-
Notifications
You must be signed in to change notification settings - Fork 4
UserNotes:vielmetti
User notes are notes you take as a user of cmd.io to share with the community.
First: I had to update my Github keys, per the Github ssh settings page. I also updated my .ssh/config file.
Second: there don't seem to be currently any default installed commands, not even a "help" command.
Edwards-MacBook-Air:.ssh emv$ ssh alpha.cmd.io :ls
Installed Commands:
Third: after I read for a while, I wanted to explore what other people had published and shared.
Fourth: after following the examples, it was easy to get jq into the system. So far so good.
I want to get an AWS CLI command, e.g. like https://github.com/xueshanf/docker-awscli so that I can run Amazon administration tasks. This requires careful understanding of how credentials are packaged up and shared (or not shared).
Following the instructions I get this set up. Now, where do the creds live?
ssh_exchange_identification: Connection closed by remote host is an error message, caused temporarily by an SSH bug which has been addressed.
Now that I have this awscli command loaded, how do I share with others? Cf the help text
emv$ ssh alpha.cmd.io awscli:access --help
Manage command access
Usage:
awscli :access
Tried to build a few secrets into awscli to allow me to do tasks that require access, e.g. dropping data into AWS IOT via the aws iot-data command. However I was stopped for the day with
emv$ ssh alpha.cmd.io awscli:config set foo=bar
ssh_exchange_identification: Connection closed by remote host
I suspect that the best kinds of things to put here (rather than install locally) are the sets of tasks where you would otherwise either do a complex install onto your local system, or hope that a Docker container is available to avoid the install process. The trickier the dependencies the more likely that Docker is the right answer to corral them. It would be best to avoid anything too CPU intensive (as there is a timeout on cmd.io tasks) but in general when install time >> run time this is a good option.
The other set of good things to do here are instances where you want a non-trivial command to be ubiquitously available, so that you can bootstrap a new machine or work in an unfamiliar environment and have your tools available to you without going through a big install process.
ssh alpha.cmd.io vielmetti/awscli --region us-east-1 ec2 describe-instances
says an awful lot about the running environment.
I'm putting a wrapper around a script that requires an API key (not the AWS key but something simpler and lower risk).
ssh alpha.cmd.io getpredictions:config set AAATA=rw9xxxxxxxxxxxxxx
to set the key. The Dockerfile runs a shell script, and the shell script has a line
curl "http://rt.theride.org/bustime/api/v1/getpredictions?key=$AAATA&stpid=$1"
and the resulting setup handily pushes the AAATA variable into the environment into the variable for use by the script. Et voila.
It would perhaps be helpful to have the moral equivalent of "ls -l" so that we can see how big the Docker containers we are running are. In a small amount of experimentation I seem to be able to demonstrate that smaller setups do better. My experiments led me to alpine of course, and the smallest container I have that does useful work is 27 mb compressed (says Docker Hub).
Smaller than that, yet; an alpine image with only 2 megabytes, vielmetti/oblique (Oblique Strategies).
I put together a tiny command ssh alpha.cmd.io vielmetti/directory that spits back a list of some of the commands that people have shared. It should be possible to make shared commands more discoverable, if people want to share them. You might trap "cmd:access public" and update some registry, or otherwise derive some shared space that people can scribble on together to share what they are up to.
There's no reason that commands couldn't keep some credentials that would allow them to mount some persistent storage somewhere, do reads and writes, and then when they exit the persistent storage is still around for the next time the command is invoked.
The test would be two containers "increment" and "decrement" that shared a counter somewhere, and when you ran "increment" the number would go up, and when you ran "decrement" the number would go down.
Consider different filing systems. The count data could live on
- a public wiki
- a private S3 bucket
- a private or public Git repository, or maybe the Git repo's wiki
- some kind of user-level file system mounted with FUSE, with any number of back ends
- an anonymous FTP server that supports GET and PUT
- an NFS file system mounted within the container, like Amazon's EFS?
- a Github gist, especially if you can create a nonce that gives write privs just to that gist.
Ideally you'd be able to do this in such a way that if the secret was in any way compromised, that you would not risk anything else.
If you want every session you run to have variables set - e.g. to help with the process of getting secrets into the environment without clogging up your command line - use something like this
Host alpha.cmd.io
User vielmetti
SendEnv MY_KEY
Note that this would insert this key into the environment for every command you run, so you would be best to only run commands that you trust in this case. (Not really sure if this is a great idea, but it really depends on your level of mutual trust. Then when you want to run a command that needs a key you can run it on your command line as
MY_KEY=secret ssh alpha.cmd.io mycommand
Alas this does not work right now as expected...
Til next time!