Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

difficult to set --cloud-ssh-private #852

Closed
casperdcl opened this issue Dec 23, 2021 · 12 comments · Fixed by #1133
Closed

difficult to set --cloud-ssh-private #852

casperdcl opened this issue Dec 23, 2021 · 12 comments · Fixed by #1133
Assignees
@0x2b3bfa0
Labels
bug Something isn't working cloud-aws Amazon Web Services cloud-az Microsoft Azure cml-runner Subcommand documentation Markdown files technical-debt Refactoring, linting & tidying

Comments

@casperdcl
Copy link
Contributor

casperdcl commented Dec 23, 2021
edited by 0x2b3bfa0

As per #848 (comment), there's an issue with --cloud-ssh-private=--....
@casperdcl casperdcl added bug Something isn't working cml-runner Subcommand documentation Markdown files technical-debt Refactoring, linting & tidying labels Dec 23, 2021
@casperdcl casperdcl mentioned this issue Dec 23, 2021
Closed
@casperdcl casperdcl added cloud-aws Amazon Web Services cloud-az Microsoft Azure labels Dec 23, 2021
@DavidGOrtega DavidGOrtega changed the title yargs not parsing --cloud-ssh -private yargs not parsing --cloud-ssh-private Dec 23, 2021
@DavidGOrtega
Copy link
Contributor

DavidGOrtega commented Dec 23, 2021
edited

I use it cloud-ssh-private and works.
A better issue title might "--cloud-ssh-private is difficult to be set"?

@casperdcl casperdcl changed the title yargs not parsing --cloud-ssh-private difficult to set --cloud-ssh-private Jan 13, 2022
@dacbd
Copy link
Contributor

dacbd commented Jan 14, 2022

What are your thoughts on something to populate an authorized key for you? --public-key= akin to adding something like:

echo "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDYd3ssa6L15jQC5bckJ2viWlA1tBygxeWoy3s0S14ZHMxUMfp7u2yqficpHO5b+pjgg7Lz+80Ibw157waTZPM+xbF2/KGqS7aYV0L/R8VbWjVEpzxZEeoxSCwFA1tHWUg==" >> /home/ubuntu/.ssh/authorized_keys

in a startup script?
I feel like it might be creeping on the feature too much unless people don't care about a ton of cli args.

Maybe document common debugging options/steps somewhere like the above, TF_LOG env, journalctl -u cml.service etc

@casperdcl
Copy link
Contributor Author

document common debugging options/steps somewhere

💯 - feel free to create a new page on the wiki

@0x2b3bfa0
Copy link
Member

0x2b3bfa0 commented Jan 17, 2022
edited

Doesn't the SSH documentation snippet work as expected?
https://cml.dev/doc/ref/runner#using---cloud-ssh-private

@0x2b3bfa0
Copy link
Member

0x2b3bfa0 commented Jan 17, 2022
edited

Publishing some old snippets I wrote months ago:

Terraform with cml runner

The following code snippets produce a full trace-level log of the Terraform provider, useful to diagnose a lot of hard to reproduce bugs related to cml-runner --cloud and cloud instances.

GitLab — .gitlab-ci.yml

debug:
  when: always
  image: iterativeai/cml
  variables:
    TF_LOG: trace
    TF_LOG_PATH: /tmp/terraform.log
  script:
    - cml-runner
      --cloud=aws
      --cloud-region=us-west-1
      --cloud-type=t2.micro
      || true
    - cat "$TF_LOG_PATH"

GitHub — .github/workflows/debug.yml

on: push
env:
  TF_LOG: trace
  TF_LOG_PATH: /tmp/terraform.log
jobs:
  debug:
    runs-on: ubuntu-latest
    steps:
      - uses: iterative/setup-cml@v1
      - run: >-
          cml-runner
          --cloud=aws
          --cloud-region=us-west-1
          --cloud-type=t2.micro
          || true
      - run: cat "$TF_LOG_PATH"

