StarCluster - Mailing List Archive

Re: problem modifying starcluster AMI - ubuntu password change does not persist

From: Dan Tenenbaum <no email>
Date: Wed, 18 Jun 2014 10:17:13 -0700 (PDT)

I tried attaching the console log output but the list rejected it as being too large. You can find it here:

https://s3.amazonaws.com/bioc-misc/console-log.txt

Thanks,
Dan


----- Original Message -----
> From: "Dan Tenenbaum" <dtenenba_at_fhcrc.org>
> To: "Rayson Ho" <raysonlogin_at_gmail.com>
> Cc: starcluster_at_mit.edu
> Sent: Tuesday, June 17, 2014 4:37:20 PM
> Subject: Re: [StarCluster] problem modifying starcluster AMI - ubuntu password change does not persist
>
> Attached is the console log output. It doesn't explicitly say
> anything about changing passwords (though I didn't read it super
> carefully) but it does say things like "running script /whatever"
> and I don't know what's in those scripts.
>
> Thanks,
> Dan
>
>
> ----- Original Message -----
> > From: "Rayson Ho" <raysonlogin_at_gmail.com>
> > To: "Dan Tenenbaum" <dtenenba_at_fhcrc.org>
> > Cc: starcluster_at_mit.edu
> > Sent: Tuesday, June 17, 2014 4:01:01 PM
> > Subject: Re: [StarCluster] problem modifying starcluster AMI -
> > ubuntu password change does not persist
> >
> >
> >
> > On Tue, Jun 17, 2014 at 6:57 PM, Dan Tenenbaum < dtenenba_at_fhcrc.org
> > >
> > wrote:
> >
> >
> >
> > Thanks. I booted up an instance but the Get System Log action did
> > not
> > show any output.
> >
> >
> > It can take up to 10 mins (sometimes even more!) for the log to
> > propagate to the web console.
> >
> > Rayson
> >
> > ==================================================
> > Open Grid Scheduler - The Official Open Source Grid Engine
> > http://gridscheduler.sourceforge.net/
> > http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
> >
> >
> >
> >
> >
> > Is this available in some other way, like with dmesg or something?
> > (I
> > looked briefly at the dmesg output but did not see anything
> > suggesting the password was reset).
> >
> > I think I have come up with a workaround, which is to use something
> > like this in root's crontab:
> >
> > _at_reboot echo "ubuntu:foobar" | /usr/sbin/chpasswd >
> > /tmp/chpasswd.result 2>&1
> >
> > Of course, this is completely insecure. Luckily, in this context, I
> > don't actually care about security, and in fact I want this
> > password
> > to be publicly known by users of the AMI. So this still might need
> > to be fixed at the cloud-init level sometime down the line, when me
> > or someone else runs across this and needs a secure solution.
> >
> >
> > Dan
> >
> >
> > ----- Original Message -----
> > > From: "Rayson Ho" < raysonlogin_at_gmail.com >
> > > To: "Dan Tenenbaum" < dtenenba_at_fhcrc.org >
> > > Cc: starcluster_at_mit.edu
> >
> >
> > > Sent: Tuesday, June 17, 2014 3:19:01 PM
> > > Subject: Re: [StarCluster] problem modifying starcluster AMI -
> > > ubuntu password change does not persist
> > >
> > >
> > > I believe it is cloud-init, which is installed by default on all
> > > the
> > > Ubuntu AMI images, that is changing your password for the ububtu
> > > user.
> > >
> > >
> > > So to verify, after you boot up an instance with your new AMI,
> > > get
> > > the instance's console output by using the "Get System Log"
> > > action.
> > > If there is a line like: Changing password for ubuntu, or
> > > anything
> > > related to password in the boot log, then we can fix that for you
> > > by
> > > changing the cloud-init behavior.
> > >
> > >
> > > Rayson
> > >
> > > ==================================================
> > > Open Grid Scheduler - The Official Open Source Grid Engine
> > > http://gridscheduler.sourceforge.net/
> > > http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
> > >
> > >
> > > On Tue, Jun 17, 2014 at 5:16 PM, Dan Tenenbaum <
> > > dtenenba_at_fhcrc.org
> > > >
> > > wrote:
> > >
> > >
> > > However, I just reproduced the problem in a few simpler steps:
> > >
> > > - launched an instance of the sc ami ami-3393a45a (in the aws
> > > console)
> > > - ssh'd to it, changed ubuntu's password to foobar
> > > - verified that the change worked by doing 'su - ubuntu'
> > > - created an image (again in the console) based on that instance
> > > - started a new instance of the image from the last step
> > > - ssh'd in as ubuntu
> > > - 'su - ubuntu' with the password I set fails.
> > >
> > >
> > > Dan
> > >
> > >
> > > ----- Original Message -----
> > >
> > > > From: "Dan Tenenbaum" < dtenenba_at_fhcrc.org >
> > > > To: "Rayson Ho" < raysonlogin_at_gmail.com >
> > > > Cc: starcluster_at_mit.edu
> > >
> > >
> > > > Sent: Tuesday, June 17, 2014 1:54:45 PM
> > > > Subject: Re: [StarCluster] problem modifying starcluster AMI -
> > > > ubuntu password change does not persist
> > > >
> > > > Hi Rayson,
> > > >
> > > > I went through a couple of iterations.
> > > >
> > > > I started by using launching the SC AMI with the command
