Issue #8348 has been updated by Jeff McCune.
# Further information #
After further investigation, there does not appear to be a clean API call to
get the SSH host key's fingerprint.
Pieter's work is the best course of action. We're currently scraping the
console output hoping the SSH host key fingerprint is printed there.
However, not all AMI's appear to print this information into the console.
Please see the example output below for additional information about "bad"
AMI's we need to deal with.
The course of action is to clearly document what the fingerprint action is
trying to do and why it's not as robust as we'd like. We'll then make a best
effort to obtain the key fingerprint in a secure manner.
# Example bad AMI #
This is ami `RightImage_CentOS_5.4_i386_v5.5.9_EBS (ami-2342a94a)`
<pre>
Linux version 2.6.21.7-2.fc8xen ([email protected])
(gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Feb 15 12:39:36 EST
2008
BIOS-provided physical RAM map:
sanitize start
sanitize bail 0
copy_e820_map() start: 0000000000000000 size: 0000000026f00000 end:
0000000026f00000 type: 1
Xen: 0000000000000000 - 0000000026f00000 (usable)
0MB HIGHMEM available.
623MB LOWMEM available.
NX (Execute Disable) protection: active
Zone PFN ranges:
DMA 0 -> 159488
Normal 159488 -> 159488
HighMem 159488 -> 159488
early_node_map[1] active PFN ranges
0: 0 -> 159488
ACPI in unprivileged domain disabled
Detected 2666.763 MHz processor.
Built 1 zonelists. Total pages: 158242
Kernel command line: root=/dev/sda1 ro 4
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
CPU 0 irqstacks, hard=c136c000 soft=c134c000
PID hash table entries: 4096 (order: 12, 16384 bytes)
Xen reported: 2666.666 MHz processor.
Console: colour dummy device 80x25
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Software IO TLB disabled
vmalloc area: e7800000-f4ffe000, maxmem 2d7fe000
Memory: 610944k/637952k available (2071k kernel code, 18656k reserved, 1080k
data, 188k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xf5315000 - 0xf57fe000 (5028 kB)
pkmap : 0xf5000000 - 0xf5200000 (2048 kB)
vmalloc : 0xe7800000 - 0xf4ffe000 ( 215 MB)
lowmem : 0xc0000000 - 0xe6f00000 ( 623 MB)
.init : 0xc1319000 - 0xc1348000 ( 188 kB)
.data : 0xc1205e6e - 0xc1313fd4 (1080 kB)
.text : 0xc1000000 - 0xc1205e6e (2071 kB)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay using timer specific routine.. 5340.96 BogoMIPS (lpj=10681921)
Security Framework v1.0.0 initialized
SELinux: Initializing.
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 512
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 6144K
Checking 'hlt' instruction... OK.
SMP alternatives: switching to UP code
Freeing SMP alternatives: 13k freed
Brought up 1 CPUs
NET: Registered protocol family 16
Brought up 1 CPUs
PCI: Fatal: No config space access function found
PCI: setting up Xen PCI frontend stub
Setting up standard PCI resources
ACPI: Interpreter disabled.
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI: disabled
xen_mem: Initialising balloon driver.
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
PCI: System does not support PCI
PCI: System does not support PCI
NetLabel: Initializing
NetLabel: domain hash size = 128
NetLabel: protocols = UNLABELED CIPSOv4
NetLabel: unlabeled traffic allowed by default
NET: Registered protocol family 2
IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
TCP established hash table entries: 131072 (order: 8, 1572864 bytes)
TCP bind hash table entries: 65536 (order: 7, 524288 bytes)
TCP: Hash tables configured (established 131072 bind 65536)
TCP reno registered
checking if image is initramfs... it is
Freeing initrd memory: 6776k freed
audit: initializing netlink socket (disabled)
audit(1310422368.781:1): initialized
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
ksign: Installing public key data
Loading keyring
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
rtc: IRQ 8 is not free.
Non-volatile memory driver v1.2
Linux agpgart interface v0.102 (c) Dave Jones
RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize
input: Macintosh mouse button emulation as /class/input/input0
Xen virtual console successfully installed as xvc0
Linux version 2.6.21.7-2.fc8xen ([email protected]) (gcc
version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Feb 15 12:39:36 EST 2008
BIOS-provided physical RAM map:
sanitize start
sanitize bail 0
copy_e820_map() start: 0000000000000000 size: 0000000026f00000 end:
0000000026f00000 type: 1
Xen: 0000000000000000 - 0000000026f00000 (usable)
0MB HIGHMEM available.
623MB LOWMEM available.
NX (Execute Disable) protection: active
Zone PFN ranges:
DMA 0 -> 159488
Normal 159488 -> 159488
HighMem 159488 -> 159488
early_node_map[1] active PFN ranges
0: 0 -> 159488
ACPI in unprivileged domain disabled
Detected 2666.763 MHz processor.
Built 1 zonelists. Total pages: 158242
Kernel command line: root=/dev/sda1 ro 4
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
CPU 0 irqstacks, hard=c136c000 soft=c134c000
PID hash table entries: 4096 (order: 12, 16384 bytes)
Xen reported: 2666.666 MHz processor.
Console: colour dummy device 80x25
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Software IO TLB disabled
vmalloc area: e7800000-f4ffe000, maxmem 2d7fe000
Memory: 610944k/637952k available (2071k kernel code, 18656k reserved, 1080k
data, 188k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xf5315000 - 0xf57fe000 (5028 kB)
pkmap : 0xf5000000 - 0xf5200000 (2048 kB)
vmalloc : 0xe7800000 - 0xf4ffe000 ( 215 MB)
lowmem : 0xc0000000 - 0xe6f00000 ( 623 MB)
.init : 0xc1319000 - 0xc1348000 ( 188 kB)
.data : 0xc1205e6e - 0xc1313fd4 (1080 kB)
.text : 0xc1000000 - 0xc1205e6e (2071 kB)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay using timer specific routine.. 5340.96 BogoMIPS (lpj=10681921)
Security Framework v1.0.0 initialized
SELinux: Initializing.
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 512
CPU: L1 I cache: 32K, L1 D cache: 32K
CPU: L2 cache: 6144K
Checking 'hlt' instruction... OK.
SMP alternatives: switching to UP code
Freeing SMP alternatives: 13k freed
Brought up 1 CPUs
NET: Registered protocol family 16
Brought up 1 CPUs
PCI: Fatal: No config space access function found
PCI: setting up Xen PCI frontend stub
Setting up standard PCI resources
ACPI: Interpreter disabled.
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI: disabled
xen_mem: Initialising balloon driver.
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
PCI: System does not support PCI
PCI: System does not support PCI
NetLabel: Initializing
NetLabel: domain hash size = 128
NetLabel: protocols = UNLABELED CIPSOv4
NetLabel: unlabeled traffic allowed by default
NET: Registered protocol family 2
IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
TCP established hash table entries: 131072 (order: 8, 1572864 bytes)
TCP bind hash table entries: 65536 (order: 7, 524288 bytes)
TCP: Hash tables configured (established 131072 bind 65536)
TCP reno registered
checking if image is initramfs... it is
Freeing initrd memory: 6776k freed
audit: initializing netlink socket (disabled)
audit(1310422368.781:1): initialized
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
ksign: Installing public key data
Loading keyring
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
rtc: IRQ 8 is not free.
Non-volatile memory driver v1.2
Linux agpgart interface v0.102 (c) Dave Jones
RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize
input: Macintosh mouse button emulation as /class/input/input0
Xen virtual console successfully installed as xvc0
Event-channel device installed.
usbcore: registered new interface driver hiddev
usbcore: registered new interface driver usbhid
drivers/usb/input/hid-core.c: v2.6:USB HID core driver
PNP: No PS/2 controller found. Probing ports directly.
i8042.c: No controller found.
mice: PS/2 mouse device common for all mice
TCP bic registered
Initializing XFRM netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
Using IPI No-Shortcut mode
XENBUS: Device with no driver: device/vif/0
XENBUS: Device with no driver: device/vbd/2049
drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
Freeing unused kernel memory: 188k freed
Write protecting the kernel read-only data: 795k
Red Hat nash version 6.0.19 starting
Mounting proc filesystem
Mounting sysfs filesystem
Creating /dev
Creating initial device nodes
Setting up hotplug.
Creating block device nodes.
Loading xennet.ko module
netfront: Initialising virtual ethernet driver.
netfront: device eth0 has flipping receive path.
Loading xenblk.ko module
xen-vbd: registered block device major 8
Loading ehci-hcd.ko module
Loading ohci-hcd.ko module
Loading uhci-hcd.ko module
USB Universal Host Controller Interface driver v3.0
Loading mbcache.ko module
Loading jbd.ko module
Loading ext3.ko module
Creating root device.
Mounting root filesystem.
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
Setting up other filesystems.
Setting up new root fs
no fstab.sys, mounting internal defaults
Switching to new root and running init.
unmounting old /dev
unmounting old /proc
unmounting old /sys
INIT: version 2.86 booting
Welcome to CentOS release 5.4 (Final)
Press 'I' to enter interactive startup.
