Change key transfering method

takara9 · takara9 · commit f19768d03bbf · 2025-10-14T08:32:48.000Z
fix

debug

test

update

debug

merge func

merge func

update syntax

update
diff --git a/pkg/ckecli/cmd/scp.go b/pkg/ckecli/cmd/scp.go
@@ -3,7 +3,6 @@ package cmd
 import (
 	"context"
 	"errors"
-	"fmt"
 	"os"
 	"os/exec"
 	"strings"
@@ -28,19 +27,36 @@ func detectSCPNode(args []string) (string, error) {
 	return nodeName, nil
 }
 
-func scp(ctx context.Context, args []string) error {
+func scpSubMain(ctx context.Context, args []string) error {
+	pipeFilename, err := createFifo2()
+	if err != nil {
+		return err
+	}
+
 	node, err := detectSCPNode(args)
 	if err != nil {
 		return err
 	}
-	fifo, err := sshPrivateKey(node)
+
+	pirvateKey, err := getPrivateKey(node)
 	if err != nil {
 		return err
 	}
-	defer os.Remove(fifo)
+
+	go func() {
+		if _, err := sshAgent(ctx, pipeFilename); err != nil {
+			// ログ出力
+			return
+		}
+	}()
+
+	if err = writeToFifo(pipeFilename, pirvateKey); err != nil {
+		return err
+	}
+	defer os.Remove(pipeFilename)
+	defer killSshAgent(ctx)
 
 	scpArgs := []string{
-		"-i", fifo,
 		"-o", "UserKnownHostsFile=/dev/null",
 		"-o", "StrictHostKeyChecking=no",
 		"-o", "ConnectTimeout=60",
@@ -50,14 +66,32 @@ func scp(ctx context.Context, args []string) error {
 	}
 
 	scpArgs = append(scpArgs, args...)
+	c := exec.CommandContext(ctx, "scp", scpArgs...)
+	c.Stdin = os.Stdin
+	c.Stdout = os.Stdout
+	c.Stderr = os.Stderr
+	return c.Run()
+}
+
+/*
+func scp(ctx context.Context, args []string) error {
+	scpArgs := []string{
+		"-o", "UserKnownHostsFile=/dev/null",
+		"-o", "StrictHostKeyChecking=no",
+		"-o", "ConnectTimeout=60",
+	}
+	if scpParams.recursive {
+		scpArgs = append(scpArgs, "-r")
+	}
 
-	fmt.Println(scpArgs)
+	scpArgs = append(scpArgs, args...)
 	c := exec.CommandContext(ctx, "scp", scpArgs...)
 	c.Stdin = os.Stdin
 	c.Stdout = os.Stdout
 	c.Stderr = os.Stderr
 	return c.Run()
 }
+*/
 
 var scpParams struct {
 	recursive bool
@@ -75,7 +109,7 @@ NODE is IP address or hostname of the node.
 	Args: cobra.MinimumNArgs(2),
 	RunE: func(cmd *cobra.Command, args []string) error {
 		well.Go(func(ctx context.Context) error {
-			return scp(ctx, args)
+			return scpSubMain(ctx, args)
 		})
 		well.Stop()
 		return well.Wait()
diff --git a/pkg/ckecli/cmd/ssh.go b/pkg/ckecli/cmd/ssh.go
@@ -3,14 +3,14 @@ package cmd
 import (
 	"context"
 	"errors"
+	"fmt"
 	"os"
 	"os/exec"
 	"os/user"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"syscall"
-	"time"
 
 	"github.com/cybozu-go/cke"
 	"github.com/cybozu-go/log"
@@ -26,51 +26,45 @@ func detectSSHNode(arg string) string {
 	return nodeName
 }
 
