| === alexpilotti_ is now known as alexpilotti | ||
| === zz_gondoi is now known as gondoi | ||
| nvucinic | hi guys, i have disable_root: 0 and ssh_pwauth: 1, and after cloud init passes i cannot log into instance with my root pwd, or over ssh | 14:08 |
|---|---|---|
| === gondoi is now known as zz_gondoi | ||
| === zz_gondoi is now known as gondoi | ||
| smoser | nvucinic, it should be supported. | 15:57 |
| === Guest84187 is now known as mfisch | ||
| === mfisch is now known as Guest9962 | ||
| === gondoi is now known as zz_gondoi | ||
| === zz_gondoi is now known as gondoi | ||
| === Guest9962 is now known as mfisch | ||
| === mfisch is now known as Guest33821 | ||
| === gondoi is now known as zz_gondoi | ||
| smoser | nvucinic, its a bug. its a result of sshd config being changed in 14.04 to disallow root login by default | 18:28 |
| smoser | it went from | 18:28 |
| smoser | PermitRootLogin without-password | 18:28 |
| smoser | to | 18:28 |
| smoser | err. from | 18:28 |
| smoser | PermitRootLogin yes | 18:28 |
| smoser | to | 18:28 |
| smoser | PermitRootLogin without-password | 18:28 |
| smoser | harlowja, around ? | 18:28 |
| harlowja | sup dawg | 18:28 |
| smoser | for some work i'm doing on containersa nd openstack... | 18:29 |
| harlowja | uh oh | 18:29 |
| smoser | i need to store some information for a user in the db | 18:29 |
| smoser | here. http://paste.ubuntu.com/8507232/ | 18:30 |
| harlowja | hmmm | 18:31 |
| === zz_gondoi is now known as gondoi | ||
| harlowja | so this would be like a keystone addition? | 18:32 |
| harlowja | or a nova + keystone one | 18:32 |
| smoser | well, i think so. i think that s where that information would make sense to store. | 18:32 |
| smoser | well, nova uwell, nova needs to store and retrice that information about a user *somewhere* | 18:32 |
| smoser | in a per-az way. | 18:32 |
| harlowja | ya | 18:33 |
| smoser | i assumed that keystone would make sense, but if you tihnk something better , thats fine too. | 18:33 |
| harlowja | seems like keystone, although i don't know how much knowledge keystone has of nova azs | 18:33 |
| harlowja | i'd say bug the keystone guys :-P | 18:34 |
| harlowja | wonder if they have any input | 18:34 |
| === gondoi is now known as zz_gondoi | ||
| smoser | well, i'm assuming that i can get my own az | 18:35 |
| smoser | ie, the nova system would be able to know that of itself, and maintain it itself. | 18:36 |
| smoser | {'az1': {'subuid': [1,2,3], 'subgid', [5,6,7]}, 'az2': {...}} | 18:37 |
| harlowja | sure, nova i guess can have that | 18:38 |
| smoser | so is there some similar code that i could look at / base off of that needs to lock and update a keystone value ? | 18:47 |
| harlowja | hmmm | 18:51 |
| harlowja | not sure :-/ | 18:51 |
| smoser | thanks for reading, harlowja. | 19:23 |
| harlowja | :) | 19:23 |
| nvucinic | smoser: yes, but i am using it on centos 6, and still i cannot login even through console after cloud init | 20:33 |
| nvucinic | not ssh, console. | 20:34 |
| smoser | nvucinic, i'd need more info to debug. | 20:35 |
| smoser | you might try adding a backdoor user | 20:35 |
| smoser | logging in as hat user, and then watching it fail for root | 20:36 |
| smoser | theres a fair shot that https://code.launchpad.net/~smoser/+junk/backdoor-image | 20:36 |
| smoser | will allow you to backdoor an image vairly easiy | 20:36 |
| nvucinic | smoser: i can login as root with key | 20:39 |
| nvucinic | but first password that is setup on image before cloud init is not working anymore | 20:40 |
| nvucinic | i am using "golden template" for all instalation and cloud init for network configuration on first boot | 20:40 |
| nvucinic | so after cloud init gets initilized i cannot login with root password that setup on template | 20:41 |
| smoser | are you sure you could log in with password before ? | 20:41 |
| nvucinic | yup, 100% sure | 20:43 |
| nvucinic | after cloud init i can login only via ssh key | 20:43 |
| nvucinic | password for root fails at console and ssh | 20:43 |
| smoser | nvucinic, please file a bug. maybe harlowja can look at it . i dont have a setup access to centos that i could easily poke at. | 20:55 |
| smoser | i'm not sure what it would be doing that would lock root out. other than if you have 'user' to 'root' . | 20:55 |
| smoser | and lock_passwd for that. | 20:55 |
| nvucinic | i can paste your tommorow whole config | 20:59 |
| harlowja | nvucinic if u can get the logs, the config that would be great | 21:58 |
| harlowja | *cloud-init logs without secret stuff in them | 21:58 |
| harlowja | that'd help figure out whats happening | 21:58 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!