On Mon, 2023-08-21 at 12:41 +0000, Pureewat Kaewpoi wrote:
Hi
I forgot to give crucial information. I want to use with Windows instance that needs to use cloudbase-init.
As I read this code https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/metada... It looks like cloudbase-init does not support to use public key via user-data. It only read it from 'public-keys' key in meta-data.json
Maybe I have to patch something to make this work? oh well for windows instances when you import a key you can import a non ssh key by settign the keytype. https://docs.openstack.org/api-ref/compute/?expanded=import-or-create-keypai... simple set the type to x509 i.e. instead of { "keypair": { "name": "keypair-d20a3d59-9433-4b79-8726-20b431d89c78", "type": "ssh", "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDx8nkQv/zgGgB4rMYmIf+6A4l6Rr+o/6lHBQdW5aYd44bd8JttDCE/F/pNRr0lRE+PiqSPO8nDPHw0010JeMH9gYgn nFlyY3/OcJ02RhIPyyxYpv9FhY+2YiUkpwFOcLImyrxEsYXpD/0d3ac30bNH6Sw9JD9UZHYcpSxsIbECHw== Generated-by-Nova", "user_id": "fake" } }
{ "keypair": { "name": "keypair-d20a3d59-9433-4b79-8726-20b431d89c78", "type": "x509", "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDx8nkQv/zgGgB4rMYmIf+6A4l6Rr+o/6lHBQdW5aYd44bd8JttDCE/F/pNRr0lRE+PiqSPO8nDPHw0010JeMH9gYgn nFlyY3/OcJ02RhIPyyxYpv9FhY+2YiUkpwFOcLImyrxEsYXpD/0d3ac30bNH6Sw9JD9UZHYcpSxsIbECHw== Generated-by-Nova", "user_id": "fake" } } x509 certs are what windows uses for winrm or powershell remote exec (i think winrm is using that under the hood). That shoudl enable cloudbase-init to find the keypair and import it when we said use user_data we were actully suggesting embdedin the key in the userdata and writing a script (in bash/powershell) in the the user data to install the key where it is requried. this woudl not require cloudbase- init to support it since you are just using cloudbase-init to execute the script.
Thank you, Pureewat
________________________________ From: Jeremy Stanley <fungi@yuggoth.org> Sent: Monday, August 21, 2023 7:19 PM To: openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org> Subject: Re: [nova-api] Inject public key without create key pair in nova ?
Caution:This email send from outside the company. DO NOT click links, open attachments or forward unless you recognize the sender and know the content is safe.