brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Heneveld <>
Subject Re: new jclouds/login features
Date Fri, 23 Jan 2015 13:50:00 GMT


Sure thing.  The aim is to make those awkward login configs easier of 
course, not harder, so you'll be a good litmus test whether this moves 
in the right direction!


On 23/01/2015 13:20, Richard Downer wrote:
> Alex,
> I've recently lost hours trying to get an awkward login configuration
> working in Brooklyn, so I think I fit the criteria of "special login
> situations" :-) I'll give this a try but it probably won't be until
> Monday that I'll have the time to do it. There are a couple of warning
> bells in your list of key changes, so if you can wait a couple of
> days, please can we make sure that this is not merged until I've had a
> chance to test it.
> Thanks
> Richard.
> On 23 January 2015 at 09:39, Alex Heneveld
> <> wrote:
>> Hi folks-
>> I finished #465 last night [1] which refactors inferencing for login
>> credentials to use for jclouds-provisioned machines.
>> Because logging in to machines is quite important to what we do :) it would
>> be good to test this in a wide range of situations.  If you have some
>> special login situations I'd appreciate it if you could test this out.
>> Key changes are:
>> * if there is an invalid key or a missing passphrase, it fails fast
>> * if no keys are supplied it tries the usual ~/.ssh/id_{r,d}sa, and if those
>> are missing or invalid it logs a message and then it creates a new *key*
>> (rather than a password as some images don't allow passwords)
>> * an explicit blank value for privateKeyFile can force use of a new key for
>> each host
>> * if a passphrase is supplied, the key is decrypted before passing it to
>> jclouds (previously jclouds wouldn't respect passphrases in some places)
>> * public keys can be extracted from private key pem files if no *.pub is
>> present
>> Also:
>> * you can set extra public keys to be authorized (comma separated file/url
>> string in or a list in yaml)
>> * you can supply extra first-boot commands as part of the template options
>> script (e.g. if sudoers file needs different treatment)
>> This should be totally compatible with all sensible existing configurations,
>> but just give more features and better feedback on bad configs.
>> Best
>> Alex
>>> incubator-brooklyn-pull-requests #685
>>> <>
>> Best
>> Alex
>> [1]

View raw message