search

batrick / ceph-linode

Launch Ceph using the Linode VPS provider
GNU General Public License v3.0
13 stars 10 forks source link

have you ever seen this warning followed by authentication failure? #28

Closed bengland2 closed 6 years ago

bengland2 commented 6 years ago

ceph-linode from tip of your tree is not working for me. I suspect it's a cert problem, we've been getting rejected from Dell DRAC console because of this as well. They tightened up crypto in newer versions and attempts to use non-secure older certs are failing. The symptom here is that the moment I try to get a list of datacenters from linode server, which is the first thing that linode-launch.py does to it, I get this failure.

Pdb)

/root/ceph-linode/linode-launch.py(12)() -> import linode.api as linapi (Pdb) /root/ceph-linode/linode-env/lib/python2.7/site-packages/linode/api.py:83: RuntimeWarning: using urllib instead of pycurl, urllib does not verify SSL remote certificates, there is a risk of compromised communication warnings.warn(ssl_message, RuntimeWarning) /root/ceph-linode/linode-launch.py(14)()

....

(Pdb) n

/root/ceph-linode/linode-launch.py(142)launch() -> datacenters = client.avail_datacenters() (Pdb) 2018-07-31 20:48:48,439 DEBUG Parameters {'api_key': 'api_key: xxxx REDACTED xxxx', 'api_responseformat': 'json', 'api_action': 'avail.datacenters'} 2018-07-31 20:48:48,650 DEBUG Raw Response: {"ACTION":"avail.datacenters","DATA":{},"ERRORARRAY":[{"ERRORMESSAGE":"Authentication failed","ERRORCODE":4}]} ApiError: ApiError() /root/ceph-linode/linode-launch.py(142)launch() -> datacenters = client.avail_datacenters()

bengland2 commented 6 years ago

BTW I had already created a fresh API key before I tried the above and I made sure it was being read into linode-launch.py, so that wasn't the problem.

I got farther using linode_api4, the currently supported interface.

(my_project_venv) [root@li1014-113 proj]# python Python 3.6.3 (default, Mar 20 2018, 13:50:41) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux Type "help", "copyright", "credits" or "license" for more information.

import linode_api4 from linode_api4 import LinodeClient with open('~/.api_key_v4', 'r') as f: ... token = f.readline().strip() ... client = LinodeClient(token) my_linodes = client.linode.instances() for c in my_linodes: ... print(c.label) ... linode9289133 linode9296921

Yay. maybe this indicates that the crypto in the old linode API module was no longer supported? No warnings or errors with the linode_api4 code above. Maybe it's time to port ceph-linode to this API?

http://linode-api4.readthedocs.io/en/latest/guides/getting_started.html

I'm using python3 btw because the import statement blew up with python2. python3 is a pain with centos, I had to do this:

https://linuxize.com/post/how-to-install-python-3-on-centos-7/

batrick commented 6 years ago

I'm looking into this Ben.

bengland2 commented 6 years ago

I've finished porting linode-{launch,wait,nuke}.py to linode_api4. I started using ipv6 addresses as local addresses instead, since we then don't have to ask for a private IP, it's just always there. I also add 1 or more "volumes" to the OSD hosts instead of using part of the virtual system disk. Here's my current version of this code, I'll post it to github if it winds up being something useful, won't know until I've run ceph-ansible against it. linode-launch seems to have shrunk a lot.

batrick commented 6 years ago

@bengland2 I was able to do it from an Arch linux bounce box in Linode. This may be some new change for CentOS?

In the interest of getting things movign for you, you might try Arch. Here's the commands you can use to set one up after deploying Arch via Linode:

    1  mkdir .ssh
    2  chmod 755 .ssh
    3  vim .ssh/authorized_keys
    4  chmod 400 .ssh/authorized_keys 
   11  pacman -Syu
   12  pacman --noconfirm -S base-devel git ansible python2-netaddr rsync screen htop wget vim python2-virtualenv
   13  git clone https://github.com/ceph/ceph-ansible.git
   14  git clone https://github.com/batrick/ceph-linode.git
   15  virtualenv2 linode-env && source linode-env/bin/activate && pip install linode-python
   16  cd ceph-linode/
   17  mv cluster.json.sample cluster.json
   18  vim cluster.json
   19  ls
   20  ls group_vars/
   21  cd group_vars/
   22  ls
   23  cat all.sample 
   24  mv all.sample  all
   25  cat osds.sample 
   26  mv osds.sample  osds
   27  cd -
   28  ls

Then in screen:

    5  source ~/linode-env/bin/activate
    7  ssh-keygen
    8  env LINODE_API_KEY=m....yrA5R3oQN6 ./launch.sh
batrick commented 6 years ago

I'll add converting this library to apiv4 to my todo list.

batrick commented 6 years ago

Oh, well if you're working on that you can feel free to submit a PR.

bengland2 commented 6 years ago

I could try a different distro. That would probably have been the smart thing to do. Fedora 28 and Ubuntu are other options. If this gives me any trouble at all I'll try that.

tserlin commented 6 years ago

@batrick You might want to mask that API key :)

bengland2 commented 6 years ago

@batrick better yet delete the API key and get a new one

batrick commented 6 years ago

oh, damn thanks!

bengland2 commented 6 years ago

this was user brain damage, when I tried it again it worked. sorry.