-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/build: fix gomote ssh to COS-based Linux Docker images #26969
Comments
The current konlet config is:
I see nothing about even mapping port 80, so maybe all ports not otherwise free are mapped. Note that You'll need to read the code to see if it's configurable: But I think the answer is the network is not configurable: https://github.com/GoogleCloudPlatform/konlet/blob/master/gce-containers-startup/types/api.go So we should probably just make our OpenSSH sshd in the container listen on a high port. |
Change https://golang.org/cl/129335 mentions this issue: |
Change https://golang.org/cl/129356 mentions this issue: |
When running in GCE's Container-Optimized OS (COS), we can't use port 22, as the system's sshd is already using it. Our container runs in the system network namespace, not isolated as is typical in Docker or Kubernetes. So use port 2200 instead. Remove an unnecessary type conversion. Updates golang/go#26969. Change-Id: Ic85e1f14529175106b9c7397186d3e9b5cb39c1c Reviewed-on: https://go-review.googlesource.com/129356 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Turns out CL 129356 was all that was needed. |
CL 129356 and deploying the new version of I tested, and Closing since the issue is resolved. Huge thanks to @bradfitz for the help with this. |
When I moved the Linux Docker-based container images from Kubernetes to COS I accidentally broke
gomote ssh
support.We used to ssh proxy to the POD's port 22, which worked, but now we ssh to the COS node's ssh server, which is the wrong one. We're also running an SSH server inside the container (which is also listening on port 22 in its private network namespace), and it's only that inner SSH server that's authenticated.
We need to configure the COS node's konlet YAML to either forward some different port (e.g. host 2200 to container 22) or just make the container image listen on 2200 instead, and then configure that in x/build/dashboard/builders.go and make the coordinator respect that in its
remote.go
when it callsrb.buildlet.ConnectSSH
.The text was updated successfully, but these errors were encountered: