In general (at least in the more current versions, say 4.9 and up) - when
user register his ssh key via API, it is stored in the ssh_keypairs)
When you deploy a VM and choose to inject the ssh (public) key, mgmt server
will read the value for that key from the DB, feed it to the VR, it becomes
metadata (Peal has explained this in details) and then i.e. cloudinit will
"download" this info from VR and set it locally inside the VM.
If this is an old VR, it is VERY possible that key is there in form of a
"garbage" - so I propose you simply restart your network with cleanup
Similar ("garbage") you might see with passwords, if the password is
injected, but never "downloaded" by the VM - so that is probably what might
be happening here as well - anyway, restart netwotk - or make a test -
registed a brand new keypar, check the ssh_keypair table - it should have
this key - and you can choose to deploy a VM with it, etc.
Best,
On Thu, 15 Oct 2020 at 16:12, <m...@swen.io> wrote:
> I found the root cause, thanks again to David for letting me search in the
> logs again. :-)
> The key is a value in vm_template_details for that template. So it will be
> used everytime I use this template.
>
> Now my question is, is this expected behavior? When using a key during
> template creation it will be stored as a fixed parameter in
> vm_template_details?
>
> As mentioned before we are running an older version of CS so I am not sure
> if this is still the case with the latest version.
>
> Swen
>
> -----Ursprüngliche Nachricht-----
> Von: m...@swen.io <m...@swen.io>
> Gesendet: Donnerstag, 15. Oktober 2020 16:02
> An: users@cloudstack.apache.org
> Betreff: AW: metadata on VR
>
> I did more detailed search within the management-server.log and found this:
> "SSH.KeyPairName":"packer_5f635a58-1c36-bd60-b7fa-dc04b5f4c8a2"
>
> We are creating our templates via packer.io, but we do delete the keys
> inside the template via packer provisioner. Is CS storing the ssh keypair
> with during template creation?
>
> Swen
>
> -----Ursprüngliche Nachricht-----
> Von: m...@swen.io <m...@swen.io>
> Gesendet: Donnerstag, 15. Oktober 2020 15:50
> An: users@cloudstack.apache.org
> Betreff: AW: metadata on VR
>
> Hi David,
>
> even if I create a VM now the public key will be put in the file for the
> new
> VM. And this key is not in the db. I do not understand where the VR is
> getting this key from?
> Which logs do you mean? I was looking through /management-server.log with
> debug enabled but was unable to find anything about this. Any idea where to
> search?
>
> Swen
>
> -----Ursprüngliche Nachricht-----
> Von: David Jumani <david.jum...@shapeblue.com>
> Gesendet: Donnerstag, 15. Oktober 2020 13:20
> An: users@cloudstack.apache.org
> Betreff: Re: metadata on VR
>
> It could be because the key has been deleted on Cloudstack. Checking the
> logs could verify that ________________________________
> From: m...@swen.io <m...@swen.io>
> Sent: Thursday, October 15, 2020 2:07 PM
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: AW: metadata on VR
>
> Hi,
>
> any idea why a public key which is not in the db is put into the
> public-keys
> file on the VR?
>
> Swen
>
> david.jum...@shapeblue.com
> www.shapeblue.com
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: David Jumani <david.jum...@shapeblue.com>
> Gesendet: Mittwoch, 14. Oktober 2020 14:30
> An: users@cloudstack.apache.org
> Betreff: Re: metadata on VR
>
> Hi Cu,
>
> The database stores the MD5 fingerprint of the key. Could you check the
> fingerprint on the VR via
>
> ssh-keygen -E md5 -lf publick-keys
>
> Thanks,
> David
> ________________________________
> From: m...@swen.io <m...@swen.io>
> Sent: Wednesday, October 14, 2020 5:26 PM
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: AW: metadata on VR
>
> Hi David,
>
> thx for getting back so fast. That is what I thought too.
> Now the problem is that in the file public-keys is a key that is not in the
> database. It should be in the table ssh_keypairs, correct?
> When I do a ssh-keygen -lf public-keys on the file in the VR the
> fingerprint
> did not match any fingerprint in the ssh_keypairs table.
>
> I am wondering where the key in the public-keys file comes from.
>
> Cu Swen
>
>
>
> david.jum...@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: David Jumani <david.jum...@shapeblue.com>
> Gesendet: Mittwoch, 14. Oktober 2020 12:19
> An: users@cloudstack.apache.org
> Betreff: Re: metadata on VR
>
> Hi,
>
> The file contents are written by vmdata.py itself. The public keys are sent
> to the router by the management server when the ssh key is reset.
> The vmdata.py file receives this and a method 'createFile' is internally
> called which writes the relevant data in the respective file in the folder.
>
> Thanks,
> David
> ________________________________
> From: m...@swen.io <m...@swen.io>
> Sent: Wednesday, October 14, 2020 3:34 PM
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: metadata on VR
>
> Hi all,
>
>
>
> I have a question regarding the metadata on virtual routers. We are running
> an older version, so I am not sure if path or script are being renamed or
> changed.
>
> I see that CS is creating /var/www/html/metadata/<ip>/ on the VR for all
> VMs
> in the network.
>
> As far as I understand this script is creating the folders:
> /opt/cloud/bin/vmdata.py
>
>
>
> But I am unable to find which script is creating the files with content
> inside this folder.
>
> In particular I need to know what is creating the file public-keys where
> the
> content of this file is from.
>
>
>
> Thank you for any help!
>
>
>
> Cu Swen
>
>
>
>
> david.jum...@shapeblue.com
> www.shapeblue.com<http://www.shapeblue.com>
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
>
>
>
>
>
>
>
>
>
>
--
Andrija Panić
