07 - SSH/SCP with MAAS machines

MAAS: Install ~ Configure ~ DHCP ~ Commission ~ Deploy ~ jq ~ SSH ~ More jq

Logging into deployed machines with SSH, and copying files to them with SCP

Now that we have some running machines, what if we just set ourselves up to SSH into one of them? Making this work will also allow us to scp files in – and I'm sure you can see how we'd provision a machine from there. We can also do the provisioning with MAAS, if we're clever, but I'll leave that to my next post.

First things first: we need to build the MAAS infrastructure necessary to play with this feature.

Create a KVM

We start by creating a vm-host. Let's play dumb and walk our way through this; first, we'll just try creating a vm-host, like this:

This doesn't give anything like the expected result:

Oops, forgot about the collective pluralism of the MAAS CLI – we need to use vm-hosts to create one, because we're adding to the collection, so the correct command should look something like this:

Still not quite what we expected, but we're failing forward fast, which is a great way to learn new software. As a side note, it's not great for skydiving, but that's another story altogether. The MAAS CLI tells us we need to specify a type:

Of course! We have to specify what kind of vm-host we want; in this case, it's going to be an LXD vm-host, so we modify our previous command like this:

Oops, still one more thing to enter: the power_address:

We need to update our command to tell MAAS what LXD instance we're going to use. The power_address for an LXD vm-host is of the form https://<gateway-ip-address>:8443. The 8443 is the default port when you ran lxd init to get LXD started, after installing it. The rest is just what you learn by experience, or by reading blogs like this one.

In my case, the LXD gateway is at the moment, so my modified command would be:

Within seconds, we get a success message and JSON output. From now on, I'll leave the JSON output for you to generate and view on your own, unless it bears specifically on the discussion. In this case, all that we'll need is the last non-bracket line of the JSON return, which is:

What we'll need in the next step is the vm-host ID, which is the number on the end of the resource_uri – specifically, "7".

By way of additional confirmation, we could pull up the MAAS UI and see that an LXD "KVM HOST TYPE" named "wintermute" has been created. This might be a good moment to bring up some terminology dissonance, which is nothing unusual for an open-source product. Originally, vm-hosts were called "pods," hence the word "pods" in the resource URI. Later, they were changed to "KVM hosts" to correspond to the term "KVM," used commonly by libvirt. Note that libvirt was, at one time, the only common vm-host used by MAAS. As the product transitioned to using more than one VM tool – that is, LXD – the team decided a more inclusive name was needed, hence "VM host."

Composing a machine

Having a VM host is great, but we can't demonstrate ssh/scp machine actions without a virtual machine running on that host. Let's create one. This may get tricky, so let's start by looking at the MAAS CLI help:

This gives us the following, very long command list:

We're looking to compose a machine here, so where would you look instinctively? Well, the first thought might be machines, so we can give that help screen a try:

This produces a few commands:

This list is interesting, but there isn't a specific compose command here. We could go down the garden path with maas admin machines create, but first, let's see if the vm-host command has anything we're seeking:

Bingo. Found the command; do you see it in this list?

Okay, so maas admin vm-host compose is the root command, let's see what it requires:

Wow! This command is incredibly robust, including some NUMA stuff (which we'll look at in a later post):

We could get fancy, but for these purposes, we just need a machine. The only thing that's absolutely required besides the command we already got "help" for is the vm-host ID. Remember that line of JSON from above? The ID is "7" – so we'll enter this command:

Hey, how about that! We got some feedback with a machine system_id:

We can use this, along with some of our jq tricks, to see if this machine is commissioning (as expected):

This gives the following output on my machine:

By the time I got this command typed in, commissioning had already nearly finished, and the machine was in the "testing" phase. If we run this command again now, we should see that it's in the "Ready" state:

Getting the machine to a login state

We can't SSH into it, because it automatically turned off after commissioning, and anyway, we didn't have a chance to ask for SSH keys to be loaded during the commissioning process. Let's run that commissioning again, with SSH keys enabled, and making sure that it's left on after it's done. For this operation, we just use the standard machine commands, because the vm-host is hosting a MAAS machine, which is the same as any other MAAS machine:

This will return a success message (be sure to substitute the "xttpfx" with whatever your composed machine system_id turns out to be; your mileage may vary). After a little while, the machine should return to a "Ready" state again, but this time, with the power left on, and with SSH keys passed to the machine, so that we can login to it. We can check this without complex jq command again:

Logging into a commissioned machine

So it's "Ready" and it's powered on, that's good. In order to log in, we'll need to know the machine's IP address. There are several ways to get this, but by far the easiest, IMHO, is just using the lxc command:

This will give us the following output:

This brings up some important nuances about the LXD list. Note that there are two machines, one of which is a CONTAINER that I use for general testing of new software. The other, "native-cub," is the VIRTUAL-MACHINE we just created, and that's the one whose IP address we want for SSH purposes:

Okay, so now we can try logging in via SSH, using the "ubuntu" user (always):

We get the expected first-login response:

And if we say "yes," we should get this result:

Using SCP

We can jump out of this machine and use its IP address to copy files over to it. First, let's make sure that there isn't anything in the local directory on the machine:

And we get what we'd expect:

So now, let's exit the machine with exit, and just touch a file called "zork" (a very uncommon filename) in the CWD on the local machine:

Now, let's try to scp (secure copy) the file over to the machine, login, and see if the file made it:

Cool! So we can copy files to a machine! Neat.

Copying files to a deployed machine

Copying files to a commissioned machine doesn't do us much good, of course, since the machine gets wiped out and reloaded on deployment. Let's acquire and deploy that same machine, and then try logging in and copying files again. First, we have to acquire and deploy the machine:

(Success message and JSON data stream)

(Success message and JSON data stream)

When it finally reaches the "Deployed" state, we can try and log into it:

What??!!?? This is supposed to work, isn't it??

No worries! On deployment, the SSH key just got updated, so just do what the message suggests, and you can SSH in normally:

Copying a script over there and running it

So first, let's verify that the script we want to copy over there isn't already there. In fact, to keep it simple, let's just create a simple and fun script to see what scp can get us. First, we'll need to install a couple of software packages on the deployed machine:

Now we can drop back and write a script that uses these three packages to produce an interesting result. Here's what should be in the script:

Add the text above to a script called motd.sh, and then chmod 777 motd.sh. Then, use the following command to copy the script to the deployed machine:

Then we can log back into the deployed machine and check the permissions on motd.sh in the arriving CWD:

On my machine, it didn't copy the permissions precisely, but it is executable by me, so I can run it and get the highly-important output:


So we see that it's possible to deploy a machine and then load usable software on it. Certainly, that's one method MAAS users depend on to get their machines configured – probably using scripts or install packages that they scp over and kick off. There are more sophisticated ways to make this happen, and we'll cover those in a future post, maybe. In the meantime, though, let's try a few more jq tricks.

Copyright (C) 2020-2023 by stormrider; All Rights Reserved