Last week's meeting minutes are posted at:
:-Dustin
Wednesday, March 31, 2010
Tuesday, March 30, 2010
UEC and Launchpad.net
Building on ssh-import-lp-id, you can now launch an instance in UEC (Ubuntu Enterprise Cloud) and have it seeded with one or more public keys securely retrieved from Launchpad.net!
Let's assume you have some registered Ubuntu 10.o4 LTS (Lucid) $EMI ...
if [ ! -e ~/.euca/mykey.priv ]; then
touch ~/.euca/mykey.priv
chmod 0600 ~/.euca/mykey.priv
euca-add-keypair mykey > ~/.euca/mykey.priv
fi
And then you'd start an instance like this:
euca-run-instances -k mykey $EMI
And to access the instance:
ssh -i ~/.euca/mykey.priv ubuntu@10.1.1.100
I find this clunky, as I don't use this generated mykey business for anything else, and I can't very easily share access to this VM. The private key has already been known by the Cloud Controller (though it discards it). It's not a real security concern, but it bothers me on principle.
So we (Mathias Gug, Scott Moser, and I) thought we'd make this a bit more fluid for Ubuntu users who have Launchpad.net accounts. Launchpad.net actually provides a free, authenticated, SSL-served Public SSH key-server. You can register and share your Public SSH keys there without compromising your private key. We created a wrapper script called uec-run-instances that takes a new option -l|--launchpad-id, which is a comma-separated list of Launchpad.net id's. The tool will add a bit logic in the user-data that will have the instance retrieve and install the public SSH keys of each of the specified users at boot. The syntax looks like this:
uec-run-instances -l kirkland,mathiaz,smoser $EMI
And then you can just:
ssh ubuntu@10.1.1.100
How cool is that!?!
:-Dustin
Thursday, March 25, 2010
Introducing ssh-import-lp-id
ssh-copy-id is an incredibly useful utility for pushing your public key from your local machine to a remote server, such that you can use public key authentication thereafter.
Scott Moser and I wrote a similar utility for Ubuntu Lucid, called ssh-import-lp-id, for securely pulling one or more public keys from Launchpad.net and appending them to an account's ~/.ssh/authorized_keys file.
This can be incredibly useful in cloud environments, like EC2 or UEC.
For example, I just fired up an instance in EC2, and wanted to give shared access to me, Scott, and Kees:
ubuntu@ip-172-19-1-2:~$ ssh-import-lp-id kirkland smoser kees
INFO: Successfully authorized [kirkland]
INFO: Successfully authorized [smoser]
INFO: Successfully authorized [kees]
I can cat ~/.ssh/authorized_keys and see that all 3 were imported, and now any of the 3 of us can ssh into this instance and authenticate using public key authentication.
You can use ssh-import-lp-id against any user in Launchpad who has registered their public SSH keys. Nifty, huh?
For Lucid, the ssh-import-lp-id utility is provided by the ssh-import binary package (which comes from the cloud-utils source package). Ideally, I'd like to get the tool into upstream OpenSSH and in the openssh-server package. To do so, though, I would probably need to support other public SSH keyservers besides Launchpad.net. I did a bit of searching, but I couldn't find any other SSH public keyservers out there. Any pointers?
:-Dustin
Scott Moser and I wrote a similar utility for Ubuntu Lucid, called ssh-import-lp-id, for securely pulling one or more public keys from Launchpad.net and appending them to an account's ~/.ssh/authorized_keys file.
This can be incredibly useful in cloud environments, like EC2 or UEC.
For example, I just fired up an instance in EC2, and wanted to give shared access to me, Scott, and Kees:
ubuntu@ip-172-19-1-2:~$ ssh-import-lp-id kirkland smoser kees
INFO: Successfully authorized [kirkland]
INFO: Successfully authorized [smoser]
INFO: Successfully authorized [kees]
I can cat ~/.ssh/authorized_keys and see that all 3 were imported, and now any of the 3 of us can ssh into this instance and authenticate using public key authentication.
You can use ssh-import-lp-id against any user in Launchpad who has registered their public SSH keys. Nifty, huh?
For Lucid, the ssh-import-lp-id utility is provided by the ssh-import binary package (which comes from the cloud-utils source package). Ideally, I'd like to get the tool into upstream OpenSSH and in the openssh-server package. To do so, though, I would probably need to support other public SSH keyservers besides Launchpad.net. I did a bit of searching, but I couldn't find any other SSH public keyservers out there. Any pointers?
:-Dustin
Tuesday, March 23, 2010
Byobu and UTC
We're right in the middle of a really annoying time of the year, when the USA has switched to Daylight Savings Time (DST), but the rest of the world has not yet.
The only way to keep things straight when communicating and scheduling with people around the world is to use Coordinated Universal Time (UTC), which is basically a fixed reference point.
At the request of a Byobu user, I added a Byobu status plugin for UTC time ;-) It sits right next to your clock which shows your local time.
This is helping keep my meeting attendance straight, while I'm working in a timezone 2 hours off from my natural home timezone, in a country who's already on DST for 2010, but meeting with people 9 timezones away, in a country who's not. Woohoo!
:-Dustin
Friday, March 19, 2010
ArsTechnica and LifeHacker Articles on TestDrive this Week!
Jorge Castro just pointed out that TestDrive was covered in both ArsTechnica and LifeHacker this week :-)
Check these out:
- http://arstechnica.com/open-source/news/2010/03/ubuntu-prerelease-testing-made-easy-with-testdrive.ars
- http://lifehacker.com/5496679/testdrive-virtualizes-brand+new-ubuntu-builds-for-easy-testing
:-Dustin
Wednesday, March 17, 2010
Server Bug Zapping: eucalyptus and euca2ools
So far, the KVM and Samba bug zapping weeks have been a success!
Next week, we will be focusing on Eucalyptus, Euca2ools, and UEC in general. In fact, Mathias Gug, Scott Moser, and I will be on-site at Eucalyptus Systems in Santa Barbara, California. We're going to spend the whole week working on UEC, ensuring that the Ubuntu 10.04 LTS Cloud offering is the best damn Linux hosted Cloud Computing platform in the industry.
Call For Participation
If you have any vested interest in the Ubuntu Enterprise Cloud, please give us hand next week!
Take a look at the open bugs against:
Help us reproduce those, or let us know if they're fixed. Come hang out in #ubuntu-server next week.
:-Dustin
Next week, we will be focusing on Eucalyptus, Euca2ools, and UEC in general. In fact, Mathias Gug, Scott Moser, and I will be on-site at Eucalyptus Systems in Santa Barbara, California. We're going to spend the whole week working on UEC, ensuring that the Ubuntu 10.04 LTS Cloud offering is the best damn Linux hosted Cloud Computing platform in the industry.
Call For Participation
If you have any vested interest in the Ubuntu Enterprise Cloud, please give us hand next week!
Take a look at the open bugs against:
Help us reproduce those, or let us know if they're fixed. Come hang out in #ubuntu-server next week.
:-Dustin
Tuesday, March 16, 2010
Byobu - Preseeding Auto-launch
Do you always enable Byobu to auto-launch when you login to your Ubuntu servers?
If so, we have a neat new feature for you... Lucid's Byobu has a debconf question that will allow you to globally enable Byobu's auto-launch for all interactive accounts on the system. It's currently disabled by default. To toggle the value, just use:
sudo dpkg-reconfigure byobuEach user, though, will still be able to override the global value with their own choice, to auto-launch or not to auto-launch. Users can overide this by either using the F9 Menu, or by touching ~/.byobu/disable-autolaunch.
Also, if you like to use preseed files and automate the installation of your Ubuntu machines, you can preseed this value like so:
d-i pkgsel/include string byobuThere are a couple of minor caveats... Enabling this feature will install a symbolic link to your /etc/profile.d directory. For this to work properly, your shell must support /etc/profile.d and the Z98-byobu.sh link must be the last file sourced by your shell.
byobu byobu/launch-by-default boolean true
/etc/profile.d/Z98-byobu.sh -> /usr/bin/byobu-launch*Cheers,
:-Dustin
Subscribe to:
Posts (Atom)
