2019-09-12 12:29:45 |
Quentin GROLLEAU |
bug |
|
|
added bug |
2019-09-12 12:46:30 |
Matt Riedemann |
tags |
|
keypairs rebuild |
|
2019-09-19 04:04:47 |
Takashi Natsume |
nova: assignee |
|
Takashi NATSUME (natsume-takashi) |
|
2019-09-19 05:13:12 |
Takashi Natsume |
nova: status |
New |
Confirmed |
|
2019-09-19 07:42:06 |
OpenStack Infra |
nova: status |
Confirmed |
In Progress |
|
2020-05-09 08:51:37 |
Takashi Natsume |
nova: assignee |
Takashi Natsume (natsume-takashi) |
|
|
2020-06-29 13:06:53 |
OpenStack Infra |
nova: assignee |
|
Stephen Finucane (stephenfinucane) |
|
2020-07-21 15:46:27 |
OpenStack Infra |
nova: assignee |
Stephen Finucane (stephenfinucane) |
Takashi Natsume (natsume-takashi) |
|
2020-07-22 15:05:55 |
Stephen Finucane |
nova: assignee |
Takashi Natsume (natsume-takashi) |
Stephen Finucane (stephenfinucane) |
|
2020-07-23 05:52:56 |
OpenStack Infra |
nova: status |
In Progress |
Fix Released |
|
2020-07-23 23:17:40 |
melanie witt |
nominated for series |
|
nova/rocky |
|
2020-07-23 23:17:40 |
melanie witt |
bug task added |
|
nova/rocky |
|
2020-07-23 23:17:40 |
melanie witt |
nominated for series |
|
nova/ussuri |
|
2020-07-23 23:17:40 |
melanie witt |
bug task added |
|
nova/ussuri |
|
2020-07-23 23:17:40 |
melanie witt |
nominated for series |
|
nova/train |
|
2020-07-23 23:17:40 |
melanie witt |
bug task added |
|
nova/train |
|
2020-07-23 23:17:40 |
melanie witt |
nominated for series |
|
nova/queens |
|
2020-07-23 23:17:40 |
melanie witt |
bug task added |
|
nova/queens |
|
2020-07-23 23:17:40 |
melanie witt |
nominated for series |
|
nova/stein |
|
2020-07-23 23:17:40 |
melanie witt |
bug task added |
|
nova/stein |
|
2020-07-24 02:50:48 |
OpenStack Infra |
nova/ussuri: status |
New |
Fix Committed |
|
2020-07-27 15:49:48 |
OpenStack Infra |
nova/stein: status |
New |
In Progress |
|
2020-07-27 15:49:48 |
OpenStack Infra |
nova/stein: assignee |
|
Stephen Finucane (stephenfinucane) |
|
2020-07-27 15:53:53 |
OpenStack Infra |
nova/rocky: status |
New |
In Progress |
|
2020-07-27 15:53:53 |
OpenStack Infra |
nova/rocky: assignee |
|
Stephen Finucane (stephenfinucane) |
|
2020-07-27 15:57:14 |
OpenStack Infra |
nova/queens: status |
New |
In Progress |
|
2020-07-27 15:57:14 |
OpenStack Infra |
nova/queens: assignee |
|
Stephen Finucane (stephenfinucane) |
|
2020-07-29 22:31:35 |
OpenStack Infra |
nova/train: status |
New |
Fix Committed |
|
2020-08-04 12:55:08 |
OpenStack Infra |
nova/stein: status |
In Progress |
Fix Committed |
|
2020-08-10 17:45:03 |
OpenStack Infra |
nova/rocky: status |
In Progress |
Fix Committed |
|
2020-08-11 19:04:57 |
OpenStack Infra |
nova/queens: status |
In Progress |
Fix Committed |
|
2020-11-24 13:32:37 |
Elod Illes |
nova/stein: status |
Fix Committed |
Fix Released |
|
2020-11-24 13:35:11 |
Elod Illes |
nova/train: status |
Fix Committed |
Fix Released |
|
2020-11-24 14:25:39 |
Elod Illes |
nova/ussuri: status |
Fix Committed |
Fix Released |
|
2022-11-11 18:10:42 |
OpenStack Infra |
nova/queens: status |
Fix Committed |
Fix Released |
|
2022-11-11 18:18:35 |
OpenStack Infra |
nova/rocky: status |
Fix Committed |
Fix Released |
|
2023-04-26 06:47:58 |
Hua Zhang |
description |
Description
===========
When we want to rebuild an instance and change the keypair we can specified it with :
openstack --os-compute-api-version 2.54 server rebuild --image "Debian 10" --key-name key1 instance1
This comes from this implementation :
https://review.opendev.org/#/c/379128/
https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/rebuild-keypair-reset.html
But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
http://169.254.169.254/openstack/latest/meta_data.json
And this meta_data.json uses the keys from instance_extra tables
But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.
