Add 'native-ssh' flag to 'minikube start' and 'minikube ssh' #4510
Conversation
|
Welcome @yinzara! |
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
cncf-cla: no
|
Hi @yinzara. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
Can one of the admins verify this patch? |
pkg/minikube/cluster/cluster.go
Outdated
| @@ -20,6 +20,7 @@ import ( | |||
| "encoding/json" | |||
| "flag" | |||
| "fmt" | |||
| "github.com/docker/machine/libmachine/ssh" | |||
There was a problem hiding this comment.
this change looks odd
There was a problem hiding this comment.
Agree. That was definitely added in error. I'll fix.
k8s-ci-robot
added
cncf-cla: yes
cmd/minikube/cmd/start.go
Outdated
| @@ -154,6 +157,7 @@ func init() { | |||
| startCmd.Flags().Bool(gpu, false, "Enable experimental NVIDIA GPU support in minikube (works only with kvm2 driver on Linux)") | |||
| startCmd.Flags().Bool(hidden, false, "Hide the hypervisor signature from the guest in minikube (works only with kvm2 driver on Linux)") | |||
| startCmd.Flags().Bool(noVTXCheck, false, "Disable checking for the availability of hardware virtualization before the vm is started (virtualbox)") | |||
| startCmd.Flags().Bool(noNativeSSH, false, "Disable using the native Golang SSH client and instead uses the command line 'ssh' command when accessing the docker machine. Useful for the machine drivers when they will not start with 'Waiting for SSH'.") | |||
There was a problem hiding this comment.
I would make the description shorter, instead of Useful for the machine drivers when they will not start with 'Waiting for SSH'. I would link to an issue or a docs.md
like see github.com/kubernetes/minikube/docs/drivers#nossh.md
or do you know list of all vm-drivers that have that problem to list here instead ? if we know that, does it worth to make an automatic option for specific drivers? we already created an automatic option for none driver.
#4465
There was a problem hiding this comment.
There have been NUMEROUS issues related to "Waiting for SSH" for almost every VM driver which is why I specifically mentioned it as a possible fix when you encounter that issue.
The issue is that it isn't "required" by the Hyperkit driver. It's required if you have a USB network adapter like a USB dongle or a docking station that provides wired network access for a laptop (which is why I made it an optional flag instead of setting it automatically for the hyperkit driver).
There was a problem hiding this comment.
Fair enough, I know this issue has happened for sure for none driver, I wonder if it has happened to virtualbox as well ? I would okay with testing this PR
There was a problem hiding this comment.
My only debate with naming in this PR relates to the name of the arg itself.
Should it be "--no-native-ssh" since it mirrors the "--native-ssh" arg from 'docker machine ssh' and effectively affects its opposite or should it be "--external-ssh" (or maybe --ssh-cli) so that it implies what it actually does?
|
@minikubebot OK to test |
|
@minikube-bot OK to test |
|
I need a little help deciphering what went wrong. It seems the Linux-VirtualBox test somehow failed but I can't figure out what's causing it. Help! |
|
I've rebased against master and force pushed. All builds are "Pending" now, does something need to be done? |
|
Nvm everything is good now :) . Can I get a lgtm? |
|
lets wait for @tstromberg's input |
k8s-ci-robot
added
needs-rebase
|
@minikube-bot OK to test |
|
I still don't understand how the VirtualBox-Linux test is failing. My change is so minor and should have no affect unless specifically enabled (which it isn't by default). Is it possible this is unrelated to my changes? The errors are so cryptic I can't decipher what's going on. |
|
2028 ssh_runner.go:101] SSH: docker load -i /tmp/k8s-dns-kube-dns-amd64_1.14.13 That seems to be the line that's erroring. All of the |
|
I believe the vbox failing test was timing out |
|
/retest this please |
|
Yay! All we need is a lgtm :) . @tstromberg ? |
First, thank you for this PR! I want to make sure I understand the technical merits of adding another flag before LGTM'ing, as once we do, we are stuck supporting it for the long haul. Do you mind elaborating what specific use cases this flag this flag would be useful for in the PR description and help text? If the minikube VM used an exotic authentication mechanism, I would completely understand why using the external ssh mechanism is useful, but I don't yet understand other reasons for it. I would expect that the packets will be routed similarly. In general, I would personally would prefer having an automatic fallback/selection mechanism for flags like this, rather than forcing the user to fail first and try again, but I don't understand enough about the problem yet to have a more specific recommendation. |
|
