[rhos-list] SSH Key Injection not working.
Minton, Rich
rich.minton at lmco.com
Thu Mar 21 22:13:53 UTC 2013
I'm having a problem with injecting keys through the metadata service (actually nova-api). The keys are not being written to the authorized_keys file. Actually it doesn't look like they are available from the metadata api. When the instance is booting I get this error: "cc_ssh.py[WARNING]: applying credentials failed!"
This is the from api.log. Notice "404" when trying get the keys.
2013-03-21 17:54:58 16357 INFO nova.api.ec2 [-] 0.388398s 10.10.16.17 GET /latest/metadata/public-keys/0/openssh-key None:None 404 [curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2] text/plain text/html
2013-03-21 17:54:58 16357 INFO nova.metadata.wsgi.server [-] 10.10.16.17 - - [21/Mar/2013 17:54:58] "GET /latest/metadata/public-keys/0/openssh-key HTTP/1.1" 404 278 0.389426
I'm not running the metadata-api, only nova-api on each of three nodes. Nova.conf related to meta-data config is as follows:
Controller/Compute 1
enabled_apis = ec2,osapi_compute,metadata
metadata_host = 10.10.12.245
metadata_port = 8775
Compute 2
enabled_apis = ec2,osapi_compute,metadata
metadata_host = 10.10.12.246
metadata_port = 8775
Compute 3
enabled_apis = ec2,osapi_compute,metadata
metadata_host = 10.10.12.247
metadata_port = 8775
While logged into the VM, I can run http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key and the ssh key is returned. So I guess the metadata service is working properly. Do I need to have the .ssh directory and the authorized_keys file already in place and with the correct permissions?
Thanks,
Rick
Richard Minton
LMICC Systems Administrator
4000 Geerdes Blvd, 13D31
King of Prussia, PA 19406
Phone: 610-354-5482
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130321/6294f1db/attachment.htm>
More information about the rhos-list
mailing list