Michael,

Good job thinking through that problem.  What vcld does to deal with
it is to add some lines to rc.local that will parse the private IP,
update what is in sshd_config, and restart sshd on the private
interface.

Josh

On Thu, Jun 21, 2012 at 6:19 PM, Michael Jinks <mji...@uchicago.edu> wrote:
> We're still trying to work out image capture on our VCL setup, but I'm
> wondering about an issue I think we'll encounter fairly soon and how
> others are addressing it.
>
> On our Linux image, /etc/ssh/sshd_config (the private-facing sshd
> configuration) has a ListenAddress hard-coded to the private IP that the
> image has before capture.  Obviously, when we deploy that image to a new
> instance, that IP address will be wrong, and sshd will fail to bind.
> The same issue exists for the public-facing instance.
>
> We can't set either one to the 0.0.0.0 wildcard, because then the first
> sshd to come up will prevent the second from binding.
>
> All of that has been done according to the VCL docs, so I'm sure this is
> an issue that everybody faces, but what is the cure?
>
> We do have a confugration manager (puppet) which we can use to perform
> per-host tweaks, but the host has to be on the wire first, and I'm
> worried that a failure to have sshd running at boot time will cause the
> deployment of the image to fail.  Maybe that's a non-issue.
>
> Anyhow... How are other sites dealing with this?  Is there something in
> VCL that takes care of this that I've just missed?
>
> Thanks,
> -m
>
> --
> Michael Jinks :: mji...@uchicago.edu
> University of Chicago IT Services

Reply via email to