So the keypair is not updated inside the VM
May be this is the function for saving the keypair, but the save() do nothing :
https://opendev.org/openstack/nova/src/branch/master/nova/objects/instance.py#L714
Steps to reproduce
==================
- Deploy a DevStack
- Boot an instance with keypair key1
- Rebuild it with key2
- A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance
Expected result
===============
Connecte to the Vm with the new keypair added during the rebuild call
Actual result
=============
The keypair added during the rebuild call is not set in the VM
Environment
===========
I tested it on a Devstack from master and we have the behaviour.
NOVA : commit 5fa49cd0b8b6015aa61b4312b2ce1ae780c42c64 |
[ Impact ]
* See the original bug description below
[ Test Plan ]
* See the original bug description below
[ Where problems could occur ]
* See the original bug description below
[ Other Info ]
* the fix 6a7a78a44 is already in stable/queens, but not in 17.0.13
Original Bug Description
===========
When we want to rebuild an instance and change the keypair we can specified it with :
openstack --os-compute-api-version 2.54 server rebuild --image "Debian 10" --key-name key1 instance1
This comes from this implementation :
https://review.opendev.org/#/c/379128/
https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/rebuild-keypair-reset.html
But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
http://169.254.169.254/openstack/latest/meta_data.json
And this meta_data.json uses the keys from instance_extra tables
But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.
So the keypair is not updated inside the VM
May be this is the function for saving the keypair, but the save() do nothing :
https://opendev.org/openstack/nova/src/branch/master/nova/objects/instance.py#L714
Steps to reproduce
==================
- Deploy a DevStack
- Boot an instance with keypair key1
- Rebuild it with key2
- A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance
Expected result
===============
Connecte to the Vm with the new keypair added during the rebuild call
Actual result
=============
The keypair added during the rebuild call is not set in the VM
Environment
===========
I tested it on a Devstack from master and we have the behaviour.
NOVA : commit 5fa49cd0b8b6015aa61b4312b2ce1ae780c42c64 |
|
2023-04-26 06:48:18 |
Hua Zhang |
summary |
Key-pair is not updated during the rebuild |
[SRU] Key-pair is not updated during the rebuild |
|
2023-04-26 06:49:16 |
Hua Zhang |
attachment added |
|
bionic.debdiff https://bugs.launchpad.net/nova/+bug/1843708/+attachment/5668738/+files/bionic.debdiff |
|
2023-04-26 06:50:33 |
Hua Zhang |
tags |
keypairs rebuild |
keypairs rebuild sts sts-sru-needed |
|
2023-04-27 00:39:23 |
Hua Zhang |
bug |
|
|
added subscriber Hua Zhang |
2023-05-16 08:49:57 |
Edward Hope-Morley |
bug task added |
|
cloud-archive |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/queens |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/queens |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/rocky |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/rocky |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/stein |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/stein |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/train |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/train |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/ussuri |
|
2023-05-16 08:50:21 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/ussuri |
|
2023-05-16 08:50:31 |
Edward Hope-Morley |
bug task added |
|
nova (Ubuntu) |
|
2023-05-16 08:50:40 |
Edward Hope-Morley |
nominated for series |
|
Ubuntu Focal |
|
2023-05-16 08:50:40 |
Edward Hope-Morley |
bug task added |
|
nova (Ubuntu Focal) |
|
2023-05-16 08:50:40 |
Edward Hope-Morley |
nominated for series |
|
Ubuntu Bionic |
|
2023-05-16 08:50:40 |
Edward Hope-Morley |
bug task added |
|
nova (Ubuntu Bionic) |
|
2023-05-16 08:50:50 |
Edward Hope-Morley |
bug task deleted |
cloud-archive/queens |
|
|
2023-05-16 11:36:42 |
Edward Hope-Morley |
cloud-archive/ussuri: status |
New |
Fix Released |
|
2023-05-16 11:36:50 |
Edward Hope-Morley |
nova (Ubuntu Focal): status |
New |
Fix Released |
|
2023-05-16 11:36:59 |
Edward Hope-Morley |
cloud-archive/train: status |
New |
Fix Released |
|
2023-05-16 11:37:06 |
Edward Hope-Morley |
cloud-archive/stein: status |
New |
Fix Released |
|
2023-05-16 11:38:30 |
Edward Hope-Morley |
cloud-archive/rocky: status |
New |
Won't Fix |
|
2023-05-16 12:16:58 |
Ubuntu Foundations Team Bug Bot |
tags |
keypairs rebuild sts sts-sru-needed |
keypairs patch rebuild sts sts-sru-needed |
|
2023-05-16 12:17:03 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2023-05-16 14:39:01 |
Corey Bryant |
nova (Ubuntu): status |
New |
Invalid |
|
2023-05-16 14:39:11 |
Corey Bryant |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2023-05-17 09:30:35 |
Hua Zhang |
description |
[ Impact ]
* See the original bug description below
[ Test Plan ]
* See the original bug description below
[ Where problems could occur ]
* See the original bug description below
[ Other Info ]
* the fix 6a7a78a44 is already in stable/queens, but not in 17.0.13
Original Bug Description
===========
When we want to rebuild an instance and change the keypair we can specified it with :
openstack --os-compute-api-version 2.54 server rebuild --image "Debian 10" --key-name key1 instance1
This comes from this implementation :
https://review.opendev.org/#/c/379128/
https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/rebuild-keypair-reset.html
But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
http://169.254.169.254/openstack/latest/meta_data.json
And this meta_data.json uses the keys from instance_extra tables
But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.
