roachprod: ensure scp uses supported flags

[AlexTalks]

In #99283 the flags -R -A were added to the scp command invocation, in order to ensure that copies between two remote hosts are done without transferring to the localhost. These flags are only supported on MacOS ("darwin") and not on Linux, as this behavior is already the default on Linux. This change fixes that issue by only using these flags on MacOS, allowing the scp invocation (and by extension, roachprod) to work on Linux.

Epic: none

Release note: None

[cockroach-teamcity]

This change is 

[renatolabs]

We're already in the process of reverting that change (#99419) so tonight's run should be safe.

If we want to conditionally use it like proposed here, let's first make sure that:

• @aliher1911 do you get good performance with this code? I don't see why not, but let me know.
• I'll also run some roachtest runs on this branch to make sure everything is good. I think this should work fine with tree dist, but we should double check.

[aliher1911]

I looked at

~/g/s/g/c/cockroach ❯❯❯ go tool dist list
aix/ppc64
android/386
android/amd64
android/arm
android/arm64
darwin/amd64
darwin/arm64
dragonfly/amd64
freebsd/386
freebsd/amd64
freebsd/arm
freebsd/arm64
illumos/amd64
ios/amd64
ios/arm64
js/wasm
linux/386
linux/amd64
linux/arm
linux/arm64
linux/loong64
linux/mips
linux/mips64
linux/mips64le
linux/mipsle
linux/ppc64
linux/ppc64le
linux/riscv64
linux/s390x
netbsd/386
netbsd/amd64
netbsd/arm
netbsd/arm64
openbsd/386
openbsd/amd64
openbsd/arm
openbsd/arm64
openbsd/mips64
plan9/386
plan9/amd64
plan9/arm
solaris/amd64
windows/386
windows/amd64
windows/arm
windows/arm64

and thinking if we need to include bsd family here? Or just keep "darwin" and be done with it?
I was testing it from linux box and scp works as expected and does direct host to host copy without those flags despite the same confusing man page.

[AlexTalks]

Do we otherwise test and support roachprod on BSD? It feels like the common usage pattern is that it's used from MacOS and Linux. I realize that roachprod should be usable by any and all contributors, but given that we don't ship roachprod binaries, I'm not sure if we really need to do anything more that just checking runtime.GOOS == "darwin".

[aliher1911]

Thank you for fixing my sloppy engineering!

[aliher1911]

Can't we just do

args = append(args, "-R", "-A")

[aliher1911]

I actually dug a bit further by accident and figured that flags are supported by openssl 9 and not supported by openssl 7. Ubuntu/Debian that we use and I also have on one server have v7, while macos have 9 and I also have arch which is also using 9 and has all the flags. So it is not bsd specific. Ideally we should just check version, but I don't think there's an easy way beside doing something like ssh -vv localhost </dev/null and parsing version from stderr. Meh.

[renatolabs]

I actually dug a bit further by accident and figured that flags are supported by openssl 9 and not supported by openssl 7. Ubuntu/Debian that we use and I also have on one server have v7, while macos have 9 and I also have arch which is also using 9 and has all the flags. So it is not bsd specific. Ideally we should just check version, but I don't think there's an easy way beside doing something like ssh -vv localhost </dev/null and parsing version from stderr. Meh.

Good catch! It failed on my gceworker and TeamCity and succeeded on OSX so I jumped to the wrong conclusion 🙂

It should be possible to parse the version relatively easily with ssh -V

[AlexTalks]

bors r+

[AlexTalks]

It should be possible to parse the version relatively easily with ssh -V

I added this as a TODO but wanted to merge this fix for now.

[craig]

Build succeeded:

• Bazel Essential CI (Cockroach)