You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@stratos.apache.org by "Michiel Blokzijl (mblokzij)" <mb...@cisco.com> on 2014/11/09 22:39:40 UTC

vcloud: metadata injection via ssh vs via guest customisation script

Hi people,

First of all, I’m not sure if this is a Stratos or a jclouds issue, I haven’t been able to nail down the area of the code to be absolutely sure.

It looks like on vCloud, Stratos/jclouds “injects" the metadata by ssh-ing into freshly spun up cartridges, using the root username and the vcloud-autogenerated password. This seems to require that the root username doesn’t have a password on bootup (sudo passwd -d root), and that password-based authentication is enabled in /etc/ssh/sshd_config.

This is an issue for us, since we need to orchestrate some VMs that we can’t ssh into, at least not from the node that Stratos runs on (running the cartridge agent later on isn’t an issue).

I heard that in the past this wasn’t the case, and that the metadata was passed in via the guest customisation script.

Q0: Is this a Stratos or a jclouds issue? If it’s a jclouds issue I’ll take this up with their mailers.

Q1: Is it true, that in the past the metadata was injected in via the guest customisation script? If so, what motivated that change?

Q2: Can anyone point me at the relevant area of the code, and maybe even at what the old code used to look like?

Thanks and best regards,

Michiel

Re: vcloud: metadata injection via ssh vs via guest customisation script

Posted by Udara Liyanage <ud...@wso2.com>.

Hi,

Great, please update with your finding then we can patch Stratos.



Touched, not typed. Erroneous words are a feature, not a typo.
On Nov 12, 2014 4:47 AM, "Michiel Blokzijl (mblokzij)" <mb...@cisco.com>
wrote:

> Hi,
>
> Your suggested change seems to work.
>
> I now get the following code in the guest customisation script, when I
> look it up in the vcloud GUI:
>
> #!/bin/sh
> mkdir -p /tmp/payload
> echo “SERVICE_NAME=foo,HOST_NAME=<...snip...>,MIN_COUNT=1" >
> /tmp/payload/launch-params
> /root/bin/init-vcloud.sh > /tmp/puppet_log
>
> Somehow, in my cartridge, the /tmp/payload directory was missing, despite
> this script sitting on the VM. I need to debug that a bit more, hopefully
> it’s just an issue with my setup. I’ll report back when I know more.
>
> Thanks and best regards,
>
> Michiel
>
>
> On 10 Nov 2014, at 14:36, Michiel Blokzijl (mblokzij) <mb...@cisco.com>
> wrote:
>
> Sure, I’ll look into it. I’ll let you know how it goes.
>
> Thanks for all the help!
>
> Michiel
>
> On 10 Nov 2014, at 07:02, Udara Liyanage <ud...@wso2.com> wrote:
>
> Hi Michel,
>
> Could you try with the proposed change and try again.
>
> On Mon, Nov 10, 2014 at 12:22 PM, Isuru Perera <is...@wso2.com> wrote:
>
>> Hi Udara,
>>
>> As you mentioned, we should be using the API for the customization script.
>>
>> I missed this API when implementing the support for passing payload.
>>
>> Shall we change the code and test?
>>
>> Michiel, As I know, from the beginning, we have been passing the payload
>> from a script. As Udara found out, we have actually implemented it using
>> the runScript option, rather than using the customizationScript API.
>>
>> We must fix that in VCloudIaas.java
>> <https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java>
>>
>> I hope that in this way, we can avoid the ssh session with the VM.
>>
>> Thanks!
>>
>> Best Regards,
>>
>> On Mon, Nov 10, 2014 at 11:58 AM, Udara Liyanage <ud...@wso2.com> wrote:
>>
>>> Hi Isuru, Nirmal,
>>>
>>> I have have doubt whether we are really using the customization script.
>>> Currently code call the runScript() as below.
>>>
>>> template.getOptions().runScript(customizationScript);
>>>
>>> Aren't we executing as a script as Michel mentioned ?
>>>
>>> Isn't below is the correct way of doing?
>>>      template.getOptions().as(VCloudTemplateOptions.class).
>>> customizationScript(customizationScript);
>>>
>>>
>>> On Mon, Nov 10, 2014 at 8:46 AM, Udara Liyanage <ud...@wso2.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> Yes metadata is passed via guest customization script from Stratos
>>>> side. However Jclouds execute the customization script using ssh.
>>>>
>>>> Please refer to setDynamicPayload() of [1] for implementation
>>>>
>>>> [1]
>>>> https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java
>>>>
>>>>
>>>> Touched, not typed. Erroneous words are a feature, not a typo.
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Udara Liyanage
>>> Software Engineer
>>> WSO2, Inc.: http://wso2.com
>>> lean. enterprise. middleware
>>>
>>> web: http://udaraliyanage.wordpress.com
>>> phone: +94 71 443 6897
>>>
>>
>>
>>
>> --
>> Isuru Perera
>> Senior Software Engineer | WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> about.me/chrishantha
>>
>
>
>
> --
>
> Udara Liyanage
> Software Engineer
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
>
> web: http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897
>
>
>
>

