[openstack-dev] Nodepool: puppet puts wrong key in authorized_keys in slave

Asselin, Ramy ramy.asselin at hp.com
Sat May 30 15:38:54 UTC 2015


Hi Eduard,

While not immediately related to your issue, if you haven’t tried using disk-image-builder, I strongly recommend it. Overall it’s much simpler, faster, and superior in every regard to create, debug, and maintain nodepool images.

I just updated my sample to use it: https://github.com/rasselin/os-ext-testing-data/blob/master/etc/nodepool/nodepool.yaml.erb.sample

And very likely it will also solve your authorized_keys issue. If you look at the diff, you’ll see how many comments were deleted regarding getting keys and auth to work because it just works. Can’t recommend it enough.

Best,
Ramy

From: Eduard Matei [mailto:eduard.matei at cloudfounders.com]
Sent: Saturday, May 30, 2015 12:26 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] Nodepool: puppet puts wrong key in authorized_keys in slave

Hi,

Recently i updated nodepool and the devstack where it's supposed to create slaves.
After some minor issues i managed to get it running, and it is able to create an image and i can login to an instance created from that image using user "ubuntu" (image is trusty).

While trying to add the slave to jenkins it fails with ssh error.
After a little debugging i found that in the authorized_keys of user ubuntu is the correct key (so i can ssh as user ubuntu) - the one i put in the Key-pair, but for user jenkins there is another key which i can't find for any user in the jenkins master.

The authorized_keys for user jenkins contains:
# HEADER: This file was autogenerated at 2015-05-29 12:35:49 +0000
# HEADER: by puppet.  While it can still be managed manually, it
# HEADER: is definitely not recommended.
... then the key... and at the end: jenkins-master-2014-04-24

While for user ubuntu:
... the key from user jenkins on the master... and at the end: jenkins at jenkins-cinderci

I didn't make any changes to nodepool.yaml or the keys themselves.

I've been looking inside nodepool's scripts, but this looks like a puppet script and i don't know how to debug those.

Thanks,

Eduard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150530/bfd4f3a6/attachment.html>


More information about the OpenStack-dev mailing list