search

brooklyncentral / brooklyn

This project has moved and is now part of the ASF
https://github.com/apache/incubator-brooklyn
72 stars 27 forks source link

a private key is required for cloud location, but shouldn't be #1163

Open ahgittin opened 10 years ago

ahgittin commented 10 years ago

cloud machine creation fails if ~/.ssh/id_rsa (or id_dsa or other private-key-file is not set)

if no getConfigRaw indicates no key is set (it was using the default) then brooklyn should just make up a key -- rather than fail

you will see warnings such as this as soon as the problem manifests (after a minute or two in AWS and GCE):

2014-01-21 01:04:57,630 WARN  Invalid files for privateKeyFile[ConfigKey:java.lang.String] (given [~/.ssh/id_rsa, ~/.ssh/id_dsa]; converted to [/Users/alex/.ssh/id_rsa, /Users/alex/.ssh/id_dsa]) may fail provisioning aws-ec2:eu-west-1@DSECassandraNodeImpl{id=JFy7fLhs}

then much later:

2014-01-21 01:11:37,459 ERROR Failed to start VM for aws-ec2:eu-west-1@DSECassandraNodeImpl{id=JFy7fLhs}: SSH failed for alex@54.217.18.62 (aws-ec2:eu-west-1@DSECassandraNodeImpl{id=JFy7fLhs}) after waiting 5m
2014-01-21 01:11:37,461 WARN  Attempt #1/1 to obtain machine threw error: java.lang.IllegalStateException: SSH failed for alex@54.217.18.62 (aws-ec2:eu-west-1@DSECassandraNodeImpl{id=JFy7fLhs}) after waiting 5m
aledsage commented 10 years ago

I tried to reproduce this with the tests in JcloudsLoginLiveTest (e.g. testSpecifyingNothingAndNoDefaultKeyFilesExist). That worked fine.

It did give the log.warn about invalid files for privateKeyFile because the defaults couldn't be found, but then it went on to auto-generate a random password.

Is your machine sshable with a password, or is that forbidden by default in the sshd_config perhaps?

(Note that we also call jclouds AdminAccess.lockSsh(false) when using password. Without that, jclouds would have written to /etc/ssh/sshd_config to add PasswordAuthentication no and PermitRootLogin no.)

aledsage commented 10 years ago

An alternative within brooklyn is that we could auto-generate an rsa key to use, rather than falling back to an auto-generated password. (this is not currently supported, but could be implemented - thoughts?)

ahgittin commented 10 years ago

i was using AWS with no special image selection or anything else. perhaps it does have passwords disabled? (likely the people who reported it to me were doing the same?)

+1 to generating an rsa key as the fallback