Shiloh/lasthourcloud
Shiloh/lasthourcloud
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

fix: ssh-agent revert

Browse Source
This commit is contained in:
Andras Bacsai 2023-09-15 12:30:25 +02:00
parent cf28490acc
commit 54a57d217f
13 changed files with 37 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Actions/CoolifyTask/RunRemoteProcess.php
View File

@ -73,7 +73,7 @@ public function __invoke(): ProcessResult
$this->time_start = hrtime(true); $this->time_start = hrtime(true);
$status = ProcessStatus::IN_PROGRESS; $status = ProcessStatus::IN_PROGRESS;
$processResult = processWithEnv()->forever()->run($this->getCommand(), $this->handleOutput(...)); $processResult = Process::forever()->run($this->getCommand(), $this->handleOutput(...));
if ($this->activity->properties->get('status') === ProcessStatus::ERROR->value) { if ($this->activity->properties->get('status') === ProcessStatus::ERROR->value) {
$status = ProcessStatus::ERROR; $status = ProcessStatus::ERROR;

2
app/Jobs/ApplicationDeploymentJob.php
View File

@ -652,7 +652,7 @@ private function set_labels_for_applications()
private function generate_healthcheck_commands() private function generate_healthcheck_commands()
{ {
if ($this->application->dockerfile) { if ($this->application->dockerfile || $this->application->build_pack === 'dockerfile') {
// TODO: disabled HC because there are several ways to hc a simple docker image, hard to figure out a good way. Like some docker images (pocketbase) does not have curl. // TODO: disabled HC because there are several ways to hc a simple docker image, hard to figure out a good way. Like some docker images (pocketbase) does not have curl.
return 'exit 0'; return 'exit 0';
} }

2
app/Traits/ExecuteRemoteCommand.php
View File

@ -39,7 +39,7 @@ public function execute_remote_command(...$commands)
$this->save = data_get($single_command, 'save'); $this->save = data_get($single_command, 'save');
$remote_command = generateSshCommand( $ip, $user, $port, $command); $remote_command = generateSshCommand( $ip, $user, $port, $command);
$process = processWithEnv()->timeout(3600)->idleTimeout(3600)->start($remote_command, function (string $type, string $output) use ($command, $hidden) { $process = Process::timeout(3600)->idleTimeout(3600)->start($remote_command, function (string $type, string $output) use ($command, $hidden) {
$output = Str::of($output)->trim(); $output = Str::of($output)->trim();
$new_log_entry = [ $new_log_entry = [
'command' => $command, 'command' => $command,

