Not able to run carbon-cache with manhole enabled

Question

When I try to run carbon-cache.py start by setting

ENABLE_MANHOLE = True
MANHOLE_INTERFACE = 127.0.0.1
MANHOLE_PORT = 7222
MANHOLE_USER = admin
MANHOLE_PUBLIC_KEY = ssh-rsa AAAAB3NzaC1yc2EAAAABiwAaAIEAoxN0sv/e4eZCPpi3N3KYvyzRaBaMeS2RsOQ/cDuKv11dlNzVeiyc3RFmCv5Rjwn/lQ79y0zyHxw67qLyhQ/kDzINc4cY41ivuQXm2tPmgvexdrBv5nsfEpjs3gLZfJnyvlcVyWK/lId8WUvEWSWHTzsbtmXAF2raJMdgLTbQ8wE=

I get the following error

Starting carbon-cache (instance a)
An error has occurred: b"ConchError: ('no host keys, failing', None)"
Please look at log file for more information.

Log File:

25/10/2016 13:50:18 ::     'listen%s' % (self.method,))(*self.args, **self.kwargs)
25/10/2016 13:50:18 ::   File "/opt/graphite/local/lib/python2.7/site-packages/twisted/internet/posixbase.py", line 478, in listenTCP
25/10/2016 13:50:18 ::     p.startListening()
25/10/2016 13:50:18 ::   File "/opt/graphite/local/lib/python2.7/site-packages/twisted/internet/tcp.py", line 1001, in startListening
25/10/2016 13:50:18 ::     self.factory.doStart()
25/10/2016 13:50:18 ::   File "/opt/graphite/local/lib/python2.7/site-packages/twisted/internet/protocol.py", line 74, in doStart
25/10/2016 13:50:18 ::     self.startFactory()
25/10/2016 13:50:18 ::   File "/opt/graphite/local/lib/python2.7/site-packages/twisted/conch/ssh/factory.py", line 41, in startFactory
25/10/2016 13:50:18 ::     raise error.ConchError('no host keys, failing')
25/10/2016 13:50:18 :: twisted.conch.error.ConchError: ('no host keys, failing', None)

Being new to twisted, i am not able to understand how to resolve it.

Answer 1

Twisted 16.1 included a change in Twisted Conch (that implements the manhole functionality) so that it no longer uses a hardcoded SSH host key pair. See https://twistedmatrix.com/trac/ticket/8229 for details.

To resolve this, carbon-cache should gain configuration variables to specify the public and private host key, and set them on the ConchFactory instance, using its publicKeys and privateKeys attributes. I looked at the current implementation carbon's manhole.py, which has:

def createManholeListener(): # ... sessionFactory = ConchFactory(sshPortal) return sessionFactory

This should be amended something like this:

def createManholeListener(): # ... sessionFactory = ConchFactory(sshPortal) sessionFactory.publicKeys[b'ssh-rsa'] = keys.Key.fromString(settings.MANHOLE_HOST_RSA_PUBLIC_KEY) sessionFactory.privateKeys[b'ssh-rsa'] = keys.Key.fromString(settings.MANHOLE_HOST_RSA_PRIVATE_KEY) return sessionFactory

This assumes the keys are generated with ssh-keygen -t rsa. If you'd want to support other key types, both dicts are indexed by a byte string specifying the key type.