diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 7f69760d4..a38de2c82 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -926,6 +926,18 @@ Selecting the OpenStack driver adds the following options to the If given, the label for use in this pool will create a volume from the image and boot the node from it. + .. attr:: host-key-checking + :type: bool + :default: True + + Specify custom behavior of validation of SSH host keys. When set to + False, nodepool-launcher will not ssh-keyscan nodes after they are + booted. This might be needed if nodepool-launcher and the nodes it + launches are on different networks. The default value is True. + + .. note:: This value will override the value for + :attr:`providers.[openstack].pools.host-key-checking`. + .. attr:: networks :type: list diff --git a/nodepool/driver/openstack/config.py b/nodepool/driver/openstack/config.py index 7204852d1..4f5590250 100644 --- a/nodepool/driver/openstack/config.py +++ b/nodepool/driver/openstack/config.py @@ -91,6 +91,7 @@ class ProviderLabel(ConfigValue): self.instance_properties = None self.userdata = None self.networks = [] + self.host_key_checking = True # The ProviderPool object that owns this label. self.pool = None @@ -109,7 +110,8 @@ class ProviderLabel(ConfigValue): other.volume_size == self.volume_size and other.instance_properties == self.instance_properties and other.userdata == self.userdata and - other.networks == self.networks) + other.networks == self.networks and + other.host_key_checking == self.host_key_checking) return False def __repr__(self): @@ -211,6 +213,8 @@ class ProviderPool(ConfigPool): None) pl.userdata = label.get('userdata', None) pl.networks = label.get('networks', self.networks) + pl.host_key_checking = label.get( + 'host-key-checking', self.host_key_checking) top_label = full_config.labels[pl.name] top_label.pools.append(self) @@ -367,6 +371,7 @@ class OpenStackProviderConfig(ProviderConfig): 'instance-properties': dict, 'userdata': str, 'networks': [str], + 'host-key-checking': bool, } label_min_ram = v.Schema({v.Required('min-ram'): int}, extra=True) diff --git a/nodepool/driver/openstack/handler.py b/nodepool/driver/openstack/handler.py index 322761283..b1e46a681 100644 --- a/nodepool/driver/openstack/handler.py +++ b/nodepool/driver/openstack/handler.py @@ -217,7 +217,7 @@ class OpenStackNodeLauncher(NodeLauncher): # wait and scan the new node and record in ZooKeeper host_keys = [] - if self.pool.host_key_checking: + if self.label.host_key_checking: try: self.log.debug( "Gathering host keys for node %s", self.node.id) diff --git a/nodepool/tests/fixtures/node-host-key-checking.yaml b/nodepool/tests/fixtures/node-host-key-checking.yaml index ed677cdbc..6697ee4bc 100644 --- a/nodepool/tests/fixtures/node-host-key-checking.yaml +++ b/nodepool/tests/fixtures/node-host-key-checking.yaml @@ -11,6 +11,8 @@ zookeeper-servers: labels: - name: fake-label min-ready: 1 + - name: fake-label2 + min-ready: 1 providers: - name: fake-provider @@ -37,6 +39,22 @@ providers: min-ram: 8192 flavor-name: 'Fake' + - name: fake-provider2 + cloud: fake + driver: fake + region-name: fake-region + rate: 0.0001 + diskimages: + - name: fake-image + pools: + - name: main + max-servers: 96 + labels: + - name: fake-label2 + diskimage: fake-image + host-key-checking: False + min-ram: 8192 + diskimages: - name: fake-image elements: diff --git a/nodepool/tests/unit/test_launcher.py b/nodepool/tests/unit/test_launcher.py index 3d5656815..bb22b6150 100644 --- a/nodepool/tests/unit/test_launcher.py +++ b/nodepool/tests/unit/test_launcher.py @@ -514,21 +514,29 @@ class TestLauncher(tests.DBTestCase): {'key1': 'value1', 'key2': 'value2'}) def test_node_host_key_checking_false(self): - """Test that an image and node are created""" + """Test that images and nodes are created""" configfile = self.setup_config('node-host-key-checking.yaml') pool = self.useNodepool(configfile, watermark_sleep=1) self.useBuilder(configfile) pool.start() image = self.waitForImage('fake-provider', 'fake-image') self.assertEqual(image.username, 'zuul') - nodes = self.waitForNodes('fake-label') + label1_nodes = self.waitForNodes('fake-label') + label2_nodes = self.waitForNodes('fake-label2') - self.assertEqual(len(nodes), 1) - self.assertEqual(nodes[0].provider, 'fake-provider') - self.assertEqual(nodes[0].type, ['fake-label']) - self.assertEqual(nodes[0].username, 'zuul') - # We have no host_keys because host-key-checking is False. - self.assertEqual(nodes[0].host_keys, []) + self.assertEqual(len(label1_nodes), 1) + self.assertEqual(label1_nodes[0].provider, 'fake-provider') + self.assertEqual(label1_nodes[0].type, ['fake-label']) + self.assertEqual(label1_nodes[0].username, 'zuul') + # We have no host_keys because pool.host-key-checking is False. + self.assertEqual(label1_nodes[0].host_keys, []) + + self.assertEqual(len(label2_nodes), 1) + self.assertEqual(label2_nodes[0].provider, 'fake-provider2') + self.assertEqual(label2_nodes[0].type, ['fake-label2']) + self.assertEqual(label2_nodes[0].username, 'zuul') + # We have no host_keys because label.host-key-checking is False. + self.assertEqual(label2_nodes[0].host_keys, []) def test_multiple_launcher(self): """Test that an image and node are created with 2 launchers""" diff --git a/releasenotes/notes/openstack-driver-labels-host-key-checking-f102c013040f5f15.yaml b/releasenotes/notes/openstack-driver-labels-host-key-checking-f102c013040f5f15.yaml new file mode 100644 index 000000000..63b1f754f --- /dev/null +++ b/releasenotes/notes/openstack-driver-labels-host-key-checking-f102c013040f5f15.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Provider labels for the OpenStack driver are now able to toggle + :attr:`providers.[openstack].pools.labels.host-key-checking`. This + overrides the host-key-checking value defined by + :attr:`providers.[openstack].pools.host-key-checking`.