69
bootstrap/helpers/remoteProcess.php
View File

@ -49,20 +49,23 @@ function remote_process(
])(); ])();
} }
function removePrivateKeyFromSshAgent(Server $server) // function removePrivateKeyFromSshAgent(Server $server)
{ // {
if (data_get($server, 'privateKey.private_key') === null) { // if (data_get($server, 'privateKey.private_key') === null) {
throw new \Exception("Server {$server->name} does not have a private key"); // throw new \Exception("Server {$server->name} does not have a private key");
} // }
processWithEnv()->run("echo '{$server->privateKey->private_key}' | ssh-add -d -"); // // processWithEnv()->run("echo '{$server->privateKey->private_key}' | ssh-add -d -");
} // }
function addPrivateKeyToSshAgent(Server $server) function addPrivateKeyToSshAgent(Server $server)
{ {
if (data_get($server, 'privateKey.private_key') === null) { if (data_get($server, 'privateKey.private_key') === null) {
throw new \Exception("Server {$server->name} does not have a private key"); throw new \Exception("Server {$server->name} does not have a private key");
} }
// ray('adding key', $server->privateKey->private_key); $sshKeyFileLocation = "id.root@{$server->uuid}";
processWithEnv()->run("echo '{$server->privateKey->private_key}' | ssh-add -q -"); Storage::disk('ssh-keys')->makeDirectory('.');
Storage::disk('ssh-mux')->makeDirectory('.');
Storage::disk('ssh-keys')->put($sshKeyFileLocation, $server->privateKey->private_key);
return '/var/www/html/storage/app/ssh/keys/' . $sshKeyFileLocation;
} }
function generateSshCommand(string $server_ip, string $user, string $port, string $command, bool $isMux = true) function generateSshCommand(string $server_ip, string $user, string $port, string $command, bool $isMux = true)
@ -71,7 +74,7 @@ function generateSshCommand(string $server_ip, string $user, string $port, strin
if (!$server) { if (!$server) {
throw new \Exception("Server with ip {$server_ip} not found"); throw new \Exception("Server with ip {$server_ip} not found");
} }
addPrivateKeyToSshAgent($server); $privateKeyLocation = addPrivateKeyToSshAgent($server);
$timeout = config('constants.ssh.command_timeout'); $timeout = config('constants.ssh.command_timeout');
$connectionTimeout = config('constants.ssh.connection_timeout'); $connectionTimeout = config('constants.ssh.connection_timeout');
$serverInterval = config('constants.ssh.server_interval'); $serverInterval = config('constants.ssh.server_interval');
@ -83,7 +86,8 @@ function generateSshCommand(string $server_ip, string $user, string $port, strin
$ssh_command .= '-o ControlMaster=auto -o ControlPersist=1m -o ControlPath=/var/www/html/storage/app/ssh/mux/%h_%p_%r '; $ssh_command .= '-o ControlMaster=auto -o ControlPersist=1m -o ControlPath=/var/www/html/storage/app/ssh/mux/%h_%p_%r ';
} }
$command = "PATH=\$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/local/sbin:/host/usr/local/bin:/host/usr/sbin:/host/usr/bin:/host/sbin:/host/bin && $command"; $command = "PATH=\$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/local/sbin:/host/usr/local/bin:/host/usr/sbin:/host/usr/bin:/host/sbin:/host/bin && $command";
$ssh_command .= '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ' $ssh_command .= "-i {$privateKeyLocation} "
. '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
. '-o PasswordAuthentication=no ' . '-o PasswordAuthentication=no '
. "-o ConnectTimeout=$connectionTimeout " . "-o ConnectTimeout=$connectionTimeout "
. "-o ServerAliveInterval=$serverInterval " . "-o ServerAliveInterval=$serverInterval "
@ -97,28 +101,28 @@ function generateSshCommand(string $server_ip, string $user, string $port, strin
// ray($ssh_command); // ray($ssh_command);
return $ssh_command; return $ssh_command;
} }
function processWithEnv() // function processWithEnv()
{ // {
return Process::env(['SSH_AUTH_SOCK' => config('coolify.ssh_auth_sock')]); // return Process::env(['SSH_AUTH_SOCK' => config('coolify.ssh_auth_sock')]);
} // }
function instantCommand(string $command, $throwError = true) // function instantCommand(string $command, $throwError = true)
{ // {
$process = processWithEnv()->run($command); // $process = Process::run($command);
$output = trim($process->output()); // $output = trim($process->output());
$exitCode = $process->exitCode(); // $exitCode = $process->exitCode();
if ($exitCode !== 0) { // if ($exitCode !== 0) {
if (!$throwError) { // if (!$throwError) {
return null; // return null;
} // }
throw new \RuntimeException($process->errorOutput(), $exitCode); // throw new \RuntimeException($process->errorOutput(), $exitCode);
} // }
return $output; // return $output;
} // }
function instant_remote_process(array $command, Server $server, $throwError = true, $repeat = 1) function instant_remote_process(array $command, Server $server, $throwError = true, $repeat = 1)
{ {
$command_string = implode("\n", $command); $command_string = implode("\n", $command);
$ssh_command = generateSshCommand($server->ip, $server->user, $server->port, $command_string); $ssh_command = generateSshCommand($server->ip, $server->user, $server->port, $command_string);
$process = processWithEnv()->run($ssh_command); $process = Process::run($ssh_command);
$output = trim($process->output()); $output = trim($process->output());
$exitCode = $process->exitCode(); $exitCode = $process->exitCode();
if ($exitCode !== 0) { if ($exitCode !== 0) {
@ -169,14 +173,9 @@ function decode_remote_command_output(?ApplicationDeploymentQueue $application_d
function refresh_server_connection(PrivateKey $private_key) function refresh_server_connection(PrivateKey $private_key)
{ {
foreach ($private_key->servers as $server) { foreach ($private_key->servers as $server) {
// Delete the old ssh mux file to force a new one to be created
Storage::disk('ssh-mux')->delete($server->muxFilename()); Storage::disk('ssh-mux')->delete($server->muxFilename());
// check if user is authenticated
// if (currentTeam()->id) {
// currentTeam()->privateKeys = PrivateKey::where('team_id', currentTeam()->id)->get();
// }
} }
removePrivateKeyFromSshAgent($server); // removePrivateKeyFromSshAgent($server);
} }
function validateServer(Server $server) function validateServer(Server $server)

