incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcus Sorensen <shadow...@gmail.com>
Subject Re: SystemVM ISO on KVM
Date Tue, 19 Feb 2013 14:55:46 GMT
On xen the systemvm.iso should be updated on the management server. At
least I think that's how thy do it.

On KVM the key is copied via the patch disk (/dev/vdb). If you were to
mount that drive in your systemvm, it has an authorized_keys file that is
copied by an init script. This is kind of ugly, as it tends to litter your
storage with patch disks, since they're technically not kept track of by
cloudstack. When I found this I triaged this somewhat by naming them
similar to the host, and then looking for any patch disk with a name
similar ton the VM when it gets deleted.
On Feb 19, 2013 2:07 AM, "Dave Cahill" <dcahill@midokura.com> wrote:

> Hi,
>
> Working on CloudStack in development mode (using jetty to run the
> management server), I noticed that the Host's SSH keypairs and those in the
> system VM ISO easily get out of sync.
>
> After every database redeploy, the the management server generates a new
> SSH keypair because the "ssh.privatekey" and "ssh.publickey" configuration
> entries are gone from the database.
>
> Once these new keypairs are generated, the management server:
>
> * Writes the new keypair to disk on the management server node
> (~/.ssh/id_rsa)
>     As an aside, this overwrites the user's existing SSH keys; we discussed
> this back in November [1], but didn't come to a conclusion
> * Writes the new keypair to the database ("ssh.privatekey" and
> "ssh.publickey" configuration entries)
> * Injects the new keypair into systemvm.iso on the management server
> * Overwrites /root/.ssh/id_rsa.cloud on the Host with the new keypair (via
> the agent on the Host)
>
> In other words, it automatically overwrites the ssh keypair on the Host,
> but doesn't automatically overwrite systemvm.iso on the Host as far as I
> can see. This means the keypair and the systemvm ISO are out of sync on the
> Host, and sshing into system vms using /root/,ssh/id_rsa.cloud doesn't
> work.
>
> To get around this, I scp the new systemvm.iso across to the Host after
> redeploying the database and starting the management server for the first
> time, and before setting up the Host on the management server side.
>
> Is there a better way?
>
> Thanks,
> Dave.
>
> [1] [DISCUSS] SSH keys overwritten for user running management server
>
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201211.mbox/%3CCALytfWZEb8UUKQ--TZgcqPcsZ_EAoBiK+VtMLL0ZD17+W0QoQQ@mail.gmail.com%3E
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message