Re: GCE Debian Wheezy VM stops at Pass phrase protected Apache2 SSL Cert. dialog
Niltze, Jimmy-
No, I am not blaming the kernel nor GCE utilities, I *know* it is due
to the SSL pass-phrase that apache2 prompts for.
I have guided myself by: <
https://cloud.google.com/compute/docs/troubleshooting#ssherrors > and
thus far I was able create a snapshot -- with which I imaged a disk --
that I mounted and modified under another Debian instance.
Now I have this modified persistent disk that I want to use when I
create another instance.
My issue now is, how do I create another instance using this *existing* disk?
By the way, spending much of the morning/afternoon examining the
gcloud and gce commands, I don't think it is possible to completely
shut down the vm -- only reset it (which is a reboot ;-)
Best Professional Regards
On Sun, Oct 19, 2014 at 4:00 PM, Jimmy Kaplowitz <jkaplowitz@google.com> wrote:
> Hi Jose,
>
> You could certainly use our metadata server to provide the apache passphrase
> at boot time, if you then integrate it with the apache startup process. I'm
> not an expert on Apache's initialization procedure so I'll leave advice on
> that to others. As far as I know, no code has been written yet to do that.
>
> The dist-upgrade was probably only relevant as your first reason to reboot
> after making the change, I'd expect, nothing specific to the new kernel or
> to GCE.
>
> However, I do have one bit of positive feature clarification to provide:
> gcutil, gcloud, and our web UI do allow you to fully shut down an instance,
> which will let you attach the disk to another instance. Just delete it while
> preserving the boot disk (it's an option for all of those tools). This will
> send a clean ACPI power down signal to the VM, giving it an approximate
> maximum of 2 minutes before pulling the virtual power cord.
>
> Good luck, and glad you're trying GCE!
>
> - Jimmy
>
> On Oct 19, 2014 9:12 AM, "Jose R R" <Jose.r.r@metztli-it.com> wrote:
>>
>> Niltze, all-
>>
>> Well, doing my part in the security of the Web :p
>>
>> I run Apache web server in a GCE VM [different email account than this
>> one] and decided to acquire an SSL certificate which I successfully
>> installed under Debian Wheezy a few days ago.
>>
>> For added security, I pass-phrased-protected the SSL certificate so
>> that when I restart the web server I need to input my pass phrase.
>>
>> I had no issues whatsoever until today that I did an: apt-get
>> dist-upgrade for a newer kernel. Upon doing a reboot I found out that
>> my port 22 is closed but my web server ports 80 and 443 are open.
>>
>> I used nmap to scan for my open ports as well as the tcping utility.
>>
>> Accordingly, I get the message connection refused whenever I use
>> gcloud or ssh to attempt to log into my GCE instance.
>>
>> After using gcutil and gcloud to reset my GCE instance -- multiple
>> times -- the outcome was the same. Accordingly I did:
>>
>> gcloud compute instances get-serial-port-output myInstance
>>
>> Below is the last message of the output that indicates that GCE Debian
>> Wheezy instance needs the passphrase before proceeding further (and
>> starting sshd):
>>
>>
>> ----------------------------------------------------------------------------------------
>> ...
>> Oct 19 07:53:51 myInstance acpid: 1 rule loaded
>> Oct 19 07:53:51 myInstance acpid: waiting for events: event logging is off
>> [....] Starting web server: apache2Apache/2.2.22 mod_ssl/2.2.22 (Pass
>> Phrase Dialog)
>> Some of your private key files are encrypted for security reasons.
>> In order to read them you have to provide the pass phrases.
>>
>> Server myInstance.x.xyz-host.internal:443 (RSA)
>> Enter pass phrase:
>>
>> --------------------------------------------------------------------------------------
>>
>> I tried detaching the disk to subsequently mount onto another instance
>> but the command fails with:
>>
>> --------------------------------------------------------------------------------
>> ERROR: (gcloud.compute.instances.detach-disk) There was a problem
>> modifying the resource:
>> - Hot-remove of the root disk is not supported.
>>
>> -------------------------------------------------------------------------------
>>
>> Now, gcutil and gcloud utilities can reset (reboot) the instance but
>> can not shut it down completely (that I'm aware) -- which would allow
>> me to detach the disk.
>>
>> Is there a way to provide (as parameter) the passphrase that the web
>> server requires to start apache2 and thus continue/complete the boot
>> process to start ssh server so that port 22 will be opened?
>>
>> Best Professional Regards
>>
>>
>> --
>> Jose R R
>> http://www.metztli-it.com
>>
>> ---------------------------------------------------------------------------------------------
>> NEW Apache OpenOffice 4.1.1! Download for GNU/Linux, Mac OS, Windows.
>>
>> ---------------------------------------------------------------------------------------------
>> Daylight Saving Time in USA & Canada ends: Sunday, November 02, 2014
>>
>> ---------------------------------------------------------------------------------------------
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>> Archive:
>> [🔎] CAM12Q5Ti_w8-GQ2LJbN1f9P-nzH1U_HRbmdEVOk=hU+azHiseA@mail.gmail.com">https://lists.debian.org/[🔎] CAM12Q5Ti_w8-GQ2LJbN1f9P-nzH1U_HRbmdEVOk=hU+azHiseA@mail.gmail.com
>>
>
Reply to: