Hi,
Working on CloudStack in development mode (using jetty to run the
management server), I noticed that the Host's SSH keypairs and those in the
system VM ISO easily get out of sync.
After every database redeploy, the the management server generates a new
SSH keypair because the "ssh.privatekey" and "ssh.publickey" configuration
entries are gone from the database.
Once these new keypairs are generated, the management server:
* Writes the new keypair to disk on the management server node
(~/.ssh/id_rsa)
As an aside, this overwrites the user's existing SSH keys; we discussed
this back in November [1], but didn't come to a conclusion
* Writes the new keypair to the database ("ssh.privatekey" and
"ssh.publickey" configuration entries)
* Injects the new keypair into systemvm.iso on the management server
* Overwrites /root/.ssh/id_rsa.cloud on the Host with the new keypair (via
the agent on the Host)
In other words, it automatically overwrites the ssh keypair on the Host,
but doesn't automatically overwrite systemvm.iso on the Host as far as I
can see. This means the keypair and the systemvm ISO are out of sync on the
Host, and sshing into system vms using /root/,ssh/id_rsa.cloud doesn't work.
To get around this, I scp the new systemvm.iso across to the Host after
redeploying the database and starting the management server for the first
time, and before setting up the Host on the management server side.
Is there a better way?
Thanks,
Dave.
[1] [DISCUSS] SSH keys overwritten for user running management server
http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201211.mbox/%3ccalytfwzeb8uukq--tzgcqpcsz_eaobik+vtmll0zd17+w0q...@mail.gmail.com%3E