Re: vcloud: metadata injection via ssh vs via guest customisation script

Posted by "Michiel Blokzijl (mblokzij)" <mb...@cisco.com>.

Hi,

Your suggested change seems to work.

I now get the following code in the guest customisation script, when I look it up in the vcloud GUI:

#!/bin/sh
mkdir -p /tmp/payload
echo “SERVICE_NAME=foo,HOST_NAME=<...snip...>,MIN_COUNT=1" > /tmp/payload/launch-params
/root/bin/init-vcloud.sh > /tmp/puppet_log

Somehow, in my cartridge, the /tmp/payload directory was missing, despite this script sitting on the VM. I need to debug that a bit more, hopefully it’s just an issue with my setup. I’ll report back when I know more.

Thanks and best regards,

Michiel


On 10 Nov 2014, at 14:36, Michiel Blokzijl (mblokzij) <mb...@cisco.com> wrote:

> Sure, I’ll look into it. I’ll let you know how it goes.
> 
> Thanks for all the help!
> 
> Michiel
> 
> On 10 Nov 2014, at 07:02, Udara Liyanage <ud...@wso2.com> wrote:
> 
>> Hi Michel,
>> 
>> Could you try with the proposed change and try again.
>> 
>> On Mon, Nov 10, 2014 at 12:22 PM, Isuru Perera <is...@wso2.com> wrote:
>> Hi Udara,
>> 
>> As you mentioned, we should be using the API for the customization script.
>> 
>> I missed this API when implementing the support for passing payload.
>> 
>> Shall we change the code and test?
>> 
>> Michiel, As I know, from the beginning, we have been passing the payload from a script. As Udara found out, we have actually implemented it using the runScript option, rather than using the customizationScript API.
>> 
>> We must fix that in VCloudIaas.java
>> 
>> I hope that in this way, we can avoid the ssh session with the VM.
>> 
>> Thanks!
>> 
>> Best Regards,
>> 
>> On Mon, Nov 10, 2014 at 11:58 AM, Udara Liyanage <ud...@wso2.com> wrote:
>> Hi Isuru, Nirmal,
>> 
>> I have have doubt whether we are really using the customization script. Currently code call the runScript() as below.
>> 
>> template.getOptions().runScript(customizationScript);
>> 
>> Aren't we executing as a script as Michel mentioned ?
>> 
>> Isn't below is the correct way of doing?
>>      template.getOptions().as(VCloudTemplateOptions.class).customizationScript(customizationScript);
>> 
>> 
>> On Mon, Nov 10, 2014 at 8:46 AM, Udara Liyanage <ud...@wso2.com> wrote:
>> Hi,
>> 
>> Yes metadata is passed via guest customization script from Stratos side. However Jclouds execute the customization script using ssh.
>> 
>> Please refer to setDynamicPayload() of [1] for implementation
>> 
>> [1] https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java
>> 
>> 
>> 
>> Touched, not typed. Erroneous words are a feature, not a typo.
>> 
>> 
>> 
>> 
>> -- 
>> 
>> Udara Liyanage
>> Software Engineer
>> WSO2, Inc.: http://wso2.com
>> lean. enterprise. middleware
>> 
>> web: http://udaraliyanage.wordpress.com
>> phone: +94 71 443 6897
>> 
>> 
>> 
>> -- 
>> Isuru Perera
>> Senior Software Engineer | WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>> 
>> about.me/chrishantha
>> 
>> 
>> 
>> -- 
>> 
>> Udara Liyanage
>> Software Engineer
>> WSO2, Inc.: http://wso2.com
>> lean. enterprise. middleware
>> 
>> web: http://udaraliyanage.wordpress.com
>> phone: +94 71 443 6897
>

Re: vcloud: metadata injection via ssh vs via guest customisation script

Posted by "Michiel Blokzijl (mblokzij)" <mb...@cisco.com>.

