#25 Add support for ssh key forwarding on MacOS

7f3cf17c · jurgenhaas · 8a8efe69 · 7f3cf17c · 7f3cf17c · 7f3cf17c
Commit 7f3cf17c authored 5 years ago by jurgenhaas
--- a/run/scripts/start
+++ b/run/scripts/start
@@ -27,10 +27,10 @@ function startContainer {
        --hostname ${COMPOSE_PROJECT_NAME}-l3d \
        --env COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME} \
        --env PHP_VERSION=${PHP_VERSION} \
-        --env SSH_AUTH_SOCK=/ssh-agent \
+        --env SSH_AUTH_SOCK=${SSHAUTHSOCK} \
        --volume /var/run/docker.sock:/var/run/docker.sock \
        --volume ${WORKDIR}:/drupal \
-        --volume ${SSHAUTH}:/ssh-agent \
+        --volume ${SSHAUTH}:${SSHAUTHSOCK} \
        --volume ${HOMEDIR}/.traefik:/root/.traefik \
        --volume ${HOMEDIR}/.gitconfig:/root/.gitconfig \
        --workdir /drupal \

--- a/setup/scripts/l3d
+++ b/setup/scripts/l3d
@@ -2,6 +2,7 @@
 ID=$(docker container ls --all -q -f name=^l3drun$)
 if [[ ! -n ${ID} ]]; then
  SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
+  ${SCRIPTPATH}/prepareMac4L3d
  docker run --name=l3drun -dt --rm \
    --env SCRIPTPATH=${SCRIPTPATH} \
    --volume /var/run/docker.sock:/var/run/docker.sock \
@@ -11,10 +12,18 @@ fi
 if [[ -f ".env" ]]; then
  export $(cat .env | xargs) > /dev/null 2>&1
 fi
+if [[ "$L3DHOSTOS" == "Linux" ]]; then
+  SSHAUTH=${SSH_AUTH_SOCK}
+  SSHAUTHSOCK=/ssh-agent
+else
+  SSHAUTH=ssh-agent
+  SSHAUTHSOCK=/ssh-agent/ssh-agent.sock
+fi
 docker exec -it \
  --env HOMEDIR=${HOME} \
  --env WORKDIR=${PWD} \
-  --env SSHAUTH=${SSH_AUTH_SOCK} \
+  --env SSHAUTH=${SSHAUTH} \
+  --env SSHAUTHSOCK=${SSHAUTHSOCK} \
  --env PHP_VERSION=${PHP_VERSION} \
  --env COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME} \
  l3drun \

--- a/setup/scripts/prepareMac4L3d
+++ b/setup/scripts/prepareMac4L3d
+#!/usr/bin/env bash
+
+# Credit to https://github.com/uber-common/docker-ssh-agent-forward
+# for this script to make L3D working on MaxOs/OSX too.
+export L3DHOSTOS="$(uname -s)"
+if [[ "$L3DHOSTOS" == "Linux" ]]; then
+  exit
+fi
+
+set -eo pipefail
+
+IMAGE_NAME=uber/ssh-agent-forward:latest
+CONTAINER_NAME=pinata-sshd
+VOLUME_NAME=ssh-agent
+HOST_PORT=2244
+AUTHORIZED_KEYS=$(ssh-add -L | base64 | tr -d '\n')
+KNOWN_HOSTS_FILE=$(mktemp -t dsaf.XXX)
+
+trap 'rm ${KNOWN_HOSTS_FILE}' EXIT
+
+docker rm -f "${CONTAINER_NAME}" >/dev/null 2>&1 || true
+
+docker volume create --name "${VOLUME_NAME}"
+
+docker run \
+  --name "${CONTAINER_NAME}" \
+  -e AUTHORIZED_KEYS="${AUTHORIZED_KEYS}" \
+  -v ${VOLUME_NAME}:/ssh-agent \
+  -d \
+  -p "${HOST_PORT}:22" \
+  "${IMAGE_NAME}" >/dev/null \
+;
+
+if [ "${DOCKER_HOST}" ]; then
+  HOST_IP=$(echo "$DOCKER_HOST" | awk -F '//' '{print $2}' | awk -F ':' '{print $1}')
+else
+  HOST_IP=127.0.0.1
+fi
+
+# FIXME Find a way to get rid of this additional 1s wait
+sleep 1
+while ! nc -z -w5 ${HOST_IP} ${HOST_PORT}; do sleep 0.1; done
+
+ssh-keyscan -p "${HOST_PORT}" "${HOST_IP}" >"${KNOWN_HOSTS_FILE}" 2>/dev/null
+
+# show the keys that are being forwarded
+ssh \
+  -A \
+  -o "UserKnownHostsFile=${KNOWN_HOSTS_FILE}" \
+  -p "${HOST_PORT}" \
+  -S none \
+  "root@${HOST_IP}" \
+  ssh-add -l
+
+# keep the agent running
+ssh \
+  -A \
+  -f \
+  -o "UserKnownHostsFile=${KNOWN_HOSTS_FILE}" \
+  -p "${HOST_PORT}" \
+  -S none \
+  "root@${HOST_IP}" \
+  /ssh-entrypoint.sh
+
+echo 'Agent forwarding successfully started.'
--- a/setup/scripts/setup
+++ b/setup/scripts/setup
 #!/bin/sh

 cp /usr/local/bin/l3d /setup/l3d
+cp /usr/local/bin/prepareMac4L3d /setup/prepareMac4L3d

 echo "L3D installed successfully!"
 echo ""