Re: problem modifying starcluster AMI - ubuntu password change does not persist
On Tue, Jun 17, 2014 at 6:57 PM, Dan Tenenbaum <dtenenba_at_fhcrc.org> wrote:
> Thanks. I booted up an instance but the Get System Log action did not show
> any output.
It can take up to 10 mins (sometimes even more!) for the log to propagate
to the web console.
Rayson
==================================================
Open Grid Scheduler - The Official Open Source Grid Engine
http://gridscheduler.sourceforge.net/
http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
> Is this available in some other way, like with dmesg or something? (I
> looked briefly at the dmesg output but did not see anything suggesting the
> password was reset).
>
> I think I have come up with a workaround, which is to use something like
> this in root's crontab:
>
> _at_reboot echo "ubuntu:foobar" | /usr/sbin/chpasswd > /tmp/chpasswd.result
> 2>&1
>
> Of course, this is completely insecure. Luckily, in this context, I don't
> actually care about security, and in fact I want this password to be
> publicly known by users of the AMI. So this still might need to be fixed at
> the cloud-init level sometime down the line, when me or someone else runs
> across this and needs a secure solution.
>
> Dan
>
>
> ----- Original Message -----
> > From: "Rayson Ho" <raysonlogin_at_gmail.com>
> > To: "Dan Tenenbaum" <dtenenba_at_fhcrc.org>
> > Cc: starcluster_at_mit.edu
> > Sent: Tuesday, June 17, 2014 3:19:01 PM
> > Subject: Re: [StarCluster] problem modifying starcluster AMI - ubuntu
> password change does not persist
> >
> >
> > I believe it is cloud-init, which is installed by default on all the
> > Ubuntu AMI images, that is changing your password for the ububtu
> > user.
> >
> >
> > So to verify, after you boot up an instance with your new AMI, get
> > the instance's console output by using the "Get System Log" action.
> > If there is a line like: Changing password for ubuntu, or anything
> > related to password in the boot log, then we can fix that for you by
> > changing the cloud-init behavior.
> >
> >
> > Rayson
> >
> > ==================================================
> > Open Grid Scheduler - The Official Open Source Grid Engine
> > http://gridscheduler.sourceforge.net/
> > http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
> >
> >
> > On Tue, Jun 17, 2014 at 5:16 PM, Dan Tenenbaum < dtenenba_at_fhcrc.org >
> > wrote:
> >
> >
> > However, I just reproduced the problem in a few simpler steps:
> >
> > - launched an instance of the sc ami ami-3393a45a (in the aws
> > console)
> > - ssh'd to it, changed ubuntu's password to foobar
> > - verified that the change worked by doing 'su - ubuntu'
> > - created an image (again in the console) based on that instance
> > - started a new instance of the image from the last step
> > - ssh'd in as ubuntu
> > - 'su - ubuntu' with the password I set fails.
> >
> >
> > Dan
> >
> >
> > ----- Original Message -----
> >
> > > From: "Dan Tenenbaum" < dtenenba_at_fhcrc.org >
> > > To: "Rayson Ho" < raysonlogin_at_gmail.com >
> > > Cc: starcluster_at_mit.edu
> >
> >
> > > Sent: Tuesday, June 17, 2014 1:54:45 PM
> > > Subject: Re: [StarCluster] problem modifying starcluster AMI -
> > > ubuntu password change does not persist
> > >
> > > Hi Rayson,
> > >
> > > I went through a couple of iterations.
> > >
> > > I started by using launching the SC AMI with the command documented
> > > at
> > > http://star.mit.edu/cluster/docs/latest/manual/create_new_ami.html
> > > ( starcluster start -o -s 1 -I <INSTANCE-TYPE> -m <BASE-AMI-ID>
> > > imagehost)
> > >
> > > Then I added chef to the running instance (I did not change any
> > > passwords at this point).
> > >
> > > Then I created a new image from that using the starcluster ebimage
> > > command, and used vagrant (with the aws plugin) and chef to
> > > provision an instance of that image according to my needs and to
> > > change ubuntu's password.
