<div dir="ltr"><div class="gmail_extra">On Tue, Jun 17, 2014 at 6:57 PM, Dan Tenenbaum <span dir="ltr"><<a href="mailto:dtenenba@fhcrc.org" target="_blank">dtenenba@fhcrc.org</a>></span> wrote:<br><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thanks. I booted up an instance but the Get System Log action did not show any output.</blockquote><div>
<br></div><div>It can take up to 10 mins (sometimes even more!) for the log to propagate to the web console.<br><br>Rayson<br><br>==================================================<br>Open Grid Scheduler - The Official Open Source Grid Engine<br>
<a href="http://gridscheduler.sourceforge.net/" target="_blank">http://gridscheduler.sourceforge.net/</a><br><a href="http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html" target="_blank">http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html</a><br>
</div><div><br><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> Is this available in some other way, like with dmesg or something? (I looked briefly at the dmesg output but did not see anything suggesting the password was reset).<br>
<br>
I think I have come up with a workaround, which is to use something like this in root's crontab:<br>
<br>
@reboot echo "ubuntu:foobar" | /usr/sbin/chpasswd > /tmp/chpasswd.result 2>&1<br>
<br>
Of course, this is completely insecure. Luckily, in this context, I don't actually care about security, and in fact I want this password to be publicly known by users of the AMI. So this still might need to be fixed at the cloud-init level sometime down the line, when me or someone else runs across this and needs a secure solution.<br>
<div class="im"><br>
Dan<br>
<br>
<br>
----- Original Message -----<br>
> From: "Rayson Ho" <<a href="mailto:raysonlogin@gmail.com">raysonlogin@gmail.com</a>><br>
> To: "Dan Tenenbaum" <<a href="mailto:dtenenba@fhcrc.org">dtenenba@fhcrc.org</a>><br>
> Cc: <a href="mailto:starcluster@mit.edu">starcluster@mit.edu</a><br>
</div><div class=""><div class="h5">> Sent: Tuesday, June 17, 2014 3:19:01 PM<br>
> Subject: Re: [StarCluster] problem modifying starcluster AMI - ubuntu password change does not persist<br>
><br>
><br>
> I believe it is cloud-init, which is installed by default on all the<br>
> Ubuntu AMI images, that is changing your password for the ububtu<br>
> user.<br>
><br>
><br>
> So to verify, after you boot up an instance with your new AMI, get<br>
> the instance's console output by using the "Get System Log" action.<br>
> If there is a line like: Changing password for ubuntu, or anything<br>
> related to password in the boot log, then we can fix that for you by<br>
> changing the cloud-init behavior.<br>
><br>
><br>
> Rayson<br>
><br>
> ==================================================<br>
> Open Grid Scheduler - The Official Open Source Grid Engine<br>
> <a href="http://gridscheduler.sourceforge.net/" target="_blank">http://gridscheduler.sourceforge.net/</a><br>
> <a href="http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html" target="_blank">http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html</a><br>
><br>
><br>
> On Tue, Jun 17, 2014 at 5:16 PM, Dan Tenenbaum < <a href="mailto:dtenenba@fhcrc.org">dtenenba@fhcrc.org</a> ><br>
> wrote:<br>
><br>
><br>
> However, I just reproduced the problem in a few simpler steps:<br>
><br>
> - launched an instance of the sc ami ami-3393a45a (in the aws<br>
> console)<br>
> - ssh'd to it, changed ubuntu's password to foobar<br>
> - verified that the change worked by doing 'su - ubuntu'<br>
> - created an image (again in the console) based on that instance<br>
> - started a new instance of the image from the last step<br>
> - ssh'd in as ubuntu<br>
> - 'su - ubuntu' with the password I set fails.<br>
><br>
><br>
> Dan<br>
><br>
><br>
> ----- Original Message -----<br>
><br>
> > From: "Dan Tenenbaum" < <a href="mailto:dtenenba@fhcrc.org">dtenenba@fhcrc.org</a> ><br>
> > To: "Rayson Ho" < <a href="mailto:raysonlogin@gmail.com">raysonlogin@gmail.com</a> ><br>
> > Cc: <a href="mailto:starcluster@mit.edu">starcluster@mit.edu</a><br>
><br>
><br>
> > Sent: Tuesday, June 17, 2014 1:54:45 PM<br>
> > Subject: Re: [StarCluster] problem modifying starcluster AMI -<br>
> > ubuntu password change does not persist<br>
> ><br>
> > Hi Rayson,<br>
> ><br>
> > I went through a couple of iterations.<br>
> ><br>
> > I started by using launching the SC AMI with the command documented<br>
> > at<br>
> > <a href="http://star.mit.edu/cluster/docs/latest/manual/create_new_ami.html" target="_blank">http://star.mit.edu/cluster/docs/latest/manual/create_new_ami.html</a><br>
> > ( starcluster start -o -s 1 -I <INSTANCE-TYPE> -m <BASE-AMI-ID><br>
> > imagehost)<br>
> ><br>
> > Then I added chef to the running instance (I did not change any<br>
> > passwords at this point).<br>
> ><br>
