[openstack-dev] [nova] keypair quota usage info for user
Matt Riedemann
mriedemos at gmail.com
Fri Jul 27 19:20:01 UTC 2018
On 7/25/2018 12:43 PM, Chris Friesen wrote:
> Keypairs are weird in that they're owned by users, not projects. This
> is arguably wrong, since it can cause problems if a user boots an
> instance with their keypair and then gets removed from a project.
>
> Nova microversion 2.54 added support for modifying the keypair
> associated with an instance when doing a rebuild. Before that there was
> no clean way to do it.
While discussing what eventually became microversion 2.54, sdague sent a
nice summary of several discussions related to this:
http://lists.openstack.org/pipermail/openstack-dev/2017-October/123071.html
Note the entries in there about how several deployments don't rely on
nova's keypair interface because of its clunky nature, and other ideas
about getting nova out of the keypair business altogether and instead
let barbican manage that and nova just references a key resource in
barbican. Before we'd consider making incremental changes to nova's
keypair interface and user/project scoping, I think we would need to
think through that barbican route and what it could look like and how it
might benefit everyone.
--
Thanks,
Matt
More information about the OpenStack-dev
mailing list