Ubuntu

ssh key not being loaded into Microstack.openstack vm

Asked by diarmuid

Hi Guys
Im launching a VM in openstack.
The SSH key is not getting inserted into the VM it seems.
I have used it before, and have the steps recoded. I have not had issues before

Using ubuntu 20.04 image. Is it possible the ubuntu user is not the default user anymore???

ubuntu@rack39:~$ ssh -i ~/.ssh/key2.pem ubuntu@10.20.20.218
ubuntu@10.20.20.218: Permission denied (publickey).
ubuntu@rack39:~$

The latest iteration i tried creating the key in openstack - rather than load it via command line

Install instructions pretty much following
https://ubuntu.com/openstack/install#cluster-deployment

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

Why the "-i" option? Isn't your private key ~/.ssh/id_rsa like normal?

Do you have read access to the key file you are using?

Revision history for this message
diarmuid (diarmuidcire) said : 		#2

Yes I have read access to the file
-i - because Im use to this setting, we use it all the time in the testbed. With out the -i, i get the same message.
This is strange, I have used microstack.openstack a lot - so this is a new one.
Its possible it could be a server issue on my side. I assume you guys dont have the same problem?

Also, just to confirm, the user is UBUNTU right? Its always ubuntu. So I cant see why that would change

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#3

What is the output of:

ssh -v -i ~/.ssh/key2.pem ubuntu@10.20.20.218

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#4

Also check perms with:

sudo chown -R ubuntu:ubuntu ~/.ssh
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

These are sane ACLs to keep your keys safe

Revision history for this message
diarmuid (diarmuidcire) said : 		#5

Hi,
I finally got back on this issue.
I decided to install openstack manually on a new Ubuntu OS.
And, Funnily enough, I had exactly the same problem in my OpenStack.

I traced the problem to neutron-metadata-agent not working properly. I had a problem in the past with this service, so I was able to debug it (Comparing it to a working openstack version) and figure out it was not running properly - i.e. the keys were not getting inserted. The keypair in openstack not imported to the instance.

The error when this is not working properly is: "[WARNING]: No active metadata service found" in the VM logs..:

The neutron-metadata-agent support inserting Public Keys into the Ubuntu VM instance, user information etc. "OpenStack services may use Etcd, a distributed reliable key-value store for distributed key locking, storing configuration, keeping track of service live-ness and other scenarios."

It was a hard solve, as everything looks liked it is working properly. For example, Nova API is looking at port 8775/TCP. no errors in metadata logs, etc. Note the communication flow in the following diagram:
https://i.stack.imgur.com/k4MdX.jpg

The problem, was in the nova-api.log however - where it is noticeable:

2022-03-16 09:36:15.131 67865 ERROR stevedore.extension [-] Could not load 'oslo_cache.etcd3gw': No module named 'etcd3gw': ModuleNotFoundError: No module named 'etcd3gw'
2022-03-16 09:40:27.261 68914 ERROR stevedore.extension [-] Could not load 'oslo_cache.etcd3gw': No module named 'etcd3gw': ModuleNotFoundError: No module named 'etcd3gw'
2022-03-16 09:51:16.219 70385 ERROR stevedore.extension [-] Could not load 'oslo_cache.etcd3gw': No module named 'etcd3gw': ModuleNotFoundError: No module named 'etcd3gw'

Im not sure which exactly fixed the problem, but one of them did:
sudo apt-get install python3-etcd3gw
pip3 install etcd3gw

Its solved now anyways and I can log in.
I will try with the microstack again soon and let you know how it goes.

Can you help with this problem?

Provide an answer of your own, or ask diarmuid for more information if necessary.

To post a message you must log in.