So the keypair is not updated inside the VM
May be this is the function for saving the keypair, but the save() do nothing :
https://opendev.org/openstack/nova/src/branch/master/nova/objects/instance.py#L714
Steps to reproduce
==================
- Deploy a DevStack
- Boot an instance with keypair key1
- Rebuild it with key2
- A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance
Expected result
===============
Connecte to the Vm with the new keypair added during the rebuild call
Actual result
=============
The keypair added during the rebuild call is not set in the VM
Environment
===========
I tested it on a Devstack from master and we have the behaviour.
NOVA : commit 5fa49cd0b8b6015aa61b4312b2ce1ae780c42c64 |
[ Impact ]
* See the original bug description below
[ Test Plan ]
* See the original bug description below
[ Where problems could occur ]
This fix 6a7a78a44 is already in stable/queens and all versions since queens, bionic uses 17.0.13 rather than stable/queens, we just SRU this fix to 17.0.13 so there can't be any regression theoretically. On the other hand, code change is limited to _save_keypairs according to https://review.opendev.org/c/openstack/nova/+/683043/19/nova/objects/instance.py so the regressions is also limited _save_keypairs . The test will also ensure that other logic beyond _save_keypairs. so I think it's safe.
[ Other Info ]
* the fix 6a7a78a44 is already in stable/queens, but not in 17.0.13
Original Bug Description
===========
When we want to rebuild an instance and change the keypair we can specified it with :
openstack --os-compute-api-version 2.54 server rebuild --image "Debian 10" --key-name key1 instance1
This comes from this implementation :
https://review.opendev.org/#/c/379128/
https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/rebuild-keypair-reset.html
But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
http://169.254.169.254/openstack/latest/meta_data.json
And this meta_data.json uses the keys from instance_extra tables
But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.
So the keypair is not updated inside the VM
May be this is the function for saving the keypair, but the save() do nothing :
https://opendev.org/openstack/nova/src/branch/master/nova/objects/instance.py#L714
Steps to reproduce
==================
- Deploy a DevStack
- Boot an instance with keypair key1
- Rebuild it with key2
- A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance
Expected result
===============
Connecte to the Vm with the new keypair added during the rebuild call
Actual result
=============
The keypair added during the rebuild call is not set in the VM
Environment
===========
I tested it on a Devstack from master and we have the behaviour.
NOVA : commit 5fa49cd0b8b6015aa61b4312b2ce1ae780c42c64 |
|
2023-05-19 23:45:35 |
Steve Langasek |
nova (Ubuntu Bionic): status |
New |
Incomplete |
|
2023-05-22 04:24:53 |
Hua Zhang |
description |
[ Impact ]
* See the original bug description below
[ Test Plan ]
* See the original bug description below
[ Where problems could occur ]
This fix 6a7a78a44 is already in stable/queens and all versions since queens, bionic uses 17.0.13 rather than stable/queens, we just SRU this fix to 17.0.13 so there can't be any regression theoretically. On the other hand, code change is limited to _save_keypairs according to https://review.opendev.org/c/openstack/nova/+/683043/19/nova/objects/instance.py so the regressions is also limited _save_keypairs . The test will also ensure that other logic beyond _save_keypairs. so I think it's safe.
