diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2024-01-12 11:10:52 +0100 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-01-12 12:33:22 +0000 |
| commit | 6b2f65379d4de4dff02fcf11008f582d27fdcf59 (patch) | |
| tree | 8e66532aca72a5f9a0b41e14424d6ad9aa44e628 | |
| parent | dda5a9889e432dc7e9efe71a39292073fa6f6c00 (diff) | |
vm/gce: configure ssh-serialport.googleapis.com credentials
In GCP projects with OS Login, the per-VM keys don't play any role in
the authentication. We need to attach an SSH key to a service account
and use it to connect to ssh-serialport.googleapis.com.
Add two new configuration options to enable that.
| -rw-r--r-- | vm/gce/gce.go | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/vm/gce/gce.go b/vm/gce/gce.go index 0bac4c152..0d91882af 100644 --- a/vm/gce/gce.go +++ b/vm/gce/gce.go @@ -46,6 +46,15 @@ type Config struct { GCEImage string `json:"gce_image"` // pre-created GCE image to use Preemptible bool `json:"preemptible"` // use preemptible VMs if available (defaults to true) DisplayDevice bool `json:"display_device"` // enable a virtual display device + // Username to connect to ssh-serialport.googleapis.com. + // Leave empty for non-OS Login GCP projects. + // Otherwise take the user from `gcloud compute connect-to-serial-port --dry-run`. + SerialPortUser string `json:"serial_port_user"` + // A private key to connect to ssh-serialport.googleapis.com. + // Leave empty for non-OS Login GCP projects. + // Otherwise generate one and upload it: + // `gcloud compute os-login ssh-keys add --key-file some-key.pub`. + SerialPortKey string `json:"serial_port_key"` } type Pool struct { @@ -260,9 +269,17 @@ func (inst *instance) Run(timeout time.Duration, stop <-chan bool, command strin var conArgs []string if inst.consoleReadCmd == "" { - conAddr := fmt.Sprintf("%v.%v.%v.syzkaller.port=1@ssh-serialport.googleapis.com", - inst.GCE.ProjectID, inst.GCE.ZoneID, inst.name) - conArgs = append(vmimpl.SSHArgs(inst.debug, inst.gceKey, 9600), conAddr) + user := "syzkaller" + if inst.cfg.SerialPortUser != "" { + user = inst.cfg.SerialPortUser + } + key := inst.gceKey + if inst.cfg.SerialPortKey != "" { + key = inst.cfg.SerialPortKey + } + conAddr := fmt.Sprintf("%v.%v.%v.%s.port=1@ssh-serialport.googleapis.com", + inst.GCE.ProjectID, inst.GCE.ZoneID, inst.name, user) + conArgs = append(vmimpl.SSHArgs(inst.debug, key, 9600), conAddr) // TODO: remove this later (see also a comment in getSerialPortOutput). conArgs = append(conArgs, "-o", "HostKeyAlgorithms=+ssh-rsa") } else { |