StarCluster - Mailing List Archive

Re: problem modifying starcluster AMI - ubuntu password change does not persist

From: Dan Tenenbaum <no email>
Date: Tue, 17 Jun 2014 15:57:29 -0700 (PDT)

Thanks. I booted up an instance but the Get System Log action did not show any output. Is this available in some other way, like with dmesg or something? (I looked briefly at the dmesg output but did not see anything suggesting the password was reset).

I think I have come up with a workaround, which is to use something like this in root's crontab:

_at_reboot echo "ubuntu:foobar" | /usr/sbin/chpasswd > /tmp/chpasswd.result 2>&1

Of course, this is completely insecure. Luckily, in this context, I don't actually care about security, and in fact I want this password to be publicly known by users of the AMI. So this still might need to be fixed at the cloud-init level sometime down the line, when me or someone else runs across this and needs a secure solution.

Dan


----- Original Message -----
> From: "Rayson Ho" <raysonlogin_at_gmail.com>
> To: "Dan Tenenbaum" <dtenenba_at_fhcrc.org>
> Cc: starcluster_at_mit.edu
> Sent: Tuesday, June 17, 2014 3:19:01 PM
> Subject: Re: [StarCluster] problem modifying starcluster AMI - ubuntu password change does not persist
>
>
> I believe it is cloud-init, which is installed by default on all the
> Ubuntu AMI images, that is changing your password for the ububtu
> user.
>
>
> So to verify, after you boot up an instance with your new AMI, get
> the instance's console output by using the "Get System Log" action.
> If there is a line like: Changing password for ubuntu, or anything
> related to password in the boot log, then we can fix that for you by
> changing the cloud-init behavior.
>
>
> Rayson
>
> ==================================================
> Open Grid Scheduler - The Official Open Source Grid Engine
> http://gridscheduler.sourceforge.net/
> http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
>
>
> On Tue, Jun 17, 2014 at 5:16 PM, Dan Tenenbaum < dtenenba_at_fhcrc.org >
> wrote:
>
>
> However, I just reproduced the problem in a few simpler steps:
>
> - launched an instance of the sc ami ami-3393a45a (in the aws
> console)
> - ssh'd to it, changed ubuntu's password to foobar
> - verified that the change worked by doing 'su - ubuntu'
> - created an image (again in the console) based on that instance
> - started a new instance of the image from the last step
> - ssh'd in as ubuntu
> - 'su - ubuntu' with the password I set fails.
>
>
> Dan
>
>
> ----- Original Message -----
>
> > From: "Dan Tenenbaum" < dtenenba_at_fhcrc.org >
> > To: "Rayson Ho" < raysonlogin_at_gmail.com >
> > Cc: starcluster_at_mit.edu
>
>
> > Sent: Tuesday, June 17, 2014 1:54:45 PM
> > Subject: Re: [StarCluster] problem modifying starcluster AMI -
> > ubuntu password change does not persist
> >
> > Hi Rayson,
> >
> > I went through a couple of iterations.
> >
> > I started by using launching the SC AMI with the command documented
> > at
> > http://star.mit.edu/cluster/docs/latest/manual/create_new_ami.html
> > ( starcluster start -o -s 1 -I <INSTANCE-TYPE> -m <BASE-AMI-ID>
> > imagehost)
> >
> > Then I added chef to the running instance (I did not change any
> > passwords at this point).
> >
> > Then I created a new image from that using the starcluster ebimage
> > command, and used vagrant (with the aws plugin) and chef to
> > provision an instance of that image according to my needs and to
> > change ubuntu's password.
> >
> > I'm wondering if there are startup daemons, or NFS, or something,
> > that somehow resets the /etc/passwd file or explicitly resets
> > ubuntu's password?
> >
> > Thanks,
> > Dan
> >
> > ----- Original Message -----
> > > From: "Rayson Ho" < raysonlogin_at_gmail.com >
> > > To: "Dan Tenenbaum" < dtenenba_at_fhcrc.org >
> > > Cc: starcluster_at_mit.edu
> > > Sent: Tuesday, June 17, 2014 1:31:07 PM
> > > Subject: Re: [StarCluster] problem modifying starcluster AMI -
> > > ubuntu password change does not persist
> > >
> > >
> > > What tools did you use to create the AMI? Did you use the web
> > > console
> > > or you use the StarCluster command?
> > >
> > >
> > > If you use the SC ebsimage command, then did you change your
> > > password
> > > on the image host?
> > >
> > >
> > > Rayson
> > >
> > > ==================================================
> > > Open Grid Scheduler - The Official Open Source Grid Engine
> > > http://gridscheduler.sourceforge.net/
> > > http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
> > >
> > >
> > > On Tue, Jun 17, 2014 at 3:17 PM, Dan Tenenbaum <
> > > dtenenba_at_fhcrc.org
> > > >
> > > wrote:
> > >
> > >
> > > Hello,
> > >
> > > This might sound like an EC2 question that has nothing to do with
> > > starcluster, and in fact I have asked it on some AWS forums
> > > (there've been no answers). However, I have never encountered
> > > this
> > > problem before until I started modifying a starcluster AMI, so I
> > > wonder if it is related to what's on that AMI.
> > >
> > > I made a custom AMI based on the starcluster AMI ami-3393a45a
> > > (us-east-1 starcluster-base-ubuntu-13.04-x86_64 (EBS))).
> > >
> > > I installed a bunch of additional software and I also set the
> > > password of the ubuntu user to (let's say) 'foobar'.
> > >
> > > The reason I did that is that I installed a web app that uses
> > > unix
> > > usernames and passwords for authentication. So I needed the
> > > ubuntu
> > > user to have a known password.
> > >
> > > I then made a new image based on my running instance. Then I
> > > started
> > > a new instance from that image.
> > > I ssh'd to that instance as the ubuntu user and typed 'passwd'. I
> > > was
> > > prompted for my existing password and entered 'foobar'. I then
> > > got:
> > >
> > > passwd: Authentication token manipulation error
> > > passwd: password unchanged
> > >
> > > This tells me that the password for ubuntu is not 'foobar'.
> > >
> > > Another way to test this is to try 'su - ubuntu'. This prompts
> > > for
> > > the password, I enter 'foobar' and it says "su: Authentication
> > > failure".
> > >
> > > So...in a nutshell, when I change the ubuntu password, this
> > > change
> > > does not survive the process of creating a new AMI.
> > >
> > > Could this be due to the way the starcluster AMI is configured?
> > > Is
> > > there some script that runs when it boots that re-sets that
> > > password? I'm not passing any user-data when I start the
> > > instance.....(I also tried a crontab _at_reboot job that changes the
> > > password and that didn't work either....so maybe whatever is
> > > messing
> > > me up is happening after that job is run).
> > >
> > > Thanks,
> > > Dan
> > > _______________________________________________
> > > StarCluster mailing list
> > > StarCluster_at_mit.edu
> > > http://mailman.mit.edu/mailman/listinfo/starcluster
> > >
> > >
> > _______________________________________________
> > StarCluster mailing list
> > StarCluster_at_mit.edu
> > http://mailman.mit.edu/mailman/listinfo/starcluster
> >
>
>
Received on Tue Jun 17 2014 - 18:57:33 EDT
This archive was generated by hypermail 2.3.0.

Search:

Sort all by:

Date

Month

Thread

Author

Subject