[ Other Info ]
* the fix 6a7a78a44 is already in stable/queens, but not in 17.0.13
Original Bug Description
===========
When we want to rebuild an instance and change the keypair we can specified it with :
openstack --os-compute-api-version 2.54 server rebuild --image "Debian 10" --key-name key1 instance1
This comes from this implementation :
https://review.opendev.org/#/c/379128/
https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/rebuild-keypair-reset.html
But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
http://169.254.169.254/openstack/latest/meta_data.json
And this meta_data.json uses the keys from instance_extra tables
But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.
So the keypair is not updated inside the VM
May be this is the function for saving the keypair, but the save() do nothing :
https://opendev.org/openstack/nova/src/branch/master/nova/objects/instance.py#L714
Steps to reproduce
==================
- Deploy a DevStack
- Boot an instance with keypair key1
- Rebuild it with key2
- A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance
Expected result
===============
Connecte to the Vm with the new keypair added during the rebuild call
Actual result
=============
The keypair added during the rebuild call is not set in the VM
Environment
===========
I tested it on a Devstack from master and we have the behaviour.
NOVA : commit 5fa49cd0b8b6015aa61b4312b2ce1ae780c42c64 |
[Impact]
During rebuilds, the customer was unable to update the instance's keypair.
[Test Case]
- create a bionic openstack test env
- choose the key 'testkey' to create an instance
openstack keypair create mykey --public-key ~/.ssh/id_rsa.pub
openstack keypair create testkey --public-key /home/ubuntu/testkey.pub
openstack server create --flavor m1.small --image jammy --key-name testkey --network=$(openstack network show private -f value -c id) i1
- create a new instance from the snapshot and choose a different keypair 'mykey' at rebuild time
openstack --os-compute-api-version 2.54 server rebuild --image jammy --key-name mykey --name i1 i1
sudo ip netns exec qrouter-xxx ssh ubuntu@192.168.21.4 -i ~/testkey.priv -v
sudo ip netns exec qrouter-xxx ssh ubuntu@192.168.21.4 -i ~/id_rsa -v
the new instance should accept the new key and reject the old key, but the result is the new instance rejects the new key but old key still works.
[Regression Potential]
This fix 6a7a78a44 is already in stable/queens and all versions since queens, bionic uses 17.0.13 rather than stable/queens, we just SRU this fix to 17.0.13 so there can't be any regression theoretically. On the other hand, code change is limited to _save_keypairs according to https://review.opendev.org/c/openstack/nova/+/683043/19/nova/objects/instance.py so the regressions is also limited in _save_keypairs . The test will also ensure that other logic beyond _save_keypairs. I have tested this fix, it works. so I think it's safe.
[Others]
Original Bug Description Below
===========
When we want to rebuild an instance and change the keypair we can specified it with :
openstack --os-compute-api-version 2.54 server rebuild --image "Debian 10" --key-name key1 instance1
This comes from this implementation :
https://review.opendev.org/#/c/379128/
https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/rebuild-keypair-reset.html
But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
http://169.254.169.254/openstack/latest/meta_data.json
And this meta_data.json uses the keys from instance_extra tables
But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.
So the keypair is not updated inside the VM
May be this is the function for saving the keypair, but the save() do nothing :
https://opendev.org/openstack/nova/src/branch/master/nova/objects/instance.py#L714
Steps to reproduce
==================
- Deploy a DevStack
- Boot an instance with keypair key1
- Rebuild it with key2
- A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance
Expected result
===============
Connecte to the Vm with the new keypair added during the rebuild call
Actual result
=============
The keypair added during the rebuild call is not set in the VM
Environment
===========
I tested it on a Devstack from master and we have the behaviour.
NOVA : commit 5fa49cd0b8b6015aa61b4312b2ce1ae780c42c64 |
|
2023-05-22 04:27:21 |
Hua Zhang |
nova (Ubuntu Bionic): status |
Incomplete |
New |
|
2023-05-24 07:46:56 |
Łukasz Zemczak |
nova (Ubuntu Bionic): status |
New |
Fix Committed |
|
2023-05-24 07:46:59 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2023-05-24 07:47:03 |
Łukasz Zemczak |
tags |
keypairs patch rebuild sts sts-sru-needed |
keypairs patch rebuild sts sts-sru-needed verification-needed verification-needed-bionic |
|
2023-05-24 07:54:27 |
Łukasz Zemczak |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2023-05-25 01:34:23 |
Hua Zhang |
tags |
keypairs patch rebuild sts sts-sru-needed verification-needed verification-needed-bionic |
keypairs patch rebuild sts sts-sru-needed verification-done verification-done-bionic |
|
2023-05-31 11:04:17 |
Robie Basak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2023-05-31 11:04:16 |
Launchpad Janitor |
nova (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|