-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Add workspace packages #1892
base: develop
Are you sure you want to change the base?
Conversation
Coverage reportClick to see where and how coverage changed
This report was generated by python-coverage-comment-action |
6298754
to
caf63fb
Compare
a698a03
to
bcfd702
Compare
Looking at some options to get the files on workspace VMs. The constraints are,
The good solutions I can see are,
Non-options,
Using anonymous access blob and http is nice for not needing authentication. However, you have to keep the manifest up to date which could be prone to error. Thoughts @jemrobinson @craddm |
Is the cloud-init Ansible support (https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ansible) any help here? Some thoughts on your suggestions:
How/when would the file get updated? Is it reasonable to imagine e.g. an Azure Function that would do the updating? If so, perhaps it could write directly to the VM and you wouldn't need a storage volume at all? |
I do have some notes on SFTP, yes. Wasn't enormously tricky, IIRC. Creating a local user was easy through the portal, and seems from Powershell it was easy to create one with a password rather than an SSH key. I'm not seeing much about Azure Functions writing directly to VMs; you can trigger them on uploads to blob storage but so far I've only seen people suggest that the function copies files to a File Share |
@jemrobinson How much experience with key pairs in Azure/Pulumi do you have? Looks like your can't generate a local user with password using Pulumi (at least, the password isn't an output). |
What Pulumi resource are you using to generate a local user? I assume you don't mean in cloud-init? |
azure_native.storage.LocalUser Local user for SFTP, not for the workspaces. |
@jemrobinson Looks like Azure expects to keep the private key for keys in a keyvault. I think the best option would be to use the TLS package to generate a key, then store that as a secret. |
I'm still a bit confused about what advantage we get for using SFTP over one of the other options. Is it just that we can do so earlier in the cloud-init order of operations? If so, why does this matter? N.B. if you want to generate a Key in a Keyvault, I think you should probably use the Key resource |
The SFTP way means,
The current downside is it means sharing a private key between workspaces (or creating a new local account with key pair for each workspace). |
✅ Checklist
Enable foobar integration
rather than515 foobar
).develop
.🚦 Depends on
#1909 - Shouldn't dive too far into specifying packages/configuration until we have decided on the distro.
🌂 Related issues
Closes #1574
Closes #1783
🔬 Tests