openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Default Octavia SSH pub key to UC default keypair 

The Octavia public key configuration is run by Mistral meaning under the
'mistral' user. The previously default /home/stack/.ssh/id_rsa.pub file
may not be readable or not accessible because the of lack of permissions
from its parent directory leading to permission denied and hence failure
to deploy overcloud. It is safer to not default to a file path but to
use the existing 'default' keypair from the undercloud which anyway is
the public key of the 'stack' user. Users can still specify a file path
but will need to ensure it is readable.

Related-Bug: #1770641
Change-Id: I1dea4a8d5bb3c5a64ee7fb8995b837909bc1cafe
This commit is contained in:
Carlos Goncalves 2018-05-11 08:22:29 +02:00
parent 7f23133651
commit 0e87e640c8
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docker/services/octavia/octavia-deployment-config.yaml
View File

@ -59,7 +59,7 @@ parameters:
description: SSH key name.
OctaviaAmphoraSshKeyFile:
type: string
default: '/home/stack/.ssh/id_rsa.pub'
default: ''
description: Public key file path. User will be able to SSH into amphorae
with the provided key. User may, in most cases, also elevate to root
from user 'centos' (CentOS), 'ubuntu' (Ubuntu) or 'cloud-user' (RHEL)
@ -145,6 +145,11 @@ parameters:
type: string
default: 'service'
resources:
default_key_pair:
type: OS::Nova::KeyPair
external_id: default
outputs:
role_data:
description: Role data for the Octavia configuration service
@ -167,6 +172,7 @@ outputs:
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
auth_username: { get_param: OctaviaUserName }
auth_password: { get_param: OctaviaPassword }
auth_project_name: { get_param: OctaviaProjectName }

3
releasenotes/notes/default-octavia-ssh-pub-key-to-keypair-70377d43bf76a407.yaml Normal file
View File

@ -0,0 +1,3 @@
---
fixes:
- Default Octavia SSH public key to 'default' keypair from undercloud.