[SRU] Key-pair is not updated during the rebuild
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Stephen Finucane | ||
Queens |
Fix Released
|
Undecided
|
Stephen Finucane | ||
Rocky |
Fix Released
|
Undecided
|
Stephen Finucane | ||
Stein |
Fix Released
|
Undecided
|
Stephen Finucane | ||
Train |
Fix Released
|
Undecided
|
Unassigned | ||
Ussuri |
Fix Released
|
Undecided
|
Unassigned | ||
Ubuntu Cloud Archive |
New
|
Undecided
|
Unassigned | ||
Rocky |
Won't Fix
|
Undecided
|
Unassigned | ||
Stein |
Fix Released
|
Undecided
|
Unassigned | ||
Train |
Fix Released
|
Undecided
|
Unassigned | ||
Ussuri |
Fix Released
|
Undecided
|
Unassigned | ||
nova (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
During rebuilds, the customer was unable to update the instance's keypair.
[Test Case]
- create a bionic openstack test env
- choose the key 'testkey' to create an instance
openstack keypair create mykey --public-key ~/.ssh/id_rsa.pub
openstack keypair create testkey --public-key /home/ubuntu/
openstack server create --flavor m1.small --image jammy --key-name testkey --network=
- create a new instance from the snapshot and choose a different keypair 'mykey' at rebuild time
openstack --os-compute-
sudo ip netns exec qrouter-xxx ssh ubuntu@192.168.21.4 -i ~/testkey.priv -v
sudo ip netns exec qrouter-xxx ssh ubuntu@192.168.21.4 -i ~/id_rsa -v
the new instance should accept the new key and reject the old key, but the result is the new instance rejects the new key but old key still works.
[Regression Potential]
This fix 6a7a78a44 is already in stable/queens and all versions since queens, bionic uses 17.0.13 rather than stable/queens, we just SRU this fix to 17.0.13 so there can't be any regression theoretically. On the other hand, code change is limited to _save_keypairs according to https:/
[Others]
Original Bug Description Below
===========
When we want to rebuild an instance and change the keypair we can specified it with :
openstack --os-compute-
This comes from this implementation :
https:/
https:/
But when rebuilding the instance, Cloud-Init will set the key in authorized_keys from
http://
And this meta_data.json uses the keys from instance_extra tables
But the keypair will be updated in the 'instances' table but not in the 'instance_extra' table.
So the keypair is not updated inside the VM
May be this is the function for saving the keypair, but the save() do nothing :
https:/
Steps to reproduce
==================
- Deploy a DevStack
- Boot an instance with keypair key1
- Rebuild it with key2
- A nova show will show the key_name key2, keypairs object in table instance_extra is not updated and you cannot connect with key2 to the instance
Expected result
===============
Connecte to the Vm with the new keypair added during the rebuild call
Actual result
=============
The keypair added during the rebuild call is not set in the VM
Environment
===========
I tested it on a Devstack from master and we have the behaviour.
NOVA : commit 5fa49cd0b8b6015
tags: | added: keypairs rebuild |
Changed in nova: | |
assignee: | nobody → Takashi NATSUME (natsume-takashi) |
Changed in nova: | |
status: | New → Confirmed |
Changed in nova: | |
assignee: | Takashi Natsume (natsume-takashi) → nobody |
Changed in nova: | |
assignee: | nobody → Stephen Finucane (stephenfinucane) |
Changed in nova: | |
assignee: | Stephen Finucane (stephenfinucane) → Takashi Natsume (natsume-takashi) |
Changed in nova: | |
assignee: | Takashi Natsume (natsume-takashi) → Stephen Finucane (stephenfinucane) |
no longer affects: | cloud-archive/queens |
Changed in nova (Ubuntu Focal): | |
status: | New → Fix Released |
description: | updated |
Fix proposed to branch: master /review. opendev. org/683043
Review: https:/