-func writeToFifo(fifo string, data string) {
-	f, err := os.OpenFile(fifo, os.O_WRONLY, 0600)
+func createFifo2() (string, error) {
+	usr, err := user.Current()
 	if err != nil {
-		log.Error("failed to open fifo", map[string]interface{}{
-			log.FnError: err,
-			"fifo":      fifo,
-		})
-		return
+		return "", err
 	}
-	defer f.Close()
 
-	_, err = f.WriteString(data)
-	if err != nil {
-		log.Error("failed to write to fifo", map[string]interface{}{
-			log.FnError: err,
-			"fifo":      fifo,
-		})
+	fifoFilePath := filepath.Join(usr.HomeDir, ".ssh", "ckecli-ssh-key-"+strconv.Itoa(os.Getpid()))
+	_, err = os.Stat(fifoFilePath)
+	if os.IsExist(err) {
+		return fifoFilePath, nil
 	}
-}
-
-func sshPrivateKey(nodeName string) (string, error) {
-	usr, err := user.Current()
-	if err != nil {
+	if !os.IsNotExist(err) {
 		return "", err
 	}
+
 	err = os.MkdirAll(filepath.Join(usr.HomeDir, ".ssh"), 0700)
 	if err != nil {
 		return "", err
 	}
-	fifo := filepath.Join(usr.HomeDir, ".ssh", "ckecli-ssh-key-"+strconv.Itoa(os.Getpid()))
-	err = syscall.Mkfifo(fifo, 0600)
+
+	err = syscall.Mkfifo(fifoFilePath, 0600)
 	if err != nil {
 		return "", err
 	}
 
+	return fifoFilePath, err
+}
+
+func getPrivateKey(nodeName string) ([]byte, error) {
 	vc, err := inf.Vault()
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	secret, err := vc.Logical().Read(cke.SSHSecret)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	if secret == nil {
-		return "", errors.New("no ssh private keys")
+		return nil, errors.New("no ssh private keys")
 	}
 	privKeys := secret.Data
 
@@ -79,31 +73,124 @@ func sshPrivateKey(nodeName string) (string, error) {
 		mykey = privKeys[""]
 	}
 	if mykey == nil {
-		return "", errors.New("no ssh private key for " + nodeName)
+		return nil, errors.New("no ssh private key for " + nodeName)
 	}
+	/*
+		go func() {
+			// OpenSSH reads the private key file three times, it need to write key three times.
+			writeToFifo(fifo, mykey.(string))
+			time.Sleep(100 * time.Millisecond)
+			writeToFifo(fifo, mykey.(string))
+			time.Sleep(100 * time.Millisecond)
+			writeToFifo(fifo, mykey.(string))
+		}()
+	*/
+	return mykey.([]byte), nil
+}
 
-	go func() {
-		// OpenSSH reads the private key file three times, it need to write key three times.
-		writeToFifo(fifo, mykey.(string))
-		time.Sleep(100 * time.Millisecond)
-		writeToFifo(fifo, mykey.(string))
-		time.Sleep(100 * time.Millisecond)
-		writeToFifo(fifo, mykey.(string))
-	}()
+func sshAgent(ctx context.Context, privateKeyFile string) (map[string]string, error) {
+	myEnv := make(map[string]string)
+
+	sshArgs := []string{
+		"-s",
+	}
+	cmd := exec.CommandContext(ctx, "ssh-agent", sshArgs...)
+	stdoutStderr, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, err
+	}
+	line := strings.Split(string(stdoutStderr), "\n")
+
+	partOfLine := strings.Split(line[0], ";")
+	kvPair := strings.Split(partOfLine[0], "=")
+	myEnv[kvPair[0]] = kvPair[1]
+	err = os.Setenv(kvPair[0], kvPair[1])
+	if err != nil {
+		return nil, err
+	}
 
