Bug#592550: support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)

To: Charles Plessy <plessy@debian.org>
Cc: "592550@bugs.debian.org" <592550@bugs.debian.org>
Subject: Bug#592550: support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
From: Kyle Moffett <Kyle.D.Moffett@boeing.com>
Date: Wed, 20 Jul 2011 12:55:23 -0400
Message-id: <[🔎] F307924F-896D-44B7-8391-672FD05F298D@boeing.com>
Reply-to: Kyle Moffett <Kyle.D.Moffett@boeing.com>, 592550@bugs.debian.org
In-reply-to: <20110719232202.GA4509@merveille.plessy.net>
References: <20100811235804.27789.1735.reportbug@philyra.exmeritus.com> <20110719232202.GA4509@merveille.plessy.net>

On Jul 19, 2011, at 19:22, Charles Plessy wrote:
> Le Wed, Aug 11, 2010 at 07:58:04PM -0400, Kyle Moffett a écrit :
>> 
>> The modified installer now retrieves a "public-ip-url" and displays that
>> address in the console output instead of the IP found on the network
>> interface.  This correctly interoperates with Eucalyptus and Amazon EC2.
>> 
>> In those environments you would use the following bit of preseed:
>> 
>>  d-i network-console/password-disabled boolean true
>>  d-i network-console/public-ip-url string \
>>    http://169.254.169.254/2007-01-19/meta-data/public-ipv4
>>  d-i network-console/public-key-url string \
>>    http://169.254.169.254/2007-01-19/meta-data/public-keys/0/openssh-key
>> 
>> I'm also in the process of working on a small Debian-Installer patch to
>> automatically prepare a partially-preseeded D-I image following those
>> conventions.
>> 
>> I've built a modified network-console with this patch into a slightly
>> patched Debian-Installer and successfully used it to begin a network
>> install on an Amazon EC2 instance.
> 
> Dear Kyle and Debian Installer team,
> 
> this would be a very interesting feature.  Since the Amazon EC2 can boot on
> custom kernels, it looks like that with this patch (or using Petter's
> workaround), it would be possible to prepare an Amazon Machine Image (AMI) of
> Debian-Installer itself, boot it from GRUB (through Amazon's kernels using
> PVGRUB and preseed it via initrd, in order to install Debian on an Amazon
> Elastic Block.  Is that what you have tried ?

That is exactly what I have done.

The actual construction of the AMI containing the Debian-Installer is a bit of
a pain; I have a shell-script wrapper around the Amazon EC2 tools in order to
do marshall it into the official EC2 format, but the patches necessary to make
the SSH Console and Debian-Installer play nicely were surprisingly small.

Basically, I created a new Debian-Installer image variant with a built-in
preseed file containing references to the standard Amazon EC2 infrastructure
for loading SSH keys and downloading additional preseed from EC2 "user-data".

I will see if I don't have 15 minutes some time soon to dust off those patches
to update and resubmit them.

Cheers,
Kyle Moffett

Reply to:

Follow-Ups:
- Bug#592550: support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
  - From: Charles Plessy <plessy@debian.org>

Prev by Date: Bug#634865: libpng12-0-udeb: udeb should not use bzip2 compression
Next by Date: Bug#634874: Please add error for udebs that contain non gziped tarballs
Previous by thread: Bug#634865: libpng12-0-udeb: udeb should not use bzip2 compression
Next by thread: Bug#592550: support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Index(es):
- Date
- Thread