Debugging GitLab CI/CD with tmate

debug:
  when: always
  script:
    - mkdir -p ~/.ssh && printf 'y\n\n' | ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa    
    - apt update && apt install --yes tmate expect    
    - TERM=xterm unbuffer ./tmate -FS /tmp/tmate.sock | cat

Using cml-runner with --cloud-ssh-private

cml runner ··· --cloud-ssh-private="$(cat ~/.ssh/id_rsa)"

You can get the instance address by setting the TF_LOG and TF_LOG_PATH environment variables and searching for instance address in the logs.

Debugging cml-runner --cloud=aws

on: push
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: iterative/setup-cml@v1
      - run: >-
          cml-runner
          --labels=test
          --cloud=aws
          --cloud-region=eu-west
          --cloud-type=g4dn.xlarge
          --cloud-spot
        env:
          REPO_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run:
    needs: deploy
    runs-on:
      - self-hosted
      - test
    steps:
      - run: |
          set -x
          cat /var/log/cloud-init.log || true
          cat /var/log/cloud-init-output.log || true
          journalctl -u cml || true
          nvidia-smi || true

@0x2b3bfa0
Copy link
Member

0x2b3bfa0 commented Jan 17, 2022
edited

What are your thoughts on something to populate an authorized key for you?

We need to have also a private key so the provider can SSH to the instance and wait for runners to be ready. Still, we could add a separate configuration option to provision additional authorized keys from the startup script. 🙈 🙉 🙊

@dacbd
Copy link
Contributor

dacbd commented Jan 18, 2022

Doesn't the SSH documentation snippet work as expected? https://cml.dev/doc/ref/runner#using---cloud-ssh-private

I think this is was tried, but unsuccessfully cml runner --cloud=... --cloud-ssh-private="$(cat key.pem)" see their image/last comment in #848 (comment)

What are your thoughts on something to populate an authorized key for you?

We need to have also a private key so the provider can SSH to the instance and wait for runners to be ready. Still, we could add a separate configuration option to provision additional authorized keys from the startup script. 🙈 🙉 🙊

I generally have been letting the tool do all of its own key management, my ssh keys are on a hardware token so I couldn't give the private key even if I wanted to, but having a quick way to get your public key or set of keys into the .ssh/authorized_keys could be a nice thing for users.

I am hesitant about adding more to an ever-growing list of -- args

@dacbd dacbd mentioned this issue Feb 4, 2022
Closed
@DavidGOrtega
Copy link
Contributor

@0x2b3bfa0 was not this issue fixed?

@0x2b3bfa0
Copy link
Member

0x2b3bfa0 commented Feb 15, 2022
edited

@DavidGOrtega, not before merging yargs/yargs-parser#434.

@0x2b3bfa0
Copy link
Member

0x2b3bfa0 commented Mar 30, 2022
edited

Workaround

Use --cloud-ssh-private="$(cat ~/.ssh/id_rsa) " with an extra space character before the closing quotation mark.

References

@0x2b3bfa0 0x2b3bfa0 mentioned this issue Apr 16, 2022
Merged
@0x2b3bfa0 0x2b3bfa0 self-assigned this Jun 28, 2022
@0x2b3bfa0
Copy link
Member

Update: yargs/yargs-parser#434 merged yesterday, pending yargs/yargs-parser#446

@SamKnightGit
Copy link
Contributor

yargs-parser 21.1.0 just released!

@0x2b3bfa0 0x2b3bfa0 mentioned this issue Aug 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0x2b3bfa0 0x2b3bfa0

Labels
bug Something isn't working cloud-aws Amazon Web Services cloud-az Microsoft Azure cml-runner Subcommand documentation Markdown files technical-debt Refactoring, linting & tidying
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update yargs-parser iterative/cml
5 participants
@DavidGOrtega @dacbd @casperdcl @0x2b3bfa0 @SamKnightGit