whirr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Savu <savu.and...@gmail.com>
Subject Re: `publickey` auth failed on CentOS AMI
Date Thu, 23 Feb 2012 12:03:18 GMT
Gerrit,

Sorry for replying so late - I have been busy the last two days preparing
things for a new release 0.7.1 to address the JDK issue.

The keypair should be ok but it's not possible to run that AMI (64bit) on a
t1.micro (32bit).

Do you get a NoSuchElementException? Does the machine start for you?

On Tue, Feb 21, 2012 at 12:54 PM, gerrit germis <gerrit.germis@up-nxt.com>wrote:

> not sure i understand the question. I have a keypair generated as mentioned
> by the document "whirr in 5 minutes":
>
> ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa_whirr
>
> and then call whirr using a function whirr-start() that's defined as:
>
> whirr-start ()
> {
>    local RECIPE="${1:?No recipe specified}";
>    [[ -n $DEBUG ]] && export JAVA_OPTS="-Xdebug
> -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y" || unset
> JAVA_OPTS;
>    ${WHIRR_HOME}/bin/whirr launch-cluster --config "$RECIPE"
> --private-key-file $WHIRR_KEYPAIR_FILE
> }
>
> you want me to generate a new keypair and use that ?
>
> cheers,
> Gerrit
>
> On Tue, Feb 21, 2012 at 1:30 PM, Andrei Savu <savu.andrei@gmail.com>
> wrote:
>
> > This may be a dummy question: Can you create an instance from the same
> AMI
> > using a different key or the public key is hardcode?
> >
> > On Tue, Feb 21, 2012 at 12:06 PM, gerrit germis <
> gerrit.germis@up-nxt.com
> > >wrote:
> >
> > > Hi Andrei,
> > >
> > > I tried starting the instance with whirr.bootstrap-user=ec2-user, but I
> > get
> > > the same issue:
> > >
> > > 2012-02-21 13:03:04,269 ERROR [net.schmizz.concurrent.Promise] (user
> > thread
> > > 2) <<authenticated>> woke to:
> > net.schmizz.sshj.userauth.UserAuthException:
> > > publickey auth failed
> > > 2012-02-21 13:03:04,270 INFO  [net.schmizz.sshj.userauth.UserAuthImpl]
> > > (user thread 2) `publickey` auth failed
> > > 2012-02-21 13:03:04,272 INFO  [jclouds.ssh] (user thread 2) <<
> > >
> > >
> >
> (ec2-user:rsa[fingerprint(6e:40:92:20:fa:4e:7f:12:5f:91:d4:a7:8b:f3:c7:c8),sha1(11:35:0a:35:29:fe:66:11:17:d2:b6:c8:75:5c:be:92:75:ca:74:83)]@
> > > 204.236.154.23:22) error acquiring SSHClient(timeout=60000) (attempt 1
> > of
> > > 7): Exhausted available authentication methods
> > >
> > > If i login manually with the user ec2-user, i can sudo without a
> password
> > >
> > > cheers,
> > > Gerrit
> > >
> > >
> > > On Tue, Feb 21, 2012 at 11:53 AM, Andrei Savu <savu.andrei@gmail.com>
> > > wrote:
> > >
> > > > Only the ability to do sudo without a password is a requirement for
> > > Whirr.
> > > >
> > > > On Tue, Feb 21, 2012 at 10:50 AM, gerrit germis <
> > > gerrit.germis@up-nxt.com
> > > > >wrote:
> > > >
> > > > > Using a different image (us-west-1/ami-31fba674) (with which i can
> > log
> > > in
> > > > > through ssh with the root user) it seems to work. I guess that's
a
> > > > > precondition for whirr ?
> > > > >
> > > > > cheers,
> > > > > Gerrit
> > > > >
> > > > > On Tue, Feb 21, 2012 at 10:43 AM, gerrit germis <
> > > > gerrit.germis@up-nxt.com
> > > > > >wrote:
> > > > >
> > > > > > Hi Andrei
> > > > > >
> > > > > > I am using the trunk version of whirr (from
> > > > > > https://svn.apache.org/repos/asf/whirr/trunk):
