[openstack] detect if http://169.254.169.254/openstack accessible else use config drive #278

damianofalcioni · 2014-10-01T10:23:13Z

Hi,
my bootstrap deploy is blocked in the "Waiting for the agent" phase.
From the log I've seen that's a problem of ssh authentication.
That's an extract of bosh_micro_deploy.log:

I, [2014-10-01T09:55:12.484894 #28875] [0x11e5338]  INFO -- : discovered bosh ip=90.147.102.150
D, [2014-10-01T09:55:12.794491 #28875] [0x11e5338] DEBUG -- : tcp socket 90.147.102.150:22 is readable
I, [2014-10-01T09:56:12.794887 #28875] [0x11e5338]  INFO -- : Starting SSH session for port forwarding to [email protected]...
D, [2014-10-01T09:56:13.815849 #28875] [0x11e5338] DEBUG -- : ssh start [email protected] failed: #<Net::SSH::AuthenticationFailed: Authentication failed for user [email protected]>
I, [2014-10-01T09:56:14.816154 #28875] [0x11e5338]  INFO -- : Starting SSH session for port forwarding to [email protected]...
D, [2014-10-01T09:56:14.875612 #28875] [0x11e5338] DEBUG -- : ssh start [email protected] failed: #<Net::SSH::AuthenticationFailed: Authentication failed for user [email protected]>
...

Also bosh-bootstrap ssh return permission denied (publickey):

ubuntu@bosh-cli:~$ bosh-bootstrap ssh
Confirming: Using key pair firstbosh
ssh -i /home/ubuntu/.microbosh/ssh/firstbosh [email protected]
The authenticity of host '90.147.102.150 (90.147.102.150)' can't be established.
RSA key fingerprint is 2f:68:ac:0a:e6:2b:45:20:c5:e2:1f:c7:8c:dd:2c:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '90.147.102.150' (RSA) to the list of known hosts.
Permission denied (publickey).

The error is the same for 1.2719.0 and for the new 1.2732.0 .
The stemcel used is bosh-openstack-kvm-ubuntu version 2427 (bosh-stemcell-latest-openstack-kvm-ubuntu.tgz)

Someone have a solution?
Thanks

The text was updated successfully, but these errors were encountered:

drnic · 2014-10-01T13:33:36Z

To use ssh you need a local public/private key pair. Run this first:

ssh-keygen

On Wed, Oct 1, 2014 at 3:23 AM, mioonline [email protected]
wrote:

Hi,
my bootstrap deploy is blocked in the "Waiting for the agent" phase.
From the log I've seen that's a problem of ssh authentication.
That's an extract of bosh_micro_deploy.log:
I, [2014-10-01T09:55:12.484894 #28875] [0x11e5338] INFO -- : discovered bosh ip=90.147.102.150
D, [2014-10-01T09:55:12.794491 #28875] [0x11e5338] DEBUG -- : tcp socket 90.147.102.150:22 is readable
I, [2014-10-01T09:56:12.794887 #28875] [0x11e5338] INFO -- : Starting SSH session for port forwarding to [email protected]...
D, [2014-10-01T09:56:13.815849 #28875] [0x11e5338] DEBUG -- : ssh start [email protected] failed: #<Net::SSH::AuthenticationFailed: Authentication failed for user [email protected]>
I, [2014-10-01T09:56:14.816154 #28875] [0x11e5338] INFO -- : Starting SSH session for port forwarding to [email protected]...
D, [2014-10-01T09:56:14.875612 #28875] [0x11e5338] DEBUG -- : ssh start [email protected] failed: #<Net::SSH::AuthenticationFailed: Authentication failed for user [email protected]>
...
Also bosh-bootstrap ssh return permission denied (publickey):
ubuntu@bosh-cli:~$ bosh-bootstrap ssh
Confirming: Using key pair firstbosh
ssh -i /home/ubuntu/.microbosh/ssh/firstbosh [email protected]
The authenticity of host '90.147.102.150 (90.147.102.150)' can't be established.
RSA key fingerprint is 2f:68:ac:0a:e6:2b:45:20:c5:e2:1f:c7:8c:dd:2c:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '90.147.102.150' (RSA) to the list of known hosts.
Permission denied (publickey).
The error is the same for 1.2719.0 and for the new 1.2732.0 .
The stemcel used is bosh-openstack-kvm-ubuntu version 2427 (bosh-stemcell-latest-openstack-kvm-ubuntu.tgz)
Someone have a solution?

Thanks

Reply to this email directly or view it on GitHub:
#278

damianofalcioni · 2014-10-01T16:49:47Z

I've found that the problem seem to be the impossibility to reach the openstack metadata service (169.254.169.254) from the machine.
That's because Openstack is currently configured to use the configuration drive. You know if there is a way to configure the stemcell in order to use the openstack configuration drive instead of the metadata service?
Thanks

drnic · 2014-10-01T21:03:26Z

I think there is new/ongoing work for microbosh/openstack and the config
drive. Have a look in bosh's open issues and subscribe to it to get
notified of it being complete. Then bosh-bootstrap will use those latest
gems when they are published.

