Niltze, Jimmy- No, I am not blaming the kernel nor GCE utilities, I *know* it is due to the SSL pass-phrase that apache2 prompts for.
I have guided myself by: < https://cloud.google.com/compute/docs/troubleshooting#ssherrors > and thus far I was able create a snapshot -- with which I imaged a disk -- that I mounted and modified under another Debian instance. Now I have this modified persistent disk that I want to use when I create another instance. My issue now is, how do I create another instance using this *existing* disk? By the way, spending much of the morning/afternoon examining the gcloud and gce commands, I don't think it is possible to completely shut down the vm -- only reset it (which is a reboot ;-) Best Professional Regards On Sun, Oct 19, 2014 at 4:00 PM, Jimmy Kaplowitz <[email protected]> wrote: > Hi Jose, > > You could certainly use our metadata server to provide the apache passphrase > at boot time, if you then integrate it with the apache startup process. I'm > not an expert on Apache's initialization procedure so I'll leave advice on > that to others. As far as I know, no code has been written yet to do that. > > The dist-upgrade was probably only relevant as your first reason to reboot > after making the change, I'd expect, nothing specific to the new kernel or > to GCE. > > However, I do have one bit of positive feature clarification to provide: > gcutil, gcloud, and our web UI do allow you to fully shut down an instance, > which will let you attach the disk to another instance. Just delete it while > preserving the boot disk (it's an option for all of those tools). This will > send a clean ACPI power down signal to the VM, giving it an approximate > maximum of 2 minutes before pulling the virtual power cord. > > Good luck, and glad you're trying GCE! > > - Jimmy > > On Oct 19, 2014 9:12 AM, "Jose R R" <[email protected]> wrote: >> >> Niltze, all- >> >> Well, doing my part in the security of the Web :p >> >> I run Apache web server in a GCE VM [different email account than this >> one] and decided to acquire an SSL certificate which I successfully >> installed under Debian Wheezy a few days ago. >> >> For added security, I pass-phrased-protected the SSL certificate so >> that when I restart the web server I need to input my pass phrase. >> >> I had no issues whatsoever until today that I did an: apt-get >> dist-upgrade for a newer kernel. Upon doing a reboot I found out that >> my port 22 is closed but my web server ports 80 and 443 are open. >> >> I used nmap to scan for my open ports as well as the tcping utility. >> >> Accordingly, I get the message connection refused whenever I use >> gcloud or ssh to attempt to log into my GCE instance. >> >> After using gcutil and gcloud to reset my GCE instance -- multiple >> times -- the outcome was the same. Accordingly I did: >> >> gcloud compute instances get-serial-port-output myInstance >> >> Below is the last message of the output that indicates that GCE Debian >> Wheezy instance needs the passphrase before proceeding further (and >> starting sshd): >> >> >> ---------------------------------------------------------------------------------------- >> ... >> Oct 19 07:53:51 myInstance acpid: 1 rule loaded >> Oct 19 07:53:51 myInstance acpid: waiting for events: event logging is off >> [....] Starting web server: apache2Apache/2.2.22 mod_ssl/2.2.22 (Pass >> Phrase Dialog) >> Some of your private key files are encrypted for security reasons. >> In order to read them you have to provide the pass phrases. >> >> Server myInstance.x.xyz-host.internal:443 (RSA) >> Enter pass phrase: >> >> -------------------------------------------------------------------------------------- >> >> I tried detaching the disk to subsequently mount onto another instance >> but the command fails with: >> >> -------------------------------------------------------------------------------- >> ERROR: (gcloud.compute.instances.detach-disk) There was a problem >> modifying the resource: >> - Hot-remove of the root disk is not supported. >> >> ------------------------------------------------------------------------------- >> >> Now, gcutil and gcloud utilities can reset (reboot) the instance but >> can not shut it down completely (that I'm aware) -- which would allow >> me to detach the disk. >> >> Is there a way to provide (as parameter) the passphrase that the web >> server requires to start apache2 and thus continue/complete the boot >> process to start ssh server so that port 22 will be opened? >> >> Best Professional Regards >> >> >> -- >> Jose R R >> http://www.metztli-it.com >> >> --------------------------------------------------------------------------------------------- >> NEW Apache OpenOffice 4.1.1! Download for GNU/Linux, Mac OS, Windows. >> >> --------------------------------------------------------------------------------------------- >> Daylight Saving Time in USA & Canada ends: Sunday, November 02, 2014 >> >> --------------------------------------------------------------------------------------------- >> >> >> -- >> To UNSUBSCRIBE, email to [email protected] >> with a subject of "unsubscribe". Trouble? Contact >> [email protected] >> Archive: >> https://lists.debian.org/CAM12Q5Ti_w8-GQ2LJbN1f9P-nzH1U_HRbmdEVOk=hu+azhi...@mail.gmail.com >> > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/cam12q5qanf5nhf_fxu+pjcl1umk0+oi0qaigzkezd_tt+qx...@mail.gmail.com
