On Fri, Oct 10, 2025, at 00:59, Clark Boylan wrote:
On Thu, Oct 9, 2025, at 3:46 PM, Ivan Marton wrote:
Hello Maksim,
My cloud provider provides an openstack API too to manage resources. I'm using Terraform to do so. When attempting to upload a new public key using the openstack_compute_keypair_v2 resource of the https://registry.terraform.io/providers/terraform-provider-openstack/opensta... provider, the API server responds with the following error message: {"badRequest": {"code": 400, "message": "Keypair data is invalid: failed to generate fingerprint"}}
The provider's issue tracker point to the Openstack API server about similar problems, that seems to be valid since the error message comes from server side: https://github.com/terraform-provider-openstack/terraform-provider-openstack...
Someone from the Nova team probably needs to chime in on the underlying mechanism and what the proper fix is. (I think Nova uses the python cryptography pacakage to serialize and deserialize keys so potentially some update there?)
That said we stuff multiple keys into a single Nova key object and this works. I think Nova only validates the first key listed. I haven't tested this with sk key variants (we're a mix of traditional RSA and ed25519 keys), but it is probably worth testing if you create a single Nova key with multiple keys in it (separated by newlines) and the first one is of an acceptable type do keys of unknown types (to Nova) make it into your instances? It seems to me that the underlying cryptography module does support these public keys since https://github.com/pyca/cryptography/commit/51a6dd28ccbb7587fff9e951299b17aa.... That commit appeared in version 43.0.0 first. (In 2.7 that I see in https://github.com/openstack/nova/blob/076498ed95958a5d6ccb784f3d336657584bc... this was still not there. 2.7 was released on May 31, 2019, while 43.0.0 on Jul 20, 2024.)
Is there chance to have that dependency being bumped up to some newer version? Thanks, Ivan