-	return fifo, nil
+	partOfLine = strings.Split(line[1], ";")
+	kvPair = strings.Split(partOfLine[0], "=")
+	myEnv[kvPair[0]] = kvPair[1]
+	err = os.Setenv(kvPair[0], kvPair[1])
+	if err != nil {
+		return nil, err
+	}
+
+	sshArgs2 := []string{
+		privateKeyFile,
+	}
+	cmd0 := exec.CommandContext(ctx, "ssh-add", sshArgs2...)
+	_, err = cmd0.CombinedOutput()
+	if err != nil {
+		return nil, err
+	}
+
+	return myEnv, nil
 }
 
-func ssh(ctx context.Context, args []string) error {
+func killSshAgent(ctx context.Context) error {
+	sshArgs := []string{
+		"-k",
+	}
+	cmd := exec.CommandContext(ctx, "ssh-agent", sshArgs...)
+	stdoutStderr, err := cmd.CombinedOutput()
+	if err != nil {
+		fmt.Println("Error ssh-agent -k ", err)
+		return err
+	}
+	fmt.Println("kill ssh agent :: output=", string(stdoutStderr))
+	return nil
+}
+
+func writeToFifo(fifo string, data []byte) error {
+	f, err := os.OpenFile(fifo, os.O_WRONLY|os.O_CREATE|os.O_APPEND, os.ModeNamedPipe)
+	if err != nil {
+		log.Error("failed to open fifo", map[string]interface{}{
+			log.FnError: err,
+			"fifo":      fifo,
+		})
+		return err
+	}
+	defer f.Close()
+	if _, err = f.Write(data); err != nil {
+		log.Error("failed to write to fifo", map[string]interface{}{
+			log.FnError: err,
+			"fifo":      fifo,
+		})
+		return err
+	}
+	return nil
+}
+
+func sshSubMain(ctx context.Context, args []string) error {
+	pipeFilename, err := createFifo2()
+	if err != nil {
+		return err
+	}
+
 	node := detectSSHNode(args[0])
-	fifo, err := sshPrivateKey(node)
+	pirvateKey, err := getPrivateKey(node)
 	if err != nil {
 		return err
 	}
-	defer os.Remove(fifo)
 
+	go func() {
+		if _, err := sshAgent(ctx, pipeFilename); err != nil {
+			fmt.Println("getPrivateKey err=", err, "node=", node)
+			// ログ出力
+			return
+		}
+	}()
+
+	if err = writeToFifo(pipeFilename, pirvateKey); err != nil {
+		return err
+	}
+	defer os.Remove(pipeFilename)
+	defer killSshAgent(ctx)
+
+	//return ssh(ctx, args)
 	sshArgs := []string{
-		"-i", fifo,
 		"-o", "UserKnownHostsFile=/dev/null",
 		"-o", "StrictHostKeyChecking=no",
 		"-o", "ConnectTimeout=60",
@@ -116,6 +203,22 @@ func ssh(ctx context.Context, args []string) error {
 	return c.Run()
 }
 
+/*
+func ssh(ctx context.Context, args []string) (error, string) {
+	sshArgs := []string{
+		"-o", "UserKnownHostsFile=/dev/null",
+		"-o", "StrictHostKeyChecking=no",
+		"-o", "ConnectTimeout=60",
+	}
+	sshArgs = append(sshArgs, args...)
+	c := exec.CommandContext(ctx, "ssh", sshArgs...)
+	c.Stdin = os.Stdin
+	c.Stdout = os.Stdout
+	c.Stderr = os.Stderr
+	return c.Run(), "OK"
+}
+*/
+
 // sshCmd represents the ssh command
 var sshCmd = &cobra.Command{
 	Use:   "ssh [user@]NODE [COMMAND...]",
@@ -130,7 +233,7 @@ If COMMAND is specified, it will be executed on the node.
 	Args: cobra.MinimumNArgs(1),
 	RunE: func(cmd *cobra.Command, args []string) error {
 		well.Go(func(ctx context.Context) error {
-			return ssh(ctx, args)
+			return sshSubMain(ctx, args)
 		})
 		well.Stop()
 		return well.Wait()
