| === harlowja is now known as harlowja_away | ||
| === ijw_ is now known as ijw | ||
| === harlowja_away is now known as harlowja | ||
| championofcyrodi | Hi guys. I'm running ubuntu 14.04 and everytime i reboot a nova instance using SSH i get: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!, where the ECDSA key is changed and i have to clean it from my known hosts file. Is there a way or document describing how to disable this ssh key injection so that it is always the same, or that it doesnt not change? | 19:42 |
|---|---|---|
| harlowja | i'd ask your cloud provider, they are likely the ones that are changing the keys around and doing injection | 19:47 |
| harlowja | or doing something else (probably isn't cloud-init doing this) | 19:47 |
| championofcyrodi | i'm running my own fuel+mantis cluster w/ openstack | 19:49 |
| championofcyrodi | (which i guess makes me the only cloud provider i can ask) | 19:50 |
| harmw | this isn't keyinjection, it's c-i resetting your ssh host keys. Isn't that configurable in c-i.conf? | 19:51 |
| championofcyrodi | I would think it is, but I'm not sure what the key/value pair is to configure. | 19:52 |
| harmw | you're just using the default config? | 19:52 |
| championofcyrodi | yea | 19:52 |
| harmw | hmk, well I doubt thats the problem then | 19:52 |
| harmw | did you check the logs? | 19:52 |
| championofcyrodi | i pass in my own user-data to install some packages. but that's it. | 19:52 |
| harmw | sounds fairly harmless :) | 19:52 |
| championofcyrodi | let me check the logs... | 19:53 |
| harmw | btw harlowja, my instance is only again after applying some hardcore raw sql :p | 19:55 |
| harlowja | hardcore sql | 19:55 |
| harlowja | sounds naughty | 19:55 |
| harlowja | lol | 19:55 |
| harmw | damn right | 19:55 |
| harlowja | *hardcore raw sql | 19:55 |
| harlowja | lol | 19:55 |
| championofcyrodi | maybe this? http://pastebin.com/zDYVkGnP | 19:56 |
| harmw | well there is the reason why you keep having to edit your known_hosts file | 19:57 |
| harmw | but what causes it (my guess, something in c-i.conf) | 19:57 |
| championofcyrodi | I see an 'ssh' module set in the init stage... | 19:58 |
| championofcyrodi | hmm this is frustrating. I am seeing a module named 'ssh_config' is performing the action(s) in the DEBUG logs from cloud-init.log. However, I'm not finding "c-i.conf" anywhere in this distro, nor am I finding anything matching the string "ssh_config" | 20:10 |
| championofcyrodi | only 'ssh', 'ssh-authkey-fingerprints', and 'ssh-import-id' | 20:11 |
| championofcyrodi | clear | 20:11 |
| championofcyrodi | oops | 20:11 |
| kwadronaut | well, the import-id is something you want to run only *once* per instance | 20:25 |
| championofcyrodi | i think i found it... | 20:40 |
| championofcyrodi | http://cloudinit.readthedocs.org/en/latest/topics/examples.html#configure-instances-ssh-keys | 20:40 |
| championofcyrodi | it looks like i'll need to define it in the #cloud-config, otherwise it's randomly generated everytime. | 20:40 |
| smoser | championofcyrodi, cloud-init will re-run the ssh key creation on 'per-instance' basis. | 20:59 |
| smoser | its not "every time". | 21:00 |
| championofcyrodi | so maybe the known key was just an issue for instances i terminated and re-created. | 21:00 |
| smoser | its every time it sees a new instance-id. | 21:00 |
| smoser | well, that would be very much by design :) | 21:00 |
| championofcyrodi | thanks for telling me that. is there a doc that describes the modules and when they are used? | 21:01 |
| championofcyrodi | i found this, which has been helpful: http://cloudinit.readthedocs.org/en/latest/topics/modules.html but the modules section is empty | 21:01 |
| smoser | http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt#L300 | 21:01 |
| smoser | then look at the ocnfig on your system (which cna be changed in user-data) in /etc/cloud/cloud.cfg and /etc/cloud/cloud.cfg.d/*.cfg | 21:02 |
| championofcyrodi | thank you!!! you have saved my bacon. | 21:03 |
| smoser | the dfeault frequency is 'per-instance'. | 21:03 |
| smoser | you can change that ifyou'd like. but generally you do not want ot have multiple systems with the same ssh host keys. | 21:03 |
| smoser | if you change it to 'once', it will write a file /var/lib/cloud/something-or-other/ssh.once | 21:04 |
| smoser | and if that file is still there, it will never run it again | 21:04 |
| harlowja | hmmm, need to work on that module.html doc | 21:22 |
| smoser | harlowja, 2.0 | 21:27 |
| harlowja | ya | 21:27 |
| smoser | think about how to do it well. | 21:27 |
| harlowja | lol | 21:27 |
| harlowja | hmmm | 21:27 |
| smoser | and then tell dumb people like smoser | 21:27 |
| harlowja | :-P | 21:32 |
| harlowja | smoser modules that have self-contained docs would be cool, then can use that in online docs :) | 21:36 |
| smoser | yeah, that is what i want. | 21:38 |
| smoser | config modules with python comment that describe them. | 21:38 |
| harlowja | >>> from cloudinit.config import cc_ssh | 21:38 |
| harlowja | >>> cc_ssh.__doc__ | 21:38 |
| smoser | yeah. | 21:38 |
| harlowja | put a module level comment/docstring and it can be found | 21:38 |
| harlowja | by magic! | 21:38 |
| harlowja | ha | 21:38 |
| harlowja | then sphinx can read that afaik | 21:38 |
| harlowja | doesn't seem so hard | 21:39 |
| harlowja | get er' done | 21:40 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!