1 2 Previous Next 18 Replies Latest reply: Jan 22, 2012 8:25 AM by Marek Goldmann RSS

    BoxGrinder & CentOS Login

    Baron R Newbie

      Hi,

       

      I'm trying out BoxGrinder on CentOS v5.5 i386, but I'm having trouble logging into my ec2 instance. I configured an appliance, and built it and tested it under VMWare with no problem. I can ssh into the vmware image, etc.. Then, I tried switching to use the ec2/s3 plugins to upload and register my AMI. When I launch the instance, the server starts ok, but I can't SSH into the box. I tried launching the instance with and without my Amazon keypair. I also tried launching one of amazon's quickstart ec2 instances, and verified I can SSH into them using my private key, so I'm guessing there's something wrong with my appliance or what i'm doing.

       

      When I try to SSH in, I'm getting the error:

      Permission denied (publickey,gssapi-with-mic).

       

      Or...when in verbose mode:

      OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
      debug1: Reading configuration data /etc/ssh_config
      debug1: Connecting to ec2-184-73-88-252.compute-1.amazonaws.com [184.73.88.252] port 22.
      debug1: Connection established.
      debug1: identity file breznik.pem type -1
      debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
      debug1: match: OpenSSH_4.3 pat OpenSSH_4*
      debug1: Enabling compatibility mode for protocol 2.0
      debug1: Local version string SSH-2.0-OpenSSH_5.2
      debug1: SSH2_MSG_KEXINIT sent
      debug1: SSH2_MSG_KEXINIT received
      debug1: kex: server->client aes128-ctr hmac-md5 none
      debug1: kex: client->server aes128-ctr hmac-md5 none
      debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
      debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
      debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
      debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
      debug1: Host 'ec2-184-73-88-252.compute-1.amazonaws.com' is known and matches the RSA host key.
      debug1: Found key in /Users/baron/.ssh/known_hosts:36
      debug1: ssh_rsa_verify: signature correct
      debug1: SSH2_MSG_NEWKEYS sent
      debug1: expecting SSH2_MSG_NEWKEYS
      debug1: SSH2_MSG_NEWKEYS received
      debug1: SSH2_MSG_SERVICE_REQUEST sent
      debug1: SSH2_MSG_SERVICE_ACCEPT received
      debug1: Authentications that can continue: publickey,gssapi-with-mic
      debug1: Next authentication method: publickey
      debug1: Trying private key: breznik.pem
      debug1: read PEM private key done: type RSA
      debug1: Authentications that can continue: publickey,gssapi-with-mic
      debug1: No more authentication methods to try.
      Permission denied (publickey,gssapi-with-mic).

       

      Is there something I'm doing wrong or just not doing that I should be?

       

      Thanks,

      Baron

        • 1. Re: BoxGrinder & CentOS Login
          Marek Goldmann Master

          Hi Baron,

           

          What exactly command do you use to connect to instance?

           

          --Marek

          • 2. Re: BoxGrinder & CentOS Login
            Baron R Newbie

            Hi Marek,

             

            I'm trying:

            ssh -i /path/to/private.key.pem root@ec2.public.dns.hostname

             

            Thanks,

            Baron

            • 3. Re: BoxGrinder & CentOS Login
              Marek Goldmann Master

              What is the output from AWS Console Log for this instance?

               

              --Marek

              • 4. Re: BoxGrinder & CentOS Login
                Baron R Newbie

                Here it is:

                 

                    Linux version 2.6.21.7-2.fc8xen (mockbuild@xenbuilder1.fedora.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Feb 15 12:39:36 EST 2008

                BIOS-provided physical RAM map:

                sanitize start

                sanitize bail 0

                copy_e820_map() start: 0000000000000000 size: 000000006ac00000 end: 000000006ac00000 type: 1

                Xen: 0000000000000000 - 000000006ac00000 (usable)

                980MB HIGHMEM available.

                727MB LOWMEM available.

                NX (Execute Disable) protection: active

                Zone PFN ranges:

                  DMA             0 ->   186366

                  Normal     186366 ->   186366

                  HighMem    186366 ->   437248

                early_node_map[1] active PFN ranges

                    0:        0 ->   437248

                ACPI in unprivileged domain disabled

                Detected 2660.057 MHz processor.

                Built 1 zonelists.  Total pages: 433833

                Kernel command line:  root=/dev/sda1 ro 4

                Enabling fast FPU save and restore... done.

