Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-3977

FIWARE.Request.Tech.Cloud.SwDeployConfig.Image CentOS Metadata

    Details

    • Type: extRequest
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Fix Version/s: 2021
    • Component/s: FIWARE-TECH-HELP
    • Labels:
      None
    • HD-Chapter:
      Cloud
    • HD-Enabler:
      Sagitta

      Description

      We are facing what it seems to be a well knowing issue (https://bugs.launchpad.net/mos/+bug/1406286) with CentOS-7-X64 image provided by the federation.
      In fact, the cloud-init package is not the standard one (customized by CentOS) and it doesn't work with the metadata service. This issue is only present when using Neutron network manager.
      Could it be possible to fix the issue and distribute a new image?

      PS : I have also saw that a public key (for ssh access) is already present on the image prior to instantiation. I think this may be a security issue as it is not possible to know who has access to the private key

        Activity

        Hide
        lannionsupport Lannion Node Helpdesk added a comment -

        This project required a CentOS 7 instance which we are not able to make work in Lannion

        Show
        lannionsupport Lannion Node Helpdesk added a comment - This project required a CentOS 7 instance which we are not able to make work in Lannion
        Hide
        aalonsog Alvaro Alonso added a comment -

        I'm not sure who is in charge of image management. Fernando Lopez could you assign the ticket to the right person?

        Thanks

        Show
        aalonsog Alvaro Alonso added a comment - I'm not sure who is in charge of image management. Fernando Lopez could you assign the ticket to the right person? Thanks
        Hide
        fla Fernando Lopez added a comment -

        Not sure what is the real problem with this image, could you give us more detail about the problem that you have with this image.

        Show
        fla Fernando Lopez added a comment - Not sure what is the real problem with this image, could you give us more detail about the problem that you have with this image.
        Hide
        jmperibanez Jose Maria Peribañez added a comment -

        This image is deprecated now. The new base image is base_centos_7. This new image is the mainstream one, with only two changes:
        -automatic updates are activated
        -the new support account mechanism is installed

        The new images are also cleaned with virt-sysprep.

        Show
        jmperibanez Jose Maria Peribañez added a comment - This image is deprecated now. The new base image is base_centos_7. This new image is the mainstream one, with only two changes: -automatic updates are activated -the new support account mechanism is installed The new images are also cleaned with virt-sysprep.
        Hide
        lannionsupport Lannion Node Helpdesk added a comment -

        Dear Jose,

        Thank you for the info, we will check if the new image base_centos_7 does behave as the old one.

        If the image CentOS-7-x64 is deprecated, could you please remove it from the list of images available on the federation.

        BR
        Riwal

        Show
        lannionsupport Lannion Node Helpdesk added a comment - Dear Jose, Thank you for the info, we will check if the new image base_centos_7 does behave as the old one. If the image CentOS-7-x64 is deprecated, could you please remove it from the list of images available on the federation. BR Riwal
        Hide
        lannionsupport Lannion Node Helpdesk added a comment -

        Hi,

        Unfortunately it seems there is still a problem with this new image called base_centos_7 (ID dcf0ee72-548f-4ccd-9171-6407d7161d46 on Lannion Node).

        The cloud-init metadata feature is not working, everytime I launch an instance with this image, I got the following at end of logs :

        cloud-init[780]: 2015-09-02 15:15:38,939 - util.py[WARNING]: Failed fetching userdata from url http://169.254.169.254/2009-04-04/user-data
        cloud-init[780]: 2015-09-02 15:15:43,963 - util.py[WARNING]: Failed fetching metadata from url http://169.254.169.254/2009-04-04/meta-data

        SSH key is not provided so there is no way to remotely connect to the instance.

        I insist on the fact that it is not a problem from our node, other images do not have this problem.

        Can you please review this image ?

