From 1fef6ba505cf383de2d4dc038e1aa7826b65cb36 Mon Sep 17 00:00:00 2001 From: Chris de Bruin Date: Fri, 27 Jan 2023 10:07:24 +0100 Subject: [PATCH] Allow use of bastion host --- README.md | 15 +++++++++++++-- lib/mrsk/configuration.rb | 27 +++++++++++++++++++++++++-- test/configuration_test.rb | 7 ++++++- 3 files changed, 44 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 62941f54..e5783cb0 100644 --- a/README.md +++ b/README.md @@ -68,10 +68,21 @@ registry: ### Using a different SSH user than root -The default SSH user is root, but you can change it using `ssh_user`: +The default SSH user is root, but you can change it using `ssh/user`: ```yaml -ssh_user: app +ssh: + user: app +``` + +### Using a bastion/proxy/jump SSH host + +If you need to connect to server through a bastion host, you can use `ssh/proxy_host`: + +```yaml +ssh: + proxy_host: 192.168.0.1 + user_proxy_host: app # defaults to root ``` ### Using env variables diff --git a/lib/mrsk/configuration.rb b/lib/mrsk/configuration.rb index 23723214..71f9909f 100644 --- a/lib/mrsk/configuration.rb +++ b/lib/mrsk/configuration.rb @@ -4,6 +4,7 @@ require "active_support/core_ext/module/delegation" require "pathname" require "erb" require "mrsk/utils" +require "net/ssh/proxy/jump" class Mrsk::Configuration delegate :service, :image, :servers, :env, :labels, :registry, :builder, to: :raw_config, allow_nil: true @@ -104,11 +105,33 @@ class Mrsk::Configuration end def ssh_user - raw_config.ssh_user || "root" + if raw_config.ssh.present? + raw_config.ssh["user"] || "root" + else + "root" + end end def ssh_options - { user: ssh_user, auth_methods: [ "publickey" ] } + options = { user: ssh_user, auth_methods: [ "publickey" ] } + + options[:proxy] = ::Net::SSH::Proxy::Jump.new(ssh_proxy_host) if ssh_proxy_host + + options + end + + def ssh_proxy_host + if raw_config.ssh && raw_config.ssh["proxy_host"] + "#{ssh_user_proxy_host}@#{raw_config.ssh['proxy_host']}" + end + end + + def ssh_user_proxy_host + if raw_config.ssh.present? + raw_config.ssh["user_proxy_host"] || "root" + else + "root" + end end def master_key diff --git a/test/configuration_test.rb b/test/configuration_test.rb index 1cd45fcb..64f81454 100644 --- a/test/configuration_test.rb +++ b/test/configuration_test.rb @@ -140,10 +140,15 @@ class ConfigurationTest < ActiveSupport::TestCase test "ssh options" do assert_equal "root", @config.ssh_options[:user] - config = Mrsk::Configuration.new(@deploy.tap { |c| c[:ssh_user] = "app" }) + config = Mrsk::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "user" => "app" }) }) assert_equal "app", @config.ssh_options[:user] end + test "ssh options with proxy host" do + config = Mrsk::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "proxy_host" => "1.2.3.4" }) }) + assert_equal "root@1.2.3.4", @config.ssh_options[:proxy].jump_proxies + end + test "master key" do assert_equal "456", @config.master_key end