Recent comments on stillhq.com

    These are the most recent comments.


    ### George on Image handlers (in essex)

    I grepped the nova-compute.log after starting a new instance and it came back with "Injecting key into image".

    So I think the key was indeed injected by Nova as per the log, and then cloud-init was over-writing the "/root/.ssh/authorized_keys" file with the same SSH key.

    To test this assumption, I added the following flags in nova.conf and restarted the nova-compute service:

    --libvirt_inject_password=false
    --libvirt_inject_key=false

    Upon starting a new instance, the qemu-nbd part is missing from the logs as well as the "Injecting key into image", but the ssh key is still injected by cloud-init.

    In conclusion, when using qcow based images and "--libvirt_inject_key=true" (or not defined in nova.conf), the nbd method is used for ssh key injection.

    If the baseline has cloud-init installed, the SSH key will be obtained from the nova-api-metadata service and saved into "/root/.ssh/authorized_keys" at the first boot.

    Thanks for your reply and for helping me understand this mechanism.

    George

    ### George on Some quick operational notes for users of loop and nbd devices

    Hi,

    Can you please explain the order (and conditions) in which the three methods are used?

    In my Essex installation, the "img_handlers" is not defined in nova.conf, so it takes the default value "loop,nbd,guestfs".

    The "libvirt_inject_password" is also not set so it defaults to "false".

    My ssh keys are obtained by cloud-init, and still whenever I start a new instance I see in the nova-compute.logs this sequence of events:

    qemu-nbd -c /dev/nbd15 /var/lib/nova/instances/instance-0000076d/disk
    kpartx -a /dev/nbd15
    mount /dev/mapper/nbd15p1 /tmp/tmpxGBdT0
    umount /dev/mapper/nbd15p1
    kpartx -d /dev/nbd15
    qemu-nbd -d /dev/nbd15

    Basically, I don't understand why the mount of the first partition is necessary and what it happens when the partition is mounted. Also, why nbd is the chosen method?

    Thank you,
    George


    ### Rich Miller on Moving on

    Welcome to the Rack! :D

    Rich
    IT Ops Ninja

    ### Clinton Roy on On conference t-shirts

    Way above and beyond :)

    One of these years we're going to go without t-shirts and do hats or scarves or something that's easier.


    ### Gustavo Randich on Openstack compute node cleanup

    This bash script does the cleanup:

    USED=$(find /var/lib/nova/instances -name "disk*" | xargs -n1 qemu-img info | grep backing | sed -e's/.*file: //' -e 's/ .*//' | sort | uniq)
    for i in /var/lib/nova/instances/_base/*; do
    USING=0
    for j in $USED; do
    if [ "$i" == "$j" ]; then
    USING=1
    fi;
    done;
    if [ $USING -eq 0 ]; then echo Removing $i...; rm -f "$i"; fi
    done;

    ### Deektec on Battlefields Beyond Tomorrow

    I had much the same experience with this book as you did. I read it as a kid and several of the stories captured my imagination. It was this book that led me to some of my favorite authors and extended series. I bought a copy on Amazon a few years ago and push it on people who express even the slightest interest. With all the "Hunger Games" mania I really want to just want to hand people "The Survivor" to show them a much better story in that vein.

    ### Rachel on A further update on Robyn's health

    Thinking & praying about you all. A lot of the people at our church are aware of Robyn's condition, and I'll pass on the links to those who are concerned. Please let me know if you'd rather I didn't...

    ### mathrock on Openstack compute node cleanup

    The image mgmt code just went in:

    https://review.openstack.org/#change,2902
    https://blueprints.launchpad.net/nova/+spec/nova-image-cache-management

    ### Rachel on It hasn't been a very good week

    Sounds more like a not very good year :( We'll be praying for you guys and if there's anything you need, let us know. For eg, if the kids need to be looked after so you guys can see medical professionals, or just have a bit of time to yourselves, I'm sure the girls wouldn't mind the company, if that helps. We're away the second half of January, but after that we're here.

    I think it's good that you internalise things first, I tend to just blurt everything out and that doesn't always go that well in the end :/


    ### Michael Still on It hasn't been a very good week

    Anthony, that's a really good question and I should have thought of covering that. Catherine had a implantable birth control thing for our entire time in the US. She had it removed recently, and hasn't had a period since. After a while we started to wonder if she was pregnant or something, so that prompted a blood test. The blood test indicated that she wasn't pregnant, but had a marker which prompted the MRI.

    ### Anthony David on It hasn't been a very good week

    Best wishes to you and your family Michael. Sounds like an annus horribilis. The comforting thing is they rarely last. Can I ask what symptoms Catherine had for the MRI to be used? I was surprised that the MRI is still off this list. I needed one a decade ago. Not clear on the exact details, but in 1998 the Health Minister got narky about a leak of medicare changes re MRIs and a subsequent spike in MRI machine orders around the country.

    ### Sara S on Leaving Google

    It's hard to believe it has been 6 years. Enjoy your future adventures! There is indeed life after Google.

    (PS. If you're wondering who this is, I sat next to you in B46.)

    ### Steve on Implementing SCP with paramiko

    Thanks a lot for this bit of code, it's been really useful! To be perfectly safe you should use sendall() for both calls. The first call using send() could return without sending the full first line which would silently break the transfer.

    ### Paul Wayper on Anathem

    I'm just now reading Anathem and cursing not having read it before. It's awesome. It's an adventure, a study of character and society, a philosophical treatise (as most of Stephenson's works are) and a guide to some of the really interesting problems in physics, mathematics and geometry. Loving it!

    ### Seba on Implementing SCP with paramiko

    Hello

    Have You encountered any problems with copying on remote host as root?
    I've strange behaviour, I'm trying to copy between linux and solaris nodes. And I can copy to /tmp as regular user while as root I can't. I know it looks like some miss-configuration issue but debug for both cases looks in exactly in the same see:
    malyska@ststorage2:~/CATE/CATE/src/CATE/utils> ./test1.py robo-XXX.XXX.com root $PWD/test1.py /tmp/test1.py
    DEBUG:paramiko.transport:starting thread (client mode): 0x8406b8cL
    INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_4.7)
    DEBUG:paramiko.transport:kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
    DEBUG:paramiko.transport:Ciphers agreed: local=aes128-cbc, remote=aes128-cbc
    DEBUG:paramiko.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-cbc, remote aes128-cbc; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
    DEBUG:paramiko.transport:Switch to new keys ...
    Password:
    DEBUG:paramiko.transport:userauth is OK
    INFO:paramiko.transport:Authentication (password) successful!
    DEBUG:paramiko.transport:[chan 1] Max packet in: 34816 bytes
    DEBUG:paramiko.transport:[chan 1] Max packet out: 32768 bytes
    INFO:paramiko.transport:Secsh channel 1 opened.
    DEBUG:paramiko.transport:[chan 1] Sesch channel 1 request ok
    DEBUG:paramiko.transport:[chan 1] EOF sent (1)
    DEBUG:paramiko.transport:EOF in transport thread
    malyska@ststorage2:~/CATE/CATE/src/CATE/utils> ./test1.py robo-XXX.XXX.com malyska $PWD/test1.py /tmp/test1.py
    DEBUG:paramiko.transport:starting thread (client mode): 0x8406b6cL
    INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_4.7)
    DEBUG:paramiko.transport:kex algos:['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour128', 'arcfour256', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:['none', 'zlib@openssh.com'] server compress:['none', 'zlib@openssh.com'] client lang:[''] server lang:[''] kex follows?False
    DEBUG:paramiko.transport:Ciphers agreed: local=aes128-cbc, remote=aes128-cbc
    DEBUG:paramiko.transport:using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-cbc, remote aes128-cbc; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none
    DEBUG:paramiko.transport:Switch to new keys ...
    Password:
    DEBUG:paramiko.transport:userauth is OK
    INFO:paramiko.transport:Authentication (password) successful!
    DEBUG:paramiko.transport:[chan 1] Max packet in: 34816 bytes
    DEBUG:paramiko.transport:[chan 1] Max packet out: 32768 bytes
    INFO:paramiko.transport:Secsh channel 1 opened.
    DEBUG:paramiko.transport:[chan 1] Sesch channel 1 request ok
    DEBUG:paramiko.transport:[chan 1] EOF sent (1)
    DEBUG:paramiko.transport:EOF in transport thread

    Maybe is there any place where I can increase a debug to see what is reason of such behaviour?

    Best regards
    Seba

    ### Hoppy98 on On Virgin Atlantic premium economy

    Just to say, even if this is very old, Upper Class is virgins business class, Premium Economy is in-between Economy and Business class.

    ### =Tamar on The Light Fantastic

    I liked the zen-like philosophy in the first two books - pass through the world as an observer, enjoy the view regardless of what else is happening, and leave your baggage behind.