OpenStack Shared File Systems Service (Manila)

ssh key login broken to share VM

Bug #1646135 reported by Pankaj Khandar
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Fix Released
Medium
Tom Barron

Bug Description

Steps
git clone git://github.com/openstack-dev/devstack.git
cd devstack
create local.conf and add the following line

enable_plugin manila https://github.com/openstack/manila

run
./stack.sh

after stacked,
source /opt/stack/new/devstack/openrc admin demo
neutron net-list
neutron subnet-list
manila share-network-create --neutron-net-id <PRIVATE_NET_ID> --neutron-subnet-id <PRIVATE_SUBNET_ID> --name manila_share
manila share-network-list
manila create --name devstack_share --share-network <SHARE_NET_ID> NFS 1

it will fail with exception
SSHException: Check whether private key or password are correctly set

workaround:
edit the /etc/manila/manila.conf
in [generic1] section add

service_instance_password = manila

and comment
#path_to_private_key = /home/manila/.ssh/id_rsa
#path_to_public_key = /home/manila/.ssh/id_rsa.pub

re-run
manila create --name devstack_share01 --share-network <SHARE_NET_ID> NFS 1

Now you can see the proper share
manila list

Revision history for this message
Valeriy Ponomaryov (vponomaryov) wrote :

SSHing using key works in CI.

It can be proven by searching "Authentication (publickey) successful!" in CI logs of any CI job with generic driver that uses DHSS=True mode.

Example:
http://logs.openstack.org/69/402169/4/check/gate-manila-tempest-dsvm-mysql-generic-ubuntu-xenial-nv/c700441/logs/screen-m-shr.txt.gz#_2016-11-29_13_20_29_081

There you can see following:

2016-11-29 13:20:21.921 25769 DEBUG paramiko.transport [req-bf12ba4a-caca-47bb-bf74-797b5df9b26d 5f734ec209be4ae68f06c4a0a0aee60a 8b4515a6e94e4f43a2efaea37d31c170 - - -] Adding ssh-rsa host key for 10.254.0.54: 9b9ed199341fdc6aef06bd0c534eec8f _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:21.922 25769 DEBUG paramiko.transport [req-bf12ba4a-caca-47bb-bf74-797b5df9b26d 5f734ec209be4ae68f06c4a0a0aee60a 8b4515a6e94e4f43a2efaea37d31c170 - - -] Trying key c116ef251b91e282f524146842d60330 from /opt/stack/new/.ssh/id_rsa _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:21.932 25769 DEBUG paramiko.transport [-] userauth is OK _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:22.562 25769 DEBUG paramiko.transport [-] kex engine KexGroup1 specified hash_algo <built-in function openssl_sha1> _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:22.563 25769 DEBUG paramiko.transport [-] Switch to new keys ... _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:22.565 25769 DEBUG paramiko.transport [req-742af03a-2214-4f3e-bd94-583b737be123 0a6c06e51cf942e8ab724e1fcfd63efc 6860ac68279f4a4b8a1e385f096c6f73 - - -] Adding ssh-rsa host key for 10.254.0.36: 9b9ed199341fdc6aef06bd0c534eec8f _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:22.565 25769 DEBUG paramiko.transport [req-742af03a-2214-4f3e-bd94-583b737be123 0a6c06e51cf942e8ab724e1fcfd63efc 6860ac68279f4a4b8a1e385f096c6f73 - - -] Trying key c116ef251b91e282f524146842d60330 from /opt/stack/new/.ssh/id_rsa _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:22.572 25769 DEBUG paramiko.transport [-] userauth is OK _log /usr/local/lib/python2.7/dist-packages/paramiko/transport.py:1563
2016-11-29 13:20:29.081 25769 INFO paramiko.transport [-] Authentication (publickey) successful!

So, there is no bug in Manila. It is key setup error only. Are you sure that key you use is created for proper user? This key has proper bits?..

Revision history for this message
Pankaj Khandar (pankaj-khandar) wrote :

This is on brand new 16 and 14 ubuntu server. Keys are created by devstack process (stack.sh)

Revision history for this message
Jason Grosso (jgrosso) wrote :

Pankaj are you still seeing this issue?

Revision history for this message
Tom Barron (tpb) wrote :

This was a genuine issue but was fixed by https://review.opendev.org/#/c/627795/ so I'm going to close it. Pankaj, please do raise a new bug if you still have trouble after using a fresh service image.

Revision history for this message
Tom Barron (tpb) wrote :

Fixed by https://review.opendev.org/#/c/627795/

Changed in manila:
assignee: nobody → Tom Barron (tpb)
importance: Undecided → Medium
status: New → Fix Released
Revision history for this message
Jason Grosso (jgrosso) wrote :

thanks Tom!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.