Inject SSH pub key to Vagrant image

Usually if you create a Vagrant VM an insecure private key gets injected into the VM, which is located at ~/.vagrant.d/insecure_private_key. In Ansible you can reference that key to ensure a passwordless login to the VM. Since Vagrant 1.8.5 this doesn’t work anymore, because of security reasons. That’s why I use now this shell provisioner with a bit Ruby code to inject my public SSH key to the VM:

config.vm.provision "shell" do |s|
  ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
  s.inline = <<-SHELL
    echo #{ssh_pub_key} >> /home/ubuntu/.ssh/authorized_keys
    echo #{ssh_pub_key} >> /root/.ssh/authorized_keys
    apt-get -y install python-simplejson
  SHELL
end

The 2nd line is pure Ruby code. It reads the public SSH key from the default .ssh directory from the home directory and stores the content in the ssh_pub_key variable. The first 2 lines of the shell provisioner are injecting the SSH key to the authorized keys for the user ubuntu and root.

With that the VM is build together with my own public SSH key and I can login to the VM via SSH without entering a password. That makes it also super easy to handle the VM later with Ansible.

Setting up a Server for Ansible

Ansible is a great tool for automation and configuration management. Maybe you heard already about Chef and Puppet. Ansible is in the same field, but with a much simpler approach. The big advantage of Ansible is that you don’t need a central master server for it and you don’t need to install an “Ansible” client on the servers at all. Ansible only needs to be installed on your local machine and it works completely via SSH. AnsibleLogo_transparent_web Although you don’t need to install a client on the server, Ansible makes a couple assumptions about the server. Ansible assumes that the server is accessible via SSH. That’s the only real requirement. In the Playbooks you can configure username and password to access the server.

However life becomes much easier if we can assume that you:

  • have a user on the system with username “ubuntu”.
  • have the ssh daemon up and running on the server.
  • be able to login as user “ubuntu” to the server via ssh without password.
  • be able to run sudo su without password popup.

All this assumptions are default on AWS EC2 instances. If you setup a new server somewhere else you should take care of this. This blog post describes how to ensure this assumptions on Ubuntu 14.04.

User ubuntu

If you create a new virtual machine make sure that the default user is ubuntu. If you have already a linux instance up and running you can add a new user like this:

sudo adduser ubuntu

SSH Daemon

This command will return the status of the SSH daemon:

sudo service ssh status

If the feedback is that the service ssh is unknown you can install the SSH Server with this command:

sudo apt-get install openssh-server

Now try again the first command. It should response with status running.

Login without password

Assuming you have already a public/private key pair and the public key on your development machine is under .ssh/id_rsa.pub you can achieve login to the server without password with this 2 commands:

ssh ubuntu@IP_ADDRESS mkdir -p .ssh
cat .ssh/id_rsa.pub | ssh ubuntu@IP_ADDRESS 'cat >> .ssh/authorized_keys'

Replace “IP_ADDRESS” with the IP address of your server! The commands above will still require that you type in your password, but after that you should be able to login to the server without password. Try:

ssh ubuntu@IP_ADDRESS

The full instructions can be found here.

sudo su without password

Simply run this command on the server:

sudo visudo

And add this line to the bottom of the file:

ubuntu ALL=(ALL) NOPASSWD: ALL

Now logout and login again as user ubuntu to the server. Try:

sudo su

Now you should be root on the server. For more questions check out this page.

Done

If you executed the steps above your server is ready for Ansible. Now you can point Ansible Playbooks to your server and use it for provisioning. I’m using Ansible since 2 years together with Docker for the VersionEye Project and so far I really like it!

vagrant push => “error starting upload: upload: resource not found”

I’m just playing around with Vagrant and as soon I tried:

vagrant push

I got this error message:

error starting upload: upload: resource not found

Luckily there is already a ticket to that on GitHub. And the workaround is this export:

export ATLAS_TOKEN=`cat ~/.vagrant.d/data/vagrant_login_token`

After executing the export above the command worked for me.

Ubuntu enforce memory freedom

Sometimes it occurs that a device runs full with memory. Simply deleting the files on the device doesn’t help. Ubuntu stills shows that the device is 100% full, even if there are no files on it anymore. This command usually helps to give free the memory.

sudo tune2fs -m 0 /dev/sda5

If it doesn’t help you need to execute this command as well. It quits all processes which are using the device.

sudo fuser -km /mnt/share

Docker Introduction

Docker is one of the most promising technologies these days. It is a container technology based on Linux. A very lightweight form of virtualization. Docker containers can be as small as 50 MB. Much smaller than traditional VMs.

The Docker project was started in March 2013 by dotCloud. In the mean while the makers of dotCloud sold dotCloud to CloudControl and raised $55 Million to focus only on the Docker development.

Check out my slides to “Docker Introduction”. I did this talk at the Webmontag in Mannheim. Feedback was very good.

I’m using Docker since beginning of 2014 in production and I love it. It’s a great technology!