Zemke-Rhyne is a small bridge between Phabricator and our servers to fetch credentials stored on DevCentral.
The Docker servers have the right to connect through SSH to a special account on a specific server (currently Ysul) with keys stored here too.
There is a script to generate the SSH authorized_files with those keys (and metadata like the IP of the server matching this key).
Reproduce steps:
While Phabricator can't answer (e.g. because Phabricator container is down):
- Go to Ysul, switch to zr account
- make clean all
Expected result:
- any error handling (e.g. an exception thrown)
- it doesn't recreate the .ssh/authorized_files (or creates it as a blank file)
Actual result: It silently creates the file .ssh/authorized_files without raising any warning, without key.
Fix
Fix to implement in rZR:
- https://devcentral.nasqueron.org/source/zemke-rhyne/browse/main/lib/GetPublicKeys.php is the script called to regenerate ~zr/.ssh/authorized_files
- https://devcentral.nasqueron.org/source/zemke-rhyne/browse/main/lib/GetPublicKeys.php$61 is the method used to fetch a public key