[Bug 1267567] [NEW] walinuxagent not downloading ssh certificates

Scott Moser smoser at ubuntu.com
Thu Jan 9 18:54:31 UTC 2014


Public bug reported:

I launched an instance with:
  azure vm create --vm-size=extrasmall --vm-name=sm-testme0 "--location=East US" \
   --ssh-cert=/home/smoser/.ssh/id_rsa-smoser-azure at brickies.pem --ssh=22 \
  --custom-data=/tmp/my.ud sm-testme0 \
  b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu_DAILY_BUILD-trusty-14_04-LTS-amd64-server-20140108-en-us-30GB \
  smoser PASS%word%123


Unless my custom-data provides some way to get in (ie, cloud-config 'ssh_import_id: smoser') then I'm not able to get to the instance. Looking at cloud-init.log, I see:

2014-01-09 17:56:59,819 - util.py[DEBUG]: Running command ['service', 'walinuxagent', 'start'] with allowed return codes [0] (shell=False, capture=True)
2014-01-09 17:58:00,588 - util.py[DEBUG]: waiting for files took 60.558 seconds
2014-01-09 17:58:00,589 - DataSourceAzure.py[WARNING]: Did not find files, but going on: set([u'/var/lib/waagent/6BE7A7C3C8A8F4B123CCA5D0C2F1BE4CA7B63ED7.crt'])
2014-01-09 17:58:00,597 - util.py[DEBUG]: Running command ['sh', '-c', 'openssl x509 -noout -pubkey < "$0" |ssh-keygen -i -m PKCS8 -f /dev/stdin', u'/var/lib/waagent/6BE7A7C3C8A8F4B123CCA5D0C2F1BE4CA7B63ED7.crt'] with allowed return codes [0] (shell=False, capture=True)
2014-01-09 17:58:00,697 - DataSourceAzure.py[WARNING]: failed to convert the crt files to pubkey: [<trimed>]
2014-01-09 17:58:00,716 - stages.py[DEBUG]: Loaded datasource DataSourceAzureNet - DataSourceAzureNet [seed=/dev/sr0]


The gist is that cloud-init ran walinuxagent, and expected it to produce /var/lib/waagent/BE7A7C3C8A8F4B123CCA5D0C2F1BE4CA7B63ED7.crt as that was mentioned in the ovf-env.xml.  However, walinuxagent did not do that.

/var/log/waagent.log would normally say something like:
2014/01/09 18:10:27 Public cert with thumbprint: D3BCD6F2904D5E4B5E8155ED1E0A698C7B14F007 was retrieved.

but there isn't such a message in mine.

When I compare this to a system where it *did* have such a message, the HostingEnvironmentConfig.xml files differ.
The broken one is missing a section like:
  <StoredCertificates>
    <StoredCertificate name="Cert0My" certificateId="sha1:D3BCD6F2904D5E4B5E8155ED1E0A698C7B14F007" storeName="My" configurationLevel="System" />
  </StoredCertificates>


HostingEnvironmentConfig.xml is obtained by contacting the metadata service.  Its possible the server side has changed its response, but its also possible that I had never previously tested providing both a password and a ssh key.

Possibly relevant information:
  * the '--custom-data' comes from patches at https://gist.github.com/smoser/5806147 .
  * Recently, it seems that in order to launch an instance with custom-data, server side validation is forcing you to also supply a password .  That is just mentioned here as a reason for providing both password and ssh keys, which may be relevant.
  * I've had to change the azure/lib/services/management/servicemanagementservice.js to report itself as 2013-10-01 rather than 2013-06-01 in order to have custom-data allowed.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: walinuxagent 1.3.2-0ubuntu5 [modified: usr/sbin/waagent]
ProcVersionSignature: User Name 3.12.0-7.15-generic 3.12.4
Uname: Linux 3.12.0-7-generic x86_64
ApportVersion: 2.12.7-0ubuntu6
Architecture: amd64
Date: Thu Jan  9 18:38:22 2014
ProcEnviron:
 TERM=screen
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: walinuxagent
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: walinuxagent (Ubuntu)
     Importance: High
         Status: Confirmed


** Tags: amd64 apport-bug third-party-packages trusty uec-images

** Changed in: walinuxagent (Ubuntu)
       Status: New => Confirmed

** Changed in: walinuxagent (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to walinuxagent in Ubuntu.
https://bugs.launchpad.net/bugs/1267567

Title:
  walinuxagent not downloading ssh certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/walinuxagent/+bug/1267567/+subscriptions



More information about the Ubuntu-server-bugs mailing list