> > Then I created a new image from that using the starcluster ebimage<br>
> > command, and used vagrant (with the aws plugin) and chef to<br>
> > provision an instance of that image according to my needs and to<br>
> > change ubuntu's password.<br>
> ><br>
> > I'm wondering if there are startup daemons, or NFS, or something,<br>
> > that somehow resets the /etc/passwd file or explicitly resets<br>
> > ubuntu's password?<br>
> ><br>
> > Thanks,<br>
> > Dan<br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Rayson Ho" < <a href="mailto:raysonlogin@gmail.com">raysonlogin@gmail.com</a> ><br>
> > > To: "Dan Tenenbaum" < <a href="mailto:dtenenba@fhcrc.org">dtenenba@fhcrc.org</a> ><br>
> > > Cc: <a href="mailto:starcluster@mit.edu">starcluster@mit.edu</a><br>
> > > Sent: Tuesday, June 17, 2014 1:31:07 PM<br>
> > > Subject: Re: [StarCluster] problem modifying starcluster AMI -<br>
> > > ubuntu password change does not persist<br>
> > ><br>
> > ><br>
> > > What tools did you use to create the AMI? Did you use the web<br>
> > > console<br>
> > > or you use the StarCluster command?<br>
> > ><br>
> > ><br>
> > > If you use the SC ebsimage command, then did you change your<br>
> > > password<br>
> > > on the image host?<br>
> > ><br>
> > ><br>
> > > Rayson<br>
> > ><br>
> > > ==================================================<br>
> > > Open Grid Scheduler - The Official Open Source Grid Engine<br>
> > > <a href="http://gridscheduler.sourceforge.net/" target="_blank">http://gridscheduler.sourceforge.net/</a><br>
> > > <a href="http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html" target="_blank">http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html</a><br>
> > ><br>
> > ><br>
> > > On Tue, Jun 17, 2014 at 3:17 PM, Dan Tenenbaum <<br>
> > > <a href="mailto:dtenenba@fhcrc.org">dtenenba@fhcrc.org</a><br>
> > > ><br>
> > > wrote:<br>
> > ><br>
> > ><br>
> > > Hello,<br>
> > ><br>
> > > This might sound like an EC2 question that has nothing to do with<br>
> > > starcluster, and in fact I have asked it on some AWS forums<br>
> > > (there've been no answers). However, I have never encountered<br>
> > > this<br>
> > > problem before until I started modifying a starcluster AMI, so I<br>
> > > wonder if it is related to what's on that AMI.<br>
> > ><br>
> > > I made a custom AMI based on the starcluster AMI ami-3393a45a<br>
> > > (us-east-1 starcluster-base-ubuntu-13.04-x86_64 (EBS))).<br>
> > ><br>
> > > I installed a bunch of additional software and I also set the<br>
> > > password of the ubuntu user to (let's say) 'foobar'.<br>
> > ><br>
> > > The reason I did that is that I installed a web app that uses<br>
> > > unix<br>
> > > usernames and passwords for authentication. So I needed the<br>
> > > ubuntu<br>
> > > user to have a known password.<br>
> > ><br>
> > > I then made a new image based on my running instance. Then I<br>
> > > started<br>
> > > a new instance from that image.<br>
> > > I ssh'd to that instance as the ubuntu user and typed 'passwd'. I<br>
> > > was<br>
> > > prompted for my existing password and entered 'foobar'. I then<br>
> > > got:<br>
> > ><br>
> > > passwd: Authentication token manipulation error<br>
> > > passwd: password unchanged<br>
> > ><br>
> > > This tells me that the password for ubuntu is not 'foobar'.<br>
> > ><br>
> > > Another way to test this is to try 'su - ubuntu'. This prompts<br>
> > > for<br>
> > > the password, I enter 'foobar' and it says "su: Authentication<br>
> > > failure".<br>
> > ><br>
> > > So...in a nutshell, when I change the ubuntu password, this<br>
> > > change<br>
> > > does not survive the process of creating a new AMI.<br>
> > ><br>
> > > Could this be due to the way the starcluster AMI is configured?<br>
> > > Is<br>
> > > there some script that runs when it boots that re-sets that<br>
> > > password? I'm not passing any user-data when I start the<br>
> > > instance.....(I also tried a crontab @reboot job that changes the<br>
> > > password and that didn't work either....so maybe whatever is<br>
> > > messing<br>
> > > me up is happening after that job is run).<br>
> > ><br>
> > > Thanks,<br>
> > > Dan<br>
> > > _______________________________________________<br>
> > > StarCluster mailing list<br>
> > > <a href="mailto:StarCluster@mit.edu">StarCluster@mit.edu</a><br>
> > > <a href="http://mailman.mit.edu/mailman/listinfo/starcluster" target="_blank">http://mailman.mit.edu/mailman/listinfo/starcluster</a><br>
> > ><br>
> > ><br>
> > _______________________________________________<br>
> > StarCluster mailing list<br>
> > <a href="mailto:StarCluster@mit.edu">StarCluster@mit.edu</a><br>
> > <a href="http://mailman.mit.edu/mailman/listinfo/starcluster" target="_blank">http://mailman.mit.edu/mailman/listinfo/starcluster</a><br>
> ><br>
><br>
><br>
</div></div></blockquote></div><br></div></div>