Allow use of bastion host

2023-01-27 10:07:24 +01:00
parent 2023c377ab
commit 1fef6ba505
3 changed files with 44 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -68,10 +68,21 @@ registry:

 ### Using a different SSH user than root

-The default SSH user is root, but you can change it using `ssh_user`:
+The default SSH user is root, but you can change it using `ssh/user`:

 ```yaml
-ssh_user: app
+ssh:
+  user: app
+```
+
+### Using a bastion/proxy/jump SSH host
+
+If you need to connect to server through a bastion host, you can use `ssh/proxy_host`:
+
+```yaml
+ssh:
+  proxy_host: 192.168.0.1
+  user_proxy_host: app # defaults to root
 ```

 ### Using env variables
--- a/lib/mrsk/configuration.rb
+++ b/lib/mrsk/configuration.rb
@@ -4,6 +4,7 @@ require "active_support/core_ext/module/delegation"
 require "pathname"
 require "erb"
 require "mrsk/utils"
+require "net/ssh/proxy/jump"

 class Mrsk::Configuration
  delegate :service, :image, :servers, :env, :labels, :registry, :builder, to: :raw_config, allow_nil: true
@@ -104,11 +105,33 @@ class Mrsk::Configuration
  end

  def ssh_user
-    raw_config.ssh_user || "root"
+    if raw_config.ssh.present?
+      raw_config.ssh["user"] || "root"
+    else
+      "root"
+    end
  end

  def ssh_options
-    { user: ssh_user, auth_methods: [ "publickey" ] }
+    options = { user: ssh_user, auth_methods: [ "publickey" ] }
+
+    options[:proxy] = ::Net::SSH::Proxy::Jump.new(ssh_proxy_host) if ssh_proxy_host
+
+    options
+  end
+
+  def ssh_proxy_host
+    if raw_config.ssh && raw_config.ssh["proxy_host"]
+      "#{ssh_user_proxy_host}@#{raw_config.ssh['proxy_host']}"
+    end
+  end
+
+  def ssh_user_proxy_host
+    if raw_config.ssh.present?
+      raw_config.ssh["user_proxy_host"] || "root"
+    else
+      "root"
+    end
  end

  def master_key
--- a/test/configuration_test.rb
+++ b/test/configuration_test.rb
@@ -140,10 +140,15 @@ class ConfigurationTest < ActiveSupport::TestCase
  test "ssh options" do
    assert_equal "root", @config.ssh_options[:user]

-    config = Mrsk::Configuration.new(@deploy.tap { |c| c[:ssh_user] = "app" })
+    config = Mrsk::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "user" => "app" }) })
    assert_equal "app", @config.ssh_options[:user]
  end

+  test "ssh options with proxy host" do
+    config = Mrsk::Configuration.new(@deploy.tap { |c| c.merge!(ssh: { "proxy_host" => "1.2.3.4" }) })
+    assert_equal "root@1.2.3.4", @config.ssh_options[:proxy].jump_proxies
+  end
+
  test "master key" do
    assert_equal "456", @config.master_key
  end