How to pass SSH key to custom node driver

blackwood821 · March 19, 2022, 5:59pm

I’m testing out a custom node driver and am running into an issue where I don’t know how to pass an SSH key to my driver. The custom node driver accepts either a path to a SSH key or the fingerprint of a SSH key that is loaded in the SSH agent. I’m able to set either of these parameters in my node template via the Rancher UI but I don’t know how to get my node driver access to this SSH key.

I’m running rancher in a docker container on an Ubuntu VM. I tried copying my SSH key inside the rancher docker container. When I exec into the rancher docker container I can see my SSH key but the node driver still can’t access the key because rancher creates a jail when running the node driver and the jail doesn’t contain the key.

I also tried adding the SSH key to the SSH agent in the Ubuntu VM that hosts the rancher docker container and recreated the rancher docker container with the following arguments:

-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK

This allows me to see the SSH key when I run ssh-add -l from inside the rancher docker container and I can also echo $SSH_AUTH_SOCK and see that it’s set but $SSH_AUTH_SOCK is still not accessible to my node driver since it’s in a jail.

I’ve also tried setting ssh_agent_auth: true with no luck.

Here’s where I see it creating a jail in the rancher docker container log:

2022/03/19 01:27:45 [INFO] Creating jail for c-9dfx6
2022/03/19 01:27:45 [INFO] Provisioning node k8s-worker-1

How can one go about giving the node driver jail access to a SSH key?

Beckham · November 9, 2022, 3:43pm

You need to add your private key if you want to authenticate via SSH, not your public key. In your case, that’s probably the file id_rsa. The public key is used by the server to verify your identity.
The Dockerfile is only used for the build, so there is no way to use it to do anything at runtime. I think your approach with the environment variable is reasonable…
You can connect to the container via docker exec, open the bash and interact with the filesystem like you normally would
.
docker exec -it imagename /bin/bash

This assumes that you are running a system with a bash. Otherwise, try /bin/sh.

If you still far to pass this custom driver Then I have a better option for you with best example True Paintballer.

blackwood821 · November 10, 2022, 9:59pm

@Beckham To reiterate, I was able to give the Docker rancher container access to my SSH key from the Ubuntu VM hosting the Docker Rancher VM but the issue is that Rancher machine creates a jail when running my custom node driver code and that jail doesn’t have access to the SSH key even though the Docker container does. I ended up modifying the custom node driver so that it accepts the SSH key as a base-64 encoded string rather than a file path so that it can be stored directly in the node template. It worked out well.

Topic		Replies	Views
Rancher node create	3	516	April 22, 2019
How to ssh into a host Rancher 1.x	5	10733	March 16, 2018
Ssh into EC2 instances spun up by rancher Rancher 1.x	3	924	April 7, 2017
Ssh into rancher vsphere created nodes? Rancher 2.x	2	1060	December 4, 2022
Rancher CLI fails to find SSH keys Rancher 1.x	1	1718	August 1, 2016

How to pass SSH key to custom node driver

Related Topics