whirr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gerrit germis <gerrit.ger...@up-nxt.com>
Subject Re: `publickey` auth failed on CentOS AMI
Date Tue, 21 Feb 2012 12:54:16 GMT
not sure i understand the question. I have a keypair generated as mentioned
by the document "whirr in 5 minutes":

ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa_whirr

and then call whirr using a function whirr-start() that's defined as:

whirr-start ()
{
    local RECIPE="${1:?No recipe specified}";
    [[ -n $DEBUG ]] && export JAVA_OPTS="-Xdebug
-Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y" || unset
JAVA_OPTS;
    ${WHIRR_HOME}/bin/whirr launch-cluster --config "$RECIPE"
--private-key-file $WHIRR_KEYPAIR_FILE
}

you want me to generate a new keypair and use that ?

cheers,
Gerrit

On Tue, Feb 21, 2012 at 1:30 PM, Andrei Savu <savu.andrei@gmail.com> wrote:

> This may be a dummy question: Can you create an instance from the same AMI
> using a different key or the public key is hardcode?
>
> On Tue, Feb 21, 2012 at 12:06 PM, gerrit germis <gerrit.germis@up-nxt.com
> >wrote:
>
> > Hi Andrei,
> >
> > I tried starting the instance with whirr.bootstrap-user=ec2-user, but I
> get
> > the same issue:
> >
> > 2012-02-21 13:03:04,269 ERROR [net.schmizz.concurrent.Promise] (user
> thread
> > 2) <<authenticated>> woke to:
> net.schmizz.sshj.userauth.UserAuthException:
> > publickey auth failed
> > 2012-02-21 13:03:04,270 INFO  [net.schmizz.sshj.userauth.UserAuthImpl]
> > (user thread 2) `publickey` auth failed
> > 2012-02-21 13:03:04,272 INFO  [jclouds.ssh] (user thread 2) <<
> >
> >
> (ec2-user:rsa[fingerprint(6e:40:92:20:fa:4e:7f:12:5f:91:d4:a7:8b:f3:c7:c8),sha1(11:35:0a:35:29:fe:66:11:17:d2:b6:c8:75:5c:be:92:75:ca:74:83)]@
> > 204.236.154.23:22) error acquiring SSHClient(timeout=60000) (attempt 1
> of
> > 7): Exhausted available authentication methods
> >
> > If i login manually with the user ec2-user, i can sudo without a password
> >
> > cheers,
> > Gerrit
> >
> >
> > On Tue, Feb 21, 2012 at 11:53 AM, Andrei Savu <savu.andrei@gmail.com>
> > wrote:
> >
> > > Only the ability to do sudo without a password is a requirement for
> > Whirr.
> > >
> > > On Tue, Feb 21, 2012 at 10:50 AM, gerrit germis <
> > gerrit.germis@up-nxt.com
> > > >wrote:
> > >
> > > > Using a different image (us-west-1/ami-31fba674) (with which i can
> log
> > in
> > > > through ssh with the root user) it seems to work. I guess that's a
> > > > precondition for whirr ?
> > > >
> > > > cheers,
> > > > Gerrit
> > > >
> > > > On Tue, Feb 21, 2012 at 10:43 AM, gerrit germis <
> > > gerrit.germis@up-nxt.com
> > > > >wrote:
> > > >
> > > > > Hi Andrei
> > > > >
> > > > > I am using the trunk version of whirr (from
> > > > > https://svn.apache.org/repos/asf/whirr/trunk):
> > > > >
> > > > > $ svn update
> > > > > At revision 1291671.
> > > > >
> > > > > I tried launching an m1.large instance of that AMI
> > > > > (us-west-1/ami-e792cba2) but unfortunately got the same result. I
> > tried
> > > > > launching with whirr.bootstrap-user=whirr and without the option
> > > > >
> > > > > The AMI disallows logging in with the root user through ssh. That's
> > > why I
> > > > > thought I had to change the bootstrap-user parameter. Does whirr
> > expect
> > > > > some particular ssh options to be set perhaps? the
> > > /etc/sshd/sshd_config
> > > > > file looks like:
> > > > >
> > > > > Protocol 2
> > > > > SyslogFacility AUTHPRIV
> > > > > PermitRootLogin no
> > > > > PasswordAuthentication yes
> > > > > ChallengeResponseAuthentication no
> > > > > GSSAPIAuthentication yes
> > > > > GSSAPICleanupCredentials yes
> > > > > UsePAM yes
> > > > > AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
> > > > > LC_MESSAGES
> > > > > AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> > > > > AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
> > > > > AcceptEnv XMODIFIERS
> > > > > X11Forwarding yes
> > > > > Subsystem       sftp    /usr/libexec/openssh/sftp-server
> > > > >
> > > > >
> > > > > This is what i get if i log in manually from the commandline with
> the
> > > > > private key I started the image with manually: (logging in as
> > > "ec2-user")
> > > > >
> > > > > debug1: Next authentication method: publickey
> > > > > debug1: Trying private key: /home/gerrit/.aws/certs/gerrit.pem
> > > > > debug1: read PEM private key done: type RSA
> > > > > debug3: sign_and_send_pubkey: RSA
> > > > > 3b:e6:b5:0b:ba:51:42:66:76:e7:39:68:82:5c:01:5d
> > > > > debug2: we sent a publickey packet, wait for reply
