[chef] Re: RE: Re: Re: Why does knife sometime decide to bomb out?


Chronological Thread 
  • From: Peter Norton < >
  • To:
  • Subject: [chef] Re: RE: Re: Re: Why does knife sometime decide to bomb out?
  • Date: Thu, 19 Apr 2012 11:20:27 -0400

There is no difference at all when bootstrapping on a cloud provider e.g. AWS.  You need to not have a host key in known_hosts to bootstrap the server since conflicts will kill the bootstrap.  If there is a MITM at this point in the process, then it's their public key that's being stored whether or not you use host key checking.

-Peter

On Thu, Apr 19, 2012 at 10:20 AM, Lucho < "> > wrote:
If you do some like this, you'll be victim of some attacks like man in the middle, etc.
I'm sorry for my english =)



De: Peter Norton < " target="_blank"> >
Enviado: martes, 17 de abril de 2012 2:22
Para: " target="_blank">
Asunto: [chef] Re: Re: Why does knife sometime decide to bomb out?


How is that disabled?  I find that especially when dealing with ec2 instances this is a huge nuisance.  Disabling strict host key checking in general (per http://help.opscode.com/discussions/problems/116-knife-doesnt-handle-host-key-conflicts) seems to miss how there are two use cases.  In one, in general, I don't want ssh to ssh into a host whose host key has changed.  However with knife I am sure that amazon has given me an address and I should just ignore any host key conflicts and bootstrap.  

It seems that even if the option can't be manipulated directly in the Net::SSH API (I'm not sure if it can or can't) it'd be nice to be able to default it to having the known_hosts file = /dev/null when using knife, e.g. per http://net-ssh.github.com/ssh/v2/api/classes/Net/SSH/Config.html.

-Peter

On Tue, Apr 17, 2012 at 1:11 AM, Daniel DeLeo < " target="_blank"> > wrote:


On Monday, April 16, 2012 at 9:22 PM, David Montgomery wrote:

> Hi,
>
> Per the below...this happens about 10% of the time. Why does this

> happen? This just happened three times in a row.
>
> :~/.chef$ knife ec2 server create -r
> "role[monitor_server]" -E development --region ap-southeast-1 -Z
> ap-southeast-1a -I ami-c4622596 --flavor m1.medium -G nginx -x ubuntu
> -S sg_development -i /home/ubuntu/.ec2/sg_development.pem
> Instance ID: i-ba8a5dee
> Flavor: m1.medium
>


[No se incluye el mensaje original completo]




Archive powered by MHonArc 2.6.16.

§