aissen | I reported an issue with ubuntu cloud-images arm64 first boot taking a long time a few weeks (months?) ago. I finally took the time to open a ticket and provide a reproducer: https://bugs.launchpad.net/cloud-images/+bug/1846355 | 14:58 |
---|---|---|
ubot5 | Launchpad bug 1846355 in cloud-images "cloud-init very slow to set password on arm64 cloud image" [Undecided,New] | 14:59 |
Odd_Bloke | aissen: Thanks for the bug report! Unfortunately, I think you are being bitten by snapd.seeded being very slow. | 16:23 |
Odd_Bloke | There are some snapd changes in the works to make that less painful, which _are_ targetted to land in eoan. | 16:23 |
Odd_Bloke | That said, it's pretty close to eoan release day, so they may not make it in quite in time. | 16:24 |
Odd_Bloke | (AIUI, they will be backported to stable releases once they're in, so missing release day isn't quite as bad as it is for most software in the archive.) | 16:24 |
aissen | Odd_Bloke: it might be indeed. Is there a bug report for this specific issue ? | 16:26 |
aissen | is there a specific reason why cloud-init password setting depends on snap.seeded (but not ssh key setup for example) ? | 16:27 |
aissen | the hostname is also setup relatively early. | 16:27 |
Odd_Bloke | aissen: With reference to https://cloudinit.readthedocs.io/en/latest/topics/boot.html, the SSH keys are put in place in the "Network" phase, and passwords are set in the "Config" phase. | 16:33 |
Odd_Bloke | I'm not 100% sure why passwords are set in that later phase. | 16:33 |
aissen | maybe something in the config phase installs snaps ? (seems weird, but maybe people put arbitrary commands that install snaps ?) | 16:34 |
Odd_Bloke | snapd.seeded.service is installing pre-seeded snaps into the system. | 16:35 |
Odd_Bloke | So, for example, lxd gets installed by it. | 16:35 |
Odd_Bloke | runcmd runs in the Config phase, so we need to be sure that all the system software is in place before that happens. | 16:36 |
Odd_Bloke | So it has to block on snapd.seeded.service. | 16:36 |
aissen | that's interesting, thanks. | 16:59 |
Moo464 | Good evening, sir,does anyone like to answer a question about importing SSH keys? | 20:05 |
Moo464 | I'm having trouble usind Cloud Init | 20:05 |
Odd_Bloke | Moo464: o/ It's best to post what your problem is, then anyone coming along can help you out. :) | 20:06 |
Moo464 | Okay.My problem is this. I want to set up a cloud server at Hetzner. It should receive a previously generated key pair. With this key pair the server should be able to make a git clone via ssh. With GitHub I have already deposited the public key. Nevertheless, the server does not have authorization.I have entered the following:> | 20:12 |
Moo464 | ssh_keys: rsa_private: | -----BEGIN RSA PRIVATE KEY----- MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qcon2LZS/x 1cydPZ4pQpfjEha6WxZ6o8ci/Ea/w0n+0HGPwaxlEG2Z9inNtj3pgFrYcRztfECb 1j6HCibZbAzYtwIBIwJgO8h72WjcmvcpZ8OvHSvTwAguO2TkR6mPgHsgSaKy6GJo PUJnaZRWuba/HX0KGyhz19nPzLpzG5f0fYahlMJAyc13FV7K6kMBPXTRR6FxgHEg | 20:12 |
Moo464 | L0MPC7cdqAwOVNcPY6A7AjEA1bNaIjOzFN2sfZX0j7OMhQuc4zP7r80zaGc5oy6W p58hRAncFKEvnEq2CeL3vtuZAjEAwNBHpbNsBYTRPCHM7rZuG/iBtwp8Rxhc9I5w ixvzMgi+HpGLWzUIBS+P/XhekIjPAjA285rVmEP+DR255Ls65QbgYhJmTzIXQ2T9 luLvcmFBC6l35Uc4gTgg4ALsmXLn71MCMGMpSWspEvuGInayTCL+vEjmNBT+FAdO W7D4zCpI43jRS9U06JVOeSc9CDk2lwiA3wIwCTB/6uc8Cq85D9YqpM10FuHjKpnP | 20:12 |
Moo464 | REPPOyrAspdeOAV+6VKRavstea7+2DZmSUgE -----END RSA PRIVATE KEY----- rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVW7aJX1ByifYtlL/HVzJ09nilCl+MSFrpbFnqjxyL8Rr/DSf7QcY/BrGUQbZn2Kc22PemAWthxHO18QJvWPocKJtlsDNi3 smoser@localhost | 20:12 |
Moo464 | It seems as if the server does not insert the key pair | 20:13 |
Odd_Bloke | Moo464: Umm, I hope that you aren't too attached to that particular key, because it's now logged in everyone's IRC clients and online. | 20:18 |
Moo464 | Yeah those are Dummy keys | 20:19 |
Odd_Bloke | OK, phew. | 20:19 |
Odd_Bloke | Moo464: ssh_keys is used to configure the SSH _host_ keys. You're probably looking for ssh_authorized_keys instead. | 20:20 |
Odd_Bloke | This is not entirely obvious in the docs, but the example at the bottom of https://cloudinit.readthedocs.io/en/latest/topics/modules.html#ssh is instructive. | 20:20 |
Moo464 | Thank you. So there a two lines with - ssh-rsa AAAAB3Nza[...] Which one is the Public Key and which one the private? | 20:22 |
Moo464 | If I am not totally wrong I have to enter something like this: | 20:23 |
Moo464 | ssh_authorized_keys: - ssh-rsa PRIVAT KEY - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3I7VUf2l5gSn5uavROsc5HRDpZ ... | 20:23 |
Moo464 | and the other one is the Public key | 20:23 |
Odd_Bloke | Moo464: The private key is private; you keep that locally. | 20:26 |
Odd_Bloke | Moo464: You only need to include the public key in the ssh_authorized_keys list. | 20:26 |
Moo464 | I know but in order to use git clone SSH I need to transfer the private key as well, dont I? | 20:27 |
Moo464 | Otherwise I would transfer the public key to the server and also to GitHub, but then GitHub could not verify that I am allowed to make changes | 20:28 |
Odd_Bloke | Moo464: Oh, I see what you mean. | 20:29 |
Moo464 | Sorry, I am not that good in writing english :D | 20:30 |
Odd_Bloke | Hey, we got there. :) | 20:30 |
Odd_Bloke | cloud-init doesn't provide a way to put private keys in-place for users, because it's a relatively uncommon operation. | 20:30 |
Moo464 | Oh okay, now I see | 20:30 |
Moo464 | I misunderstood the Docs | 20:30 |
Odd_Bloke | Yeah, they are definitely confusing. | 20:31 |
Odd_Bloke | Most people will approach them assuming they're talking about _user_ keys. | 20:31 |
Odd_Bloke | Let me file/find an issue about that. | 20:31 |
Moo464 | So there is no way to deposit a key during the creation? | 20:32 |
Odd_Bloke | https://bugs.launchpad.net/cloud-init/+bug/1827021 <-- there we go, I knew I'd seen one before | 20:32 |
ubot5 | Launchpad bug 1827021 in cloud-init "SSH Documentation should mention "Host Key"" [Medium,Triaged] | 20:32 |
Moo464 | Good to know I am not the only one | 20:32 |
Odd_Bloke | Moo464: If you know the name of your default user, you could use write_files. | 20:32 |
Moo464 | Great idea. I'm going to try this. Thank you very very much! | 20:35 |
Odd_Bloke | Happy I could help! | 20:37 |
=== rezroo1 is now known as rezroo |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!