1
config/coolify.php
View File

@ -8,5 +8,4 @@
'dev_webhook' => env('SERVEO_URL'), 'dev_webhook' => env('SERVEO_URL'),
'base_config_path' => env('BASE_CONFIG_PATH', '/data/coolify'), 'base_config_path' => env('BASE_CONFIG_PATH', '/data/coolify'),
'helper_image' => env('HELPER_IMAGE', 'ghcr.io/coollabsio/coolify-helper:latest'), 'helper_image' => env('HELPER_IMAGE', 'ghcr.io/coollabsio/coolify-helper:latest'),
'ssh_auth_sock' => env('SSH_AUTH_SOCK', '/tmp/coolify-ssh-agent.sock'),
]; ];

1
docker-compose.dev.yml
View File

@ -21,7 +21,6 @@ services:
SSL_MODE: "off" SSL_MODE: "off"
AUTORUN_LARAVEL_STORAGE_LINK: "false" AUTORUN_LARAVEL_STORAGE_LINK: "false"
AUTORUN_LARAVEL_MIGRATION: "false" AUTORUN_LARAVEL_MIGRATION: "false"
SSH_AUTH_SOCK: "/tmp/coolify-ssh-agent.sock"
volumes: volumes:
- .:/var/www/html/:cached - .:/var/www/html/:cached
postgres: postgres:

1
docker-compose.prod.yml
View File

@ -64,7 +64,6 @@ services:
- LEMON_SQUEEZY_BASIC_PLAN_IDS - LEMON_SQUEEZY_BASIC_PLAN_IDS
- LEMON_SQUEEZY_PRO_PLAN_IDS - LEMON_SQUEEZY_PRO_PLAN_IDS
- LEMON_SQUEEZY_ULTIMATE_PLAN_IDS - LEMON_SQUEEZY_ULTIMATE_PLAN_IDS
- SSH_AUTH_SOCK="/tmp/coolify-ssh-agent.sock"
ports: ports:
- "${APP_PORT:-8000}:80" - "${APP_PORT:-8000}:80"
expose: expose:

1
docker/dev-ssu/etc/s6-overlay/s6-rc.d/ssh-agent/type
View File

@ -1 +0,0 @@
oneshot

5
docker/dev-ssu/etc/s6-overlay/s6-rc.d/ssh-agent/up
View File

@ -1,5 +0,0 @@
#!/usr/bin/execlineb -P
foreground {
s6-sleep 5
su - webuser -c "ssh-agent -a /tmp/coolify-ssh-agent.sock"
}

0
docker/dev-ssu/etc/s6-overlay/s6-rc.d/user/contents.d/ssh-agent
View File

1
docker/prod-ssu/etc/s6-overlay/s6-rc.d/ssh-agent/type
View File

@ -1 +0,0 @@
oneshot

5
docker/prod-ssu/etc/s6-overlay/s6-rc.d/ssh-agent/up
View File

@ -1,5 +0,0 @@
#!/usr/bin/execlineb -P
foreground {
s6-sleep 5
su - webuser -c "ssh-agent -a /tmp/coolify-ssh-agent.sock"
}

0
docker/prod-ssu/etc/s6-overlay/s6-rc.d/user/contents.d/ssh-agent
View File