Page MenuHomestyx hydra
Files F570895

No OneTemporary
Actions

View Options

diff --git a/src/applications/drydock/blueprint/DrydockPreallocatedHostBlueprintImplementation.php b/src/applications/drydock/blueprint/DrydockPreallocatedHostBlueprintImplementation.php
index 03a381c3d6..c8f974973a 100644
--- a/src/applications/drydock/blueprint/DrydockPreallocatedHostBlueprintImplementation.php
+++ b/src/applications/drydock/blueprint/DrydockPreallocatedHostBlueprintImplementation.php
@@ -1,114 +1,113 @@
<?php
final class DrydockPreallocatedHostBlueprintImplementation
extends DrydockBlueprintImplementation {
public function isEnabled() {
return true;
}
public function getDescription() {
return pht('Leases out preallocated, remote hosts.');
}
public function canAllocateMoreResources(array $pool) {
return false;
}
protected function executeAllocateResource(DrydockLease $lease) {
throw new Exception("Preallocated hosts can't be dynamically allocated.");
}
protected function canAllocateLease(
DrydockResource $resource,
DrydockLease $lease) {
return
$lease->getAttribute('platform') === $resource->getAttribute('platform');
}
protected function shouldAllocateLease(
DrydockResource $resource,
DrydockLease $lease,
array $other_leases) {
return true;
}
protected function executeAcquireLease(
DrydockResource $resource,
DrydockLease $lease) {
// Because preallocated resources are manually created, we should verify
// we have all the information we need.
PhutilTypeSpec::checkMap(
$resource->getAttributesForTypeSpec(
- array('platform', 'host', 'port', 'user', 'path')),
+ array('platform', 'host', 'port', 'credential', 'path')),
array(
'platform' => 'string',
'host' => 'string',
'port' => 'string', // Value is a string from the command line
- 'user' => 'string',
+ 'credential' => 'string',
'path' => 'string',
));
$v_platform = $resource->getAttribute('platform');
$v_path = $resource->getAttribute('path');
// Similar to DrydockLocalHostBlueprint, we create a folder
// on the remote host that the lease can use.
$lease_id = $lease->getID();
// Can't use DIRECTORY_SEPERATOR here because that is relevant to
// the platform we're currently running on, not the platform we are
// remoting to.
$separator = '/';
if ($v_platform === 'windows') {
$separator = '\\';
}
// Clean up the directory path a little.
$base_path = rtrim($v_path, '/');
$base_path = rtrim($base_path, '\\');
$full_path = $base_path.$separator.$lease_id;
$cmd = $lease->getInterface('command');
if ($v_platform !== 'windows') {
$cmd->execx('mkdir %s', $full_path);
} else {
// Windows is terrible. The mkdir command doesn't even support putting
// the path in quotes. IN QUOTES. ARGUHRGHUGHHGG!! Do some terribly
// inaccurate sanity checking since we can't safely escape the path.
if (preg_match('/^[A-Z]\\:\\\\[a-zA-Z0-9\\\\\\ ]/', $full_path) === 0) {
throw new Exception(
'Unsafe path detected for Windows platform: "'.$full_path.'".');
}
$cmd->execx('mkdir %C', $full_path);
}
$lease->setAttribute('path', $full_path);
}
public function getType() {
return 'host';
}
public function getInterface(
DrydockResource $resource,
DrydockLease $lease,
$type) {
switch ($type) {
case 'command':
return id(new DrydockSSHCommandInterface())
->setConfiguration(array(
'host' => $resource->getAttribute('host'),
'port' => $resource->getAttribute('port'),
- 'user' => $resource->getAttribute('user'),
- 'ssh-keyfile' => $resource->getAttribute('ssh-keyfile'),
+ 'credential' => $resource->getAttribute('credential'),
'platform' => $resource->getAttribute('platform')));
}
throw new Exception("No interface of type '{$type}'.");
}
}
diff --git a/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php b/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php
index 5d981778cf..ab0dd94e3e 100644
--- a/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php
+++ b/src/applications/drydock/interface/command/DrydockSSHCommandInterface.php
@@ -1,44 +1,52 @@
<?php
final class DrydockSSHCommandInterface extends DrydockCommandInterface {
public function getExecFuture($command) {
$argv = func_get_args();
// This assumes there's a UNIX shell living at the other
// end of the connection, which isn't the case for Windows machines.
if ($this->getConfig('platform') !== 'windows') {
$argv = $this->applyWorkingDirectoryToArgv($argv);
}
$full_command = call_user_func_array('csprintf', $argv);
if ($this->getConfig('platform') === 'windows') {
// On Windows platforms we need to execute cmd.exe explicitly since
// most commands are not really executables.
$full_command = 'C:\\Windows\\system32\\cmd.exe /C '.$full_command;
}
// NOTE: The "-t -t" is for psuedo-tty allocation so we can "sudo" on some
// systems, but maybe more trouble than it's worth?
- $keyfile = $this->getConfig('ssh-keyfile');
- if (!empty($keyfile)) {
- return new ExecFuture(
- 'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %s %s@%s -- %s',
- $this->getConfig('port'),
- $this->getConfig('ssh-keyfile'),
- $this->getConfig('user'),
- $this->getConfig('host'),
- $full_command);
- } else {
- return new ExecFuture(
- 'ssh -t -t -o StrictHostKeyChecking=no -p %s %s@%s -- %s',
- $this->getConfig('port'),
- $this->getConfig('user'),
- $this->getConfig('host'),
- $full_command);
+ $credential = id(new PassphraseCredentialQuery())
+ ->setViewer(PhabricatorUser::getOmnipotentUser())
+ ->withIDs(array($this->getConfig('credential')))
+ ->needSecrets(true)
+ ->executeOne();
+
+ // FIXME: We can't use text-based SSH files here because the TempFile goes
+ // out of scope after this function ends and thus the file gets removed
+ // before it can be used.
+ if ($credential->getCredentialType() !==
+ PassphraseCredentialTypeSSHPrivateKeyFile::CREDENTIAL_TYPE) {
+ throw new Exception("Only private key file credentials are supported.");
}
+
+ $ssh_key = PassphraseSSHKey::loadFromPHID(
+ $credential->getPHID(),
+ PhabricatorUser::getOmnipotentUser());
+
+ return new ExecFuture(
+ 'ssh -t -t -o StrictHostKeyChecking=no -p %s -i %s %s@%s -- %s',
+ $this->getConfig('port'),
+ $ssh_key->getKeyfileEnvelope()->openEnvelope(),
+ $credential->getUsername(),
+ $this->getConfig('host'),
+ $full_command);
}
}

File Metadata

Mime Type
text/x-diff
Expires
Sat, Sep 20, 3:13 AM (8 h, 59 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
241388
Default Alt Text
(6 KB)

Event Timeline

styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)