Skip to content

Commit

Permalink
Allow machine console connection with admin flag. (#248)
Browse files Browse the repository at this point in the history
  • Loading branch information
Gerrit91 authored Jun 13, 2024
1 parent 74f0197 commit fd1943d
Show file tree
Hide file tree
Showing 8 changed files with 59 additions and 22 deletions.
23 changes: 23 additions & 0 deletions cmd/common_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -330,3 +330,26 @@ func appendFromFileCommonArgs(args ...string) []string {
func commonExcludedFileArgs() []string {
return []string{"file", "bulk-output", "skip-security-prompts", "timestamps"}
}

// This might be helpful if you want to debug metalctl code:
//
// func Test_DebugTemplate(t *testing.T) {
// _, client := client.NewMetalMockClient(t, nil)

// var (
// out bytes.Buffer
// config = &config{
// fs: afero.NewOsFs(),
// client: client,
// out: &out,
// log: slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{})),
// comp: &completion.Completion{},
// }
// )

// cmd := newRootCmd(config)
// os.Setenv("KUBECONFIG", "<your-path>")
// os.Args = []string{"metalctl", "machine", "console", "..."}
// err := cmd.Execute()
// require.NoError(t, err)
// }
2 changes: 1 addition & 1 deletion cmd/firewall.go
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ func (c *firewallCmd) firewallPureSSH(fwAllocation *models.V1MachineAllocation)
}
for _, ip := range nw.Ips {
if portOpen(ip, "22", time.Second) {
err = sshClient("metal", viper.GetString("identity"), ip, 22, nil)
err = sshClient("metal", viper.GetString("identity"), ip, 22, nil, false)
if err != nil {
return err
}
Expand Down
14 changes: 4 additions & 10 deletions cmd/machine.go
Original file line number Diff line number Diff line change
Expand Up @@ -448,8 +448,9 @@ In case the machine did not register properly a direct ipmi console access is av
machineReinstallCmd.Flags().StringP("description", "d", "", "description of the reinstallation. [optional]")
genericcli.Must(machineReinstallCmd.MarkFlagRequired("image"))

machineConsoleCmd.Flags().StringP("sshidentity", "p", "", "SSH key file, if not given the default ssh key will be used if present [optional].")
machineConsoleCmd.Flags().StringP("sshidentity", "i", "", "SSH key file, if not given the default ssh key will be used if present [optional].")
machineConsoleCmd.Flags().BoolP("ipmi", "", false, "use ipmitool with direct network access (admin only).")
machineConsoleCmd.Flags().BoolP("admin", "", false, "authenticate as admin (admin only).")
machineConsoleCmd.Flags().StringP("ipmiuser", "", "", "overwrite ipmi user (admin only).")
machineConsoleCmd.Flags().StringP("ipmipassword", "", "", "overwrite ipmi password (admin only).")

Expand Down Expand Up @@ -1244,14 +1245,6 @@ func (c *machineCmd) machineConsole(args []string) error {
return cmd.Run()
}

key := viper.GetString("sshidentity")
if key == "" {
key, err = searchSSHKey()
if err != nil {
return fmt.Errorf("machine console error:%w", err)
}
}

parsedurl, err := url.Parse(c.driverURL)
if err != nil {
return err
Expand All @@ -1260,7 +1253,8 @@ func (c *machineCmd) machineConsole(args []string) error {
if err != nil {
return err
}
err = sshClient(id, key, parsedurl.Host, bmcConsolePort, &authContext.IDToken)

err = sshClient(id, viper.GetString("sshidentity"), parsedurl.Host, bmcConsolePort, &authContext.IDToken, viper.GetBool("admin"))
if err != nil {
return fmt.Errorf("machine console error:%w", err)
}
Expand Down
31 changes: 25 additions & 6 deletions cmd/ssh.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,21 +45,40 @@ func (c *firewallCmd) firewallSSHViaVPN(firewall *models.V1FirewallResponse) (er
if err != nil {
return err
}
s, err := metalssh.NewClientWithConnection("metal", v.TargetIP, privateKey, v.Conn)

opts := []metalssh.ConnectOpt{metalssh.ConnectOptOutputPrivateKey(privateKey)}

s, err := metalssh.NewClientWithConnection("metal", v.TargetIP, v.Conn, opts...)
if err != nil {
return err
}
return s.Connect(nil)
}

