wip: Ensure server password can be retrieved without having the webap…

…p running Since the tags property is set with the "exoPw" value as a side-effect of having the exospere webapp running in a browser, we explicitly retrieve its value running the curl command locally on the associated instance.
MorphoCloud · May 8, 2024 · 473a9df · 473a9df
1 parent aac09df
commit 473a9df
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/.github/workflows/create-instance.yml b/.github/workflows/create-instance.yml
@@ -195,13 +195,9 @@ jobs:
                 tail -1 | \
                 jq -r .status)
 
-              has_pwd=$(
-                openstack server show $INSTANCE_NAME -c tags -f json | \
-                jq -r '.tags[] | startswith("exoPw")')
+              echo -n "status [$status]. "
 
-              echo -n "status [$status], has_pwd [$has_pwd]. "
-
-              if [[ "$status" = "complete" && $has_pwd ]]; then
+              if [[ "$status" = "complete" ]]; then
                   echo "Exiting loop."
                   break
               else
@@ -255,6 +251,15 @@ jobs:
             openstack server show $INSTANCE_NAME -c tags -f json | \
             jq -r '.tags[] | select(startswith("exoPw")) | sub("^exoPw:"; "")'
           )
+          if [[ -z "$instance_pwd" ]]; then
+            # Since 'exoPw' tag is not yet set, attempt to directly retrieve the password using
+            # the openstack endpoint local to the instance.
+            if ! grep "$(ssh-keyscan $FLOATING_IP_ADDRESS 2>/dev/null)" ~/.ssh/known_hosts > /dev/null; then
+              ssh-keyscan -t ed25519 $FLOATING_IP_ADDRESS >> ~/.ssh/known_hosts
+            fi
+            instance_pwd=$(ssh exouser@$FLOATING_IP_ADDRESS \
+              'curl --silent http://169.254.169.254/openstack/latest/password')
+          fi
           echo "::add-mask::$instance_pwd"
           echo "instance_pwd=$instance_pwd" >> $GITHUB_OUTPUT
         env:

diff --git a/cloud-config b/cloud-config
@@ -8,6 +8,7 @@ users:
     # {ssh-authorized-keys}
     ssh-authorized-keys:
       - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzSP8d9E0/iWqe/emHwYAiMF7EI9TTswoKRvKwP5qTe/djXL2kj0M+EfRf952D5agvnNXp4ldBDJwmvoZIs92Y+9GgAWBmkRwxH8e78p9rLlaZV4skGL1N+CIYi06eFHrQqn6h5qs0Dx710AAdL9jF6VZWvUnGvDDQ+/HnuKcNUtQT0S58tu0Cdn+LifX2WjesyjfxcUnjLpblz987Fiez7fmMGDnUDKqjdiwTAHyMVAff1QIvZ/pJeCfy0CcAgLkgeAaynmrVKIBjz6wyQk/5zV6Dum3/nkpZ/b6c+cou8UQeIDTiu9EPKLWSpz1UjgUxy9ZM009Vmqpw4f0WQaLXw== [email protected]
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkbEz/oJt13ZJHQ5e8wCwsmFhpXWmjzqZzR5NCFORRS== morpho-cloud-portal_github-runner
 ssh_pwauth: true
 package_update: true
 package_upgrade: true # {install-os-updates}