Sure, I’ll look into it. I’ll let you know how it goes.

Thanks for all the help!

Michiel

On 10 Nov 2014, at 07:02, Udara Liyanage <ud...@wso2.com> wrote:

> Hi Michel,
> 
> Could you try with the proposed change and try again.
> 
> On Mon, Nov 10, 2014 at 12:22 PM, Isuru Perera <is...@wso2.com> wrote:
> Hi Udara,
> 
> As you mentioned, we should be using the API for the customization script.
> 
> I missed this API when implementing the support for passing payload.
> 
> Shall we change the code and test?
> 
> Michiel, As I know, from the beginning, we have been passing the payload from a script. As Udara found out, we have actually implemented it using the runScript option, rather than using the customizationScript API.
> 
> We must fix that in VCloudIaas.java
> 
> I hope that in this way, we can avoid the ssh session with the VM.
> 
> Thanks!
> 
> Best Regards,
> 
> On Mon, Nov 10, 2014 at 11:58 AM, Udara Liyanage <ud...@wso2.com> wrote:
> Hi Isuru, Nirmal,
> 
> I have have doubt whether we are really using the customization script. Currently code call the runScript() as below.
> 
> template.getOptions().runScript(customizationScript);
> 
> Aren't we executing as a script as Michel mentioned ?
> 
> Isn't below is the correct way of doing?
>      template.getOptions().as(VCloudTemplateOptions.class).customizationScript(customizationScript);
> 
> 
> On Mon, Nov 10, 2014 at 8:46 AM, Udara Liyanage <ud...@wso2.com> wrote:
> Hi,
> 
> Yes metadata is passed via guest customization script from Stratos side. However Jclouds execute the customization script using ssh.
> 
> Please refer to setDynamicPayload() of [1] for implementation
> 
> [1] https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java
> 
> 
> 
> Touched, not typed. Erroneous words are a feature, not a typo.
> 
> 
> 
> 
> -- 
> 
> Udara Liyanage
> Software Engineer
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
> 
> web: http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897
> 
> 
> 
> -- 
> Isuru Perera
> Senior Software Engineer | WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
> 
> about.me/chrishantha
> 
> 
> 
> -- 
> 
> Udara Liyanage
> Software Engineer
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
> 
> web: http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897

Re: vcloud: metadata injection via ssh vs via guest customisation script

Posted by Udara Liyanage <ud...@wso2.com>.

Hi Michel,

Could you try with the proposed change and try again.

On Mon, Nov 10, 2014 at 12:22 PM, Isuru Perera <is...@wso2.com> wrote:

> Hi Udara,
>
> As you mentioned, we should be using the API for the customization script.
>
> I missed this API when implementing the support for passing payload.
>
> Shall we change the code and test?
>
> Michiel, As I know, from the beginning, we have been passing the payload
> from a script. As Udara found out, we have actually implemented it using
> the runScript option, rather than using the customizationScript API.
>
> We must fix that in VCloudIaas.java
> <https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java>
>
> I hope that in this way, we can avoid the ssh session with the VM.
>
> Thanks!
>
> Best Regards,
>
> On Mon, Nov 10, 2014 at 11:58 AM, Udara Liyanage <ud...@wso2.com> wrote:
>
>> Hi Isuru, Nirmal,
>>
>> I have have doubt whether we are really using the customization script.
>> Currently code call the runScript() as below.
>>
>> template.getOptions().runScript(customizationScript);
>>
>> Aren't we executing as a script as Michel mentioned ?
>>
>> Isn't below is the correct way of doing?
>>      template.getOptions().as(VCloudTemplateOptions.class).
>> customizationScript(customizationScript);
>>
>>
>> On Mon, Nov 10, 2014 at 8:46 AM, Udara Liyanage <ud...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> Yes metadata is passed via guest customization script from Stratos side.
>>> However Jclouds execute the customization script using ssh.
>>>
>>> Please refer to setDynamicPayload() of [1] for implementation
>>>
>>> [1]
>>> https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java
>>>
>>>
>>> Touched, not typed. Erroneous words are a feature, not a typo.
>>>
>>
>>
>>
>> --
>>
>> Udara Liyanage
>> Software Engineer
>> WSO2, Inc.: http://wso2.com
>> lean. enterprise. middleware
>>
>> web: http://udaraliyanage.wordpress.com
>> phone: +94 71 443 6897
>>
>
>
>
> --
> Isuru Perera
> Senior Software Engineer | WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> about.me/chrishantha
>



-- 

Udara Liyanage
Software Engineer
WSO2, Inc.: http://wso2.com
lean. enterprise. middleware

web: http://udaraliyanage.wordpress.com
phone: +94 71 443 6897

Re: vcloud: metadata injection via ssh vs via guest customisation script

Posted by Isuru Perera <is...@wso2.com>.

Hi Udara,

As you mentioned, we should be using the API for the customization script.

I missed this API when implementing the support for passing payload.

Shall we change the code and test?

Michiel, As I know, from the beginning, we have been passing the payload
from a script. As Udara found out, we have actually implemented it using
the runScript option, rather than using the customizationScript API.

We must fix that in VCloudIaas.java
<https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java>

I hope that in this way, we can avoid the ssh session with the VM.

Thanks!

Best Regards,

On Mon, Nov 10, 2014 at 11:58 AM, Udara Liyanage <ud...@wso2.com> wrote:

> Hi Isuru, Nirmal,
>
> I have have doubt whether we are really using the customization script.
> Currently code call the runScript() as below.
>
> template.getOptions().runScript(customizationScript);
>
> Aren't we executing as a script as Michel mentioned ?
>
> Isn't below is the correct way of doing?
>      template.getOptions().as(VCloudTemplateOptions.class).
> customizationScript(customizationScript);
>
>
> On Mon, Nov 10, 2014 at 8:46 AM, Udara Liyanage <ud...@wso2.com> wrote:
>
>> Hi,
>>
>> Yes metadata is passed via guest customization script from Stratos side.
>> However Jclouds execute the customization script using ssh.
>>
>> Please refer to setDynamicPayload() of [1] for implementation
>>
>> [1]
>> https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java
>>
>>
>> Touched, not typed. Erroneous words are a feature, not a typo.
>>
>
>
>
> --
>
> Udara Liyanage
> Software Engineer
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
>
> web: http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897
>



-- 
Isuru Perera
Senior Software Engineer | WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

about.me/chrishantha

Re: vcloud: metadata injection via ssh vs via guest customisation script

Posted by Udara Liyanage <ud...@wso2.com>.

Hi Isuru, Nirmal,

I have have doubt whether we are really using the customization script.
Currently code call the runScript() as below.

template.getOptions().runScript(customizationScript);

Aren't we executing as a script as Michel mentioned ?

Isn't below is the correct way of doing?
     template.getOptions().as(VCloudTemplateOptions.class).
customizationScript(customizationScript);


On Mon, Nov 10, 2014 at 8:46 AM, Udara Liyanage <ud...@wso2.com> wrote:

> Hi,
>
> Yes metadata is passed via guest customization script from Stratos side.
> However Jclouds execute the customization script using ssh.
>
> Please refer to setDynamicPayload() of [1] for implementation
>
> [1]
> https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java
>
>
> Touched, not typed. Erroneous words are a feature, not a typo.
>



-- 

Udara Liyanage
Software Engineer
WSO2, Inc.: http://wso2.com
lean. enterprise. middleware

web: http://udaraliyanage.wordpress.com
phone: +94 71 443 6897

Re: vcloud: metadata injection via ssh vs via guest customisation script

Posted by Udara Liyanage <ud...@wso2.com>.

Hi,

Yes metadata is passed via guest customization script from Stratos side.
However Jclouds execute the customization script using ssh.

Please refer to setDynamicPayload() of [1] for implementation

[1]
https://github.com/apache/stratos/blob/master/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/iaases/VCloudIaas.java


Touched, not typed. Erroneous words are a feature, not a typo.