> > > > > >
> > > > > > $ svn update
> > > > > > At revision 1291671.
> > > > > >
> > > > > > I tried launching an m1.large instance of that AMI
> > > > > > (us-west-1/ami-e792cba2) but unfortunately got the same result.
I
> > > tried
> > > > > > launching with whirr.bootstrap-user=whirr and without the option
> > > > > >
> > > > > > The AMI disallows logging in with the root user through ssh.
> That's
> > > > why I
> > > > > > thought I had to change the bootstrap-user parameter. Does whirr
> > > expect
> > > > > > some particular ssh options to be set perhaps? the
> > > > /etc/sshd/sshd_config
> > > > > > file looks like:
> > > > > >
> > > > > > Protocol 2
> > > > > > SyslogFacility AUTHPRIV
> > > > > > PermitRootLogin no
> > > > > > PasswordAuthentication yes
> > > > > > ChallengeResponseAuthentication no
> > > > > > GSSAPIAuthentication yes
> > > > > > GSSAPICleanupCredentials yes
> > > > > > UsePAM yes
> > > > > > AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
> > > > > > LC_MESSAGES
> > > > > > AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> > > > > > AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
> > > > > > AcceptEnv XMODIFIERS
> > > > > > X11Forwarding yes
> > > > > > Subsystem       sftp    /usr/libexec/openssh/sftp-server
> > > > > >
> > > > > >
> > > > > > This is what i get if i log in manually from the commandline
with
> > the
> > > > > > private key I started the image with manually: (logging in as
> > > > "ec2-user")
> > > > > >
> > > > > > debug1: Next authentication method: publickey
> > > > > > debug1: Trying private key: /home/gerrit/.aws/certs/gerrit.pem
> > > > > > debug1: read PEM private key done: type RSA
> > > > > > debug3: sign_and_send_pubkey: RSA
> > > > > > 3b:e6:b5:0b:ba:51:42:66:76:e7:39:68:82:5c:01:5d
> > > > > > debug2: we sent a publickey packet, wait for reply
> > > > > > debug1: Authentication succeeded (publickey).
> > > > > >
> > > > > >
> > > > > > cheers
> > > > > > Gerrit
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Tue, Feb 21, 2012 at 10:09 AM, Andrei Savu <
> > savu.andrei@gmail.com
> > > > > >wrote:
> > > > > >
> > > > > >> Gerrit if you are using 0.7.0 I recommend you give it another
> try
> > > > with a
> > > > > >> larger instance type (at least m1.small). Let me know if
this
> > works
> > > > for
> > > > > >> you. Other than that the recipe looks good to me.
> > > > > >>
> > > > > >> On Tue, Feb 21, 2012 at 4:40 AM, gerrit germis <
> > > > > gerrit.germis@up-nxt.com
> > > > > >> >wrote:
> > > > > >>
> > > > > >> > It was there.. i'll add it in the body this time:
> > > > > >> >
> > > > > >> > # Change the cluster name here
> > > > > >> > whirr.cluster-name=upnxt-gge-test
> > > > > >> >
> > > > > >> > whirr.instance-templates=1 script:alexandria-server
> > > > > >> >
> > > > > >> > whirr.client-cidrs=0.0.0.0/0
> > > > > >> > whirr.firewall-rules=80,443,8080
> > > > > >> >
> > > > > >> > whirr.hardware-min-ram=1024
> > > > > >> > whirr.location-id=us-west-1
> > > > > >> >
> > > > > >> > # 32-bit:
> > > > > >> > #whirr.image-id=us-west-1/ami-eb227eae
> > > > > >> >
> > > > > >> > # CentOS 64-bit:
> > > > > >> > whirr.hardware-id=t1.micro
> > > > > >> > whirr.image-id=us-west-1/ami-e792cba2
> > > > > >> >
> > > > > >> > # installation alexandria server
> > > > > >> > #  - apache2 (proxy)
