Skip to content

actions/setup-ssh: Direct access to runner machines over Tailscale#34

Merged
tsibley merged 3 commits into
masterfrom
actions/setup-ssh
Jan 9, 2023
Merged

actions/setup-ssh: Direct access to runner machines over Tailscale#34
tsibley merged 3 commits into
masterfrom
actions/setup-ssh

Conversation

@tsibley
Copy link
Copy Markdown
Contributor

@tsibley tsibley commented Dec 19, 2022
edited
Loading

Useful for debugging issues with GitHub Actions workflows, particularly in cases when similar commands work on your machine but not the runner machines.

See also the README.

Related issue(s)

Testing

  • Manual testing
  • Checks pass

@tsibley
actions/setup-ssh: Direct access to runner machines over Tailscale
1fa36f6 
Useful for debugging issues with GitHub Actions workflows, particularly
in cases when similar commands work on your machine but not the runner
machines.
@tsibley tsibley requested a review from a team December 19, 2022 20:24
@tsibley
Copy link
Copy Markdown
Contributor Author

tsibley commented Dec 19, 2022
edited
Loading

Note that I haven't (yet) defined a TAILSCALE_AUTH_KEY secret at any level (repo or org), because some internal discussion is probably warranted about the account to use and how to best share access to the team before I set things up. However, I have used single-use ephemeral auth keys for my personal Tailscale account to test https://github.com/nextstrain/private/pull/72.

[Update: See also the notes about this I dropped in Slack.]

@tsibley
Copy link
Copy Markdown
Contributor Author

tsibley commented Dec 19, 2022
edited
Loading

To personally test this, you'll need:

Steps:

  1. Generate a single-use and ephemeral Tailscale auth key
  2. Launch the debugging-runner workflow in our nextstrain/private repo, providing the auth key as an input.
  3. Follow logs from the run and look for output like ssh runner@100.x.y.z
  4. Use it to login! Tailscale must be installed and running on your computer.
  5. When you're done, run touch ~/continue on the runner machine to allow the workflow to finish. (Or click the "Cancel workflow" button on the web.)

@tsibley
setup-ssh: Run tailscaled in ephemeral-only mode
d1c4d60 
This mode means devices will always be ephemeral, even if the auth key
isn't.  That's what we want here for runner machines.  It also
deregisters devices immediately upon exit, without having to separately
perform an explicit `tailscale logout` or wait the normal period before
automatic removal.
@tsibley
Workflow template to launch a runner for ad-hoc interactive debugging…
487a2fe 
…using our setup-ssh action in the nextstrain/.github repo.

Useful to test changes to setup-ssh, but also useful to have available
for debugging runners outside of the context of any specific workflow
(i.e. in which you could use setup-ssh directly).

Provided as a workflow template, not an actual runnable workflow in this
repository, because this workflow should only be used in private
repositories (which this repo is not).  Instead, see our
nextstrain/private repo for a runnable copy of this workflow.¹

¹ https://github.com/nextstrain/private/actions/workflows/debugging-runner.yaml
@tsibley
Copy link
Copy Markdown
Contributor Author

tsibley commented Jan 9, 2023

I was using this again on Friday to try out commands on a runner while adding the Singularity runtime to Nextstrain CLI's CI. Since it's working well for me and there's zero consequence right now if it doesn't, I'm going to merge this. That will let me address https://github.com/nextstrain/private/pull/72#discussion_r1052611618.

We can address providing an org-level Tailscale auth key (per #34 (comment)) separately.

@tsibley tsibley merged commit 0bfe8b8 into master Jan 9, 2023
@tsibley tsibley deleted the actions/setup-ssh branch January 9, 2023 18:53
victorlin
victorlin reviewed Jan 14, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@victorlin victorlin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for setting this up! Works for me. Made a few changes over at https://github.com/nextstrain/private/compare/93cfadce8e28580c868576d6e3d980b9c99c09fe...4a5756f450d0a56e26ea4cde6981d4bd3df9a83b based on my experience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorlin victorlin victorlin left review comments

Assignees

No one assigned

Labels

None yet

Projects

No open projects
Nextstrain planning (archived)
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tsibley @victorlin