OpenStack-Ansible

Nova SSH key distribution regression

Bug #1615624 reported by Paulo Matias on 2016-08-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	Undecided	Paulo Matias

Bug Description

After commit bda35e7fd60b48af24b0b7501bffba151ab2d187, a regression was introduced which causes key distribution to fail when the id_rsa.pub files slurped by nova_compute_key_populate contain a final newline.

When a pattern containing newlines is given to grep, it treats each line as a different pattern, and ORs these patterns together. Therefore:

grep 'some_pattern
' file

Looks for some_pattern OR the empty string inside the file. The empty string always matches, therefore grep always returns a successful match.

When openstack-nova-key.sh is generated from id_rsa.pub contents containing a final newline, the KEY variable is set as:

KEY="key_contents
"

Therefore, the subsequent grep always matches, and no key is inserted into authorized_keys.

Paulo Matias (paulo-matias) on 2016-08-22

Changed in openstack-ansible:
status:	New → In Progress
assignee:	nobody → Paulo Matias (paulo-matias)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-22: Fix proposed to openstack-ansible-os_nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/358630

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-22: Fix merged to openstack-ansible-os_nova (master)

Reviewed: https://review.openstack.org/358630
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_nova/commit/?id=354147b7c7f49a19441655b9ebd1f788123c1b0e
Submitter: Jenkins
Branch: master

commit 354147b7c7f49a19441655b9ebd1f788123c1b0e
Author: Paulo Matias <email address hidden>
Date: Mon Aug 22 10:05:20 2016 -0300

Clean final newline when distributing SSH keys

    When a pattern containing newlines is given to grep, it treats each
    line as a different pattern, and ORs these patterns together. The
    empty string always matches, therefore grep always returns a
    successful match.

Change-Id: I881c90979995e060d24988438a710376e54331b8
Closes-Bug: #1615624

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-08-31: Fix included in openstack/openstack-ansible-os_nova 14.0.0.0b3

This issue was fixed in the openstack/openstack-ansible-os_nova 14.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.