0

Hello we have created a Jelastic Docker environment where we want to run Appscale (https://www.appscale.com/try-appscale) on it:

root@node1234-appscale:~# appscale up
Executing ssh-copy-id for host: 1.8.1.6
root@1.8.1.6's password:
root@1.8.1.6's password:
root@1.8.1.6's password:
root@1.8.1.6's password:

I am wondering why the same password we use to login into the SSH would not work in Docker?

quarks
  • 33,478
  • 73
  • 290
  • 513
  • Are you connecting to the Jelastic SSH gateway, or directly to your Docker node (e.g. by public IP)? – Damien - Layershift May 16 '17 at 14:49
  • I just checked Appscale deployment on Jelastic 5.0.5 with Native Docker support. The demo app works fine http://docker121077-env-1247034.demo.jelastic.com/ (it will stay online during the next hour). We are planning to roll out the Native Docker support to majority of partners in the near future, but for now the choice is quite limited. Let me know if you would like to test it, we can provide access to the cluster with native docker support. – Ruslan May 16 '17 at 16:55
  • @Damien-Layershift that is the internal IP of the node that we configured in Appscale, should we attach Public IP instead? – quarks May 16 '17 at 19:04
  • @Ruslan is there a difference between our Docker and Native Docker? Also yes we would like to test it if that will fix our issue. – quarks May 16 '17 at 19:06
  • 1
    @xybrek, Jelastic uses system container that behaves like a full OS and can run full-featured init systems like systemd, SysVinit, openrc. It allows to spawn processes like openssh, crond, syslogd together inside a single container. Docker images can be used for apps packaging, and they will be automatically enhanced with extra resource isolation layer + live migration. But you can't get access to the docker daemon. The new Native Docker support provides a dedicated Docker Engine in similar way as IaaS and VPS providers do, with major difference - Jelastic vertical scaling is still available. – Ruslan May 16 '17 at 21:30
  • @Ruslan I saw the Appscale on the link you shared and it works, so it means our docker on our cluster is different and will not allow us to run such servers like Appscale? – quarks May 16 '17 at 21:31
  • The native support is in beta testing phase at couple trusted partners, we do not roll out it to productions w/o proper testing, usually :). It will be available widely soon, after we complete the testing phase on the real workloads. Where do you host your app today? – Ruslan May 16 '17 at 21:38
  • @Ruslan we host apps it in our own Jelastic cluster – quarks May 17 '17 at 08:12

2 Answers2

1

Jelastic Gate system is using ssh-keys to connect to the container via ssh. Password-based authentication is disabled for root user inside the container:

sshd_config

# Authentication:

LoginGraceTime 120

PermitRootLogin without-password

StrictModes no

It is a better way and more secure to use key-based authentication than a just password. You can find additional information about Jelastic ssh access in our documentation.

Community
  • 1
  • 1
Virtuozzo
  • 1,993
  • 1
  • 10
  • 13
0

AppScale do not uses passwords, but it needs a passwordless setup to get started. So the first time around it tries to copy a freshly generated public key to allow proper functioning. It looks like the setup failed in your case (we do use ssh-copy-id to setup). Try to setup the container so that you can ssh locally (in your case ssh 1.8.1.6) with no need for password, and try to appscale up again.

graziano
  • 36
  • 1
  • Yes, we edited the sshd_config and Appscale did try to run but got stuck with "Waiting for head node to initialize..." – quarks May 18 '17 at 12:12
  • You may need to look into the /var/log/appscale/* to see what is the issue (it could be cassandra not starting for lack of memory or few other things). The controller.log may have the main error. – graziano May 23 '17 at 22:55