                Enabling unmasked SIMD FPU exception support... done.

                Initializing CPU#0

                CPU 0 irqstacks, hard=c136c000 soft=c134c000

                PID hash table entries: 4096 (order: 12, 16384 bytes)

                Xen reported: 2659.994 MHz processor.

                Console: colour dummy device 80x25

                Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)

                Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)

                Software IO TLB disabled

                vmalloc area: ee000000-f4ffe000, maxmem 2d7fe000

                Memory: 1711020k/1748992k available (2071k kernel code, 28636k reserved, 1080k data, 188k init, 1003528k highmem)

                virtual kernel memory layout:

                    fixmap  : 0xf5315000 - 0xf57fe000   (5028 kB)

                    pkmap   : 0xf5000000 - 0xf5200000   (2048 kB)

                    vmalloc : 0xee000000 - 0xf4ffe000   ( 111 MB)

                    lowmem  : 0xc0000000 - 0xed7fe000   ( 727 MB)

                      .init : 0xc1319000 - 0xc1348000   ( 188 kB)

                      .data : 0xc1205e6e - 0xc1313fd4   (1080 kB)

                      .text : 0xc1000000 - 0xc1205e6e   (2071 kB)

                Checking if this processor honours the WP bit even in supervisor mode... Ok.

                Calibrating delay using timer specific routine.. 6652.85 BogoMIPS (lpj=13305700)

                Security Framework v1.0.0 initialized

                SELinux:  Initializing.

                selinux_register_security:  Registering secondary module capability

                Capability LSM initialized as secondary

                Mount-cache hash table entries: 512

                CPU: L1 I cache: 32K, L1 D cache: 32K

                CPU: L2 cache: 6144K

                Checking 'hlt' instruction... OK.

                SMP alternatives: switching to UP code

                Freeing SMP alternatives: 13k freed

                Brought up 1 CPUs

                NET: Registered protocol family 16

                Brought up 1 CPUs

                PCI: Fatal: No config space access function found

                PCI: setting up Xen PCI frontend stub

                Setting up standard PCI resources

                ACPI: Interpreter disabled.

                Linux Plug and Play Support v0.97 (c) Adam Belay

                pnp: PnP ACPI: disabled

                xen_mem: Initialising balloon driver.

                usbcore: registered new interface driver usbfs

                usbcore: registered new interface driver hub

                usbcore: registered new device driver usb

                PCI: System does not support PCI

                PCI: System does not support PCI

                NetLabel: Initializing

                NetLabel:  domain hash size = 128

                NetLabel:  protocols = UNLABELED CIPSOv4

                NetLabel:  unlabeled traffic allowed by default

                NET: Registered protocol family 2

                IP route cache hash table entries: 32768 (order: 5, 131072 bytes)

                TCP established hash table entries: 131072 (order: 8, 1572864 bytes)

                TCP bind hash table entries: 65536 (order: 7, 524288 bytes)

                TCP: Hash tables configured (established 131072 bind 65536)

                TCP reno registered

                checking if image is initramfs... it is

                Freeing initrd memory: 6775k freed

                audit: initializing netlink socket (disabled)

                audit(1283195367.802:1): initialized

                highmem bounce pool size: 64 pages

                VFS: Disk quotas dquot_6.5.1

                Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)

                ksign: Installing public key data

                Loading keyring

                io scheduler noop registered

                io scheduler anticipatory registered

                io scheduler deadline registered

                io scheduler cfq registered (default)

                pci_hotplug: PCI Hot Plug PCI Core version: 0.5

                rtc: IRQ 8 is not free.

                Non-volatile memory driver v1.2

                Linux agpgart interface v0.102 (c) Dave Jones

                RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize

                input: Macintosh mouse button emulation as /class/input/input0

                Xen virtual console successfully installed as xvc0

                Linux version 2.6.21.7-2.fc8xen (mockbuild@xenbuilder1.fedora.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Feb 15 12:39:36 EST 2008

                BIOS-provided physical RAM map:

                sanitize start

                sanitize bail 0

                copy_e820_map() start: 0000000000000000 size: 000000006ac00000 end: 000000006ac00000 type: 1

                Xen: 0000000000000000 - 000000006ac00000 (usable)

                980MB HIGHMEM available.

                727MB LOWMEM available.

