[rhos-list] cloud-init configuration for ssh access
Steven Dake
sdake at redhat.com
Fri Nov 8 19:08:15 UTC 2013
On 11/01/2013 04:58 AM, Perry Myers wrote:
> On 10/31/2013 04:49 PM, David Raddatz wrote:
>> A quick post-mortem on this issue and I wanted to share what we learned (or "I" learned anyway) in case it avoids problems for others...
>>
>> While I was apparently following the docs by "just install cloud-init on your VM image", while working with Lars we discovered if you reboot your image after installing cloud-init, it will create some files/directories in /var/lib/cloud which will then prevent the instance from allowing ssh to work (my Permission denied issue I was seeing).
>>
>> For example, doing the following:
>> - create VM and install RHEL 6.4 and set up with other files/software
>> - install/configure cloud-init on VM
>> - reboot VM (just to make sure it still boots)
>> - shutdown VM
>> - run virt-sysprep on image (per recommendation in docs)
>> - upload to glance and launch instance using the defined keypair
>> - trying to use ssh -i with the same keypair results in Permission denied
>>
>> Whereas, doing the following:
>> - create VM and install RHEL 6.4 and set up with other files/software
>> - install/configure cloud-init on VM
>> - shutdown VM
>> - run virt-sysprep on image (per recommendation in docs)
>> - upload to glance and launch instance using the defined keypair
>> - trying to use ssh -i with the same keypair Works! No password prompt (as expected)
>>
>> Not rebooting the VM allowed the ssh to work as the /var/lib/cloud directory was empty when it was shutdown.
>>
>> Not sure if this is a doc issue (to warn people NOT to reboot the VM after cloud-init installation/configuration) or a bug (which Lars was going to investigate a little) but thought it was worth a quick email to warn folks about.
>>
>> Thanks again to Lars for his assistance on this,
> Interesting. Lars/Steve, is this a bug or just a docs issue do you think?
>
> Perry
Perry,
The tl;dr version is the code is working as intended. Recommend more docs.
The cloud-init code is designed to only run the cloud config modules
once by default. Modules can be configured to "run-always" with an
optional override configurable per module. Cloud-init places locks in
the /var/lib/cloud/* directories to prevent modules that have already
run from running on the next boot.
If the boot process fails in some way (eg the metadata service is
unavailable) the modules still run, and locks are still created.
The rationale is that if you have physical storage connected to the
virtual machine, it doesn't make sense to run the configuration that the
cloud config provides on each fresh reboot of the vm since it could at
worse confuse/break the operating system's existing storage or at best
result in slower boot cycles.
One possible improvement that could be considered upstream is to record
those locks only on successful module executions. I believe that would
solve the particular problem Lars pointed out in a followup email.
Another possibility is to specify run-always in the cloudconfig, but
this may result in unintended consequences as described previously.
Regards
-steve
> _______________________________________________
> rhos-list mailing list
> rhos-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhos-list
More information about the rhos-list
mailing list