StarCluster - Mailing List Archive

Re: [Starcluster] SOLVED!! instance ssh problem...

From: Justin Riley <no email>
Date: Mon, 29 Mar 2010 10:35:58 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Nicholas,

Awesome, glad to hear you've got the StarCluster ami working with
Eucalyptus. I'm still a little curious as to why I didn't need those
modifications to /etc/init.d/ec2-get-credentials and you did.

My current theory on this:

I believe that Eucalyptus is running the script
$EUCALYPTUS/usr/share/eucalyptus/add_key.pl somewhere in the process of
bringing the instance up.

Looking at this script it appears that they manually pipe the pub key
into root's authorized_keys file (ie they're mounting the iso and
creating the authorized_keys outside of the instance).

My only guess as to why my EMI worked out of the box with respect to ssh
is because of this script. Maybe it's not being executed for some reason?

Can you check if that script exists for you in /usr/share/eucalyptus?

Thanks and in any event, thanks for tracking this down :D

~Justin

On 03/29/2010 10:11 AM, Nicholas Ampazis wrote:
> Dear Justin,
>
> I've finally SOLVED the ssh problem as follows:
>
> I connected into a standard ubuntu emi in which I could ssh without
> any problem (a standard karmic server version). I noticed that the
> script "/usr/bin/ec2-fetch-credentials" was invoked which in turn
> depended on "/usr/lib/python2.6/dist-packages/ec2init/__init__.py".
>
> I opened it up and saw the following code:
>
> class EC2Init():
> api_ver = '2008-02-01'
> conffile = '/etc/ec2-init/ec2-config.cfg'
>
> location_locale_map = {
> 'us' : 'en_US.UTF-8',
> 'eu' : 'en_GB.UTF-8'
> }
>
> location_archive_map = {
> 'us' : 'http://us.ec2.archive.ubuntu.com/ubuntu',
> 'eu' : 'http://eu.ec2.archive.ubuntu.com/ubuntu'
> }
>
> def __init__(self):
> self.meta_data_base_url =
> 'http://169.254.169.254/%s/meta-data' % self.api_ver
> self.user_data_base_url =
> 'http://169.254.169.254/%s/user-data' % self.api_ver
> self.config = ConfigObj(self.conffile)
>
> which means that the %s part of meta_data_base_url was substituted by
> the value of api_ver (2008-02-01)
>
> Therefore all I had to do was to chroot into starcluster and then
> edit "/etc/init.d/ec2-get-credentials" by simply replacing the line
>
> public_key_url=http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
>
> with
>
> public_key_url=http://169.254.169.254/2008-02-01/meta-data/public-keys/0/openssh-key
>
> and then re-bundle and re-register the new image!
>
> Now it works as a charm (even though of course there's currently no
> other account than the root).
>
>
> Hope this helps other people with the same problem.
>
>
> Best regards,
>
>
> Nicholas
>
>>
>> On Sunday 28 March 2010 10:52:39 pm Justin Riley wrote:
>>> Hi Nicholas,
>>>
>>> Sorry for the late response on this. What version of Eucalyptus are you
>>> using? I just created an EMI from the starcluster iso that boots and that
>>> I can ssh into without modifying the image. I'm using Eucalyptus 1.6.2.
>>>
>>> What's weird to me is that I can ssh in, however, I cannot access
>>> 169.254.169.254 ip within the instance which means the ec2-get-credentials
>>> file can not be running successfully at startup. Something else must be
>>> configuring the authorized_keys file for root. This is why I wonder if
>>> something's up with eucalyptus on your end? Are you sure your keypair
>>> setting is correct when calling euca-run-instances?
>>>
>>> In any event, the exact file that fetches the credentials is in
>>> /etc/init.d/ec2-get-credentials
>>>
>>> If you still want to try manually editing this file, you need to change
>>> line 11 of this file to:
>>>
>>> public_key_url = http://<ip-address>:8773/latest/meta-data/public-
>>> keys/0/openssh-key
>>>
>>> Replace ip-address with your Eucalyptus cloud controller ip.
>>>
>>> Let me know if that helps,
>>>
>>> ~Justin
>>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuwus4ACgkQ4llAkMfDcrmuCACdEGWDSQyLl2TCoF/nhpq4U1ma
L+4AnRGCyNpgtDcXGC21sCMxC+UsOEuo
=5JX5
-----END PGP SIGNATURE-----
Received on Mon Mar 29 2010 - 10:36:00 EDT
This archive was generated by hypermail 2.3.0.

Search:

Sort all by:

Date

Month

Thread

Author

Subject