> > > > > >> > #  - java
> > > > > >> > #  - jboss
> > > > > >> > #  - alexandria ear
> > > > > >> >
> whirr.script.alexandria-server.startup=install_alexandria_server
> > > > > >> > whirr.script.alexandria-server.startup.param=
> > > > > >> >
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> http://upnxt-thirdparty-us-west.s3.amazonaws.com/java/jdk-6u31-linux-i586.tar.gz
> > > > > >> > whirr.script.alexandria-server.startup.param=
> > > > > >> >
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> http://upnxt-thirdparty-us-west.s3.amazonaws.com/jboss/jboss-as-web-7.0.2.Final.tar.gz
> > > > > >> > whirr.script.alexandria-server.startup.param=
> > > > > >> >
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> http://upnxt-releases.s3.amazonaws.com/alexandria/alexandria-ear-1.0.0-SNAPSHOT.ear
> > > > > >> >
> > whirr.script.alexandria-server.config=configure_alexandria_server
> > > > > >> > whirr.script.alexandria-server.config.params=
> > > > > >> >
> > > > > >> >
> > > > > >> > #
> > > > > >> > # Variables exported to generated functions script
> > > > > >> > #
> > > > > >> > whirr.env.alexAccessKeyId=${env:AWS_ACCESS_KEY_ID}
> > > > > >> > whirr.env.alexSecretAccessKey=${env:AWS_SECRET_ACCESS_KEY}
> > > > > >> > whirr.env.alexBucket=dev-alexandria
> > > > > >> >
> > > > > >> > cheers,
> > > > > >> > Gerrit
> > > > > >> >
> > > > > >> > On Tue, Feb 21, 2012 at 1:18 AM, Andrei Savu <
> > > savu.andrei@gmail.com
> > > > >
> > > > > >> > wrote:
> > > > > >> >
> > > > > >> > > I see no script-ec2.properties attachment. Can
you add that
> > > > please?
> > > > > >> > >
> > > > > >> > > On Mon, Feb 20, 2012 at 10:27 PM, gerrit germis
<
> > > > > >> > gerrit.germis@up-nxt.com
> > > > > >> > > >wrote:
> > > > > >> > >
> > > > > >> > > > Hi,
> > > > > >> > > >
> > > > > >> > > > I'm trying to launch a CentOS 6.2 AMI (ami-e792cba2)
on
> EC2,
> > > but
> > > > > the
> > > > > >> > > > instance fails to start claiming that it
exhausted all
> > > available
> > > > > >> > > > authentication methods. If I create the instance
through
> the
> > > AWS
> > > > > >> site
> > > > > >> > > > directly, I can login with the "ec2-user"
user and can
> sudo
> > > > bash.
> > > > > I
> > > > > >> > tried
> > > > > >> > > > some of the suggestions on
> > > > > >> > > https://issues.apache.org/jira/browse/WHIRR-378but
to no
> > > avail..
> > > > > >> tried
> > > > > >> > > several combinations of whirr.bootstrap-user and
> > > > > >> > > > whirr.cluster-user.
> > > > > >> > > >
> > > > > >> > > > Attached you can find the recipe file used
> > > > (script-ec2.properties)
> > > > > >> and
> > > > > >> > > the
> > > > > >> > > > output I get (whirr.log)
> > > > > >> > > > The custom service I use is attached as
> > > > > >> "whirr-script-service-1.0.jar".
> > > > > >> > > It
> > > > > >> > > > allows to launch some scripts with some params
during the
> > > > > bootstrap
> > > > > >> and
> > > > > >> > > the
> > > > > >> > > > config phases. It makes it easy to quickly
try out
> setups...
> > > > > >> > > >
> > > > > >> > > > Thanks in advance for any insights into this
issue
> > > > > >> > > >
> > > > > >> > > > Sincerely,
> > > > > >> > > > Gerrit
> > > > > >> > > >
> > > > > >> > >
> > > > > >> >
> > > > > >>
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message