                NX (Execute Disable) protection: active

                Zone PFN ranges:

                  DMA             0 ->   186366

                  Normal     186366 ->   186366

                  HighMem    186366 ->   437248

                early_node_map[1] active PFN ranges

                    0:        0 ->   437248

                ACPI in unprivileged domain disabled

                Detected 2660.057 MHz processor.

                Built 1 zonelists.  Total pages: 433833

                Kernel command line:  root=/dev/sda1 ro 4

                Enabling fast FPU save and restore... done.

                Enabling unmasked SIMD FPU exception support... done.

                Initializing CPU#0

                CPU 0 irqstacks, hard=c136c000 soft=c134c000

                PID hash table entries: 4096 (order: 12, 16384 bytes)

                Xen reported: 2659.994 MHz processor.

                Console: colour dummy device 80x25

                Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)

                Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)

                Software IO TLB disabled

                vmalloc area: ee000000-f4ffe000, maxmem 2d7fe000

                Memory: 1711020k/1748992k available (2071k kernel code, 28636k reserved, 1080k data, 188k init, 1003528k highmem)

                virtual kernel memory layout:

                    fixmap  : 0xf5315000 - 0xf57fe000   (5028 kB)

                    pkmap   : 0xf5000000 - 0xf5200000   (2048 kB)

                    vmalloc : 0xee000000 - 0xf4ffe000   ( 111 MB)

                    lowmem  : 0xc0000000 - 0xed7fe000   ( 727 MB)

                      .init : 0xc1319000 - 0xc1348000   ( 188 kB)

                      .data : 0xc1205e6e - 0xc1313fd4   (1080 kB)

                      .text : 0xc1000000 - 0xc1205e6e   (2071 kB)

                Checking if this processor honours the WP bit even in supervisor mode... Ok.

                Calibrating delay using timer specific routine.. 6652.85 BogoMIPS (lpj=13305700)

                Security Framework v1.0.0 initialized

                SELinux:  Initializing.

                selinux_register_security:  Registering secondary module capability

                Capability LSM initialized as secondary

                Mount-cache hash table entries: 512

                CPU: L1 I cache: 32K, L1 D cache: 32K

                CPU: L2 cache: 6144K

                Checking 'hlt' instruction... OK.

                SMP alternatives: switching to UP code

                Freeing SMP alternatives: 13k freed

                Brought up 1 CPUs

                NET: Registered protocol family 16

                Brought up 1 CPUs

                PCI: Fatal: No config space access function found

                PCI: setting up Xen PCI frontend stub

                Setting up standard PCI resources

                ACPI: Interpreter disabled.

                Linux Plug and Play Support v0.97 (c) Adam Belay

                pnp: PnP ACPI: disabled

                xen_mem: Initialising balloon driver.

                usbcore: registered new interface driver usbfs

                usbcore: registered new interface driver hub

                usbcore: registered new device driver usb

                PCI: System does not support PCI

                PCI: System does not support PCI

                NetLabel: Initializing

                NetLabel:  domain hash size = 128

                NetLabel:  protocols = UNLABELED CIPSOv4

                NetLabel:  unlabeled traffic allowed by default

                NET: Registered protocol family 2

                IP route cache hash table entries: 32768 (order: 5, 131072 bytes)

                TCP established hash table entries: 131072 (order: 8, 1572864 bytes)

                TCP bind hash table entries: 65536 (order: 7, 524288 bytes)

                TCP: Hash tables configured (established 131072 bind 65536)

                TCP reno registered

                checking if image is initramfs... it is

                Freeing initrd memory: 6775k freed

                audit: initializing netlink socket (disabled)

                audit(1283195367.802:1): initialized

                highmem bounce pool size: 64 pages

                VFS: Disk quotas dquot_6.5.1

                Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)

                ksign: Installing public key data

                Loading keyring

                io scheduler noop registered

                io scheduler anticipatory registered

                io scheduler deadline registered

                io scheduler cfq registered (default)

                pci_hotplug: PCI Hot Plug PCI Core version: 0.5

                rtc: IRQ 8 is not free.

