[openstack-dev] [nova] key_pair update on rebuild (a whole lot of conversations)

Ben Nemec openstack at nemebean.com
Wed Oct 4 04:05:49 UTC 2017



On 10/03/2017 03:16 PM, Sean Dague wrote:
> = Where I think we are? =
> 
> I think with all this data we're at the following:
> 
> Q: Should we add this to rebuild
> A: Yes, probably - after some enhancement to the spec *
> 
> * - we really should have much better use cases about the situations it
> is expected to be used in. We spend a lot of time 2 and 3 years out
> trying to figure out how anyone would ever use a feature, and adding
> another one without this doesn't seem good

Here's an example from my use: I create a Heat stack, then realize I 
deployed some of the instances with the wrong keypair.  I'd rather not 
tear down the entire stack just to fix that, and being able to change 
keys on rebuild would allow me to avoid doing so.  I can rebuild a 
Heat-owned instance without causing any trouble, but I can't re-create it.

I don't know how common this is, but it's definitely something that has 
happened to me in the past.

> 
> Q: should this also be on reboot?
> A: NO - it would be too fragile
> 
> 
> I also think figuring out a way to get Nova out of the key storage
> business (which it really shouldn't be in) would be good. So if anyone
> wants to tackle Nova using Barbican for keys, that would be ++. Rebuild
> doesn't wait on that, but Barbican urls for keys seems like a much
> better world to be in.
> 
> 	-Sean
> 



More information about the OpenStack-dev mailing list