Archive for Uncategorized
// June 12th, 2012 // Comments Off // Uncategorized
I’ve just published the first iteration of RPM’s targeted at Fedora along with the .spec file used to build them. Its available on github at
http://github.com/jujutools/rpm-juju ( along side the
Mac Port ), so Fedora users go fourth and test please! Feedback very welcomed along with any patches or contributions.
The goal is for to have these added to the official Fedora, CentOS, and SuSE repositories as they mature and get the early kinks worked out of the packages.
Cheers!
// May 24th, 2012 // 2 Comments » // Uncategorized
After Calxeda demonstrated a real ARM server running Ubuntu with MAAS and Juju at the Ubuntu Developer Summit the amount of interest in the technology continues to build.
Today we made and Ubuntu ARM Server AMI on Amazon’s EC2. This is a 12.04 ARMhf image running on an emulated Calxeda system. Thanks to Dann Frazier for doing a bunch of the heavy lifting, you can find information on the image here:
https://wiki.ubuntu.com/ARM/Server:
This AMI is primarily for developers wishing to experiment with Ubuntu ARM Server. Performance is limited due to the emulation overhead. Look for AMI ID `ami-aef328c7`.
Note: this AMI requires the use of an m1.large instance type due to memory requirements.
// April 26th, 2012 // 7 Comments » // Uncategorized
It’s time for another Juju Charm Contest, where you can submit your charms and win fabulous prizes! This contest is for Ubuntu Developer Summit Attendees; and our prizes are three sexy Dell XPS 13 ultrabooks, which we’ll be awarding to the three lucky winners of the contest.
So how can you win yourself one of these? Well, with 66 services already ready to be deployed on the cloud we’re always looking for more, so have a look at what you think is missing from the Juju Charm Store and submit your charm as an entry.
We’ve got the step-by-step instructions on how to write your own charm, we’re looking for things DevOps deploy to the cloud, so be creative! You have from now until May 09 to submit your charm. At that point we’ll judge the entries, and then give out the Dell XPS 13′s during the last day of the Ubuntu Developer Summit, so if you’re missing your favorite service from the Charm Store, submit an entry and you’ll automatically be entered in the contest.
Full contest rules here, including the judging criteria, so you’ll want to read that before you get started. Happy Charming!
// April 24th, 2012 // Comments Off // Uncategorized
Brandon Holtsclaw has published a Mac port of juju. This will enable Mac users to deploy to their Ubuntu Servers from the comfort of their home operating system. Brandon adds along:
Pull Requests or filing Issue’s are more than Welcome’d from anyone.
Need help getting started with juju? Check out our Getting Started documentation and then browse through the Charm Store to see what you can start deploying today!
// April 10th, 2012 // Comments Off // Uncategorized
Canonical in collaboration with Redmonk will be hosting “The Ubuntu Cloud Summit” – a one day event for both technology and business attendees interested in how open-source cloud computing can help their organisations.
The event takes place on Tuesday 8th May, at the The Oakland Marriott City Center Hotel, and runs in conjunction with UDS.
The agenda is still being defined, but the sessions will cover some interesting ideas, challenges and trends around cloud computing and how attendees can deploy an open cloud in their organisation.
Topics will include:
- The Open Cloud - The role of open source in cloud computing—particularly how an open cloud enables a more flexible, vendor-neutral approach.
- Lessons from cloud deployments - Open cloud deployments are real and growing. We’ll discuss and illustrate through case studies the best approaches to deploying and maximising an open cloud.
- Open-source cloud technologies - With Ubuntu including technologies such as OpenStack, MAAS and Juju, we’ll examine how they come together to form an open cloud.
For more information, visit: http://uds.ubuntu.com/cloud-summit/
The cost of a ticket for attending this event is $100 which includes lunch and refreshments.
// April 10th, 2012 // 1 Comment » // Uncategorized
The community submitted over 10 charms as part of the juju charm contest. The judges have deliberated and have picked the following winners:
The Grand Prize ($300 Amazon Gift Card) goes to Jimmi Andersen for his charm that deploys Appflower, a Rapid Application Development (RAD) tool for building web applications. You can check out the charm in the store for deployment instructions. The judges were impressed by how complete the charm is and how it brings software to Ubuntu that was previously only available by installing it by hand.
The 2 runners up (in no particular order) are Kees Cook for sbuild, and Ben Kerensa for Subway. sbuild provides a build environment for developers to test packages against and has been used for portable “hackathons” where having the packages build on the cloud is quicker and more convenient than building on your local machines. The Subway charm deploys the Subway IRC client, a sexy web based IRC client that uses Node.js and MongoDB. Thanks Ben and Kees, you’ll each receive a $100 Amazon gift card.
The charm store continues to grow as we now have over 73 total charms. The following people contributed charms to the contest and will each receive a Juju tshirt and Ubuntu travel mug: Patrick Hetu (znc and OpenERP), Atul Jha (OwnCloud), Nathan Osman (StackMobile), shazzner (Gitolite), and Brandon Holtsclaw (Drupal). Honorable mention goes to Ryan Kather, who attempted Moodle but was not able to complete it in time. Maybe next time! We’ll go deeper into these charms and show off their examples throughout the coming weeks.
Not finding what you need in the Charm Store? Well you can always contribute your own charms, here’s how you can get started.
// April 9th, 2012 // Comments Off // Uncategorized
The ssh protocol uses two different keys to keep you secure:
- The user ssh key is the one we normally think of. This
authenticates us to the remote host, proving that we are who we say we
are and allowing us to log in.