On Wed, Oct 1, 2014 at 9:49 AM, mioonline [email protected] wrote:

I've found that the problem seem to be the impossibility to reach the
openstack metadata service (169.254.169.254) from the machine.
That's because Openstack is currently configured to use the configuration
drive. You know if there is a way to configure the stemcell in order to use
the openstack configuration drive instead of the metadata service?
Thanks

—
Reply to this email directly or view it on GitHub
#278 (comment)
.

Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic

damianofalcioni · 2014-10-02T16:06:10Z

I've seen there is the instruction use_config_drive: true that can be used in the manifest file under openstack:

---
cloud:
      plugin: openstack
      properties:
        openstack:
          api_key: OPENSTACK-PASSWORD # Replace with your OpenStack password
          use_config_drive: true
---

The problem now is that this is not supported by the stemcell downloaded by bosh-bootstrap ( http://bosh-jenkins-artifacts.s3.amazonaws.com/bosh-stemcell/openstack/bosh-stemcell-latest-openstack-kvm-ubuntu.tgz) that isn't aligned with the last stemcell version (2732)

drnic · 2014-10-02T16:08:11Z

Gotcha ok so we need to fix the method for selecting a stemcell; and use the use_config_drive: true property.

Do you have a suggestion about if/when to include this property? Possible to auto detect the requirement?

On Thu, Oct 2, 2014 at 9:06 AM, mioonline [email protected]
wrote:

I've seen there is the instruction use_config_drive: true that can be used in the manifest file under openstack:

cloud:
plugin: openstack
properties:
openstack:
api_key: OPENSTACK-PASSWORD # Replace with your OpenStack password

use_config_drive: true

The problem now is that this is not supported by the stemcell downloaded by bosh-bootstrap ( http://bosh-jenkins-artifacts.s3.amazonaws.com/bosh-stemcell/openstack/bosh-stemcell-latest-openstack-kvm-ubuntu.tgz) that isn't aligned with the last stemcell version (2732)

Reply to this email directly or view it on GitHub:
#278 (comment)

damianofalcioni · 2014-10-02T16:26:53Z

Maybe you can check the reachability of the metadata service (http://169.254.169.254/openstack). If it's not reachable hopefully a configuration drive should be present.

drnic · 2014-10-02T16:58:12Z

That'd work from a jumpbox or VM within the OpenStack environment; the test might give false negatives if you ran it from your laptop. I guess if the test for metadata endpoint fails could fall back to another prompt and/or CLI flag :/

On Thu, Oct 2, 2014 at 9:26 AM, mioonline [email protected]
wrote:

Maybe you can check the reachability of the metadata service (http://169.254.169.254/openstack). If it's not reachable hopefully a configuration drive should be present.

Reply to this email directly or view it on GitHub:
#278 (comment)

drnic added the OpenStack label Oct 7, 2014

drnic changed the title ~~bosh-bootstrap deploy blocked on Waiting for the agent (ssh problem)~~ [openstack] detect if http://169.254.169.254/openstack accessible else use config drive Oct 10, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[openstack] detect if http://169.254.169.254/openstack accessible else use config drive #278

[openstack] detect if http://169.254.169.254/openstack accessible else use config drive #278

damianofalcioni commented Oct 1, 2014

drnic commented Oct 1, 2014

Thanks

damianofalcioni commented Oct 1, 2014

drnic commented Oct 1, 2014

damianofalcioni commented Oct 2, 2014

drnic commented Oct 2, 2014

I've seen there is the instruction use_config_drive: true that can be used in the manifest file under openstack:

use_config_drive: true

The problem now is that this is not supported by the stemcell downloaded by bosh-bootstrap ( http://bosh-jenkins-artifacts.s3.amazonaws.com/bosh-stemcell/openstack/bosh-stemcell-latest-openstack-kvm-ubuntu.tgz) that isn't aligned with the last stemcell version (2732)

damianofalcioni commented Oct 2, 2014

drnic commented Oct 2, 2014

Maybe you can check the reachability of the metadata service (http://169.254.169.254/openstack). If it's not reachable hopefully a configuration drive should be present.

[openstack] detect if http://169.254.169.254/openstack accessible else use config drive #278

[openstack] detect if http://169.254.169.254/openstack accessible else use config drive #278

Comments

damianofalcioni commented Oct 1, 2014

drnic commented Oct 1, 2014

Thanks

damianofalcioni commented Oct 1, 2014

drnic commented Oct 1, 2014

damianofalcioni commented Oct 2, 2014

drnic commented Oct 2, 2014

I've seen there is the instruction use_config_drive: true that can be used in the manifest file under openstack:

use_config_drive: true

The problem now is that this is not supported by the stemcell downloaded by bosh-bootstrap ( http://bosh-jenkins-artifacts.s3.amazonaws.com/bosh-stemcell/openstack/bosh-stemcell-latest-openstack-kvm-ubuntu.tgz) that isn't aligned with the last stemcell version (2732)

damianofalcioni commented Oct 2, 2014

drnic commented Oct 2, 2014

Maybe you can check the reachability of the metadata service (http://169.254.169.254/openstack). If it's not reachable hopefully a configuration drive should be present.