From 2662063b3f0d7e90a13dd40e837c82f3899544d7 Mon Sep 17 00:00:00 2001 From: Jeff Erbrecht Date: Wed, 27 Nov 2024 17:50:13 -0500 Subject: [PATCH] Temporary patch for incorrect test user key file ownership When we create test VMs, we include an SSH pubkey for a test user as metadata. The guest agent sees this and creates a system user (with a `~/.ssh/authorized_keys` file holding the key we defined) accordingly. On some DLVM images, the `~/.ssh/authorized_keys` file subsequently gets its ownership attributes corrupted during startup. This prevents us from being able to SSH into the VM for the remainder of the test. This change deploys a workaround that manually patches over the corruption at VM startup. --- integration_test/gce/gce_testing.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/integration_test/gce/gce_testing.go b/integration_test/gce/gce_testing.go index 7671103035..3d7d130975 100644 --- a/integration_test/gce/gce_testing.go +++ b/integration_test/gce/gce_testing.go @@ -1101,6 +1101,25 @@ func addFrameworkMetadata(imageSpec string, inputMetadata map[string]string) (ma if _, ok := metadataCopy["startup-script"]; ok { return nil, errors.New("the 'startup-script' metadata key is reserved for future use. Instead, wait for the instance to be ready and then run things with RunRemotely() or RunScriptRemotely()") } + // TODO(b/380470389): we actually *can't* do RunRemotely() on DLVM images due to a bug. + // The workaround for the bug is to deploy a fix in-VM via startup scripts. + if strings.Contains(imageSpec, "common-gpu-debian-11-py310") { + metadataCopy["startup-script"] = fmt.Sprintf(` +#!/bin/bash +# Give time for the guest agent and jupyter stuff to finish modifying +# /etc/passwd and test_user home directory +sleep 120 +HOMEDIR=/home/%[1]s +SSHFILE=$HOMEDIR/.ssh/authorized_keys +if [ ! -f "$SSHFILE" ]; then + sudo mkdir -p "$HOMEDIR/.ssh" + sudo touch "$SSHFILE" +fi +sudo chown -R %[1]s:%[1]s "$HOMEDIR" +sudo chmod 600 "$SSHFILE"`, + sshUserName, + ) + } } return metadataCopy, nil }