walinuxagent not downloading ssh certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
walinuxagent (Ubuntu) |
Invalid
|
High
|
Unassigned |
Bug Description
I launched an instance with:
azure vm create --vm-size=
--<email address hidden> --ssh=22 \
--custom-
b39f27a8b8c64
smoser PASS%word%123
Unless my custom-data provides some way to get in (ie, cloud-config 'ssh_import_id: smoser') then I'm not able to get to the instance. Looking at cloud-init.log, I see:
2014-01-09 17:56:59,819 - util.py[DEBUG]: Running command ['service', 'walinuxagent', 'start'] with allowed return codes [0] (shell=False, capture=True)
2014-01-09 17:58:00,588 - util.py[DEBUG]: waiting for files took 60.558 seconds
2014-01-09 17:58:00,589 - DataSourceAzure
2014-01-09 17:58:00,597 - util.py[DEBUG]: Running command ['sh', '-c', 'openssl x509 -noout -pubkey < "$0" |ssh-keygen -i -m PKCS8 -f /dev/stdin', u'/var/
2014-01-09 17:58:00,697 - DataSourceAzure
2014-01-09 17:58:00,716 - stages.py[DEBUG]: Loaded datasource DataSourceAzureNet - DataSourceAzureNet [seed=/dev/sr0]
The gist is that cloud-init ran walinuxagent, and expected it to produce /var/lib/
/var/log/
2014/01/09 18:10:27 Public cert with thumbprint: D3BCD6F2904D5E4
but there isn't such a message in mine.
When I compare this to a system where it *did* have such a message, the HostingEnvironm
The broken one is missing a section like:
<StoredCertif
<StoredCert
</StoredCerti
HostingEnvironm
Possibly relevant information:
* the '--custom-data' comes from patches at https:/
* Recently, it seems that in order to launch an instance with custom-data, server side validation is forcing you to also supply a password . That is just mentioned here as a reason for providing both password and ssh keys, which may be relevant.
* I've had to change the azure/lib/
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: walinuxagent 1.3.2-0ubuntu5 [modified: usr/sbin/waagent]
ProcVersionSign
Uname: Linux 3.12.0-7-generic x86_64
ApportVersion: 2.12.7-0ubuntu6
Architecture: amd64
Date: Thu Jan 9 18:38:22 2014
ProcEnviron:
TERM=screen
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: walinuxagent
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in walinuxagent (Ubuntu): | |
milestone: | none → ubuntu-14.04-beta-1 |
assignee: | nobody → Ben Howard (utlemming) |
Hi Scott,
I'm not able to repro this using the current dev branch of the CLI tools and the latest CustomData patches. Can you take a look at the latest CustomData patches at the pull requests below. They are mostly similar to yours and should port easily into the version of the xplat tools and SDK you are using:
https:/ /github. com/WindowsAzur e/azure- sdk-tools- xplat/pull/ 1048 /github. com/WindowsAzur e/azure- sdk-for- node/pull/ 1054
https:/
One notable change is that we re-arranged roleschema.json a bit and moved the CustomData section for both the Windows and Linux provisioning configuration (to make it consistent for both platforms). I'm not sure yet if the issue you are seeing is with the wire server or the agent, possibly the json is confusing the API and so we end up not getting the certificates we need.
The --no-ssh-password problem may be related to this issue: /github. com/WindowsAzur e/azure- sdk-tools- xplat/issues/ 1003 /github. com/WindowsAzur e/azure- sdk-tools- xplat/pull/ 1004
https:/
https:/
That fix may actually be in the most recent release of the CLI tools, it does not repro in my installation. What version are you working with now?
We should see the feature branch happening soon-ish that will include the CustomData patches. I can let you know when that happens if you want to test it.
I hope this helps.
Steve