[Bug 1938299] Re: Unable to SSH Into Instance when deploying Impish 21.10
Francis Ginther
1938299 at bugs.launchpad.net
Thu Jul 29 14:40:46 UTC 2021
[Summary]
I believe this problem is related to a change in behavior in cloud-init version 21.2-43-g184c836a-0ubuntu1 due to comparing two different daily impish images before and after this update.
The problem appears in a gcp account which currently has multple global
sshkeys associated with different users. For example, we have keys for a
'testuser' and 'testuser2' account. When booting the older serial (as
well as older releases), we see accounts created for 'testuser',
'testuser2' and 'ubuntu'. For the newer serial, we only see an account
for 'ubuntu'. As our test automation uses one of the 'testuser' keys, it
can no longer access impish VMs.
I've included the package list below from my two test systems. Including
the google-agent packages since these could also be suspect.
[Expected behavoir]
If I have a gcp account with global ssh keys associated with non-ubuntu users, I expect those users to be present in the VM after launch and .ssh/authorized_keys updated with those public keys.
[Current behavoir]
Only the 'ubuntu' user is being created
[Package list with unexpected behavior - impish 20210728 serial]
$ dpkg -l|grep cloud-init
ii cloud-init 21.2-43-g184c836a-0ubuntu1 all initialization and customization tool for cloud instances
ii cloud-initramfs-copymods 0.47ubuntu1 all copy initramfs modules into root filesystem for later use
ii cloud-initramfs-dyn-netconf 0.47ubuntu1 all write a network interface file in /run for BOOTIF
$ dpkg -l |grep agent
ii google-guest-agent 20210414.00-0ubuntu1 amd64 Google Compute Engine Guest Agent
ii google-osconfig-agent 20210219.00-0ubuntu1 amd64 Google OS Config Agent
ii gpg-agent 2.2.20-1ubuntu4 amd64 GNU privacy guard - cryptographic agent
ii libpolkit-agent-1-0:amd64 0.105-31 amd64 PolicyKit Authentication Agent API
ii lxd-agent-loader 0.4 all LXD - VM agent loader
[Package list with expected behavior - impish 20190719 serial]
$ dpkg -l|grep cloud-init
ii cloud-init 21.2-3-g899bfaa9-0ubuntu2 all initialization and customization tool for cloud instances
ii cloud-initramfs-copymods 0.47ubuntu1 all copy initramfs modules into root filesystem for later use
ii cloud-initramfs-dyn-netconf 0.47ubuntu1 all write a network interface file in /run for BOOTIF
$ dpkg -l |grep agent
ii google-guest-agent 20210414.00-0ubuntu1 amd64 Google Compute Engine Guest Agent
ii google-osconfig-agent 20210219.00-0ubuntu1 amd64 Google OS Config Agent
ii gpg-agent 2.2.20-1ubuntu4 amd64 GNU privacy guard - cryptographic agent
ii libpolkit-agent-1-0:amd64 0.105-31 amd64 PolicyKit Authentication Agent API
ii lxd-agent-loader 0.4 all LXD - VM agent loader
** Also affects: cloud-init (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to google-guest-agent in Ubuntu.
https://bugs.launchpad.net/bugs/1938299
Title:
Unable to SSH Into Instance when deploying Impish 21.10
Status in cloud-init package in Ubuntu:
New
Status in google-guest-agent package in Ubuntu:
New
Bug description:
Google Instances deployed with the Ubuntu 21.10 Daily images are
inaccessible via SSH.
gcloud compute instances create sf-impish-v20200720 --zone us-west1-a
--network "default" --no-restart-on-failure --image-project ubuntu-os-
cloud-devel --image daily-ubuntu-2110-impish-v20210720 --machine-type
n1-standard-2
Will result in a successful deploy yet, inaccessible via ssh from the
end users configured laptop.
This appears to affect all daily images after 20210719.
daily-ubuntu-2110-impish-v20210719 ubuntu-os-cloud-devel ubuntu-2110 READY
daily-ubuntu-2110-impish-v20210720 ubuntu-os-cloud-devel ubuntu-2110 READY
daily-ubuntu-2110-impish-v20210721 ubuntu-os-cloud-devel ubuntu-2110 READY
daily-ubuntu-2110-impish-v20210723 ubuntu-os-cloud-devel ubuntu-2110 READY
daily-ubuntu-2110-impish-v20210724 ubuntu-os-cloud-devel ubuntu-2110 READY
daily-ubuntu-2110-impish-v20210725 ubuntu-os-cloud-devel ubuntu-2110 READY
daily-ubuntu-2110-impish-v20210728 ubuntu-os-cloud-devel ubuntu-2110
This problem also appears to be reproducible via the gcloud UI, create
a new virtual machine using the daily-ubuntu-2110-impish-v20210720 or
greater and instruct the virtual machine to import a ssh_pub_key in
the security tab. The Instance will start, yet still be inaccessible
via the users private sshkey
The google-guest-agent.service appears to be responsible for adding
the google project ssh keys to the instance once its deployed. Please
see below when queried on the 20210719 image:
google-guest-agent.service - Google Compute Engine Guest Agent
Loaded: loaded (/lib/systemd/system/google-guest-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-07-27 19:47:48 UTC; 18h ago
Main PID: 711 (google_guest_ag)
Tasks: 9 (limit: 8924)
Memory: 19.7M
CGroup: /system.slice/google-guest-agent.service
└─711 /usr/bin/google_guest_agent
Jul 27 19:47:55 sean-imp gpasswd[1469]: user google added by root to group floppy
Jul 27 19:47:55 sean-imp gpasswd[1475]: user google added by root to group audio
Jul 27 19:47:55 sean-imp gpasswd[1481]: user google added by root to group dip
Jul 27 19:47:55 sean-imp gpasswd[1487]: user google added by root to group video
Jul 27 19:47:55 sean-imp gpasswd[1493]: user google added by root to group plugdev
Jul 27 19:47:55 sean-imp gpasswd[1499]: user google added by root to group netdev
Jul 27 19:47:55 sean-imp gpasswd[1505]: user google added by root to group lxd
Jul 27 19:47:55 sean-imp gpasswd[1511]: user google added by root to group google-sudoers
Jul 27 19:47:55 sean-imp GCEGuestAgent[711]: 2021-07-27T19:47:55.1699Z GCEGuestAgent Info: Updating keys for user google.
Jul 27 19:47:55 sean-imp google_guest_agent[711]: 2021/07/27 19:47:55 logging client: rpc error: code = PermissionDenied desc = Clo>
lines 1-19/19 (END)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1938299/+subscriptions
More information about the foundations-bugs
mailing list