Unfortunately the reason for needing this flag are not always clear. In my example with the Hyperkit driver, when a USB network adapter was added to the system, the Golang SSH library was unable to connect to the Hyperkit container. It just sat waiting forever at "Waiting for SSH" without ever timing out. It was literally frozen and didn't time out (so I couldn't have "fallen back automatically" even if I wanted to). While I would love to have solved the cause for this, there are TONS of issues over the years related to issues with "Waiting for SSH..." that trying this option may have allowed a user to continue. If we know the command line SSH client does work, having a method for enabling this is necessary (as docker-machine ssh already does). The docker-machine library doesn't even provide more information about the use of this flag other than its existence, how to use it, and that it may provide different functionality. To be perfectly honest, I'd actually rather model the docker-machine ssh library and change the default behavior to use the CLI like docker-machine does and provide a "--native-ssh" flag just like they do. However, that would cause a change in the default behavior of minikube and is a much bigger ask. |
|
Looks like this was changed in 2017 as part of: |
|
@minikube-bot OK to test |
cmd/minikube/cmd/start.go
Outdated
| @@ -160,6 +163,7 @@ func init() { | |||
| startCmd.Flags().Bool(gpu, false, "Enable experimental NVIDIA GPU support in minikube (works only with kvm2 driver on Linux)") | |||
| startCmd.Flags().Bool(hidden, false, "Hide the hypervisor signature from the guest in minikube (works only with kvm2 driver on Linux)") | |||
| startCmd.Flags().Bool(noVTXCheck, false, "Disable checking for the availability of hardware virtualization before the vm is started (virtualbox)") | |||
| startCmd.Flags().Bool(noNativeSSH, false, "Disable using the native Golang SSH client and instead uses the command line 'ssh' command when accessing the docker machine. Useful for the machine drivers when they will not start with 'Waiting for SSH'.") | |||
There was a problem hiding this comment.
Boolean flags should not be named with a negative prefix, because otherwise it is really difficult to understand what this means:
--no-native-ssh=false
I regret that we did not catch this for --no-vtx-check.
There was a problem hiding this comment.
So then should we change the parameter to be "--native-ssh" to match with the corresponding parameter in docker-machine ssh and the default behavior to use the "External" CLI SSH (as it was before) eafb4fc (and as it is in docker-machine ssh) or should I change the parameter to be "--external-ssh" and maintain the current default behavior (even though it is the opposite of docker-machine ssh)
There was a problem hiding this comment.
Correct. Name the flag --native-ssh, but do not yet change the default behavior.
tstromberg
added
the
do-not-merge/work-in-progress
|
Needs rebase. |
|
lol I think you missed the two options. I can either name the parameter "--native-ssh" (like |
|
@yinzara Please resolve the conflicts. |
k8s-ci-robot
added
the
needs-rebase
|
Could you change the name to be |
|
I don't know how to make myself clearer lol If I call it There are literally only two options (and a variation on the 1st in naming). Call it OR Call it |
|
|
|
INTERESTING! I didn't realize that was an option (I can't see any other minikube options like that). I guess I could call it |
k8s-ci-robot
removed
the
needs-rebase
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: yinzara The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
There. Rebased against master and renamed to Also added the flag to the |
|
/assign @sharifelgamal |
|
Excellent, thanks for fixing that! |
sharifelgamal
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
Does this flag work? I have minikube version 1.12.1, I still cannot use external ssh, I am running below command on Windows 10 using Hyper-V. minikube start -v=8 --alsologtostderr --driver=hyperv --force --native-ssh=false |
|
Yup we use it all the time and it works great. What do you mean by "I still cannot use external ssh"? |
|
Sorry, I should have provided more details, it always uses native ssh in my case I am using minikube version: v1.12.1. I execute below command I see it is using native ssh How do I make it detect my External SSH?, Just fyi, when I run minishift it calls my external ssh just fine. |
|
using Hyper-V on Windows 10 |
|
My external ssh config is configured to map myvmip ssh to a forwarded port, I need minikube to use the external ssh config for it to work. |
|
Thanks @sharifelgamal |
Docker machine gives an option for sshing into a running container of using the Golang SSH native client or using the external 'ssh' command line executable.
Normally, "docker-machine ssh" uses the "external" client by default and a "--native-ssh" flag must be passed to enable the native client.
Minikube by set the client to native by default with no option to change this behavior. This causes issues with some VM drivers.
Though the native SSH client for Golang is more efficient than the command line 'ssh' command, there are times in which using the 'ssh' CLI is necessary.
This PR adds a "--no-native-ssh" flag to the
minikube startcommand an and associated "no-native-ssh" config option (throughminikube config set no-native-ssh true.