> > > > documented
> > > > at
> > > > http://star.mit.edu/cluster/docs/latest/manual/create_new_ami.html
> > > > ( starcluster start -o -s 1 -I <INSTANCE-TYPE> -m <BASE-AMI-ID>
> > > > imagehost)
> > > >
> > > > Then I added chef to the running instance (I did not change any
> > > > passwords at this point).
> > > >
> > > > Then I created a new image from that using the starcluster
> > > > ebimage
> > > > command, and used vagrant (with the aws plugin) and chef to
> > > > provision an instance of that image according to my needs and
> > > > to
> > > > change ubuntu's password.
> > > >
> > > > I'm wondering if there are startup daemons, or NFS, or
> > > > something,
> > > > that somehow resets the /etc/passwd file or explicitly resets
> > > > ubuntu's password?
> > > >
> > > > Thanks,
> > > > Dan
> > > >
> > > > ----- Original Message -----
> > > > > From: "Rayson Ho" < raysonlogin_at_gmail.com >
> > > > > To: "Dan Tenenbaum" < dtenenba_at_fhcrc.org >
> > > > > Cc: starcluster_at_mit.edu
> > > > > Sent: Tuesday, June 17, 2014 1:31:07 PM
> > > > > Subject: Re: [StarCluster] problem modifying starcluster AMI
> > > > > -
> > > > > ubuntu password change does not persist
> > > > >
> > > > >
> > > > > What tools did you use to create the AMI? Did you use the web
> > > > > console
> > > > > or you use the StarCluster command?
> > > > >
> > > > >
> > > > > If you use the SC ebsimage command, then did you change your
> > > > > password
> > > > > on the image host?
> > > > >
> > > > >
> > > > > Rayson
> > > > >
> > > > > ==================================================
> > > > > Open Grid Scheduler - The Official Open Source Grid Engine
> > > > > http://gridscheduler.sourceforge.net/
> > > > > http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
> > > > >
> > > > >
> > > > > On Tue, Jun 17, 2014 at 3:17 PM, Dan Tenenbaum <
> > > > > dtenenba_at_fhcrc.org
> > > > > >
> > > > > wrote:
> > > > >
> > > > >
> > > > > Hello,
> > > > >
> > > > > This might sound like an EC2 question that has nothing to do
> > > > > with
> > > > > starcluster, and in fact I have asked it on some AWS forums
> > > > > (there've been no answers). However, I have never encountered
> > > > > this
> > > > > problem before until I started modifying a starcluster AMI,
> > > > > so
> > > > > I
> > > > > wonder if it is related to what's on that AMI.
> > > > >
> > > > > I made a custom AMI based on the starcluster AMI ami-3393a45a
> > > > > (us-east-1 starcluster-base-ubuntu-13.04-x86_64 (EBS))).
> > > > >
> > > > > I installed a bunch of additional software and I also set the
> > > > > password of the ubuntu user to (let's say) 'foobar'.
> > > > >
> > > > > The reason I did that is that I installed a web app that uses
> > > > > unix
> > > > > usernames and passwords for authentication. So I needed the
> > > > > ubuntu
> > > > > user to have a known password.
> > > > >
> > > > > I then made a new image based on my running instance. Then I
> > > > > started
> > > > > a new instance from that image.
> > > > > I ssh'd to that instance as the ubuntu user and typed
> > > > > 'passwd'.
> > > > > I
> > > > > was
> > > > > prompted for my existing password and entered 'foobar'. I
> > > > > then
> > > > > got:
> > > > >
> > > > > passwd: Authentication token manipulation error
> > > > > passwd: password unchanged
> > > > >
> > > > > This tells me that the password for ubuntu is not 'foobar'.
> > > > >
> > > > > Another way to test this is to try 'su - ubuntu'. This
> > > > > prompts
> > > > > for
> > > > > the password, I enter 'foobar' and it says "su:
> > > > > Authentication
> > > > > failure".
> > > > >
> > > > > So...in a nutshell, when I change the ubuntu password, this
> > > > > change
> > > > > does not survive the process of creating a new AMI.
> > > > >
> > > > > Could this be due to the way the starcluster AMI is
> > > > > configured?
> > > > > Is
> > > > > there some script that runs when it boots that re-sets that
> > > > > password? I'm not passing any user-data when I start the
> > > > > instance.....(I also tried a crontab _at_reboot job that changes
> > > > > the
> > > > > password and that didn't work either....so maybe whatever is
> > > > > messing
> > > > > me up is happening after that job is run).
> > > > >
> > > > > Thanks,
> > > > > Dan
> > > > > _______________________________________________
> > > > > StarCluster mailing list
> > > > > StarCluster_at_mit.edu
> > > > > http://mailman.mit.edu/mailman/listinfo/starcluster
> > > > >
> > > > >
> > > > _______________________________________________
> > > > StarCluster mailing list
> > > > StarCluster_at_mit.edu
> > > > http://mailman.mit.edu/mailman/listinfo/starcluster
> > > >
> > >
> > >
> >
> >
>
Received on Wed Jun 18 2014 - 13:17:16 EDT
This archive was generated by hypermail 2.3.0.

Search:

Sort all by:

Date

Month

Thread

Author

Subject