[dev] give priority to ssh keys on libcloud ssh while deploying nodes

[Markos Gogoulos <mg...@mist.io>]

 

We've run into this issue while creating nodes for HP Cloud
(OpenStack). While the nodes were successfully being created, deploy
node would fail, with an error "Bad authentication type
(allowed_types=['publickey'])". After digging more into this, it turns
that libcloud ssh (libcloud/compute/ssh.py) tries to ssh with password,
despite the fact that we specify ssh key on deploy_node.


libcloud/compute/ssh.py 

 def connect(self):
 ...

 if
self.password:
 conninfo['password'] = self.password
 elif self.key:

conninfo['key_filename'] = self.key
 else:
 conninfo['allow_agent'] =
True
 conninfo['look_for_keys'] = True

So seems that passwords have a
priority. I'd like to know if there's a reason for this, because we had
to change it and give priority to keys (HP Cloud does not allow
passwords, so it fails to connect and deploy the node). After we change
the above code and allow it to try with ssh keys, deploy node completes
without issues! 

Cheers 
 

Re: [dev] give priority to ssh keys on libcloud ssh while deploying nodes

[Markos Gogoulos <mg...@mist.io>]

 

Hi sebgoa and thanks for replying! 

I initialize nodes in HP Cloud
by specifying both ex_keyname and ssh_key. The created node contains
password on node.extra and this is tried first while establishing ssh
connection, as you can see on connect() function of ParamikoSSHClient
(libcloud/compute/ssh.py). 

Cheers 

Στις 03.12.2013 18:53, sebgoa
έγραψε: 

> On Dec 3, 2013, at 5:40 PM, Markos Gogoulos
<mg...@mist.io> wrote:
> 
>> We've run into this issue while
creating nodes for HP Cloud (OpenStack). While the nodes were
successfully being created, deploy node would fail, with an error "Bad
authentication type (allowed_types=['publickey'])". After digging more
into this, it turns that libcloud ssh (libcloud/compute/ssh.py) tries to
ssh with password, despite the fact that we specify ssh key on
deploy_node.
> 
> I don't know about the openstack driver but I believe
it should work fine.
> 
> With the cloudstack driver I deploy node that
use ssh keys (no password) like this:
> 
>
node=conn.deploy_node(name='test000',image=image,size=size,ssh_key="~/.ssh/id_rsa_",ex_keyname='exoscale',deploy=msd)
>

> so you need to set the keypair with ex_keyname (I think it's the
same in OS).
> but also set the ssh_key path, otherwise it will try to
use the password…
> 
> just 2 cents
> 
>> libcloud/compute/ssh.py def
connect(self): ... if self.password: conninfo['password'] =
self.password elif self.key: conninfo['key_filename'] = self.key else:
conninfo['allow_agent'] = True conninfo['look_for_keys'] = True So seems
that passwords have a priority. I'd like to know if there's a reason for
this, because we had to change it and give priority to keys (HP Cloud
does not allow passwords, so it fails to connect and deploy the node).
After we change the above code and allow it to try with ssh keys, deploy
node completes without issues! Cheers

 

Re: [dev] give priority to ssh keys on libcloud ssh while deploying nodes

[sebgoa <ru...@gmail.com>]

On Dec 3, 2013, at 5:40 PM, Markos Gogoulos <mg...@mist.io> wrote:

> 
> 
> We've run into this issue while creating nodes for HP Cloud
> (OpenStack). While the nodes were successfully being created, deploy
> node would fail, with an error "Bad authentication type
> (allowed_types=['publickey'])". After digging more into this, it turns
> that libcloud ssh (libcloud/compute/ssh.py) tries to ssh with password,
> despite the fact that we specify ssh key on deploy_node.

I don't know about the openstack driver but I believe it should work fine.

With the cloudstack driver I deploy node that use ssh keys (no password) like this:

node=conn.deploy_node(name='test000',image=image,size=size,ssh_key="~/.ssh/id_rsa_",ex_keyname='exoscale',deploy=msd)

so you need to set the keypair with ex_keyname (I think it's the same in OS).
but also set the ssh_key path, otherwise it will try to use the password…

just 2 cents

> 
> 
> libcloud/compute/ssh.py 
> 
> def connect(self):
> ...
> 
> if
> self.password:
> conninfo['password'] = self.password
> elif self.key:
> 
> conninfo['key_filename'] = self.key
> else:
> conninfo['allow_agent'] =
> True
> conninfo['look_for_keys'] = True
> 
> So seems that passwords have a
> priority. I'd like to know if there's a reason for this, because we had
> to change it and give priority to keys (HP Cloud does not allow
> passwords, so it fails to connect and deploy the node). After we change
> the above code and allow it to try with ssh keys, deploy node completes
> without issues! 
> 
> Cheers