Friday, January 24, 2020

Back to Telescope

on January 24, 2020 in backend, cdot, collaboration, docker, gatsbyjs, graphql, kubernetes, nginx, openSource, PlanetCDOT, ssl, telescope with No comments

It's live!

Yes, Telescope is live, only its development version though, but it is live, and you can check it out here. If you have no clue about what Telescope is, go check my previous posts to learn about it. Go, I'll wait.

Ready? So here we are again, trying to add more features to Telescope, learning new things, and getting excited again!

It's becoming a very intense project, so I'll go right away to the things I've been involved with:

- GraphQL

GraphQL is a query and manipulation language for APIs and a runtime for fulfilling queries with existing data. Adding it to Telescope wasn't easy, but it's done, and now we can take advantage of its features.

- Hashing and encoding IDs

This one was a bit trickier. It was my first time doing this so I had to get a bit familiar with crypto, a wrapper for OpenSSL cryptographic functions, but once I understood what had to be done (and with some extra help from others involved in the project), I managed to integrate it with what we had.

- Minikube and Kubernetes

Minikube and Kubernetes additions to Telescope are still WIP, but we've made some progress with them. I'm working with another contributor to run Telescope using a Kubernetes cluster, but due to our lack of experience, we're trying first with minikube. I think we're getting there, we did some testing and we hit some walls that you're supposed to hit when you're learning this stuff. If everything goes well, and our guesses are correct, I think we'll be able to get it run in a week or two.

- Deployment

This is another very interesting piece. Right now Telescope is running on port 80, but it'd be nice (and professional) to use SSL, right? Well, that's what I'm going to be doing soon. I just started researching Nginx to see how it works and how it can be used with docker-compose (which is what we using for our staging server), and once Ngingx is added to our docker-compose file, we'll try to convince Let's Encrypt that we're trustworthy.

That's pretty much what's happening right now, Telescope keeps growing at a pace that's almost hard to keep up with, but what we're getting out of it in terms of experience and knowledge is simply awesome.

Oh, and we're adding the fanciest toy in the store right now, Gatsbyjs.

Stay tuned!

Thursday, January 2, 2020

KDE Plasma & ssh keys

on January 02, 2020 in KDE, ksshaskpass, openSource, plasma, ssh, ssh-agent with No comments

If you're a Linux user, and the desktop environment of your choice is Gnome, you're probably used to letting Gnome Keyring SSH Agent handle your ssh keys. You just log in, your ssh keys stored in your ~/.ssh folder get loaded in memory, and then you can use them not only in terminals but with any process that requires ssh authorization.

Unfortunately, KDE Plasma doesn't have that feature out of the box, so it needs a bit of tweaking to get the same behaviour.

Let's make some changes to Kwallet and add some scripts to start our ssh-agent and load our keys:

Kwallet
Launch KDE Wallet Configuration and make sure the KDE wallet subsystem is enabled.

Launch Kwallet Manager and create a new wallet if necessary and set a passphrase for it.

Scripts
Now we need to create some scripts to start the ssh-agent on startup, add all the keys, and stop it on shutdown. For this, it's necessary to have the package ksshaskpass installed.

KDE has a designated folder for scripts that will be executed at login but before launching Plasma.

Folder: ~/.config/plasma-workspace/env

In this folder, we need to create a script to start the ssh-agent. Let's call it ssh-agent-startup.sh.

#!/bin/bash

[ -n "$SSH_AGENT_PID" ] || eval "$(ssh-agent -s)"

Also, KDE uses another folder for scripts at login.

Folder: ~/.config/autostart-scripts

Let's add a script to load all our ssh keys. We'll call our script ssh-add.sh.

#!/bin/bash

export SSH_ASKPASS=/usr/bin/ksshaskpass

ssh-add $HOME/.ssh/my_ssh_key1 $HOME/.ssh/my_ssh_key2 $HOME/.ssh/my_ssh_key3...

And finally, let's add a script to stop our ssh-agent at shutdown.

Folder: ~/config/plasma-workspace/shutdown

Our script will be ssh-agent-shutdown.sh.

#!/bin/bash

[ -z "$SSH_AGENT_PID" ] || eval "$(ssh-agent -k)"

Don't forget to mark the scripts as executables:

chmod +x file/to/mark/as/executable

And that's it. After rebooting, the system will prompt you to enter your keys' passphrases, and if everything went well, you should be able to use your keys with any process that needs ssh authorization.