> > >
> > > I'm wondering if there are startup daemons, or NFS, or something,
> > > that somehow resets the /etc/passwd file or explicitly resets
> > > ubuntu's password?
> > >
> > > Thanks,
> > > Dan
> > >
> > > ----- Original Message -----
> > > > From: "Rayson Ho" < raysonlogin_at_gmail.com >
> > > > To: "Dan Tenenbaum" < dtenenba_at_fhcrc.org >
> > > > Cc: starcluster_at_mit.edu
> > > > Sent: Tuesday, June 17, 2014 1:31:07 PM
> > > > Subject: Re: [StarCluster] problem modifying starcluster AMI -
> > > > ubuntu password change does not persist
> > > >
> > > >
> > > > What tools did you use to create the AMI? Did you use the web
> > > > console
> > > > or you use the StarCluster command?
> > > >
> > > >
> > > > If you use the SC ebsimage command, then did you change your
> > > > password
> > > > on the image host?
> > > >
> > > >
> > > > Rayson
> > > >
> > > > ==================================================
> > > > Open Grid Scheduler - The Official Open Source Grid Engine
> > > > http://gridscheduler.sourceforge.net/
> > > > http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
> > > >
> > > >
> > > > On Tue, Jun 17, 2014 at 3:17 PM, Dan Tenenbaum <
> > > > dtenenba_at_fhcrc.org
> > > > >
> > > > wrote:
> > > >
> > > >
> > > > Hello,
> > > >
> > > > This might sound like an EC2 question that has nothing to do with
> > > > starcluster, and in fact I have asked it on some AWS forums
> > > > (there've been no answers). However, I have never encountered
> > > > this
> > > > problem before until I started modifying a starcluster AMI, so I
> > > > wonder if it is related to what's on that AMI.
> > > >
> > > > I made a custom AMI based on the starcluster AMI ami-3393a45a
> > > > (us-east-1 starcluster-base-ubuntu-13.04-x86_64 (EBS))).
> > > >
> > > > I installed a bunch of additional software and I also set the
> > > > password of the ubuntu user to (let's say) 'foobar'.
> > > >
> > > > The reason I did that is that I installed a web app that uses
> > > > unix
> > > > usernames and passwords for authentication. So I needed the
> > > > ubuntu
> > > > user to have a known password.
> > > >
> > > > I then made a new image based on my running instance. Then I
> > > > started
> > > > a new instance from that image.
> > > > I ssh'd to that instance as the ubuntu user and typed 'passwd'. I
> > > > was
> > > > prompted for my existing password and entered 'foobar'. I then
> > > > got:
> > > >
> > > > passwd: Authentication token manipulation error
> > > > passwd: password unchanged
> > > >
> > > > This tells me that the password for ubuntu is not 'foobar'.
> > > >
> > > > Another way to test this is to try 'su - ubuntu'. This prompts
> > > > for
> > > > the password, I enter 'foobar' and it says "su: Authentication
> > > > failure".
> > > >
> > > > So...in a nutshell, when I change the ubuntu password, this
> > > > change
> > > > does not survive the process of creating a new AMI.
> > > >
> > > > Could this be due to the way the starcluster AMI is configured?
> > > > Is
> > > > there some script that runs when it boots that re-sets that
> > > > password? I'm not passing any user-data when I start the
> > > > instance.....(I also tried a crontab _at_reboot job that changes the
> > > > password and that didn't work either....so maybe whatever is
> > > > messing
> > > > me up is happening after that job is run).
> > > >
> > > > Thanks,
> > > > Dan
> > > > _______________________________________________
> > > > StarCluster mailing list
> > > > StarCluster_at_mit.edu
> > > > http://mailman.mit.edu/mailman/listinfo/starcluster
> > > >
> > > >
> > > _______________________________________________
> > > StarCluster mailing list
> > > StarCluster_at_mit.edu
> > > http://mailman.mit.edu/mailman/listinfo/starcluster
> > >
> >
> >
>
Received on Tue Jun 17 2014 - 19:01:03 EDT
This archive was generated by
hypermail 2.3.0.