From matwey.kornilov at gmail.com Thu Oct 8 07:40:20 2015 From: matwey.kornilov at gmail.com (Matwey V. Kornilov) Date: Thu, 8 Oct 2015 16:40:20 +0300 Subject: [Machinery] Inspecting remote system: ssh access In-Reply-To: <55B0E6A7.9020501@suse.de> References: <55B0E6A7.9020501@suse.de> Message-ID: 23.07.2015 16:05, Thomas Goettlicher ?????: > > > On 07/23/2015 11:32 AM, Matwey V. Kornilov wrote: >> Hello, >> >> I've found that when I do >> >> machinery inspect --verbose -n name -r machinery ip >> >> machinery creates an ssh session for every singe command. On the >> remote side, I see the following (sorry, long log): >> >> Jul 23 09:15:32 linux sshd[24346]: Accepted publickey for machinery >> from 192.168.10.232 port 44327 ssh2: RSA >> ad:f5:1f:20:2e:6a:ec:7c:1d:7a:d8:35:71:86:1b:be [MD5] >> Jul 23 09:15:32 linux sshd[24346]: pam_unix(sshd:session): session >> opened for user machinery by (uid=0) >> Jul 23 09:15:32 linux systemd: pam_unix(systemd-user:session): session >> opened for user machinery by (uid=0) >> Jul 23 09:15:32 linux sudo: machinery : TTY=unknown ; >> PWD=/var/lib/machinery ; USER=root ; ENV=LC_ALL=C ; >> COMMAND=/usr/bin/find >> /lib/modules/3.16.7-21-default/kernel/drivers/net/ethernet/neterion/vxge >> -xdev -maxdepth 1 -maxdepth 6 -printf %y\0%P\0%l\0 >> Jul 23 09:15:32 linux sudo: pam_unix(sudo:session): session opened for >> user root by (uid=0) >> Jul 23 09:15:32 linux sudo: pam_unix(sudo:session): session closed for >> user root >> Jul 23 09:15:32 linux sshd[24350]: Received disconnect from >> 192.168.10.232: 11: disconnected by user >> Jul 23 09:15:32 linux sshd[24346]: pam_unix(sshd:session): session >> closed for user machinery >> Jul 23 09:15:32 linux systemd: pam_unix(systemd-user:session): session >> closed for user machinery >> Jul 23 09:15:33 linux sshd[24381]: Accepted publickey for machinery >> from 192.168.10.232 port 44328 ssh2: RSA >> ad:f5:1f:20:2e:6a:ec:7c:1d:7a:d8:35:71:86:1b:be [MD5] >> Jul 23 09:15:33 linux sshd[24381]: pam_unix(sshd:session): session >> opened for user machinery by (uid=0) >> Jul 23 09:15:33 linux systemd: pam_unix(systemd-user:session): session >> opened for user machinery by (uid=0) >> Jul 23 09:15:33 linux sudo: machinery : TTY=unknown ; >> PWD=/var/lib/machinery ; USER=root ; ENV=LC_ALL=C ; >> COMMAND=/usr/bin/find >> /lib/modules/3.16.7-21-default/kernel/drivers/net/can/usb/peak_usb >> -xdev -maxdepth 1 -maxdepth 6 -printf %y\0%P\0%l\0 >> Jul 23 09:15:33 linux sudo: pam_unix(sudo:session): session opened for >> user root by (uid=0) >> Jul 23 09:15:33 linux sudo: pam_unix(sudo:session): session closed for >> user root >> Jul 23 09:15:33 linux sshd[24385]: Received disconnect from >> 192.168.10.232: 11: disconnected by user >> Jul 23 09:15:33 linux sshd[24381]: pam_unix(sshd:session): session >> closed for user machinery >> Jul 23 09:15:33 linux systemd: pam_unix(systemd-user:session): session >> closed for user machinery >> >> So, this kind of activity (opening and closing thousands of ssh >> connections) can be mistaken for ssh brute-force or some other kind of >> malicious network activity. And this is an issue, especially if I >> inspect machine using ssh connection through the public network. At >> the specific moment I would be blocked by my network management team. >> >> I don't see limitations to reuse existing ssh connection, are there any? > Thanks for your feedback. > > Machinery opens multiple connections because of its current design: > Machinery runs a standard linux command on the remote host and processes > the command's output. Depending on the result it runs the next command > on the remote host. That happens again and again. This leads to multiple > ssh connections. > > Let us evaluate what we can do about it. At least SSH multiplexing with ControlMaster ControlPersist can be used. This will reduce number of TCP/IP connections. It could be a partial solution. > > Cheers, > Thomas > >> >> >> _______________________________________________ >> Machinery mailing list >> Machinery at lists.suse.com >> http://lists.suse.com/mailman/listinfo/machinery > From tgoettlicher at suse.de Thu Oct 8 08:15:38 2015 From: tgoettlicher at suse.de (Thomas