Return-Path: X-Original-To: apmail-brooklyn-dev-archive@minotaur.apache.org Delivered-To: apmail-brooklyn-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2636110B1C for ; Fri, 23 Jan 2015 09:40:14 +0000 (UTC) Received: (qmail 41348 invoked by uid 500); 23 Jan 2015 09:40:14 -0000 Delivered-To: apmail-brooklyn-dev-archive@brooklyn.apache.org Received: (qmail 41310 invoked by uid 500); 23 Jan 2015 09:40:14 -0000 Mailing-List: contact dev-help@brooklyn.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@brooklyn.incubator.apache.org Delivered-To: mailing list dev@brooklyn.incubator.apache.org Received: (qmail 41285 invoked by uid 99); 23 Jan 2015 09:40:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Jan 2015 09:40:13 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of alex.heneveld@cloudsoftcorp.com designates 74.125.82.172 as permitted sender) Received: from [74.125.82.172] (HELO mail-we0-f172.google.com) (74.125.82.172) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Jan 2015 09:39:16 +0000 Received: by mail-we0-f172.google.com with SMTP id q59so2931019wes.3 for ; Fri, 23 Jan 2015 01:39:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudsoftcorp.com; s=google; h=from:message-id:date:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=O8hOlbCjbXb8xksONWmIGJAh4kpg96+9lK/atc9v1js=; b=Cl5tD1/nPh6F9fRKRGWg8+lSOjrauU/taTFVNpMhmAdp1UFaP3a74oBjmcnfpPQfoP yDeY8jDqktEftfqXAFGrxksY2Ef6LmawRJ+u0HwgfuuKVAQRaP3OO5MMP0pmGCCPzTie 6j1aYqV5UjQGInkDfGxNQAeL6SaJrTOiORI3w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:date:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=O8hOlbCjbXb8xksONWmIGJAh4kpg96+9lK/atc9v1js=; b=bQ4jQI5XjPfNto4QChc6n7W23w6jhp1m1rRWCXLWoUFab5DZzzbpz/QzjCzVGfOPS1 MwK2dDa2oVN2NpFaywK5PinciOGuMugd8b69ND8Du+rUWUITT1o/TIjCvHaHexAVk5Fg 5HMqQnLgx7YZturxI9vp3CDdqj5HhG8jtBtqhlVOqzwfQ6OnF7M0v0W+nICeLLgf7DgJ 5qGOS64rPlmf1V6T8BLvmwqSvJnl3xP6xQ8y+F6Tux7kdDKrLdAPami6i/NXbyfTPlca qIrPLd7wM4vlrMppsjKZ/aRjYGG4hb1YUzj8V4SF4CQ4dbgeIRZzv2lEvJgPAtdWsHls zH/g== X-Gm-Message-State: ALoCoQlQ3Pabqz0VWlkTOoml+fZYC0F89vGQuw+A9DK9Xg8uZO1rUjk7ypLAWmHCJsIfgfnjhxZB X-Received: by 10.194.188.39 with SMTP id fx7mr11435460wjc.113.1422005955734; Fri, 23 Jan 2015 01:39:15 -0800 (PST) Received: from almacretin.local (host86-138-188-39.range86-138.btcentralplus.com. [86.138.188.39]) by mx.google.com with ESMTPSA id be2sm1415025wjb.38.2015.01.23.01.39.14 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 23 Jan 2015 01:39:15 -0800 (PST) From: Alex Heneveld X-Google-Original-From: Alex Heneveld Message-ID: <54C216C1.3010804@CloudsoftCorp.com> Date: Fri, 23 Jan 2015 09:39:13 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: dev@brooklyn.incubator.apache.org Subject: new jclouds/login features References: In-Reply-To: Content-Type: multipart/alternative; boundary="------------090204040000080208060208" X-Virus-Checked: Checked by ClamAV on apache.org --------------090204040000080208060208 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi folks- I finished #465 last night [1] which refactors inferencing for login credentials to use for jclouds-provisioned machines. Because logging in to machines is quite important to what we do :) it would be good to test this in a wide range of situations. If you have some special login situations I'd appreciate it if you could test this out. Key changes are: * if there is an invalid key or a missing passphrase, it fails fast * if no keys are supplied it tries the usual ~/.ssh/id_{r,d}sa, and if those are missing or invalid it logs a message and then it creates a new *key* (rather than a password as some images don't allow passwords) * an explicit blank value for privateKeyFile can force use of a new key for each host * if a passphrase is supplied, the key is decrypted before passing it to jclouds (previously jclouds wouldn't respect passphrases in some places) * public keys can be extracted from private key pem files if no *.pub is present Also: * you can set extra public keys to be authorized (comma separated file/url string in brooklyn.properties or a list in yaml) * you can supply extra first-boot commands as part of the template options script (e.g. if sudoers file needs different treatment) This should be totally compatible with all sensible existing configurations, but just give more features and better feedback on bad configs. Best Alex > incubator-brooklyn-pull-requests #685 > > SUCCESS > Best Alex [1] https://github.com/apache/incubator-brooklyn/pull/465 --------------090204040000080208060208--