CernVM on Nimbus/EC2: public key injection problem

Famous computing clouds like EC2 and Nimbus offer the possibiliy to inject the public part of a keypair at boot time of a VM. Then you are able to log in as root using your personal keypair. For CernVM this fails for a simple reason.

When a public key file is deliverd along with a client’s request to run VM(s), Nimbus and EC2 try to inject a corresponding authorized_keys file (containing the public key) into the VM’s filesystem; to /root/.ssh/authorized_keys .

The point is that both, Nimbus and EC2, presume an existing folder /root/.ssh to exist within the original VM filesystem. If it does not, Nimbus and EC2 behave differently:

  • Nimbus throws an error while deploying the VM. It simply does not start up. The error is described in this bug ticket.
  • EC2 starts up the VM without injecting the authorized_keys file. You cannot log in using your keypair.

The workaround is clear:

  • mount CernVM image locally
  • mkdir /root/.ssh
  • unmount image, upload it to your image repository
  • run VMs from this modified image

I think this /root/.ssh folder is something that should be added in future versions of CernVM (I tried version 1.2.0).

Update:
Regarding this support ticket, /root/.ssh will be added in the next release.