[Bug 1267567] [NEW] walinuxagent not downloading ssh certificates
Scott Moser
smoser at ubuntu.com
Thu Jan 9 18:54:31 UTC 2014
Public bug reported:
I launched an instance with:
azure vm create --vm-size=extrasmall --vm-name=sm-testme0 "--location=East US" \
--ssh-cert=/home/smoser/.ssh/id_rsa-smoser-azure at brickies.pem --ssh=22 \
--custom-data=/tmp/my.ud sm-testme0 \
b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu_DAILY_BUILD-trusty-14_04-LTS-amd64-server-20140108-en-us-30GB \
smoser PASS%word%123
Unless my custom-data provides some way to get in (ie, cloud-config 'ssh_import_id: smoser') then I'm not able to get to the instance. Looking at cloud-init.log, I see:
2014-01-09 17:56:59,819 - util.py[DEBUG]: Running command ['service', 'walinuxagent', 'start'] with allowed return codes [0] (shell=False, capture=True)
2014-01-09 17:58:00,588 - util.py[DEBUG]: waiting for files took 60.558 seconds
2014-01-09 17:58:00,589 - DataSourceAzure.py[WARNING]: Did not find files, but going on: set([u'/var/lib/waagent/6BE7A7C3C8A8F4B123CCA5D0C2F1BE4CA7B63ED7.crt'])
2014-01-09 17:58:00,597 - util.py[DEBUG]: Running command ['sh', '-c', 'openssl x509 -noout -pubkey < "$0" |ssh-keygen -i -m PKCS8 -f /dev/stdin', u'/var/lib/waagent/6BE7A7C3C8A8F4B123CCA5D0C2F1BE4CA7B63ED7.crt'] with allowed return codes [0] (shell=False, capture=True)
2014-01-09 17:58:00,697 - DataSourceAzure.py[WARNING]: failed to convert the crt files to pubkey: [<trimed>]
2014-01-09 17:58:00,716 - stages.py[DEBUG]: Loaded datasource DataSourceAzureNet - DataSourceAzureNet [seed=/dev/sr0]
The gist is that cloud-init ran walinuxagent, and expected it to produce /var/lib/waagent/BE7A7C3C8A8F4B123CCA5D0C2F1BE4CA7B63ED7.crt as that was mentioned in the ovf-env.xml. However, walinuxagent did not do that.
/var/log/waagent.log would normally say something like:
2014/01/09 18:10:27 Public cert with thumbprint: D3BCD6F2904D5E4B5E8155ED1E0A698C7B14F007 was retrieved.
but there isn't such a message in mine.
When I compare this to a system where it *did* have such a message, the HostingEnvironmentConfig.xml files differ.
The broken one is missing a section like:
<StoredCertificates>
<StoredCertificate name="Cert0My" certificateId="sha1:D3BCD6F2904D5E4B5E8155ED1E0A698C7B14F007" storeName="My" configurationLevel="System" />
</StoredCertificates>
HostingEnvironmentConfig.xml is obtained by contacting the metadata service. Its possible the server side has changed its response, but its also possible that I had never previously tested providing both a password and a ssh key.
Possibly relevant information:
* the '--custom-data' comes from patches at https://gist.github.com/smoser/5806147 .
* Recently, it seems that in order to launch an instance with custom-data, server side validation is forcing you to also supply a password . That is just mentioned here as a reason for providing both password and ssh keys, which may be relevant.
* I've had to change the azure/lib/services/management/servicemanagementservice.js to report itself as 2013-10-01 rather than 2013-06-01 in order to have custom-data allowed.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: walinuxagent 1.3.2-0ubuntu5 [modified: usr/sbin/waagent]
ProcVersionSignature: User Name 3.12.0-7.15-generic 3.12.4
Uname: Linux 3.12.0-7-generic x86_64
ApportVersion: 2.12.7-0ubuntu6
Architecture: amd64
Date: Thu Jan 9 18:38:22 2014
ProcEnviron:
TERM=screen
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: walinuxagent
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: walinuxagent (Ubuntu)
Importance: High
Status: Confirmed
** Tags: amd64 apport-bug third-party-packages trusty uec-images
** Changed in: walinuxagent (Ubuntu)
Status: New => Confirmed
** Changed in: walinuxagent (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to walinuxagent in Ubuntu.
https://bugs.launchpad.net/bugs/1267567
Title:
walinuxagent not downloading ssh certificates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/walinuxagent/+bug/1267567/+subscriptions
More information about the Ubuntu-server-bugs
mailing list