whirr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Savu <savu.and...@gmail.com>
Subject Re: `publickey` auth failed on CentOS AMI
Date Tue, 21 Feb 2012 10:53:43 GMT
Only the ability to do sudo without a password is a requirement for Whirr.

On Tue, Feb 21, 2012 at 10:50 AM, gerrit germis <gerrit.germis@up-nxt.com>wrote:

> Using a different image (us-west-1/ami-31fba674) (with which i can log in
> through ssh with the root user) it seems to work. I guess that's a
> precondition for whirr ?
>
> cheers,
> Gerrit
>
> On Tue, Feb 21, 2012 at 10:43 AM, gerrit germis <gerrit.germis@up-nxt.com
> >wrote:
>
> > Hi Andrei
> >
> > I am using the trunk version of whirr (from
> > https://svn.apache.org/repos/asf/whirr/trunk):
> >
> > $ svn update
> > At revision 1291671.
> >
> > I tried launching an m1.large instance of that AMI
> > (us-west-1/ami-e792cba2) but unfortunately got the same result. I tried
> > launching with whirr.bootstrap-user=whirr and without the option
> >
> > The AMI disallows logging in with the root user through ssh. That's why I
> > thought I had to change the bootstrap-user parameter. Does whirr expect
> > some particular ssh options to be set perhaps? the /etc/sshd/sshd_config
> > file looks like:
> >
> > Protocol 2
> > SyslogFacility AUTHPRIV
> > PermitRootLogin no
> > PasswordAuthentication yes
> > ChallengeResponseAuthentication no
> > GSSAPIAuthentication yes
> > GSSAPICleanupCredentials yes
> > UsePAM yes
> > AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
> > LC_MESSAGES
> > AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> > AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
> > AcceptEnv XMODIFIERS
> > X11Forwarding yes
> > Subsystem       sftp    /usr/libexec/openssh/sftp-server
> >
> >
> > This is what i get if i log in manually from the commandline with the
> > private key I started the image with manually: (logging in as "ec2-user")
> >
> > debug1: Next authentication method: publickey
> > debug1: Trying private key: /home/gerrit/.aws/certs/gerrit.pem
> > debug1: read PEM private key done: type RSA
> > debug3: sign_and_send_pubkey: RSA
> > 3b:e6:b5:0b:ba:51:42:66:76:e7:39:68:82:5c:01:5d
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Authentication succeeded (publickey).
> >
> >
> > cheers
> > Gerrit
> >
> >
> >
> > On Tue, Feb 21, 2012 at 10:09 AM, Andrei Savu <savu.andrei@gmail.com
> >wrote:
> >
> >> Gerrit if you are using 0.7.0 I recommend you give it another try with a
> >> larger instance type (at least m1.small). Let me know if this works for
> >> you. Other than that the recipe looks good to me.
> >>
> >> On Tue, Feb 21, 2012 at 4:40 AM, gerrit germis <
> gerrit.germis@up-nxt.com
> >> >wrote:
> >>
> >> > It was there.. i'll add it in the body this time:
> >> >
> >> > # Change the cluster name here
> >> > whirr.cluster-name=upnxt-gge-test
> >> >
> >> > whirr.instance-templates=1 script:alexandria-server
> >> >
> >> > whirr.client-cidrs=0.0.0.0/0
> >> > whirr.firewall-rules=80,443,8080
> >> >
> >> > whirr.hardware-min-ram=1024
> >> > whirr.location-id=us-west-1
> >> >
> >> > # 32-bit:
> >> > #whirr.image-id=us-west-1/ami-eb227eae
> >> >
> >> > # CentOS 64-bit:
> >> > whirr.hardware-id=t1.micro
> >> > whirr.image-id=us-west-1/ami-e792cba2
> >> >
> >> > # installation alexandria server
> >> > #  - apache2 (proxy)
> >> > #  - java
> >> > #  - jboss
> >> > #  - alexandria ear
> >> > whirr.script.alexandria-server.startup=install_alexandria_server
> >> > whirr.script.alexandria-server.startup.param=
> >> >
> >> >
> >>
> http://upnxt-thirdparty-us-west.s3.amazonaws.com/java/jdk-6u31-linux-i586.tar.gz
> >> > whirr.script.alexandria-server.startup.param=
> >> >
> >> >
> >>
> http://upnxt-thirdparty-us-west.s3.amazonaws.com/jboss/jboss-as-web-7.0.2.Final.tar.gz
> >> > whirr.script.alexandria-server.startup.param=
> >> >
> >> >
> >>
> http://upnxt-releases.s3.amazonaws.com/alexandria/alexandria-ear-1.0.0-SNAPSHOT.ear
> >> > whirr.script.alexandria-server.config=configure_alexandria_server
> >> > whirr.script.alexandria-server.config.params=
> >> >
> >> >
> >> > #
> >> > # Variables exported to generated functions script
> >> > #
> >> > whirr.env.alexAccessKeyId=${env:AWS_ACCESS_KEY_ID}
> >> > whirr.env.alexSecretAccessKey=${env:AWS_SECRET_ACCESS_KEY}
> >> > whirr.env.alexBucket=dev-alexandria
> >> >
> >> > cheers,
> >> > Gerrit
> >> >
> >> > On Tue, Feb 21, 2012 at 1:18 AM, Andrei Savu <savu.andrei@gmail.com>
> >> > wrote:
> >> >
> >> > > I see no script-ec2.properties attachment. Can you add that please?
> >> > >
> >> > > On Mon, Feb 20, 2012 at 10:27 PM, gerrit germis <
> >> > gerrit.germis@up-nxt.com
> >> > > >wrote:
> >> > >
> >> > > > Hi,
> >> > > >
> >> > > > I'm trying to launch a CentOS 6.2 AMI (ami-e792cba2) on EC2,
but
> the
> >> > > > instance fails to start claiming that it exhausted all available
> >> > > > authentication methods. If I create the instance through the
AWS
> >> site
> >> > > > directly, I can login with the "ec2-user" user and can sudo bash.
> I
> >> > tried
> >> > > > some of the suggestions on
> >> > > https://issues.apache.org/jira/browse/WHIRR-378but to no avail..
> >> tried
> >> > > several combinations of whirr.bootstrap-user and
> >> > > > whirr.cluster-user.
> >> > > >
> >> > > > Attached you can find the recipe file used (script-ec2.properties)
> >> and
> >> > > the
> >> > > > output I get (whirr.log)
> >> > > > The custom service I use is attached as
> >> "whirr-script-service-1.0.jar".
> >> > > It
> >> > > > allows to launch some scripts with some params during the
> bootstrap
> >> and
> >> > > the
> >> > > > config phases. It makes it easy to quickly try out setups...
> >> > > >
> >> > > > Thanks in advance for any insights into this issue
> >> > > >
> >> > > > Sincerely,
> >> > > > Gerrit
> >> > > >
> >> > >
> >> >
> >>
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message