        Best Regards,
        Erwan

        Show
        lannionsupport Lannion Node Helpdesk added a comment - Hi, Unfortunately it seems there is still a problem with this new image called base_centos_7 (ID dcf0ee72-548f-4ccd-9171-6407d7161d46 on Lannion Node). The cloud-init metadata feature is not working, everytime I launch an instance with this image, I got the following at end of logs : cloud-init [780] : 2015-09-02 15:15:38,939 - util.py [WARNING] : Failed fetching userdata from url http://169.254.169.254/2009-04-04/user-data cloud-init [780] : 2015-09-02 15:15:43,963 - util.py [WARNING] : Failed fetching metadata from url http://169.254.169.254/2009-04-04/meta-data SSH key is not provided so there is no way to remotely connect to the instance. I insist on the fact that it is not a problem from our node, other images do not have this problem. Can you please review this image ? Best Regards, Erwan
        Hide
        jmperibanez Jose Maria Peribañez added a comment - - edited

        Hello Erwan,

        We checked the images before publishing, but I've tested again in our Spain2 node, and as expected, I've contacted without any problem to the image via SSH using the centos account.

        The image get the keys from the metadata server without any problem. The script that creates the support account, that also contacts the metadata server to obtain the PGP to encrypt the support password and a support SSH account, also worked and I can see the information with nova console-log.

        You can test it yourself in the Spain2 node.

        The image was tested using different versions of OpenStack, all of them with neutron (Juno, Icehouse and an older version that I don't remember, perhaps Grizzly or Havana)

        I also checked that the image in Lannion2 server has the same checksum that the Spain2 one and of course the same metadata. All looks OK.

        Best Regards,
        Chema

        Show
        jmperibanez Jose Maria Peribañez added a comment - - edited Hello Erwan, We checked the images before publishing, but I've tested again in our Spain2 node, and as expected, I've contacted without any problem to the image via SSH using the centos account. The image get the keys from the metadata server without any problem. The script that creates the support account, that also contacts the metadata server to obtain the PGP to encrypt the support password and a support SSH account, also worked and I can see the information with nova console-log. You can test it yourself in the Spain2 node. The image was tested using different versions of OpenStack, all of them with neutron (Juno, Icehouse and an older version that I don't remember, perhaps Grizzly or Havana) I also checked that the image in Lannion2 server has the same checksum that the Spain2 one and of course the same metadata. All looks OK. Best Regards, Chema
        Hide
        jmperibanez Jose Maria Peribañez added a comment -

        Hello again,

        I've launched a VM in your region (by the way, there are no floating Ips available) and I see that in your node fails at connecting to the metadata server. However, the script that we have included to create a support account in the image finally gets its data from the metadata server (our scripts do several tries with a pause if necessary)

        I don't know what is different in your infrastructure, perhaps the network connection with the metadata server is not ready as fast, or there is some problem with clocks. In the logs of the launched VM in your infrastructure I see "Adjusting kvm-clock more than 11%".

        Sorry, but I have not more ideas.

        Best Regards,
        Chema

        Show
        jmperibanez Jose Maria Peribañez added a comment - Hello again, I've launched a VM in your region (by the way, there are no floating Ips available) and I see that in your node fails at connecting to the metadata server. However, the script that we have included to create a support account in the image finally gets its data from the metadata server (our scripts do several tries with a pause if necessary) I don't know what is different in your infrastructure, perhaps the network connection with the metadata server is not ready as fast, or there is some problem with clocks. In the logs of the launched VM in your infrastructure I see "Adjusting kvm-clock more than 11%". Sorry, but I have not more ideas. Best Regards, Chema
        Hide
        fla Fernando Lopez added a comment -

        If there is no more question about this tickets I will close it due to I consider that it is resolved.

        Show
        fla Fernando Lopez added a comment - If there is no more question about this tickets I will close it due to I consider that it is resolved.
        Hide
        lannionsupport Lannion Node Helpdesk added a comment -

        Fernando, Jose,

        One question that did not get an answer: If the image CentOS-7-x64 is deprecated, could you please remove it from the list of images available on the federation? Is there any other images on this situation?