// sshClient opens an interactive ssh session to the host on port with user, authenticated by the key.
func sshClient(user, keyfile, host string, port int, idToken *string) error {
privateKey, err := os.ReadFile(keyfile)
if err != nil {
return err
func sshClient(user, keyfile, host string, port int, idToken *string, passwordAuth bool) error {

var opts []metalssh.ConnectOpt
if passwordAuth {
opts = append(opts, metalssh.ConnectOptOutputPassword(*idToken))
} else {
if keyfile == "" {
var err error
keyfile, err = searchSSHKey()
if err != nil {
return err
}
}

privateKey, err := os.ReadFile(keyfile)
if err != nil {
return err
}

opts = append(opts, metalssh.ConnectOptOutputPrivateKey(privateKey))
}

s, err := metalssh.NewClient(user, host, privateKey, port)
s, err := metalssh.NewClient(user, host, port, opts...)
if err != nil {
return err
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/tableprinters/machine.go
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,7 @@ func (t *TablePrinter) MachineLogsTable(data []*models.V1MachineProvisioningEven
if !wide {
split := strings.Split(msg, "\n")
if len(split) > 1 {
msg = split[0] + " " + genericcli.TruncateElipsis
msg = split[0] + " " + genericcli.TruncateEllipsis
}
msg = genericcli.TruncateEnd(msg, 120)
}
Expand Down
3 changes: 2 additions & 1 deletion docs/metalctl_machine_console.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,12 @@ metalctl machine console <machine ID> [flags]
### Options

```
--admin authenticate as admin (admin only).
-h, --help help for console
--ipmi use ipmitool with direct network access (admin only).
--ipmipassword string overwrite ipmi password (admin only).
--ipmiuser string overwrite ipmi user (admin only).
-p, --sshidentity string SSH key file, if not given the default ssh key will be used if present [optional].
-i, --sshidentity string SSH key file, if not given the default ssh key will be used if present [optional].
```

### Options inherited from parent commands
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/google/go-cmp v0.6.0
github.com/google/uuid v1.6.0
github.com/metal-stack/metal-go v0.29.0
github.com/metal-stack/metal-lib v0.16.2
github.com/metal-stack/metal-lib v0.17.0
github.com/metal-stack/updater v1.2.1
github.com/metal-stack/v v1.0.3
github.com/olekukonko/tablewriter v0.0.6-0.20230925090304-df64c4bbad77
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -238,8 +238,8 @@ github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos
github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
github.com/metal-stack/metal-go v0.29.0 h1:EuJ7u/L+3lsby+kzrE0aF6gBIBDKPENqvOO2idGhMqw=
github.com/metal-stack/metal-go v0.29.0/go.mod h1:gYLZX3umsoZLWZ5d4MJdVbnR8eFXUTlLTK7tyx638As=
github.com/metal-stack/metal-lib v0.16.2 h1:RJls/Spai4h5xr3BEmQt9UdWNN4RB9+SOINoZcjYaA8=
github.com/metal-stack/metal-lib v0.16.2/go.mod h1:nyNGI4DZFOcWbSoq2Y6V3SHpFxuXBIqYBZHTb6cy//s=
github.com/metal-stack/metal-lib v0.17.0 h1:0fCRUtYweJ5wbUwiEalFGiHkEz0mZwTWQUIIo3Npzkw=
github.com/metal-stack/metal-lib v0.17.0/go.mod h1:nyNGI4DZFOcWbSoq2Y6V3SHpFxuXBIqYBZHTb6cy//s=
github.com/metal-stack/security v0.8.0 h1:tVaSDB9m5clwYrnLyaXfPy7mQlJTnmeoHscG+RUy/xo=
github.com/metal-stack/security v0.8.0/go.mod h1:7GAcQb+pOgflW30ohJygxpqc3i0dQ2ahGJK1CU5tqa0=
github.com/metal-stack/updater v1.2.1 h1:8wWpzx+VHw8Pv6IJ+IUEqMr7g06TrrADvcWAFMZl/ZE=
Expand Down

0 comments on commit fd1943d

Please sign in to comment.