On Tue, Feb 19, 2013 at 06:07:26PM +0900, Dave Cahill wrote:
> Hi,
>
> Working on CloudStack in development mode (using jetty to run the
> management server), I noticed that the Host's SSH keypairs and those in the
> system VM ISO easily get out of sync.
>
> After every database redeploy, the the management server generates a new
> SSH keypair because the "ssh.privatekey" and "ssh.publickey" configuration
> entries are gone from the database.
>
> Once these new keypairs are generated, the management server:
>
> * Writes the new keypair to disk on the management server node
> (~/.ssh/id_rsa)
> As an aside, this overwrites the user's existing SSH keys; we discussed
> this back in November [1], but didn't come to a conclusion
> * Writes the new keypair to the database ("ssh.privatekey" and
> "ssh.publickey" configuration entries)
> * Injects the new keypair into systemvm.iso on the management server
> * Overwrites /root/.ssh/id_rsa.cloud on the Host with the new keypair (via
> the agent on the Host)
Can you file a bug for both of these issues? They have come up a couple of
times, and should probably be addressed.
>
> In other words, it automatically overwrites the ssh keypair on the Host,
> but doesn't automatically overwrite systemvm.iso on the Host as far as I
> can see. This means the keypair and the systemvm ISO are out of sync on the
> Host, and sshing into system vms using /root/,ssh/id_rsa.cloud doesn't work.
>
> To get around this, I scp the new systemvm.iso across to the Host after
> redeploying the database and starting the management server for the first
> time, and before setting up the Host on the management server side.
>
> Is there a better way?
>
> Thanks,
> Dave.
>
> [1] [DISCUSS] SSH keys overwritten for user running management server
> http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201211.mbox/%3ccalytfwzeb8uukq--tzgcqpcsz_eaobik+vtmll0zd17+w0q...@mail.gmail.com%3E
