Skip to content

SSH agent initialization postStart event fails workspace if $HOME is not writable #1337

Closed
@AObuchow

Description

@AObuchow

Description

In container images where the $HOME directory is not writable (such as the go-toolset image, which has $HOME=/opt/app-root/src/) the init-ssh-agent-command-... postStart event will fail.

This is due to the fact we assume $HOME/ssh-environment is writable when doing ssh-agent | sed 's/^echo/#echo/' > $SSH_ENV_PATH, however this is not always the case:

$ ssh-agent |  sed 's/^echo/#echo/' > $SSH_ENV_PATH
bash: /opt/app-root/src/ssh-environment: Permission denied

Maybe we should wrap the entire ssh-agent intialization command with a (...) || true so that regardless of wether a specific step of the ssh-agent initialization fails, the workspace will start up. This is the approach taken for the init-persistent-home preStart event.

How To Reproduce

  1. Set up an SSH key with a passphrase
  2. Create a workspace using the go-toolset image:
kind: DevWorkspace
apiVersion: workspace.devfile.io/v1alpha2
metadata:
  name: plain-devworkspace
spec:
  started: true
  routingClass: 'basic'
  template:
    components:
      - name: web-terminal
        container:
          image: registry.access.redhat.com/ubi9/go-toolset:1.19.13-4.1697647145
          memoryRequest: 256Mi
          memoryLimit: 512Mi
          mountSources: true
          command:
           - "tail"
           - "-f"
           - "/dev/null"
  1. Check the workspace status, it should have failed: oc get devworkspace -n $NAMESPACE

Expected behavior

The workspace should succceed to start up. Whether the automatic SSH passphrase provisioning functionality works is another topic (maybe we should set SSH_ENV_PATH=/tmp/ssh-environment instead of SSH_ENV_PATH=$HOME/ssh-environment?)

Additional context

Upstream Che Issue

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions