Re: [CentOS-virt] injecting a key into the xen images
On 03/31/2014 10:58 AM, Juerg Haefliger wrote: I would have first looked at libguestfs suite, virt-edit maybe. It has tools specifically designed to interact with VM filesystems. I did, and I dont want to install 187 more rpms to get this functionality ( which is the size of that dep tree ) Why is that relevant for a test environment? I am kind of hoping we can use this wider than the testing env only, it would allow us to ship generic images to be used outside a cloud like environ that handles such metadata/acl setup. Another part of the libguestfs problem is that the way its built into CentOS-6, it has a hard dep on qemu-kvm, which in turn conflicts with qemu-xen; Again this might be an artificial conflict and perhaps needs investigating, but for now, there is no way to install libguestfs on a machine running xen4centos. In this specific test case, we can install libguestfs, make the changes we need, then install xen4centos before the reboot, but the qemu-ndb hack seemed far less intrusive. btw, speaking to the upstream ( rich jones ) about this, there are moves to unbundle chunks of stuff away, most of the hard deps for libguestfs come from features that are otherwise well isolated; but those changes are still being executed upstream, no idea when its going to make it into CentOS and other distro's. - KB -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] injecting a key into the xen images
On Fri, Mar 28, 2014 at 2:51 PM, Karanbir Singh mail-li...@karan.org wrote: On 03/28/2014 01:13 PM, Nux! wrote: On 28.03.2014 12:40, Karanbir Singh wrote: hi, As a part of the test suite for xen that I've started off - I needed a way to inject a ssh key into the image [1]; so have come up with this : https://github.com/CentOS/sig-virt-t_xen/blob/master/scripts/inject_ssh.sh ; its not pretty and it wont handle lots of use cases, but it does what is needed at hand. Comments ? I would have first looked at libguestfs suite, virt-edit maybe. It has tools specifically designed to interact with VM filesystems. I did, and I dont want to install 187 more rpms to get this functionality ( which is the size of that dep tree ) Why is that relevant for a test environment? QEMU NBD has lots of potential issues: - Security implications (the guest image can attack the host via symlinks) - Needs root privileges - Multiple files can be attached to the same NBD device - Files can be detached even if the NBD device is still mounted and possibly lots of others. Nova used to use QEMU NBD exclusively and we ran into several of the above issues. IMHO the clean way is to use libguestfs. Take a look at https://git.openstack.org/cgit/openstack/nova/tree/nova/virt/disk/mount/nbd.pyfor the Nova implementation (as a potential starting point). ...Juerg -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] injecting a key into the xen images
hi, As a part of the test suite for xen that I've started off - I needed a way to inject a ssh key into the image [1]; so have come up with this : https://github.com/CentOS/sig-virt-t_xen/blob/master/scripts/inject_ssh.sh ; its not pretty and it wont handle lots of use cases, but it does what is needed at hand. Comments ? I'm also considering if we should include this script within the .bz2 file for the image itself ( and for all such images ) Further feature creep, should we now extend this script a bit to also include a 'download and inject ssh key' with some param's like : ./get_image.sh 6.5 x86_64 path to sshkey and that can hit http://cloud.centos.org/calculated path to image/ ; download it, and add the key. This script could live within centos-release-xen dramatically reducing the barrier to entry and get-go with the xen4centos stack. thoughts ? - KB 1: qcow2, http://cloud.centos.org/centos/6/devel/CentOS-6-x86_64-xen-pv.bz2 -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] injecting a key into the xen images
On 28.03.2014 12:40, Karanbir Singh wrote: hi, As a part of the test suite for xen that I've started off - I needed a way to inject a ssh key into the image [1]; so have come up with this : https://github.com/CentOS/sig-virt-t_xen/blob/master/scripts/inject_ssh.sh ; its not pretty and it wont handle lots of use cases, but it does what is needed at hand. Comments ? I would have first looked at libguestfs suite, virt-edit maybe. It has tools specifically designed to interact with VM filesystems. HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] injecting a key into the xen images
On Fri, 28 Mar 2014, Karanbir Singh wrote: hi, As a part of the test suite for xen that I've started off - I needed a way to inject a ssh key into the image [1]; so have come up with this : https://github.com/CentOS/sig-virt-t_xen/blob/master/scripts/inject_ssh.sh ; its not pretty and it wont handle lots of use cases, but it does what is needed at hand. Comments ? I'm also considering if we should include this script within the .bz2 file for the image itself ( and for all such images ) Further feature creep, should we now extend this script a bit to also include a 'download and inject ssh key' with some param's like : ./get_image.sh 6.5 x86_64 path to sshkey and that can hit http://cloud.centos.org/calculated path to image/ ; download it, and add the key. This script could live within centos-release-xen dramatically reducing the barrier to entry and get-go with the xen4centos stack. thoughts ? I think it is a good idea. Using QEMU nbd server like you have done in the script is the best way of doing it. - KB 1: qcow2, http://cloud.centos.org/centos/6/devel/CentOS-6-x86_64-xen-pv.bz2 -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] injecting a key into the xen images
On Fri, 28 Mar 2014, Nux! wrote: On 28.03.2014 12:40, Karanbir Singh wrote: hi, As a part of the test suite for xen that I've started off - I needed a way to inject a ssh key into the image [1]; so have come up with this : https://github.com/CentOS/sig-virt-t_xen/blob/master/scripts/inject_ssh.sh ; its not pretty and it wont handle lots of use cases, but it does what is needed at hand. Comments ? I would have first looked at libguestfs suite, virt-edit maybe. It has tools specifically designed to interact with VM filesystems. libguestfs just uses libvirt or QEMU under the hood, depending on the version of the library. I think that spawning QEMU directly is simpler. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