- The ssh host key gets less attention, but is also important. This
authenticates the remote host to our local computer and proves that the ssh session is
encrypted so that nobody can be listening in.
Every time you see a prompt like the following, ssh is checking the
host key and asking you to make sure that your session is going to
be encrypted securely.
The authenticity of host 'ec2-...' can't be established. ECDSA key fingerprint is ca:79:72:ea:23:94:5e:f5:f0:b8:c0:5a:17:8c:6f:a8. Are you sure you want to continue connecting (yes/no)?
If you answer “yes” without verifying that the remote ssh host
key fingerprint is the same, then you are basically saying:
I don’t need this ssh session encrypted. It’s fine for any
man-in-the-middle to intercept the communication.
Ouch! (But
a lot of people do this.)
Note: If you have a line like the following in your ssh config file,
then you are automatically answering “yes” to this prompt for every
ssh connection.
# DON'T DO THIS! StrictHostKeyChecking false
Care about security
Since you
do care about security and privacy, you want to verify
that you are talking to the right server using encryption and that no
man-in-the-middle can intercept your session.
There are a couple approaches you can take to check the fingerprint
for a new Amazon EC2 instance. The first is to wait for the console
output to be available from the instance, retrieve it, and verify that
the ssh host key fingerprint in the console output is the same as the
one which is being presented to you in the prompt.
Scott Moser has written a blog post describing how to
verify ssh keys
on EC2 instances. It’s worth reading so that you understand
the principles and the official way to do this.
The rest of this article is going to present a different approach that
lets you in to your new instance quickly and securely.
Passing ssh host key to new EC2 instance
Instead of letting the new EC2 instance generate its own ssh host key
and waiting for it to communicate the fingerprint through the EC2
console output, we can generate the new ssh host key on our local
system and pass it to the new instance.
Using this approach, we already know the public side of the ssh key so
we don’t have to wait for it to become available through the console
(which can take minutes).
Generate a new ssh host key for the new EC2 instance.
tmpdir=$(mktemp -d /tmp/ssh-host-key.XXXXXX) keyfile=$tmpdir/ssh_host_ecdsa_key ssh-keygen -q -t ecdsa -N "" -C "" -f $keyfile
Create the user-data script that will set the ssh host key.
userdatafile=$tmpdir/set-ssh-host-key.user-data cat <<EOF >$userdatafile #!/bin/bash -xeu cat <<EOKEY >/etc/ssh/ssh_host_ecdsa_key $(cat $keyfile) EOKEY cat <<EOKEY >/etc/ssh/ssh_host_ecdsa_key.pub $(cat $keyfile.pub) EOKEY EOF
Run an EC2 instance, say Ubuntu 11.10 Oneiric, passing in the
user-data script. Make a note of the new instance id.
ec2-run-instances --key $USER --user-data-file $userdatafile ami-4dad7424 instanceid=i-...
Wait for the instance to get a public DNS name and make a note of it.
ec2-describe-instances $instanceid host=ec2-...compute-1.amazonaws.com
Add new public ssh host key to our local ssh known_hosts after
removing any leftover key (e.g., from previous EC2 instance at same IP
address).
knownhosts=$HOME/.ssh/known_hosts ssh-keygen -R $host -f $knownhosts ssh-keygen -R $(dig +short $host) -f $knownhosts ( echo -n "$host "; cat $keyfile.pub echo -n "$(dig +short $host) "; cat $keyfile.pub ) >> $knownhosts
When the instance starts running and the user-data script has
executed, you can ssh in to the server without being prompted to
verify the fingerprint
ssh ubuntu@$host
Don’t forget to clean up and to terminate your test instance.
rm -rf $tmpdir ec2-terminate-instances $instanceid
Caveat
There is one big drawback in the above sample implementation of this
approach. We have placed secret information (the private ssh host
key) into the EC2 user-data, which I generally recommend against.
Any user who can log in to the instance or who can cause the instance
to request a URL and get the output, can retrieve the user-data. You
might think this is unlikely to happen, but I’d rather avoid or
minimize unnecessary risk.
In a production implementation of this approach, I would take steps
like the following:
- Upload the new ssh host key to S3 in a private object.
- Generate an authenticated URL to the S3 object and have that URL
expire in, say, 10 minutes.
- In the user-data script, download the ssh host key with the
authenticated, expiring S3 URL.
Now, there is a short window of exposure and you don’t have to worry
about protecting the user-data after the URL has expired.
Original article:
http://alestic.com/2012/04/ec2-ssh-host-key
// April 5th, 2012 // 4 Comments » // Uncategorized
UK cloud provider Brightbox would like to announce that they now have daily images of Ubuntu 12.04 available for testing. Brightbox has an EC2 compatible metadata service that works with Ubuntu’s cloud-init, you can find more about that in the documentation.
As a thank you to the Ubuntu community Brightbox is running a special through to September. A 10% discount to casual testers, and a 50% discount to anyone registering using their @ubuntu.com address.
Testers can sign up at http://brightbox.com/, and to claim the discount you just need to email support@brightbox.com with your account id and let them know how you’re testing out Ubuntu.
Here’s their Getting Started guide. Happy testing!
// March 27th, 2012 // Comments Off // Uncategorized
Ok pencils down everyone! The entries for the juju charm contest are now closed, we’ll have one week of review and then announce the winners!
// March 23rd, 2012 // 1 Comment » // Uncategorized
Due to a recent surge of interest in juju we’ve decided to extend the juju Charm Contest deadline to this Monday instead of today, that gets you an extra weekend of hacking if you’re interest in polishing up your charm.
We’ll still have all next week for you to fix up your entries to pass reviews. Happy charming!
