Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add enable-admin-container helper to control container with instructions #405

Merged
merged 1 commit into from
Oct 15, 2019

Conversation

tjkirch
Copy link
Contributor

@tjkirch tjkirch commented Oct 12, 2019

Fixes #402

The hack to show the motd in sh is fun; see the comments in the Dockerfile. I figure it still makes sense to have a bashrc and point to that with ENV, even if we/ssm-agent are not using bash right now.


Testing done:

On login, we now see a helpful message:

$ aws ssm start-session --target i-00de67cefaed0840e                                                        [17:31:11]

Starting session with SessionId: tjk-03f919adca34f4e66
Welcome to Thar's control container!

This container gives you access to the Thar API, which in turn lets you inspect
and configure the system.  You'll probably want to use the `apiclient` tool for
that; for example, to inspect the system:

   apiclient -u /settings

You can run `apiclient --help` for usage details, and check the main Thar
documentation for descriptions of all settings and examples of changing them.

If you need to debug the system further, you can enable the admin container,
which enables SSH access to the system using the key you specified when you
launched the instance.

To enable the admin container, run:

   enable-admin-container

[ssm-user@ip-192-168-97-207 /]$

Here's the helper:

[ssm-user@ip-192-168-97-207 /]$ enable-admin-container
Checking whether there are pending settings; we don't want to silently commit other changes
Setting admin container to enabled
204 No Content
Committing and applying changes
200 OK
["settings.host-containers.admin.enabled"]
The admin container is now enabled - it should pull and start soon, and then you can SSH in

Here's with -x so you can see what it's doing:

sh-4.2$ sh -x /tmp/enable-admin-container 
+ command -v apiclient
+ echo 'Checking whether there are pending settings; we don'\''t want to silently commit other changes'
Checking whether there are pending settings; we don't want to silently commit other changes
++ apiclient -u /settings/pending
+ PENDING='{}'
+ rc=0
+ '[' 0 -ne 0 ']'
+ '[' '{}' '!=' '{}' ']'
+ echo 'Setting admin container to enabled'
Setting admin container to enabled
+ apiclient -v -u /settings -m PATCH -d '{"host-containers": {"admin": {"enabled": true}}}'
204 No Content
+ echo 'Committing and applying changes'
Committing and applying changes
+ apiclient -v -u /settings/commit_and_apply -m POST
200 OK
["settings.host-containers.admin.enabled"]
+ echo 'The admin container is now enabled - it should pull and start soon, and then you can SSH in'
The admin container is now enabled - it should pull and start soon, and then you can SSH in

If there are already pending settings, it doesn't want to quietly commit those, so it bails:

sh-4.2$ sh /tmp/enable-admin-container 
Checking whether there are pending settings; we don't want to silently commit other changes
Error: found pending settings in API, cowardly refusing to commit them.
You can commit them yourself first with `apiclient -u /settings/commit_and_apply -m POST` and try again.
Pending settings: {"host-containers":{"admin":{"enabled":true}}}

You can try manually enabling the admin container like this:
   apiclient -u /settings -m PATCH -d '{"host-containers": {"admin": {"enabled": true}}}'
   apiclient -u /settings/commit_and_apply -m POST

@tjkirch tjkirch requested review from etungsten and bcressey October 14, 2019 16:40
@tjkirch
Copy link
Contributor Author

tjkirch commented Oct 14, 2019

This push improves the motd wording per @etungsten.

Copy link
Contributor

@zmrow zmrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the wording issue, I'm happy with this.

Nice work! 🌖

extras/control-container/enable-admin-container Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Make it easier to enable admin container from control container
3 participants