OpenStack Compute (nova)

Key pair not imported when passing cloud-init script on initiation

Bug #1817683 reported by Jelle Leempoels
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Invalid
Undecided
Unassigned

Bug Description

Description
===========

The public SSH key is not imported when an instance is created with a key pair (key pair tab) + cloud-init script (configuration tab)

- Reproduced in dashboard (Horizon)
- Reproduced with python (nova.server.create())

Steps to reproduce
==================
- Create an instance in the GUI
    - with a key pair

Key pair is inserted
--------------------
  [ 22.212331] cloud-init[993]: Cloud-init v. 18.4-0ubuntu1~18.04.1 running 'modules:config' at Tue, 26 Feb
  2019 09:44:27 +0000. Up 21.13 seconds.
  [[0;32m OK [0m] Started Apply the settings specified in cloud-config.
         Starting Execute cloud user/final scripts...
  ci-info: +++++Authorized keys from /home/ubuntu/.ssh/authorized_keys for user ubuntu++++++
  ci-info: +---------+-------------------------------------------------+---------+---------+
  ci-info: | Keytype | Fingerprint (md5) | Options | Comment |
  ci-info: +---------+-------------------------------------------------+---------+---------+
  ci-info: | ssh-rsa | 36:b4:ea:45:0a:77:c4:87:c9:71:d5:78:6e:a5:ee:ba | - | - |
  ci-info: +---------+-------------------------------------------------+---------+---------+

  => login to VM with key pair
  -> Login successful

- Create a second instance
  - with a key pair
  - pass a cloud-init script in the user configuration

  #cloud-config
  chpasswd:
    expire: false
    list: |
        root:toor
        jelle:jelle
  users:
    - name: jelle
      lock-passwd: false
      sudo: ['ALL=(ALL) NOPASSWD:ALL']
      groups: sudo
      shell: /bin/bash

==> Public key from the key-pair is not imported

[ 21.472835] cloud-init[937]: Cloud-init v. 18.4-0ubuntu1~18.04.1 running 'modules:config' at Tue, 26 Feb 2019 09:36:21 +0000. Up 20.47 seconds.
[[0;32m OK [0m] Started Apply the settings specified in cloud-config.
         Starting Execute cloud user/final scripts...
ci-info: no authorized ssh keys fingerprints found for user jelle.
<14>Feb 26 09:36:23 ec2:
<14>Feb 26 09:36:23 ec2: #############################################################
<14>Feb 26 09:36:23 ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
<14>Feb 26 09:36:23 ec2: 1024 SHA256:mfFrY4zKFLuJPRF6Pw6z8suzBzA7jx21sife3MwEee4 root@test (DSA)
<14>Feb 26 09:36:23 ec2: 256 SHA256:JzA4J0A6oN5c1vTiGpTPBgqisb1IlxXBumlnk/Jg1Po root@test (ECDSA)
<14>Feb 26 09:36:23 ec2: 256 SHA256:j/mU93YAfgHxdrXJD0QT6SMFFoOzRvtES/YZ+9ZBNaM root@test (ED25519)
<14>Feb 26 09:36:23 ec2: 2048 SHA256:Hy1gMvK/7hSoyIacAgx+C/jEHkbCi5yS9YbiYfcTVGo root@test (RSA)
<14>Feb 26 09:36:23 ec2: -----END SSH HOST KEY FINGERPRINTS-----
<14>Feb 26 09:36:23 ec2: #############################################################
-----BEGIN SSH HOST KEY KEYS-----
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGBMYWNnP97Znq6Al0LHqzUu8tOa3/T4fuh+PLAIW26b2361MarI/1HxxseRmCUgb45Gw5zXu7CfLhAlHaThirk= root@test
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ54epYzeKPsUs8UXyac+nTPQGpNY2CQWwBQL4aEPZD6 root@test
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwtmWLjZrRB4BVxcWAZt8/uWkkQhMCkrdNQTS40ZGTGto46MyBmyA+4RJxnZ8MV9I/8lpBt1EY5ERdf/5gDwN51wzq57LVuTz46mhYU3i85YECaE98VXG9I52OC0/UzgvlEbwEbVPlMh+ZVkNSkZu4Mcuvi0hvzU7+Z5p8CvWEMhIvtWAKbf/ujK0WzeYRwsqQfGm5hUH6TJSjFRCC/T1DosnM+hgDlNkiYGjlUE9LvSPRTX1rMfakUbWzK/EJWuGuYO21P/oORNDeJxWPZS/Y8cW+VCQbXCuXqXFst347Tvnl/kmZULjRJjB05eAV6Ejto2tRbCku49POA26/GzMj root@test
-----END SSH HOST KEY KEYS-----
[ 22.295189] cloud-init[995]: Cloud-init v. 18.4-0ubuntu1~18.04.1 running 'modules:final' at Tue, 26 Feb 2019 09:36:23 +0000. Up 22.06 seconds.
[ 22.299328] cloud-init[995]: ci-info: no authorized ssh keys fingerprints found for user jelle.
[ 22.301658] cloud-init[995]: Cloud-init v. 18.4-0ubuntu1~18.04.1 finished at Tue, 26 Feb 2019 09:36:23 +0000. Datasource DataSourceOpenStackLocal [net,ver=2]. Up 22.27 seconds

  => Login with keypair
  -> login fails

  Environment
  ===========

  ubuntu@juju-5dc387-0-lxd-6:~$ nova-manage --version
  15.1.5

  ubuntu@juju-5dc387-0-lxd-6:~$ dpkg -l | grep nova
  ii nova-api-os-compute 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute - OpenStack Compute API frontend
  ii nova-common 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute - common files
  ii nova-conductor 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute - conductor service
  ii nova-consoleauth 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute - Console Authenticator
  ii nova-novncproxy 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute - NoVNC proxy
  ii nova-placement-api 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute - placement API frontend
  ii nova-scheduler 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute - virtual machine scheduler
  ii python-nova 2:15.1.5-0ubuntu1~cloud0 all OpenStack Compute Python libraries

  xx@xx-dev:~/Documents$ openstack --version
  openstack 3.14.2

WORKAROUND
==========

Is it possible because the key pair insertion is also using cloud-init.
This is overruled by the userdata?

As a solution I will try to use cloud-init to insert the pub key.

Revision history for this message
sean mooney (sean-k-mooney) wrote :

i belive you are correct that this behavior is caused by the fact you are creating a usever via cloud init.

if you think this is really a nova bug feel free to set the status back to New for the bug to be retriaged.

Changed in nova:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.