Re: help needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



SOLVED!

>From /usr/share/doc/cloud-init-0.6.3/ChangeLog :

"read /etc/ssh/sshd_config for AuthorizedKeysFile rather than assuming
~/.ssh/authorized_keys (LP: #731849)"

The problem is that this change in cloud-init does not properly handle
relative paths, which are documented in the sshd_config manpage as
being relative to the user's home directory.  So the quick fix was to
change /etc/ssh/sshd_config from:

AuthorizedKeysFile	.ssh/authorized_keys

to:

AuthorizedKeysFile	%h/.ssh/authorized_keys

The more correct fix is in cloud-init, probably something like:

--- a/cloudinit/SshUtil.py	2012-03-31 09:28:42.598996936 -0400
+++ b/cloudinit/SshUtil.py	2012-03-31 09:40:47.758829938 -0400
@@ -155,6 +155,8 @@
         akeys = ssh_cfg.get("AuthorizedKeysFile", "%h/.ssh/authorized_keys")
         akeys = akeys.replace("%h", pwent.pw_dir)
         akeys = akeys.replace("%u", user)
+        if not akeys.startswith('/'):
+            akeys = os.path.join(pwent.pw_dir, akeys)
         authorized_keys = akeys
     except Exception:
         authorized_keys = '%s/.ssh/authorized_keys' % pwent.pw_dir


How do you want to handle this?  Should I go ahead and file both RHBZ
and LP issues for it?

--Andy

On Fri, Mar 30, 2012 at 7:39 PM, Andy Grimm <agrimm@xxxxxxxxx> wrote:
> Further attempting to localize the problem, I found a pickled form of
> the metadata in /var/lib/cloud/instances/i-325d4c56/obj.pkl which
> included the public ssh key, so it's definitely getting the data from
> the metadata service.
>
> On Fri, Mar 30, 2012 at 5:45 PM, Andy Grimm <agrimm@xxxxxxxxx> wrote:
>> On Fri, Mar 30, 2012 at 5:35 PM, Tim Flink <tflink@xxxxxxxxxx> wrote:
>>> On Fri, 30 Mar 2012 16:54:47 -0400
>>> Andy Grimm <agrimm@xxxxxxxxx> wrote:
>>>
>>>> Of those differences, I suspect that lack of a zeroconf route
>>>> (169.254.0.0/16) is probably preventing access to the metadata
>>>> service.  Further, I believe the reason is related to the addition of
>>>> NetworkManager in the F17 AMI (because the zeroconf route is typically
>>>> added via the ifcfg-eth script, which NM does not run).  Before I go
>>>> hacking further, is there a particular reason that we switched to
>>>> using NetworkManager in the F17 AMI?
>>>
>>> NM was added to core as a fix for a F17 bug where the network wouldn't
>>> come up by default in a minimal install:
>>>  - https://bugzilla.redhat.com/show_bug.cgi?id=693602
>>>
>>> The decision was made to add NM to core because it doesn't add many
>>> extra packages and as NM adds more and more features, it doesn't make
>>> much sense to keep hacking the old network service in for minimal
>>> installs. The full details of "why" are in the bug, if you're
>>> interested.
>>
>> Ok, I've been on the CC list for that bug for a long time, but I
>> missed that they actually made a decision.  I'll just bite my tongue
>> on that one; at least it's not completely broken anymore.
>>
>>> maxamillion did a good job of summing up some of the you can do about
>>> removing/replacing NM for a regular system in his blog post:
>>> http://pseudogen.blogspot.com/2012/03/networkmanager-is-in-core-but-dont-fret.html
>>
>> Thanks for that link!
>>
>>>> Would removing it be the wrong solution, and if so, is there a quick
>>>> way to ensure that NM initializes a zeroconf route?
>>>
>>> That is certainly possible, the network service still works. It just
>>> made more sense to use NM for non-cloud minimal installs.
>>>
>>> I'll leave the discussion of the best way to deal with NM/network to
>>> people who are far more qualified than I am. Just figured I would add
>>> in the answer to "why did this change?"
>>
>> As it turns out, I just booted an Ubuntu Oneiric instance, and it does
>> not have a zeroconf route, but is still able to access the metadata
>> service, so it looks like this was a red herring.  Back to the drawing
>> board.
>>
>> --Andy
>>
>>> Tim
>>>
>>> _______________________________________________
>>> cloud mailing list
>>> cloud@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/cloud
>>>
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud



[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux