- This topic has 3 replies, 2 voices, and was last updated 2 years, 5 months ago by
.
-
Posts
-
I couldn’t find anything in the docs, and while there is a commented out snippet in the Hello FABRIC notebook for seeding an environment variable with the sliver key passphrase, there’s nothing for the bastion key. However, it seems that slice submission does try to use the bastion key to do some work:
/opt/conda/lib/python3.9/site-packages/fabrictestbed_extensions/fablib/node.py in execute(self, command, retry, retry_interval)
677 bastion=paramiko.SSHClient()
678 bastion.set_missing_host_key_policy(paramiko.AutoAddPolicy())
--> 679 bastion.connect(fablib.get_bastion_public_addr(), username=fablib.get_bastion_username(), key_filename=fablib.get_bastion_key_filename())
680
681 bastion_transport = bastion.get_transport()
After which is quickly fails with
AuthenticationException: Authentication failed.. Is there a similar environment variable for bastion passphrases, or do I just have to leave the key unencrypted all the time?The last section of the first cell of any example notebook has the following commented out. Uncomment it or set FABRIC_SLICE_PRIVATE_KEY_PASSPHRASE in anyway you wish.
# If your slice private key uses a passphrase, set the passphrase from getpass import getpass print('Please input private key passphrase. Press enter for no passphrase.') os.environ['FABRIC_SLICE_PRIVATE_KEY_PASSPHRASE']=getpass()Soon we will update FABlib to allow you to set these directly but for now you just need to set the env var.
As I said in my original post, that only works for the slice key. There is a FABRIC_BASTION_KEY_PASSWORD defined in AbcFabLIB, but no one actually uses it, so it seems like you have to strip the bastion key to make
post_boot_configwork.
- You must be logged in to reply to this topic.