Goettlicher) Date: Thu, 8 Oct 2015 16:15:38 +0200 Subject: [Machinery] Inspecting remote system: ssh access In-Reply-To: References: <55B0E6A7.9020501@suse.de> Message-ID: <56167A8A.3030805@suse.de> On 10/08/2015 03:40 PM, Matwey V. Kornilov wrote: > 23.07.2015 16:05, Thomas Goettlicher ?????: >> >> >> On 07/23/2015 11:32 AM, Matwey V. Kornilov wrote: >>> Hello, >>> >>> I've found that when I do >>> >>> machinery inspect --verbose -n name -r machinery ip >>> >>> machinery creates an ssh session for every singe command. On the >>> remote side, I see the following (sorry, long log): >>> >>> Jul 23 09:15:32 linux sshd[24346]: Accepted publickey for machinery >>> from 192.168.10.232 port 44327 ssh2: RSA >>> ad:f5:1f:20:2e:6a:ec:7c:1d:7a:d8:35:71:86:1b:be [MD5] >>> Jul 23 09:15:32 linux sshd[24346]: pam_unix(sshd:session): session >>> opened for user machinery by (uid=0) >>> Jul 23 09:15:32 linux systemd: pam_unix(systemd-user:session): session >>> opened for user machinery by (uid=0) >>> Jul 23 09:15:32 linux sudo: machinery : TTY=unknown ; >>> PWD=/var/lib/machinery ; USER=root ; ENV=LC_ALL=C ; >>> COMMAND=/usr/bin/find >>> /lib/modules/3.16.7-21-default/kernel/drivers/net/ethernet/neterion/vxge >>> >>> -xdev -maxdepth 1 -maxdepth 6 -printf %y\0%P\0%l\0 >>> Jul 23 09:15:32 linux sudo: pam_unix(sudo:session): session opened for >>> user root by (uid=0) >>> Jul 23 09:15:32 linux sudo: pam_unix(sudo:session): session closed for >>> user root >>> Jul 23 09:15:32 linux sshd[24350]: Received disconnect from >>> 192.168.10.232: 11: disconnected by user >>> Jul 23 09:15:32 linux sshd[24346]: pam_unix(sshd:session): session >>> closed for user machinery >>> Jul 23 09:15:32 linux systemd: pam_unix(systemd-user:session): session >>> closed for user machinery >>> Jul 23 09:15:33 linux sshd[24381]: Accepted publickey for machinery >>> from 192.168.10.232 port 44328 ssh2: RSA >>> ad:f5:1f:20:2e:6a:ec:7c:1d:7a:d8:35:71:86:1b:be [MD5] >>> Jul 23 09:15:33 linux sshd[24381]: pam_unix(sshd:session): session >>> opened for user machinery by (uid=0) >>> Jul 23 09:15:33 linux systemd: pam_unix(systemd-user:session): session >>> opened for user machinery by (uid=0) >>> Jul 23 09:15:33 linux sudo: machinery : TTY=unknown ; >>> PWD=/var/lib/machinery ; USER=root ; ENV=LC_ALL=C ; >>> COMMAND=/usr/bin/find >>> /lib/modules/3.16.7-21-default/kernel/drivers/net/can/usb/peak_usb >>> -xdev -maxdepth 1 -maxdepth 6 -printf %y\0%P\0%l\0 >>> Jul 23 09:15:33 linux sudo: pam_unix(sudo:session): session opened for >>> user root by (uid=0) >>> Jul 23 09:15:33 linux sudo: pam_unix(sudo:session): session closed for >>> user root >>> Jul 23 09:15:33 linux sshd[24385]: Received disconnect from >>> 192.168.10.232: 11: disconnected by user >>> Jul 23 09:15:33 linux sshd[24381]: pam_unix(sshd:session): session >>> closed for user machinery >>> Jul 23 09:15:33 linux systemd: pam_unix(systemd-user:session): session >>> closed for user machinery >>> >>> So, this kind of activity (opening and closing thousands of ssh >>> connections) can be mistaken for ssh brute-force or some other kind of >>> malicious network activity. And this is an issue, especially if I >>> inspect machine using ssh connection through the public network. At >>> the specific moment I would be blocked by my network management team. >>> >>> I don't see limitations to reuse existing ssh connection, are there >>> any? >> Thanks for your feedback. >> >> Machinery opens multiple connections because of its current design: >> Machinery runs a standard linux command on the remote host and processes >> the command's output. Depending on the result it runs the next command >> on the remote host. That happens again and again. This leads to multiple >> ssh connections. >> >> Let us evaluate what we can do about it. > > At least SSH multiplexing with ControlMaster ControlPersist can be > used. This will reduce number of TCP/IP connections. It could be a > partial solution. Good point. Reusing the ssh connection requires at least version 4 of openssh on the server. One can make use of this ssh feature as follows for now: 1. $ ssh -o ControlMaster=auto -o ControlPath=~/.ssh/socket%r@%h-%p -o ControlPersist=600 root at host 