        Can we have also more information about the script that you have included in this image? If we want to try to debug why this particular image is failing on our node and not the other ones, we need to have more clue on what has been added in it by your team. At the moment, I only had the time to check that in other nodes, this image seems to work fine. In the coming days, I hope I will have time to search for a possible reason why it is failing on our node. Then I will update the ticket at this time.

        BR
        Riwal

        Show
        lannionsupport Lannion Node Helpdesk added a comment - Fernando, Jose, One question that did not get an answer: If the image CentOS-7-x64 is deprecated, could you please remove it from the list of images available on the federation? Is there any other images on this situation? Can we have also more information about the script that you have included in this image? If we want to try to debug why this particular image is failing on our node and not the other ones, we need to have more clue on what has been added in it by your team. At the moment, I only had the time to check that in other nodes, this image seems to work fine. In the coming days, I hope I will have time to search for a possible reason why it is failing on our node. Then I will update the ticket at this time. BR Riwal
        Hide
        jmperibanez Jose Maria Peribañez added a comment -

        Hello,

        The deprecated images (these images and some others, also base images) cannot be removed yet. There are blueprint templates that are referring the images. These templates are going to be updated, but in the meanwhile, the images cannot be deleted.

        The only additions to the image are:
        *activate automatic updates (yum-cron)
        *a script that is invoked at boottime, that create the support account.

        Anyway, here you are the scripts and information about the base images and the support account: https://github.com/telefonicaid/fiware-glancesync/tree/develop/scripts/support

        Best regards,

        Chema

        Show
        jmperibanez Jose Maria Peribañez added a comment - Hello, The deprecated images (these images and some others, also base images) cannot be removed yet. There are blueprint templates that are referring the images. These templates are going to be updated, but in the meanwhile, the images cannot be deleted. The only additions to the image are: *activate automatic updates (yum-cron) *a script that is invoked at boottime, that create the support account. Anyway, here you are the scripts and information about the base images and the support account: https://github.com/telefonicaid/fiware-glancesync/tree/develop/scripts/support Best regards, Chema
        Hide
        lannionsupport Lannion Node Helpdesk added a comment -

        Jose, Fernando,

        Do you know if the spain2 node is in HA (with 2 or 3 controllers) + neutron GRE installed?

        In base_centos_7 image, we have the package cloud-init-0.7.5-10.el7.centos.1.x86_64 installed and in Lannion2, the node is deployed with fuel6.0, in HA and with neutron GRE. Then we are in the configuration that Erwan was talking about: https://bugs.launchpad.net/mos/+bug/1406286

        BR
        Riwal

        Show
        lannionsupport Lannion Node Helpdesk added a comment - Jose, Fernando, Do you know if the spain2 node is in HA (with 2 or 3 controllers) + neutron GRE installed? In base_centos_7 image, we have the package cloud-init-0.7.5-10.el7.centos.1.x86_64 installed and in Lannion2, the node is deployed with fuel6.0, in HA and with neutron GRE. Then we are in the configuration that Erwan was talking about: https://bugs.launchpad.net/mos/+bug/1406286 BR Riwal
        Hide
        jmperibanez Jose Maria Peribañez added a comment -

        Hello,

        I don't think so. I'm not sure about HA in Spain2, but certainly it does not use GRE, it uses neutron but with VXLAN.

        The images was also tested with Icehouse configured with neutron + GRE, but without HA.

        Best regards,

        Chema.

        Show
        jmperibanez Jose Maria Peribañez added a comment - Hello, I don't think so. I'm not sure about HA in Spain2, but certainly it does not use GRE, it uses neutron but with VXLAN. The images was also tested with Icehouse configured with neutron + GRE, but without HA. Best regards, Chema.
        Hide
        fla Fernando Lopez added a comment -

        No more question I close the issue.

        Show
        fla Fernando Lopez added a comment - No more question I close the issue.

          People

          • Assignee:
            jmperibanez Jose Maria Peribañez
            Reporter:
            lannionsupport Lannion Node Helpdesk
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: