incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wido den Hollander <w...@widodh.nl>
Subject Re: Do we still need to patch the SystemVM ISO on the management server?
Date Tue, 11 Sep 2012 21:24:54 GMT


On 09/11/2012 10:10 PM, Chiradeep Vittal wrote:
>
>
> On 9/11/12 12:55 PM, "Wido den Hollander" <wido@widodh.nl> wrote:
>
>> Hi,
>>
>> Currently the management server does some magic stuff with systemvm.iso
>> like injecting keys into it with injectkeys.sh on boot.
>>
>> However, is this still required? I can't find any reference that we
>> transfer this modified ISO from the management server to the Hypervisor,
>> do we? As it seems the SSH keys are injected by the Agent and no longer
>> by the management server.
>
> The ssh keys are generated by the management server on first startup and
> injected into the ISO.
> This ISO is copied down to the XenServer (CitrixResourceBase.setupServer)
> and mounted by the system vm.
>
> When the system vm boots, it checks for this key and copies it into
> authorized keys. See
> patches/systemvm/debian/config/etc/init.d/cloud-early-config
>

Ah, yes. I was confused by KVM, the process there works differently. 
It's the Agent which injects the key into the systemvm.

>>
>> I'd like to get rid of this code as it seems to confuse people.
>>
>> "injectkeys.sh" is also part of the cloud-agent-scripts package which I
>> don't want to have installed on a management server.
>>

The script should then however be moved from package. Imho it's not 
correct to install cloud-agent-scripts on a management server.

Wido

>> I think it can be removed, but I'd just want conformation.
>
> No, for the above reasons.
> --
> Chiradeep
>

Mime
View raw message