I have below setup:
1. Eucalyptus version: 1.6-devel
2. Ubuntu server 9.10 (64bits) Source
3. Hypervisor -> kvm
4. 1 CC and 1 NC
5. Network configuration ->STATIC Mode
Two instances are running at present:
$ euca-describe-instances RESERVATION r-354106DE admin default
INSTANCE i-2F1F0551 emi-0BCB0C4E 10.60.100.3 10.60.100.3 running mykey 0 c1.medium 2010-01-29T14:23:13.709Z zen-cloud eki-468F0DD4 eri-42F60DAD
RESERVATION r-38D305BA admin default
INSTANCE i-63190B90 emi-59AF0E2E 10.60.100.4 10.60.100.4 running mykey 0 c1.medium 2010-01-29T13:26:12.928Z zen-cloud eki-BF8F1079 eri-BC441058
I have downloaded fedora 10 64bit image and able to run its instance but not able to login to it and asking passphrase:
$ ssh -i mykey.priv admin@10.60.100.3
Enter passphrase for key 'mykey.priv':
after pressing enter
ssh -i mykey.priv admin@10.60.100.3
Enter passphrase for key 'mykey.priv':
admin@10.60.100.3's password:
Connection closed by 10.60.100.3
I have checked in nc.log but did not find any error:
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] StartNetwork(): SUCCESS return from vnetStartNetwork 0
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] StartNetwork(): done
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] doRunInstance() invoked (id=i-2F1F0551 cores=1 disk=5 memory=256)
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] image=emi-0BCB0C4E at http://10.60.100.1:8773/services
/Walrus/fimage/image.manifest.xml
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] krnel=eki-468F0DD4 at http://10.60.100.1:8773/services
/Walrus/fkernel/vmlinuz.manifest.xml
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] rmdsk=eri-42F60DAD at http://10.60.100.1:8773/services
/Walrus/framdisk/initrd.manifest.xml
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] vlan=100 priMAC=AA:DD:11:CE:FF:ED pubMAC=AA:DD:11:CE:F
F:ED
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] network started for instance i-2F1F0551
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] retrieving images for instance i-2F1F0551 (disk limit=5120MB)...
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] verifying cached file in /var/lib/eucalyptus/instances/eucalyptus/cache/eki-468
F0DD4/kernel...
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] walrus_request(): downloading /tmp/walrus-digest-62pNVP
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] from http://10.60.100.1:8773/services/Walrus/fkernel/vmlinuz.
manifest.xml
[Fri Jan 29 19:53:18 2010][001607][EUCADEBUG ] walrus_request(): writing GET output to /tmp/walrus-digest-0qFtQH
[Fri Jan 29 19:53:18 2010][001607][EUCADEBUG ] walrus_request(): wrote 3420 bytes in 1 writes
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] walrus_request(): saved image in /tmp/walrus-digest-0qFtQH
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] vrun(): [cp -a /var/lib/eucalyptus/instances/eucalyptus/cache/eri-42F60DAD/ramd
isk /var/lib/eucalyptus/instances/admin/i-2F1F0551/ramdisk]
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] verifying cached file in /var/lib/eucalyptus/instances/eucalyptus/cache/emi-0BC
B0C4E/disk...
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] walrus_request(): downloading /tmp/walrus-digest-KZHBfA
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] from http://10.60.100.1:8773/services/Walrus/fimage/image.man
ifest.xml
[Fri Jan 29 19:53:18 2010][001607][EUCADEBUG ] walrus_request(): writing GET output to /tmp/walrus-digest-KZHBfA
[Fri Jan 29 19:53:18 2010][001607][EUCADEBUG ] walrus_request(): wrote 5561 bytes in 2 writes
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] walrus_request(): saved image in /tmp/walrus-digest-KZHBfA
[Fri Jan 29 19:53:18 2010][001607][EUCAINFO ] vrun(): [cp -a /var/lib/eucalyptus/instances/eucalyptus/cache/emi-0BCB0C4E/disk
/var/lib/eucalyptus/instances/admin/i-2F1F0551/disk]
[Fri Jan 29 19:53:19 2010][001607][EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-2F1F0551' (code=42)
[Fri Jan 29 19:53:21 2010][001607][EUCADEBUG ] doDescribeInstances() invoked
[Fri Jan 29 19:53:21 2010][001607][EUCADEBUG ] doDescribeResource() invoked
[Fri Jan 29 19:53:24 2010][001607][EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-2F1F0551' (code=42)
[Fri Jan 29 19:53:27 2010][001607][EUCADEBUG ] doDescribeInstances() invoked
[Fri Jan 29 19:53:27 2010][001607][EUCADEBUG ] doDescribeResource() invoked
[Fri Jan 29 19:53:29 2010][001607][EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-2F1F0551' (code=42)
[Fri Jan 29 19:53:33 2010][001607][EUCAINFO ] vrun(): [//usr/lib/eucalyptus/euca_rootwrap //usr/share/eucalyptus/partition2di
sk /var/lib/eucalyptus/instances/admin/i-2F1F0551/disk 512 402]
[Fri Jan 29 19:53:33 2010][001607][EUCADEBUG ] doDescribeResource() invoked
[Fri Jan 29 19:53:33 2010][001607][EUCADEBUG ] doDescribeInstances() invoked
[Fri Jan 29 19:53:34 2010][001607][EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-2F1F0551' (code=42)
[Fri Jan 29 19:53:39 2010][001607][EUCAINFO ] preparing images for instance i-2F1F0551...
[Fri Jan 29 19:53:39 2010][001607][EUCAINFO ] adding key/tmp/sckey.fMjqBw to the root file system at /var/lib/eucalyptus/inst
ances/admin/i-2F1F0551/disk using (//usr/lib/eucalyptus/euca_rootwrap //usr/share/eucalyptus/add_key.pl //usr/lib/eucalyptus/e
uca_mountwrap)
[Fri Jan 29 19:53:39 2010][001607][EUCAINFO ] vrun(): [//usr/lib/eucalyptus/euca_rootwrap //usr/share/eucalyptus/add_key.pl /
/usr/lib/eucalyptus/euca_mountwrap 32256 /var/lib/eucalyptus/instances/admin/i-2F1F0551/disk /tmp/sckey.fMjqBw]
[Fri Jan 29 19:53:39 2010][001607][EUCADEBUG ] system_output(): [//usr/lib/eucalyptus/euca_rootwrap //usr/share/eucalyptus/gen
_kvm_libvirt_xml --ramdisk --ephemeral]
[Fri Jan 29 19:53:39 2010][001607][EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-2F1F0551' (code=42)
[Fri Jan 29 19:53:39 2010][001607][EUCAINFO ] currently running/booting: i-63190B90 i-2F1F0551
[Fri Jan 29 19:53:39 2010][001607][EUCADEBUG ] doDescribeResource() invoked
[Fri Jan 29 19:53:39 2010][001607][EUCADEBUG ] doDescribeInstances() invoked
[Fri Jan 29 19:53:40 2010][001607][EUCAINFO ] started VM instance i-2F1F0551
Partial console output of the instance
euca-get-console-output i-2F1F0551
Setting hostname localhost: [ OK ]
Setting up Logical Volume Management: [ OK ]
Checking filesystems
Checking all file systems.
[/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/sda1
/dev/sda1: clean, 17793/513024 files, 157868/1048576 blocks
[ OK ]
Remounting root filesystem in read-write mode: [ OK ]
Mounting local filesystems: mount: wrong fs type, bad option, bad superblock on /dev/sda2,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
[FAILED]
Enabling /etc/fstab swaps: [ OK ]
Entering non-interactive startup
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0... done.
[ OK ]
Starting system logger: [ OK ]
Starting system message bus: [ OK ]
Adding udev persistent rules[ OK ]
Starting sshd: [ OK ]
AUTHORIZED_KEYS:
************************
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCR8Je9kkRfrHao5xRcC9u8K5/TEbR5LWwPwHgCXUXzldv4D2RTm28v+CoAlRzA7G6WOXvJRboKEZp6FHGY6E3TkYmzBM/963bzEhw+UNZVV9VHri16SI1J3B1Y92TCLBx5BAcafz7+Adp0JQadKkUGZ2zCnSL08w6clACQvqw57klRD7+8zKjSf7jy6t6FOyuWOen+hvdL1oJNPUTDEeq3WnybnBYYqMGmABuTjCn6xkkC8hU52An9Ql69XegkBBkXualK3voZFWyaMmmtc8/F03+HiMTyYMtamn0DW4NTypyHMnK2GEKTe46UDDktfyiwQgbqeZvSi3Krvz1LeGyH admin@eucalyptus
************************
Fedora release 10 (Cambridge)
Kernel 2.6.28-11-generic on an x86_64 (/dev/ttyS0)
Nilesh
Hello,
there is nothing wrong in your log or in the console: where did you get the image? Did you change the network mode recently? Does the key printed in the console.log correspond to the private key you have? How did you install eucalyptus, from source I gather?
Also, since you are running in STATIC mode, are you sure there is no other dhcp server on the network?
cheers
graziano
Hi,
Here are answer of your questions:
1. I have donwloaded the fedora 10 image from eucalyputs site.
2. No, I haven't change network mode.
3. No other DHCP server is running on the same network.
4. I have installed UEC 9.10 - source.
5. How do I check that the key printed in the colsole.log is corresponding to my private key or not? is there any tool alike?
Manually I have checked that the key printed in the colsole.log and key there in mykey.priv are different.
Nilesh
Hi,
I have downloaded all the available 64bit images from eucalyptus site and all of them behaving the same (i.e. ubuntu, centos, debian and fedora). They all are running without any problem as they all got the IP address and ssh service is running but failed to login. I have checked the know_hosts file of the host machine but its okay.
I think there must some problem with RSA key pair hence instances are asking password whenever I tried to login.
Nilesh
Hello,
have you tried to re-create another keypair and use it instead? Can you tell us which steps you took to generate the keypair? When you try to login into the instance, does ssh mentions or complain about the new host key or the host key not corresponding to the IP?
cheers
graziano
Hi,
Yes, I re-created keypair and used it. I used to create keypair using below command:
euca-add-keypair mykey > mykey.priv
chmod 0600 mykey.priv
Then I ran
euca-run-insatnces emi-xxxxxxx -k mykey -t c1.medium
I got below error (partial) twice when I tried to login:
Please contact your system administrator.
Add correct host key in /home/xahria/.ssh/known_hosts to get rid of this message.
Offending key in /home/xahria/.ssh/known_hosts:8
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.
So I added correct key in the know_hosts file and above problem was resolved but stuck at same place "password"
Nilesh
Hi
This is what I got when I ran ssh in debug mode
ssh -v -i mykey.priv admin@10.60.100.3
OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.60.100.3 [10.60.100.3] port 22.
debug1: Connection established.
debug1: identity file mykey.priv type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.60.100.3' is known and matches the RSA host key.
debug1: Found key in /home/nilesh/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
debug1: Next authentication method: publickey
debug1: Trying private key: mykey.priv
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
Can you tell me what is wrong or what needs to be done?
Nilesh Chavda
Hi,
Here is the output with root:
OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.60.100.3 [10.60.100.3] port 22.
debug1: Connection established.
debug1: identity file mykey.priv type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.60.100.3' is known and matches the RSA host key.
debug1: Found key in /home/nilesh/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
debug1: Next authentication method: publickey
debug1: Trying private key: mykey.priv
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
root@10.60.100.3's password:
Nilesh
Hello,
I assume you have root access to your CC machine: can you try to put in the CC root password and see if you can login? The trace seems fine to me, but it seems that the key is not recognized, so I'm trying to be sure you are really talking to the instance and not to another machine (for example the CC). You can also try to arping the private IP of the instance from the CC and compare the mac address with the ones on the CC.
Also if you changed the network configuration on the CC you need to use cleanstart and cleanstop to restart the CC.
cheers
graziano
Hi,
Thank Graziano for you kind support.
My problem is resolved. Now I am able to run and SSH all the images that I have downloaded from eucalyptus site without any problem. I am also able to run the instance in either of network mode.
I cannot say what was the problem but either of below points might cause of it.
1. SSH key pair problem due to corruption or improper configuration - It was cured as I have reinstalled CC and NC.
2. Found another DHCP server running in the network – While installing UEC cluster I found that machine got an IP Address through DHCP. Hence created new VLAN and restrict other VLANs by deploying access list.
I hope above observations can help some to solve similar kind of problem.
Nilesh