From acbe401416ddc7560de2890f99e13b187bb1d788 Mon Sep 17 00:00:00 2001 From: Max Shaposhnyk Date: Thu, 19 Dec 2024 16:19:38 +0200 Subject: [PATCH 1/2] Make it possible to override default SSH connection params Signed-off-by: Max Shaposhnyk --- .../0.2/buildah-remote-oci-ta.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index 97ed4bbf6a..ff2cf59aa5 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -95,6 +95,10 @@ spec: as per --squash name: SQUASH type: string + - default: "-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + description: SSH connection default params + name: SSH_ARGS + type: string - default: vfs description: Storage driver to configure for buildah name: STORAGE_DRIVER @@ -182,6 +186,8 @@ spec: value: source - name: SQUASH value: $(params.SQUASH) + - name: SSH_ARGS + value: $(params.SSH_ARGS) - name: STORAGE_DRIVER value: $(params.STORAGE_DRIVER) - name: TARGET_STAGE @@ -259,9 +265,8 @@ spec: if ! [[ $IS_LOCALHOST ]]; then chmod 0400 ~/.ssh/id_rsa export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + ssh "$SSH_ARGS" "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" PORT_FORWARD="" PODMAN_PORT_FORWARD="" @@ -578,7 +583,7 @@ spec: if ! [[ $IS_LOCALHOST ]]; then rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + ssh "$SSH_ARGS" "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ --tmpfs /run/secrets \ -e ACTIVATION_KEY="$ACTIVATION_KEY" \ -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ From 99bb14c020e099486e56e3e65e6b1f5e5b77fc44 Mon Sep 17 00:00:00 2001 From: Max Shaposhnyk Date: Thu, 19 Dec 2024 16:33:38 +0200 Subject: [PATCH 2/2] Make it possible to override default SSH connection params Signed-off-by: Max Shaposhnyk --- task-generator/remote/main.go | 5 ++--- task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml | 5 ++--- task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml | 6 ------ task/buildah-remote/0.1/buildah-remote.yaml | 5 ++--- task/buildah-remote/0.2/buildah-remote.yaml | 5 ++--- 5 files changed, 8 insertions(+), 18 deletions(-) diff --git a/task-generator/remote/main.go b/task-generator/remote/main.go index f7fa665145..895a6e1181 100644 --- a/task-generator/remote/main.go +++ b/task-generator/remote/main.go @@ -162,9 +162,8 @@ mkdir -p scripts if ! [[ $IS_LOCALHOST ]]; then chmod 0400 ~/.ssh/id_rsa export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + ssh "$SSH_ARGS" "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" PORT_FORWARD="" PODMAN_PORT_FORWARD="" @@ -240,7 +239,7 @@ if ! [[ $IS_LOCALHOST ]]; then env += " -e " + e.Name + "=\"$" + e.Name + "\" \\\n" } podmanArgs += " -v \"$BUILD_DIR/scripts:/scripts:Z\" \\\n" - ret += "\n ssh $SSH_ARGS \"$SSH_HOST\" $PORT_FORWARD podman run " + env + "" + podmanArgs + " --user=0 --rm \"$BUILDER_IMAGE\" /" + containerScript + ` "$@"` + ret += "\n ssh \"$SSH_ARGS\" \"$SSH_HOST\" $PORT_FORWARD podman run " + env + "" + podmanArgs + " --user=0 --rm \"$BUILDER_IMAGE\" /" + containerScript + ` "$@"` // Sync the contents of the workspaces back so subsequent tasks can use them for _, workspace := range task.Spec.Workspaces { diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml index dfcc67465a..7f12ff1b25 100644 --- a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml @@ -239,9 +239,8 @@ spec: if ! [[ $IS_LOCALHOST ]]; then chmod 0400 ~/.ssh/id_rsa export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + ssh "$SSH_ARGS" "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" PORT_FORWARD="" PODMAN_PORT_FORWARD="" @@ -447,7 +446,7 @@ spec: if ! [[ $IS_LOCALHOST ]]; then rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + ssh "$SSH_ARGS" "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ --tmpfs /run/secrets \ -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index ff2cf59aa5..396c439ff4 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -95,10 +95,6 @@ spec: as per --squash name: SQUASH type: string - - default: "-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" - description: SSH connection default params - name: SSH_ARGS - type: string - default: vfs description: Storage driver to configure for buildah name: STORAGE_DRIVER @@ -186,8 +182,6 @@ spec: value: source - name: SQUASH value: $(params.SQUASH) - - name: SSH_ARGS - value: $(params.SSH_ARGS) - name: STORAGE_DRIVER value: $(params.STORAGE_DRIVER) - name: TARGET_STAGE diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml index ffbf57d6fe..71ddf4d9f8 100644 --- a/task/buildah-remote/0.1/buildah-remote.yaml +++ b/task/buildah-remote/0.1/buildah-remote.yaml @@ -227,9 +227,8 @@ spec: if ! [[ $IS_LOCALHOST ]]; then chmod 0400 ~/.ssh/id_rsa export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + ssh "$SSH_ARGS" "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" PORT_FORWARD="" PODMAN_PORT_FORWARD="" @@ -439,7 +438,7 @@ spec: if ! [[ $IS_LOCALHOST ]]; then rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + ssh "$SSH_ARGS" "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ --tmpfs /run/secrets \ -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ -e STORAGE_DRIVER="$STORAGE_DRIVER" \ diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index 6e7f2ccaf3..8b5e033b26 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -241,9 +241,8 @@ spec: if ! [[ $IS_LOCALHOST ]]; then chmod 0400 ~/.ssh/id_rsa export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + ssh "$SSH_ARGS" "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" PORT_FORWARD="" PODMAN_PORT_FORWARD="" @@ -555,7 +554,7 @@ spec: if ! [[ $IS_LOCALHOST ]]; then rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + ssh "$SSH_ARGS" "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ --tmpfs /run/secrets \ -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ -e STORAGE_DRIVER="$STORAGE_DRIVER" \