2. enter password 3. log-out 4. $ machinery inspect host > >> >> Cheers, >> Thomas >> >>> >>> >>> _______________________________________________ >>> Machinery mailing list >>> Machinery at lists.suse.com >>> http://lists.suse.com/mailman/listinfo/machinery >> > > > _______________________________________________ > Machinery mailing list > Machinery at lists.suse.com > http://lists.suse.com/mailman/listinfo/machinery -- SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Graham Norton, HRB 21284 (AG N?rnberg) Maxfeldstra?e 5 90409 N?rnberg Germany From ABonilla at suse.com Fri Oct 9 10:28:14 2015 From: ABonilla at suse.com (Alejandro Bonilla) Date: Fri, 9 Oct 2015 16:28:14 +0000 Subject: [Machinery] Instructions on migrating to AWS Message-ID: <2BCBEF60-A11A-4279-9F67-844F71EE56E4@suse.com> Hi - Has anyone made notes on how to use machinery to move a system from bare-metal or VMWare to AWS? Thanks From tgoettlicher at suse.de Mon Oct 12 01:50:11 2015 From: tgoettlicher at suse.de (Thomas Goettlicher) Date: Mon, 12 Oct 2015 09:50:11 +0200 Subject: [Machinery] Instructions on migrating to AWS In-Reply-To: <2BCBEF60-A11A-4279-9F67-844F71EE56E4@suse.com> References: <2BCBEF60-A11A-4279-9F67-844F71EE56E4@suse.com> Message-ID: <561B6633.2060109@suse.de> On 10/09/2015 06:28 PM, Alejandro Bonilla wrote: > Hi - > > Has anyone made notes on how to use machinery to move a system from bare-metal or VMWare to AWS? > > Thanks Hi Alejandro, You can make use of `machinery inspect` + `machinery export-kiwi` and then use kiwi to build AWS images. Please let us know, if this approach works for you. Thanks, Thomas > _______________________________________________ > Machinery mailing list > Machinery at lists.suse.com > http://lists.suse.com/mailman/listinfo/machinery -- SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Graham Norton, HRB 21284 (AG N?rnberg) Maxfeldstra?e 5 90409 N?rnberg Germany From fteodori at suse.com Tue Oct 13 05:24:58 2015 From: fteodori at suse.com (Federica Teodori) Date: Tue, 13 Oct 2015 13:24:58 +0200 Subject: [Machinery] Machinery 1.14.1 is out! Message-ID: <561CEA0A.1060308@suse.com> Dearest Machineriest, Some of you perhaps stumbled upon our very own Mauro while presenting Machinery and the containerize (experimental) feature at LinuxCon Europe and LinuxDays (PRG/CZ) . If you were among the audience, please let us know your impressions! However, the containers related surprises are not yet over. With this new release (1.14.1), machinery introduces the "inspect-container" feature. By running "machinery inspect-container name_of_your_image" machinery will create a system description of the docker image of your choice. The usual machinery capabilities (show, compare, ...) will work just as usual. Use it to make sure your container's image didn't change, or to see what happened after that "docker commit", in a much more user-friendly way than by just using docker diff! Last but not least, the comparison is way faster now. Give it a try! Complete changelog follows: -- ## Version 1.14.1 - Fri Oct 09 18:30:13 CEST 2015 * Fix: Clean up binding the server for HTML view to IP addresses (https://github.com/SUSE/machinery/issues/1341) * Fix: Make links to sections with common elements clearer in HTML comparison view (https://github.com/SUSE/machinery/issues/1222) * Fix: XML files are no longer treated as binary files in HTML view (https://github.com/SUSE/machinery/issues/1154) * Fix: Scrolling issue of file view (https://github.com/SUSE/machinery/issues/1155) ## Version 1.14.0 - Tue Oct 06 21:26:12 CEST 2015 - thardeck at suse.de * The machinery-helper is now built during gem-installation on x86_64 machines if Go is available. The RPM package is still shipped with a precompiled version. * Allow limiting the `list` command output to certain system descriptions by passing them along as argument (https://github.com/SUSE/machinery/issues/1398) * Add `move` command to rename system descriptions (https://github.com/SUSE/machinery/issues/1397) * Add inspection of RPM based Docker containers We hope you?ll enjoy this release, and please do get in touch with us if you have any feedback or questions. Sincerely, Your Machinery team