*: unify handling of ssh keys #127
Conversation
openshift-ci-robot
added
approved
installer/pkg/config/types.go
Outdated
There was a problem hiding this comment.
The property is optional (per your config.tf comment), so I think this should be omitempty (like the other Admin properties).
steps/variables-libvirt.tf
Outdated
There was a problem hiding this comment.
Add default = "qemu:///system"? And add an (optional) prefix to the description?
There was a problem hiding this comment.
This is a required field.
There was a problem hiding this comment.
This is a required field.
But previously we'd hard-coded qemu://system in a number of places. Do we need to require it if we have a value that usually works that we can use as a default? Or is that default value not as reliable as it seemed?
There was a problem hiding this comment.
I think we are going to see too many developers get hit by this if we have a silent default. OSX users, for example, will probably end up using vmware://system (or whatever the URI is). I'd rather be explicit about this for now.
tests/smoke/aws/README.md
Outdated
tests/smoke/aws/README.md
Outdated
There was a problem hiding this comment.
The new setting should be optional, so this line can grow an (optional) prefix (like the later list entries).
This URI shouldn't be hardcoded since we allow the user to change the libvirt connection URI.
|
retest this please |
tests/run.sh
Outdated
There was a problem hiding this comment.
$(< ...) is a Bashism. For POSIX compat, can we use $(cat ~/.ssh/id_rsa.pub) (which also replaces $HOME with POSIX-compatible ~ expansion)?
|
The Jenkins error was: I'll work through the Jenkins account tonight and try and clean up leaked resources. |
|
retest this please |
|
The new Jenkins error: looks legitamate. We may need more smoke-test changes to either generate a real test keypair, or remove the key from our smoke config. |
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
@yifan-gu please don't lgtm PRs that other team members have commented on. That will cause tide to merge the PR. |
openshift-ci-robot
added
size/L
Instead of each platform implementing their own mechanism for supplying SSH keys, use the same method everywhere. Now, instead of using AWS's metadata service, we inject the keys directly via Ignition. Note: The stub Ignition configs contain the SSH keys. Eventually, the keys will need to be moved into MCO, so that they can be rotated.
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: crawford, yifan-gu The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The variable is used to represent the key_pair. The name doesn't match the use case. This will add confusion when sshKey is added in openshift#127.
The variable is used to represent the key_pair. The name doesn't match the use case. This will add confusion when sshKey is added in openshift#127.
Catching up with openshift/installer@37f623c5 (*: unify handling of ssh keys, 2018-08-14, openshift/installer#127).
37f623c (*: unify handling of ssh keys, 2018-08-14, openshift#127) replaced our old key-pair upload with the TF_VAR_tectonic_admin_ssh_key export, and updated the message from "Uploading SSH key-pair to AWS..." to our current "Generation SSH key-pair..." message. But while we used to *always* upload a key to AWS, we've only ever generated a new key if ~/.ssh/id_rsa.pub was missing. This commit moves the Generating... mesage into the if block to avoid freaking out callers who may think we're clobbering their SSH key ;). While I'm in the area, I've also dropped the SSH variable and its associated SC2034 (unused variable) disable. The output of ssh-keygen isn't particularly interesting, so I've just set -q to quiet it instead. We'd had the old SSH and SC2034 disable since the script landed in a2405e4 (run smoke tests with bash script, 2018-06-18, coreos/tectonic-installer#3284).
The variable is used to represent the key_pair. The name doesn't match the use case. This will add confusion when sshKey is added in openshift#127.
6 participants
Instead of each platform implementing their own mechanism for supplying
SSH keys, use the same method everywhere. Now, instead of using AWS's
metadata service, we inject the keys directly via Ignition.
Note: The stub Ignition configs contain the SSH keys. Eventually, the
keys will need to be moved into MCO, so that they can be rotated.