incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcus Sorensen <shadow...@gmail.com>
Subject Re: Do we still need to patch the SystemVM ISO on the management server?
Date Thu, 20 Sep 2012 17:44:17 GMT
Have there been any changes around this? I don't seem to be getting
the systemvm.iso anymore when I launch a system vm, so I never get the
latest cloud-early-config, etc.

On Tue, Sep 11, 2012 at 3:24 PM, Wido den Hollander <wido@widodh.nl> wrote:
>
>
> On 09/11/2012 10:10 PM, Chiradeep Vittal wrote:
>>
>>
>>
>> On 9/11/12 12:55 PM, "Wido den Hollander" <wido@widodh.nl> wrote:
>>
>>> Hi,
>>>
>>> Currently the management server does some magic stuff with systemvm.iso
>>> like injecting keys into it with injectkeys.sh on boot.
>>>
>>> However, is this still required? I can't find any reference that we
>>> transfer this modified ISO from the management server to the Hypervisor,
>>> do we? As it seems the SSH keys are injected by the Agent and no longer
>>> by the management server.
>>
>>
>> The ssh keys are generated by the management server on first startup and
>> injected into the ISO.
>> This ISO is copied down to the XenServer (CitrixResourceBase.setupServer)
>> and mounted by the system vm.
>>
>> When the system vm boots, it checks for this key and copies it into
>> authorized keys. See
>> patches/systemvm/debian/config/etc/init.d/cloud-early-config
>>
>
> Ah, yes. I was confused by KVM, the process there works differently. It's
> the Agent which injects the key into the systemvm.
>
>
>>>
>>> I'd like to get rid of this code as it seems to confuse people.
>>>
>>> "injectkeys.sh" is also part of the cloud-agent-scripts package which I
>>> don't want to have installed on a management server.
>>>
>
> The script should then however be moved from package. Imho it's not correct
> to install cloud-agent-scripts on a management server.
>
> Wido
>
>
>>> I think it can be removed, but I'd just want conformation.
>>
>>
>> No, for the above reasons.
>> --
>> Chiradeep
>>
>

Mime
View raw message