Re: Pattern for allowing SSH from one host to others

Fri, 23 Sep 2016 01:24:08 -0700 

Alex, sounds good.
Sam, I agree that in general it would also be useful to have a sensor that polls just once (or polls repeatedly until successful, such as the first non-zero exit code). 


Another thing that would be useful (in variants of this situation) is a 
`$brooklyn:component("leader").effector(...)` DSL, to populate a config 
value by calling an effector on another entity. But that's certainly not 
the best pattern to use for your specific use-case.


Aled


On 22/09/2016 18:21, Alex Heneveld wrote:



I think what you really want is to define a preInstall step which does 
the following:


   - run the bash and output the key
   - publish a sensor from the output of the bash

(Instead of the polling sensor.)

I'm working on something which should let you do that nicely.


Another thing which you could do is to set extraSshPublicKeyData as a 
provisioning property on the follower taking the 
attribute-when-ready.  But that might block provisioning until it is 
up so probably better as you've done it.



Final idea I'll toss out is to define leader and follower as base 
types then set up a cluster with firstMemberSpec: leader.


Best
Alex


On 22/09/2016 17:52, Sam Corbett wrote:

Hi all,


I'm writing a blueprint in which a "leader" entity must be able to 
SSH to a group of followers. I'm canvassing for opinions on a clean 
way to express this.


At the moment I have:

services:

- id: leader
  type: org.apache.brooklyn.entity.software.base.EmptySoftwareProcess
  brooklyn.config:
    preInstallCommand: |

      test -f ~/.ssh/id_rsa.pub || (mkdir -p ~/.ssh ; ssh-keygen -t 
rsa -b 4096 -f ~/.ssh/id_rsa -N '')

  brooklyn.initializers:
  - type: org.apache.brooklyn.core.sensor.ssh.SshCommandSensor
    brooklyn.config:
      name: ssh.publicKey
      command: cat ~/.ssh/id_rsa.pub 2>/dev/null
      period: 1m

- id: group
  type: org.apache.brooklyn.entity.group.DynamicCluster
  brooklyn.config:
    initialSize: 1
    memberSpec:
      $brooklyn:entitySpec:

        type: 
org.apache.brooklyn.entity.software.base.EmptySoftwareProcess

        brooklyn.config:
          # Allow SSH from leader.
          preInstallCommand:
            $brooklyn:formatString:
            - "mkdir -p ~/.ssh && echo '%s' >> ~/.ssh/authorized_keys"

            - 
$brooklyn:component("leader").attributeWhenReady("ssh.publicKey")



This is more or less satisfactory but I don't like the repeated 
polling for id_rsa.pub. Is there a case for a sensor that stops 
executing once some condition is met? In the case above it would 
either be a zero exit code or a non-empty stdout.


Sam


























					Reply via email to