[image provisioning] Ssh keys aren't uploaded to slaves during provisioning in case of image based provisioning

Bug #1378832 reported by Andrey Sledzinskiy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
Medium
Vladimir Kozhukalov

Bug Description

custom iso with image-based provisioning
{

    "build_id": "2014-10-07_13-04-02",
    "ostf_sha": "45fe4038ba861673f3a6877d64582c2f66607d30",
    "build_number": "465",
    "auth_required": true,
    "api": "1.0",
    "nailgun_sha": "6ba1397de286eddd9d404f93303e34320849ad90",
    "production": "docker",
    "fuelmain_sha": "d4aa7399ba28fcd643ae0b07b7ce0a71e87c6749",
    "astute_sha": "157fcf2037205f0696816cb41b9db6a04fdc1ab4",
    "feature_groups": [
        "mirantis",
        "experimental",
        "imagebased"
    ],
    "release": "6.0",
    "release_versions": {
        "2014.2-6.0": {
            "VERSION": {
                "build_id": "2014-10-07_13-04-02",
                "ostf_sha": "45fe4038ba861673f3a6877d64582c2f66607d30",
                "build_number": "465",
                "api": "1.0",
                "nailgun_sha": "6ba1397de286eddd9d404f93303e34320849ad90",
                "production": "docker",
                "fuelmain_sha": "d4aa7399ba28fcd643ae0b07b7ce0a71e87c6749",
                "astute_sha": "157fcf2037205f0696816cb41b9db6a04fdc1ab4",
                "feature_groups": [
                    "mirantis",
                    "experimental",
                    "imagebased"
                ],
                "release": "6.0",
                "fuellib_sha": "e43e9ba98f33f8fced49dcbac35847b42c04bc82"
            }
        }
    },
    "fuellib_sha": "e43e9ba98f33f8fced49dcbac35847b42c04bc82"

}

Steps:
1. Create simple cluster with all default values - 1 controller, 1 compute, 1 cinder nodes
2. Deploy cluster
3. Ssh to master node
4. Try to ssh to any slave from master

Expected - it's possible to ssh to slave from master
Actual - connection impossible because there is no authorized keys on slaves

Logs are attached

Revision history for this message
Andrey Sledzinskiy (asledzinskiy) wrote :
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/127158

Changed in fuel:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/127158
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=5106d31ee80a683c618fada7b0186263e1d20a28
Submitter: Jenkins
Branch: master

commit 5106d31ee80a683c618fada7b0186263e1d20a28
Author: Vladimir Kozhukalov <email address hidden>
Date: Thu Oct 9 11:26:02 2014 +0400

    Added AUTHORIZED_KEYS field into settings.yaml.erb

    This is for making it possible for nailgun to pass
    default (aka system) public key into provisioning data
    so as to put them on a target node apart from user
    defined public key.

    Related PR to fuel-web is
    https://review.openstack.org/#/c/127490/

    Change-Id: Id5dff61444d7dfb278e0ae6c49b0f772ff68ffd6
    Closes-Bug: 1378832
    Implements: blueprint image-based-provisioning

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (master)

Reviewed: https://review.openstack.org/127490
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=0425f9ac78ad546cf75c85d64ce8630beeb3a168
Submitter: Jenkins
Branch: master

commit 0425f9ac78ad546cf75c85d64ce8630beeb3a168
Author: Vladimir Kozhukalov <email address hidden>
Date: Fri Oct 10 14:53:36 2014 +0400

    Added ATHORIZED_KEYS into settings.yaml

    We have two types of ssh keys:
    1) system which is from /root/.ssh/id_rsa.pub
    2) user defined which is set by user via web interface

    Cobbler during provisioning gets user defined
    ssh key from provisioning data (come from nailgun
    provisioning serializer) and system ssh key directly
    from /etc/cobbler/authorized_keys.

    Image based provisioning is implemented as fully
    data driven process. So we need system ssh public key
    to come inside provisioning data and to make nailgun
    able to put this key into provisioning data we need
    to have this key in settings.yaml.

    Besides there is a PR to fuel-library. This patch is
    about putting system ssh public key into settings.yaml
    during master node deployment. For details see
    https://review.openstack.org/#/c/127158/

    Change-Id: If3d44903cb8f1ca6636041905dc269edf5088494
    Implements: blueprint image-based-provisioning
    Closes-Bug: 1378832

Revision history for this message
Kirill Omelchenko (komelchenko) wrote :

Verified.
{
   "build_id":"2014-11-17_17-53-34",
   "ostf_sha":"82465a94eed4eff1fc8d8e1f2fb7e9993c22f068",
   "build_number":"504",
   "auth_required":true,
   "api":"1.0",
   "nailgun_sha":"8d23d1b1bcd9213a70a40c38c3c1486d215d40b5",
   "production":"docker",
   "fuelmain_sha":"8d4943d5ead7a894d4af5e10172510fa60eeed84",
   "astute_sha":"65eb911c38afc0e23d187772f9a05f703c685896",
   "feature_groups":[
      "mirantis",
      "experimental"
   ],
   "release":"6.0",
   "release_versions":{
      "2014.2-6.0":{
         "VERSION":{
            "build_id":"2014-11-17_17-53-34",
            "ostf_sha":"82465a94eed4eff1fc8d8e1f2fb7e9993c22f068",
            "build_number":"504",
            "api":"1.0",
            "nailgun_sha":"8d23d1b1bcd9213a70a40c38c3c1486d215d40b5",
            "production":"docker",
            "fuelmain_sha":"8d4943d5ead7a894d4af5e10172510fa60eeed84",
            "astute_sha":"65eb911c38afc0e23d187772f9a05f703c685896",
            "feature_groups":[
               "mirantis"
            ],
            "release":"6.0",
            "fuellib_sha":"8a0ceff90777af75a3f9363a57185e608f3ee10d"
         }
      }
   },
   "fuellib_sha":"8a0ceff90777af75a3f9363a57185e608f3ee10d"
}

Changed in fuel:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.