
P.S. Running --strategies "local"
without also specifying --helm-set sshd.privateKeyMount=true
seems to work fine.
from pv-migrate.
Hm, interesting, we set it to true here: https://github.com/utkuozdemir/pv-migrate/blob/master/strategy/local.go#L197
And the integration test that tests local strategy passes without issues. Doing --helm-set sshd.privateKeyMount=true
explicitly shouldn't change anything actually.
from pv-migrate.
Related Issues (20)
- libsvc job should support configurable retries HOT 2
- pv-migrate should allow for resuming transfers HOT 3
- NodePort type service HOT 6
- Migrating from a larger to a smaller pvc fails with a generic error message. HOT 1
- Add ssh keepalive configuration HOT 4
- Is rsync retry logic correct? HOT 1
- Would like to provide a best pratics for AWS PV Migration
- Rsync command overwrite HOT 3
- Error: migration failed: all strategies failed for this migration
- Implement an rsync push mode when source pushes data to destination HOT 1
- Receiving "Deployment is not ready" error while the deployment is ready actually HOT 8
- Add --create-dst-pvc --create-dst-pvc-storage-class to auto create dst pvc if it does not exist HOT 2
- The SSHD port number is not taken into account on the destination pod HOT 1
- Implement shrinking (reducing) of the Kubernetes PVC size via pv-migrate by replacing the PV HOT 2
- Doc Request: another use case that would have led me here faster HOT 2
- pv migrate stucking
- failed to install on source: failed to install helm chart: context deadline exceeded
- Fancy log formatter is hiding errors
- rsync.extraArgs does not work with strategy local
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pv-migrate.