> > > > > debug1: Authentication succeeded (publickey).
> > > > >
> > > > >
> > > > > cheers
> > > > > Gerrit
> > > > >
> > > > >
> > > > >
> > > > > On Tue, Feb 21, 2012 at 10:09 AM, Andrei Savu <
> savu.andrei@gmail.com
> > > > >wrote:
> > > > >
> > > > >> Gerrit if you are using 0.7.0 I recommend you give it another
try
> > > with a
> > > > >> larger instance type (at least m1.small). Let me know if this
> works
> > > for
> > > > >> you. Other than that the recipe looks good to me.
> > > > >>
> > > > >> On Tue, Feb 21, 2012 at 4:40 AM, gerrit germis <
> > > > gerrit.germis@up-nxt.com
> > > > >> >wrote:
> > > > >>
> > > > >> > It was there.. i'll add it in the body this time:
> > > > >> >
> > > > >> > # Change the cluster name here
> > > > >> > whirr.cluster-name=upnxt-gge-test
> > > > >> >
> > > > >> > whirr.instance-templates=1 script:alexandria-server
> > > > >> >
> > > > >> > whirr.client-cidrs=0.0.0.0/0
> > > > >> > whirr.firewall-rules=80,443,8080
> > > > >> >
> > > > >> > whirr.hardware-min-ram=1024
> > > > >> > whirr.location-id=us-west-1
> > > > >> >
> > > > >> > # 32-bit:
> > > > >> > #whirr.image-id=us-west-1/ami-eb227eae
> > > > >> >
> > > > >> > # CentOS 64-bit:
> > > > >> > whirr.hardware-id=t1.micro
> > > > >> > whirr.image-id=us-west-1/ami-e792cba2
> > > > >> >
> > > > >> > # installation alexandria server
> > > > >> > #  - apache2 (proxy)
> > > > >> > #  - java
> > > > >> > #  - jboss
> > > > >> > #  - alexandria ear
> > > > >> > whirr.script.alexandria-server.startup=install_alexandria_server
> > > > >> > whirr.script.alexandria-server.startup.param=
> > > > >> >
> > > > >> >
> > > > >>
> > > >
> > >
> >
> http://upnxt-thirdparty-us-west.s3.amazonaws.com/java/jdk-6u31-linux-i586.tar.gz
> > > > >> > whirr.script.alexandria-server.startup.param=
> > > > >> >
> > > > >> >
> > > > >>
> > > >
> > >
> >
> http://upnxt-thirdparty-us-west.s3.amazonaws.com/jboss/jboss-as-web-7.0.2.Final.tar.gz
> > > > >> > whirr.script.alexandria-server.startup.param=
> > > > >> >
> > > > >> >
> > > > >>
> > > >
> > >
> >
> http://upnxt-releases.s3.amazonaws.com/alexandria/alexandria-ear-1.0.0-SNAPSHOT.ear
> > > > >> >
> whirr.script.alexandria-server.config=configure_alexandria_server
> > > > >> > whirr.script.alexandria-server.config.params=
> > > > >> >
> > > > >> >
> > > > >> > #
> > > > >> > # Variables exported to generated functions script
> > > > >> > #
> > > > >> > whirr.env.alexAccessKeyId=${env:AWS_ACCESS_KEY_ID}
> > > > >> > whirr.env.alexSecretAccessKey=${env:AWS_SECRET_ACCESS_KEY}
> > > > >> > whirr.env.alexBucket=dev-alexandria
> > > > >> >
> > > > >> > cheers,
> > > > >> > Gerrit
> > > > >> >
> > > > >> > On Tue, Feb 21, 2012 at 1:18 AM, Andrei Savu <
> > savu.andrei@gmail.com
> > > >
> > > > >> > wrote:
> > > > >> >
> > > > >> > > I see no script-ec2.properties attachment. Can you
add that
> > > please?
> > > > >> > >
> > > > >> > > On Mon, Feb 20, 2012 at 10:27 PM, gerrit germis <
> > > > >> > gerrit.germis@up-nxt.com
> > > > >> > > >wrote:
> > > > >> > >
> > > > >> > > > Hi,
> > > > >> > > >
> > > > >> > > > I'm trying to launch a CentOS 6.2 AMI (ami-e792cba2)
on EC2,
> > but
> > > > the
> > > > >> > > > instance fails to start claiming that it exhausted
all
> > available
> > > > >> > > > authentication methods. If I create the instance
through the
> > AWS
> > > > >> site
> > > > >> > > > directly, I can login with the "ec2-user" user
and can sudo
> > > bash.
> > > > I
> > > > >> > tried
> > > > >> > > > some of the suggestions on
> > > > >> > > https://issues.apache.org/jira/browse/WHIRR-378but
to no
> > avail..
> > > > >> tried
> > > > >> > > several combinations of whirr.bootstrap-user and
> > > > >> > > > whirr.cluster-user.
> > > > >> > > >
> > > > >> > > > Attached you can find the recipe file used
> > > (script-ec2.properties)
> > > > >> and
> > > > >> > > the
> > > > >> > > > output I get (whirr.log)
> > > > >> > > > The custom service I use is attached as
> > > > >> "whirr-script-service-1.0.jar".
> > > > >> > > It
> > > > >> > > > allows to launch some scripts with some params
during the
> > > > bootstrap
> > > > >> and
> > > > >> > > the
> > > > >> > > > config phases. It makes it easy to quickly try
out setups...
> > > > >> > > >
> > > > >> > > > Thanks in advance for any insights into this issue
> > > > >> > > >
> > > > >> > > > Sincerely,
> > > > >> > > > Gerrit
> > > > >> > > >
> > > > >> > >
> > > > >> >
> > > > >>
> > > > >
> > > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message