[openstack-dev] [nova] reset key pair during rebuilding

Marcus Furlong furlongm at gmail.com
Wed Sep 27 13:32:08 UTC 2017

On 27 September 2017 at 10:55, Sean Dague <sean at dague.net> wrote:
> On 09/27/2017 05:15 AM, Marcus Furlong wrote:
>> On 27 September 2017 at 09:23, Michael Still <mikal at stillhq.com> wrote:
>>> Operationally, why would I want to inject a new keypair? The scenario I can
>>> think of is that there's data in that instance that I want, and I've lost
>>> the keypair somehow. Unless that data is on an ephemeral, its gone if we do
>>> a rebuild.
>> This is quite a common scenario - staff member who started the
>> instance leaves, and you want to access data on the instance, or
>> maintain/debug the service running on the instance.
>> Hitherto, I have used direct db calls to update the key, so it would
>> be nice if there was an API call to do so.
> But you also triggered a rebuild in the process? Or you tweaked the keys
> and did a reboot? This use case came up in the room, but then we started
> trying to figure out if the folks that mostly had it would also need it
> on reboot.

No rebuild, no.

Update the key name and reboot, or, if someone has access, re-run cloud-init.

# rm -fr /var/lib/cloud/instance/sem/
# cloud-init --single -n ssh

Have also thought about just adding the above to a cronjob in the
images to facilitate this scenario (thus avoiding a reboot if noone
has access).


Marcus Furlong

More information about the OpenStack-dev mailing list