Setting clock : Mon Jul 11 18:12:57 EDT 2011 [ OK ]
Starting udev: [ OK ]
Setting hostname localhost.localdomain: [ OK ]
No devices found
Setting up Logical Volume Management: File descriptor 7 (/sys/kernel/hotplug)
leaked on lvm.static invocation. Parent PID 220: /bin/bash
[ OK ]
Remounting root filesystem in read-write mode: [ OK ]
Mounting local filesystems: mount: special device /dev/sdb does not exist
[FAILED]
Enabling local filesystem quotas: [ OK ]
Enabling /etc/fstab swaps: [ OK ]
INIT: Entering runlevel: 4
Entering non-interactive startup
Applying Intel CPU microcode update: [FAILED]
Starting background readahead: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0... done.
[ OK ]
Starting getsshkey: Fetching list of trusted keys from metadata server...done
Fetching public key jeff_initial from metadata server...done
[ OK ]
Starting syslog-ng: [ OK ]
Starting system message bus: [ OK ]
Mounting other filesystems: mount: special device /dev/sdb does not exist
[FAILED]
Starting HAL daemon: [ OK ]
Starting nscd: [ OK ]
Generating SSH1 RSA host key: [ OK ]
Generating SSH2 RSA host key: [ OK ]
Generating SSH2 DSA host key: [ OK ]
Starting sshd: [ OK ]
Starting postfix: [ OK ]
Starting crond: [ OK ]
Starting process accounting: [ OK ]
Starting atd: [ OK ]
Starting jexec: Starting jexec services[ OK ]
RightScale: Installing RightScale on centos-i386
RightScale: Querying metadata server...
RightScale: Successfully retrieved user-data from metadata server
RightScale: Local RightScale package found in
/root/.rightscale/rightscale_5.5.9-centos_5.4-i386.rpm
RightScale: installing package: rightscale_5.5.9-centos_5.4-i386.rpm
RightScale: Loaded plugins: fastestmirror
RightScale: Setting up Local Package Process
RightScale: Examining /root/.rightscale/rightscale_5.5.9-centos_5.4-i386.rpm:
rightscale-5.5.9-1.i386
RightScale: Marking /root/.rightscale/rightscale_5.5.9-centos_5.4-i386.rpm to
be installed
RightScale: Determining fastest mirrors
RightScale: Resolving Dependencies
RightScale: --> Running transaction check
RightScale: ---> Package rightscale.i386 0:5.5.9-1 set to be updated
RightScale: --> Finished Dependency Resolution
RightScale:
RightScale: Dependencies Resolved
RightScale:
RightScale:
================================================================================
RightScale: Package Arch Version Repository
Size
RightScale:
================================================================================
RightScale: Installing:
RightScale: rightscale i386 5.5.9-1
/rightscale_5.5.9-centos_5.4-i386 35 M
RightScale:
RightScale: Transaction Summary
RightScale:
================================================================================
RightScale: Install 1 Package(s)
RightScale: Update 0 Package(s)
RightScale: Remove 0 Package(s)
RightScale:
RightScale: Total size: 35 M
RightScale: Downloading Packages:
RightScale: Running rpm_check_debug
RightScale: Running Transaction Test
RightScale: Finished Transaction Test
RightScale: Transaction Test Succeeded
RightScale: Running Transaction
RightScale:
Installing : rightscale
1/1Setting up System V init and motd
RightScale: Starting RightScale services; output is recorded to
/var/log/messages.
RightScale: ** By installing this package, you acknowledge that you agree to
the End-User
RightScale: ** License Agreement found in /opt/rightscale/LICENSE. If you do
not agree to
RightScale: ** the terms of this EULA, please uninstall the package now.
RightScale:
RightScale:
RightScale: Installed:
RightScale: rightscale.i386 0:5.5.9-1
RightScale:
RightScale: Complete!
</pre>
----------------------------------------
Refactor #8348: Fingerprinting should be it's own action
https://projects.puppetlabs.com/issues/8348
Author: Jeff McCune
Status: Accepted
Priority: Normal
Assignee: Jeff McCune
Category:
Target version: 0.6.0
Keywords: cloudpack
Branch:
# Overview #
In order to quickly launch N systems, then install Puppet on those N systems it
would be better to support launching in parallel rather than sequentially.
With the current create action implementation, the action can only launch one
node at a time and it waits for the node's SSH host key to become available in
the AWS console to compare it to the host key of the system.
Based on a discussion on dev@ this could be separated to it's own action with
the additional feature of adding the SSH host key to the known_hosts file.
# Suggested Use Case #
<pre>
> > The action could also append the host key to the known hosts file for
> > convenience.
>
> As the default behavior?
I think so. I'm thinking:
puppet subcommand fingerprint i-f08e6e91
or
puppet subcommand fingerprint --no-knownhosts i-f08e6e91
So I think it should be the documented default behavior to add the host key to
the personal known hosts file, but we give the end user the option to only
print the key to standard output.
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
