Default Octavia SSH pub key to UC default keypair
The Octavia public key configuration is run by Mistral meaning under the
'mistral' user. The previously default /home/stack/.ssh/id_rsa.pub file
may not be readable or not accessible because the of lack of permissions
from its parent directory leading to permission denied and hence failure
to deploy overcloud. It is safer to not default to a file path but to
use the existing 'default' keypair from the undercloud which anyway is
the public key of the 'stack' user. Users can still specify a file path
but will need to ensure it is readable.
Related-Bug: #1770641
Change-Id: I1dea4a8d5bb3c5a64ee7fb8995b837909bc1cafe
(cherry picked from commit 0e87e640c8
)
This commit is contained in:
parent
5bd9aca3e7
commit
b94d3b4043
@ -53,7 +53,7 @@ parameters:
|
||||
description: SSH key name.
|
||||
OctaviaAmphoraSshKeyFile:
|
||||
type: string
|
||||
default: '/home/stack/.ssh/id_rsa.pub'
|
||||
default: ''
|
||||
description: Public key file path. User will be able to SSH into amphorae
|
||||
with the provided key. User may, in most cases, also elevate to root
|
||||
from user 'centos' (CentOS), 'ubuntu' (Ubuntu) or 'cloud-user' (RHEL)
|
||||
@ -139,6 +139,11 @@ parameters:
|
||||
type: string
|
||||
default: 'service'
|
||||
|
||||
resources:
|
||||
default_key_pair:
|
||||
type: OS::Nova::KeyPair
|
||||
external_id: default
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia configuration service
|
||||
@ -161,6 +166,7 @@ outputs:
|
||||
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
|
||||
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
|
||||
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
|
||||
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
|
||||
auth_username: { get_param: OctaviaUserName }
|
||||
auth_password: { get_param: OctaviaPassword }
|
||||
auth_project_name: { get_param: OctaviaProjectName }
|
||||
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
fixes:
|
||||
- Default Octavia SSH public key to 'default' keypair from undercloud.
|
Loading…
Reference in New Issue
Block a user