Install a common ssh key on deployed ACIs (#4866)

.azure-pipelines-templates/deploy_aci.yml

@@ -73,7 +73,16 @@ jobs:
           python3.8 -m venv ./scripts/azure_deployment/.env
           source ./scripts/azure_deployment/.env/bin/activate
           pip install -r ./scripts/azure_deployment/requirements.txt
-          python3.8 scripts/azure_deployment/arm_template.py deploy aci --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) --resource-group ccf-aci --aci-type dynamic-agent --deployment-name ci-$(Build.BuildNumber) --aci-image ccfmsrc.azurecr.io/ccf/ci:pr-$(wait_for_image.gitSha) --aci-file-share-name ccfcishare --aci-file-share-account-name ccfcistorage --aci-storage-account-key $(CCF_AZURE_STORAGE_KEY) > ~/aci_ips
+          python3.8 scripts/azure_deployment/arm_template.py deploy aci \
+            --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
+            --resource-group ccf-aci \
+            --aci-type dynamic-agent \
+            --deployment-name ci-$(Build.BuildNumber) \
+            --aci-image ccfmsrc.azurecr.io/ccf/ci:pr-$(wait_for_image.gitSha) \
+            --aci-file-share-name ccfcishare \
+            --aci-file-share-account-name ccfcistorage \
+            --aci-storage-account-key $(CCF_AZURE_STORAGE_KEY) \
+            --aci-private-key-b64 $(sshKey) > ~/aci_ips
           # Escape newlines: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-variables-scripts?view=azure-devops&tabs=bash
           escape_data() {
           local data=$1
@@ -116,7 +125,16 @@ jobs:
               python3.8 -m venv ./scripts/azure_deployment/.env
               source ./scripts/azure_deployment/.env/bin/activate
               pip install -r ./scripts/azure_deployment/requirements.txt
-              python3.8 scripts/azure_deployment/arm_template.py deploy aci --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) --resource-group ccf-aci --aci-type dynamic-agent --deployment-name ci-$(Build.BuildNumber)-secondaries --aci-image ${{ parameters.secondaries.image }} --count ${{ parameters.secondaries.count }} --aci-file-share-name ccfcishare --aci-file-share-account-name ccfcistorage --aci-storage-account-key $(CCF_AZURE_STORAGE_KEY) > ~/secondary_aci_ips
+              python3.8 scripts/azure_deployment/arm_template.py deploy aci \
+                --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
+                --resource-group ccf-aci \
+                --aci-type dynamic-agent \
+                --deployment-name ci-$(Build.BuildNumber)-secondaries \
+                --aci-image ${{ parameters.secondaries.image }} \
+                --count ${{ parameters.secondaries.count }} \
+                --aci-file-share-name ccfcishare \
+                --aci-file-share-account-name ccfcistorage \
+                --aci-storage-account-key $(CCF_AZURE_STORAGE_KEY) > ~/secondary_aci_ips
               echo "##vso[task.setvariable variable=secondaryIpAddresses;isOutput=true]`base64 -w 0 ~/secondary_aci_ips`"
             name: deploy_secondary_aci
             displayName: "Deploy Secondary ACI"

.snpcc_canary

@@ -1,4 +1,4 @@
-  ___    ___    ___
- (O o)  (O o)  (O o)    Y
-   O      O      O    /
-/-xXx--/-xXx--/-xXx--/--------()
+  ___         ___    ___
+ (O o)     Y (O o)  (O o)    Y
+   O     /     O      O    /
+/-xXx--//-----xXx--/-xXx--/--------()

scripts/azure_deployment/arm_aci.py

@@ -44,6 +44,17 @@ STARTUP_COMMANDS = {
             for ssh_key in [get_pubkey(), *args.aci_ssh_keys]
             if ssh_key
         ],
+        *(
+            [
+                f"echo {args.aci_private_key_b64} | base64 -d > /home/agent/.ssh/id_rsa",
+                "chmod 600 /home/agent/.ssh/id_rsa",
+                "ssh-keygen -y -f /home/agent/.ssh/id_rsa > /home/agent/.ssh/id_rsa.pub",
+                "chmod 600 /home/agent/.ssh/id_rsa.pub",
+            ]
+            if args.aci_private_key_b64 is not None
+            else []
+        ),
+        "chown -R agent:agent /home/agent/.ssh",
     ],
 }
 
@@ -143,6 +154,12 @@ def make_aci_deployment(parser: ArgumentParser) -> Deployment:
         default="",
         type=lambda comma_sep_str: comma_sep_str.split(","),
     )
+    parser.add_argument(
+        "--aci-private-key-b64",
+        help="The base 64 representation of the private ssh key to use on the container instance",
+        default=None,
+        type=str,
+    )
     parser.add_argument(
         "--region",
         help="Region to deploy to",