                Non-volatile memory driver v1.2

                Linux agpgart interface v0.102 (c) Dave Jones

                RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize

                input: Macintosh mouse button emulation as /class/input/input0

                Xen virtual console successfully installed as xvc0

                Event-channel device installed.

                usbcore: registered new interface driver hiddev

                usbcore: registered new interface driver usbhid

                drivers/usb/input/hid-core.c: v2.6:USB HID core driver

                PNP: No PS/2 controller found. Probing ports directly.

                i8042.c: No controller found.

                mice: PS/2 mouse device common for all mice

                TCP bic registered

                Initializing XFRM netlink socket

                NET: Registered protocol family 1

                NET: Registered protocol family 17

                Using IPI No-Shortcut mode

                XENBUS: Device with no driver: device/vif/0

                XENBUS: Device with no driver: device/vbd/2049

                XENBUS: Device with no driver: device/vbd/2050

                XENBUS: Device with no driver: device/vbd/2051

                drivers/rtc/hctosys.c: unable to open rtc device (rtc0)

                Freeing unused kernel memory: 188k freed

                Write protecting the kernel read-only data: 795k

                Red Hat nash version 6.0.19 starting
                Mounting proc filesystem
                Mounting sysfs filesystem
                Creating /dev
                Creating initial device nodes
                Setting up hotplug.
                Creating block device nodes.
                Loading xennet.ko module
                netfront: Initialising virtual ethernet driver.

                netfront: device eth0 has flipping receive path.

                Loading xenblk.ko module
                xen-vbd: registered block device major 8

                Loading ehci-hcd.ko module
                Loading ohci-hcd.ko module
                Loading uhci-hcd.ko module
                USB Universal Host Controller Interface driver v3.0

                Loading mbcache.ko module
                Loading jbd.ko module
                Loading ext3.ko module
                Creating root device.
                Mounting root filesystem.
                kjournald starting.  Commit interval 5 seconds

                EXT3-fs: mounted filesystem with ordered data mode.

                Setting up other filesystems.
                Setting up new root fs
                no fstab.sys, mounting internal defaults
                Switching to new root and running init.
                unmounting old /dev
                unmounting old /proc
                unmounting old /sys

                INIT: version 2.86 booting

                          Welcome to  CentOS release 5.5 (Final)
                          Press 'I' to enter interactive startup.
                Setting clock : Mon Aug 30 15:09:45 EDT 2010 [  OK  ]

                Starting udev: [  OK  ]

                Setting hostname localhost.localdomain:  [  OK  ]

                No devices found
                Setting up Logical Volume Management: File descriptor 7 (/sys/kernel/hotplug) leaked on lvm.static invocation. Parent PID 222: /bin/bash
                [  OK  ]

                Checking filesystems
                Checking all file systems.
                [/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/sda1
                /dev/sda1: clean, 21206/1310720 files, 245659/2621440 blocks
                [/sbin/fsck.ext3 (1) -- /mnt] fsck.ext3 -a /dev/sda2
                ext2fs_check_if_mount: No such file or directory while determining whether /dev/sda2 is mounted.

                /dev/sda2: clean, 11/19546112 files, 661385/39088128 blocks
                [  OK  ]

                Remounting root filesystem in read-write mode:  [  OK  ]

                Mounting local filesystems:  [  OK  ]

                Enabling /etc/fstab swaps:  [  OK  ]

                INIT: Entering runlevel: 4

                Entering non-interactive startup
                Bringing up loopback interface:  [  OK  ]

                Bringing up interface eth0: 
                Determining IP information for eth0... done.
                [  OK  ]

                Mounting other filesystems:  [  OK  ]

                Generating SSH1 RSA host key: [  OK  ]

                Generating SSH2 RSA host key: [  OK  ]

                Generating SSH2 DSA host key: [  OK  ]

                Starting sshd: [  OK  ]

                Starting motd:  [  OK  ]
                • 5. Re: BoxGrinder & CentOS Login
                  Marek Goldmann Master

                  You make my life hard Everything looks clean. Do you have maybe other services starting on boot? If yes - it is possible they hang on boot somehow?

                   

                  FYI: on EC2 – root password is hashed and it is not possible to log in using password authentication. The only way is to use key authorization.

                   

                  --Marek

                  • 6. Re: BoxGrinder & CentOS Login
                    Baron R Newbie

                    Here's my appliance file if it helps:

                     

                    name: test-base
                    version: 1
                    release: 0
                    summary: Test Base Server
                    os:
                      name: centos
                      version: 5
                      password: *****
                    hardware:
                      partitions:
                         /:
                           size: 3
                    repos:
                      - name: "local-repo"
                        baseurl: "file:///mnt/centos"
                        ephemeral: true
                    packages:
                      includes:
                         - acpid
                         - bash
                         - chkconfig
                         - dhclient
                         - e2fsprogs
                         - grub
                         - iputils
                         - kernel-PAE
                         - passwd
                         - policycoreutils
                         - ntp
                         - openssh-server
                         - rootfiles
                         - vim-minimal
                         - which
                         - yum

                     

                    Since I'm getting a response from sshd, I don't think it is hanging. Is there a specific released version of centos that BoxGrinder was tested/found to work with? I'd like to narrow down where things are breaking down if possible.

