gandi.cli icon indicating copy to clipboard operation
gandi.cli copied to clipboard
verified publisher icon Gandi

Root SSH access is not available in all images

Open aegiap opened this issue 11 years ago • 3 comments

In some OS images, the SSH server is setup to only allow root connection with SSH public key. When a user create a VM (gandi vm create ...) without SSH public key but with a login, the root account is setup with this password, but the user cannot connect to the VM using SSH. Moreover the gandi vm create ... command cannot automatically SSH to the VM.

If the user use the --login and no --sshkey params in the CLI command, we could try to auto-SSH the VM after the creation of the VM with the login as parameter instead of using 'root' in all cases.

aegiap avatar Jan 06 '15 17:01 aegiap

Possible patch to fix some use-case of this issue:

diff --git a/gandi/cli/modules/iaas.py b/gandi/cli/modules/iaas.py
index 412f296..f7f7908 100644
--- a/gandi/cli/modules/iaas.py
+++ b/gandi/cli/modules/iaas.py
@@ -308,13 +308,16 @@ class Iaas(GandiModule, SshkeyHelper):
         if vm_id and ip_version:
             cls.wait_for_sshd(vm_id)
             cls.ssh_keyscan(vm_id)
+            ssh_login = 'root'
+            if login:
+                ssh_login = login
             if script:
-                ret = cls.scp(vm_id, 'root', None, script, '/var/tmp/gscript')
+                ret = cls.scp(vm_id, ssh_login, None, script, '/var/tmp/gscript')
                 if not ret:
                     cls.error('Failed to scp script %s to VM %s (id: %s)' %
                               (script, hostname, vm_id))

-            ret = cls.ssh(vm_id, 'root', None, script and ['/var/tmp/gscript'])
+            ret = cls.ssh(vm_id, ssh_login, None, script and ['/var/tmp/gscript'])
             if not ret and (script and ['/var/tmp/gscript']):
                 cls.error('Failed to execute script %s on VM %s (id: %s)' %
                           ('/var/tmp/gscript', hostname, vm_id))

aegiap avatar Jan 06 '15 17:01 aegiap

@kalou can you please validate this ?

sayoun avatar Jan 07 '15 10:01 sayoun

The --script option is a temporary helper and should go into an api call someday. However the use case "create a vm, deploy something as root on it, but also create a login" is broken with this. So we have to decide here if people will be complaining sooner than we APIze this feature.

The story "I'm logging in as the user if I specify one" is OK for me.

Your patch does not seem to apply on master - You dont need that ssh_login extra variable here.

We have this line somewhere above the ssh part:

        if 'ssh_key' not in vm_params and 'keys' not in vm_params:
            return

That I think you also want to remove for this to work.

kalou avatar Jan 08 '15 01:01 kalou