In general (at least in the more current versions, say 4.9 and up) - when
user register his ssh key via API, it is stored in the ssh_keypairs)
When you deploy a VM and choose to inject the ssh (public) key, mgmt server
will read the value for that key from the DB, feed it to the VR, it becomes
metadata (Peal has explained this in details) and then i.e. cloudinit will
"download" this info from VR and set it locally inside the VM.
If this is an old VR, it is VERY possible that key is there in form of a
"garbage" - so I propose you simply restart your network with cleanup
Similar ("garbage") you might see with passwords, if the password is
injected, but never "downloaded" by the VM - so that is probably what might
be happening here as well - anyway, restart netwotk - or make a test -
registed a brand new keypar, check the ssh_keypair table - it should have
this key - and you can choose to deploy a VM with it, etc.
Best,
On Thu, 15 Oct 2020 at 16:12, <[email protected]> wrote:
> I found the root cause, thanks again to David for letting me search in the
> logs again. :-)
> The key is a value in vm_template_details for that template. So it will be
> used everytime I use this template.
>
> Now my question is, is this expected behavior? When using a key during
> template creation it will be stored as a fixed parameter in
> vm_template_details?
>
> As mentioned before we are running an older version of CS so I am not sure
> if this is still the case with the latest version.
>
> Swen
>
> -----Ursprüngliche Nachricht-----
> Von: [email protected] <[email protected]>
> Gesendet: Donnerstag, 15. Oktober 2020 16:02
> An: [email protected]
> Betreff: AW: metadata on VR
>
> I did more detailed search within the management-server.log and found this:
> "SSH.KeyPairName":"packer_5f635a58-1c36-bd60-b7fa-dc04b5f4c8a2"
>
> We are creating our templates via packer.io, but we do delete the keys
> inside the template via packer provisioner. Is CS storing the ssh keypair
> with during template creation?
>
> Swen
>
> -----Ursprüngliche Nachricht-----
> Von: [email protected] <[email protected]>
> Gesendet: Donnerstag, 15. Oktober 2020 15:50
> An: [email protected]
> Betreff: AW: metadata on VR
>
> Hi David,
>
> even if I create a VM now the public key will be put in the file for the
> new
> VM. And this key is not in the db. I do not understand where the VR is
> getting this key from?
> Which logs do you mean? I was looking through /management-server.log with
> debug enabled but was unable to find anything about this. Any idea where to
> search?
>
> Swen
>
> -----Ursprüngliche Nachricht-----
> Von: David Jumani <[email protected]>
> Gesendet: Donnerstag, 15. Oktober 2020 13:20
> An: [email protected]
> Betreff: Re: metadata on VR
>
> It could be because the key has been deleted on Cloudstack. Checking the
> logs could verify that ________________________________
> From: [email protected] <[email protected]>
> Sent: Thursday, October 15, 2020 2:07 PM
> To: [email protected] <[email protected]>
> Subject: AW: metadata on VR
>
> Hi,
>
> any idea why a public key which is not in the db is put into the
> public-keys
> file on the VR?
>
> Swen
>
> [email protected]
> www.shapeblue.com
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: David Jumani <[email protected]>
> Gesendet: Mittwoch, 14. Oktober 2020 14:30
> An: [email protected]
> Betreff: Re: metadata on VR
>
> Hi Cu,
>
> The database stores the MD5 fingerprint of the key. Could you check the
> fingerprint on the VR via
>
> ssh-keygen -E md5 -lf publick-keys
>
> Thanks,
> David
> ________________________________
> From: [email protected] <[email protected]>
> Sent: Wednesday, October 14, 2020 5:26 PM
> To: [email protected] <[email protected]>
> Subject: AW: metadata on VR
>
> Hi David,
>
> thx for getting back so fast. That is what I thought too.
> Now the problem is that in the file public-keys is a key that is not in the
> database. It should be in the table ssh_keypairs, correct?
> When I do a ssh-keygen -lf public-keys on the file in the VR the
> fingerprint
> did not match any fingerprint in the ssh_keypairs table.
>
> I am wondering where the key in the public-keys file comes from.
>
> Cu Swen
>
>
>
> [email protected]
> www.shapeblue.com<http://www.shapeblue.com>
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: David Jumani <[email protected]>
> Gesendet: Mittwoch, 14. Oktober 2020 12:19
> An: [email protected]
> Betreff: Re: metadata on VR
>
> Hi,
>
> The file contents are written by vmdata.py itself. The public keys are sent
> to the router by the management server when the ssh key is reset.
> The vmdata.py file receives this and a method 'createFile' is internally
> called which writes the relevant data in the respective file in the folder.
>
> Thanks,
> David
> ________________________________
> From: [email protected] <[email protected]>
> Sent: Wednesday, October 14, 2020 3:34 PM
> To: [email protected] <[email protected]>
> Subject: metadata on VR
>
> Hi all,
>
>
>
> I have a question regarding the metadata on virtual routers. We are running
> an older version, so I am not sure if path or script are being renamed or
> changed.
>
> I see that CS is creating /var/www/html/metadata/<ip>/ on the VR for all
> VMs
> in the network.
>
> As far as I understand this script is creating the folders:
> /opt/cloud/bin/vmdata.py
>
>
>
> But I am unable to find which script is creating the files with content
> inside this folder.
>
> In particular I need to know what is creating the file public-keys where
> the
> content of this file is from.
>
>
>
> Thank you for any help!
>
>
>
> Cu Swen
>
>
>
>
> [email protected]
> www.shapeblue.com<http://www.shapeblue.com>
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
>
>
>
>
>
>
>
>
>
>
--
Andrija Panić