                     

                    Thanks for the tip on EC2 passwords - I didn't know they did that, but I was just trying in a 'something must work' mode I prefer the key-based login anyways.

                     

                    Thanks,

                    Baron

                    • 7. Re: BoxGrinder & CentOS Login
                      Marek Goldmann Master
                      Since I'm getting a response from sshd, I don't think it is hanging. Is there a specific released version of centos that BoxGrinder was tested/found to work with? I'd like to narrow down where things are breaking down if possible.

                      I'll try tomorrow to reproduce the bug with a CentOS JEOS and will let you know.

                      Thanks for the tip on EC2 passwords - I didn't know they did that, but I was just trying in a 'something must work' mode I prefer the key-based login anyways.

                      Nah, this is our approach to secure the AMI's. Content of this file is put into /etc/rc.local file and executed on boot.

                       

                      You can adjust your image and remove the unecessary content:

                       

                      yum install guestfish
                      

                       

                      guestfish -i build/.../ec2-plugin/test-base.ec2
                      vi /etc/rc.local
                      quit
                      

                       

                      --Marek

                      • 8. Re: BoxGrinder & CentOS Login
                        Marek Goldmann Master

                        Confirming the problem. I've created BGBUILD-49.

                         

                        --Marek

                        • 9. Re: BoxGrinder & CentOS Login
                          Marek Goldmann Master

                          I found the problem - add curl to the package list, and everything will be OK.

                           

                          --Marek

                          • 10. Re: BoxGrinder & CentOS Login
                            Baron R Newbie

                            Awesome! Just tried it out and verified that it works now. Thanks!

                            • 11. Re: BoxGrinder & CentOS Login
                              kaos monk Newbie

                              Hello,

                               

                              Sorry for bumping a year old thread, but I am experiencing the same problem here.

                              I've downloaded your Fedora 15 meta appliance and tried to build Centos 6. Everything went pretty well, I managed to get it running on VirtualBox and I can log in at the server. Then I've trid to create EC2 AMI and upload it and that went well too. Then I've run an instance out of it and let Amazon create a key pair for me. But I seem not to be able to log in at the instance, as I am getting permission denied. The output of 'ssh -vvv -i /path/to/key.pem root@instance.public.dns' looks quite normal and even a AWS Console log looks just fine.

                              Then I've read that we need curl and have builded up another image but still I am failling to log in.

                               

                              Are there any known issues with building CentOS 6.2 in regards to this matter?

                               

                              Thanks!

                              • 12. Re: BoxGrinder & CentOS Login
                                Marek Goldmann Master

                                Could you please share with us the exact comamnds you run to achieve what you described above?

                                 

                                Thanks!

                                 

                                --Marek

                                • 13. Re: BoxGrinder & CentOS Login
                                  kaos monk Newbie

                                  Here's my .appl file:

                                   

                                    

                                  name: centos6.2

                                  summary: centos 6.2 x86_64 AMI

                                  packages:

                                  includes:

                                  • bash
                                  • yum
                                  • openssh-server
                                  • openssh-clients
                                  • curl
                                  • php

                                  os:

                                  name: centos

                                  version: 6

                                  hardware:

                                  partitions:

                                      “/”:

                                         size : 10

                                   

                                  Command I used to build and upload AMI:

                                   

                                    

                                  boxgrinder-build centos6.2.appl –p ec2 –d ami

                                   

                                  After the upload finishes, I've converted raw image to vdi compatible one with

                                   

                                  vboxmanage convertdd centos.bin centos.vdi

                                   

                                  And that's just fine, everything works like a charm. The same image is uploaded to my bucket at S3 and I can run instances out of it. But I cannot log in at those instances and am getting permission denied. I am not sure though if this is Amazon or boxgrinder related issue.

                                  • 14. Re: BoxGrinder & CentOS Login
                                    Marek Goldmann Master

                                    Which boxgrinder version you use?

                                     

                                    rpm -qa | grep boxgrinder
                                    

                                     

                                    I see also that you use old syntax for packages section. Not sure where it comes from, because we use new one since a year or more.

                                     

                                    --Marek

                                    1 2 Previous Next