<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Hi</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<span style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"><br>
</span></div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<span style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">This method still need to create / import public key in nova and use key_name when create instace.</span><br>
</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
But In my use case I want to inject public-keys when create instance then use cloudbase-init for set account password and then retrieve password via Horizon Dashboard.</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
BTW running script via user-data is a good idea ! Thank for advice.</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Thank you,
<div>PUREEWAT</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> smooney@redhat.com <smooney@redhat.com><br>
<b>Sent:</b> Monday, August 21, 2023 8:05 PM<br>
<b>To:</b> Pureewat Kaewpoi <pureewat.k@bangmod.co.th>; Jeremy Stanley <fungi@yuggoth.org>; openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org><br>
<b>Subject:</b> Re: [nova-api] Inject public key without create key pair in nova ?</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Caution:This email send from outside the company. DO NOT click links, open attachments or forward unless you recognize the sender and know the content is safe.<br>
<br>
On Mon, 2023-08-21 at 12:41 +0000, Pureewat Kaewpoi wrote:<br>
> Hi<br>
><br>
> I forgot to give crucial information. I want to use with Windows instance that needs to use cloudbase-init.<br>
><br>
> As I read this code<br>
> <a href="https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/metadata/services/baseopenstackservice.py#L76">
https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/metadata/services/baseopenstackservice.py#L76</a><br>
> It looks like cloudbase-init does not support to use public key via user-data.<br>
> It only read it from 'public-keys' key in meta-data.json<br>
><br>
> Maybe I have to patch something to make this work?<br>
oh well for windows instances when you import a key you can import a non ssh key by settign the keytype.<br>
<a href="https://docs.openstack.org/api-ref/compute/?expanded=import-or-create-keypair-detail#import-or-create-keypair">https://docs.openstack.org/api-ref/compute/?expanded=import-or-create-keypair-detail#import-or-create-keypair</a><br>
simple set the type to x509<br>
i.e. instead of<br>
{<br>
"keypair": {<br>
"name": "keypair-d20a3d59-9433-4b79-8726-20b431d89c78",<br>
"type": "ssh",<br>
"public_key": "ssh-rsa<br>
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDx8nkQv/zgGgB4rMYmIf+6A4l6Rr+o/6lHBQdW5aYd44bd8JttDCE/F/pNRr0lRE+PiqSPO8nDPHw0010JeMH9gYgn<br>
nFlyY3/OcJ02RhIPyyxYpv9FhY+2YiUkpwFOcLImyrxEsYXpD/0d3ac30bNH6Sw9JD9UZHYcpSxsIbECHw== Generated-by-Nova",<br>
"user_id": "fake"<br>
}<br>
}<br>
<br>
{<br>
"keypair": {<br>
"name": "keypair-d20a3d59-9433-4b79-8726-20b431d89c78",<br>
"type": "x509",<br>
"public_key": "ssh-rsa<br>
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDx8nkQv/zgGgB4rMYmIf+6A4l6Rr+o/6lHBQdW5aYd44bd8JttDCE/F/pNRr0lRE+PiqSPO8nDPHw0010JeMH9gYgn<br>
nFlyY3/OcJ02RhIPyyxYpv9FhY+2YiUkpwFOcLImyrxEsYXpD/0d3ac30bNH6Sw9JD9UZHYcpSxsIbECHw== Generated-by-Nova",<br>
"user_id": "fake"<br>
}<br>
}<br>
<br>
x509 certs are what windows uses for winrm or powershell remote exec (i think winrm is using that under the hood).<br>
That shoudl enable cloudbase-init to find the keypair and import it<br>
<br>
when we said use user_data we were actully suggesting embdedin the key in the userdata and writing a script<br>
(in bash/powershell) in the the user data to install the key where it is requried. this woudl not require cloudbase-<br>
init to support it since you are just using cloudbase-init to execute the script.<br>
<br>
<br>
><br>
> Thank you,<br>
> Pureewat<br>
><br>
> ________________________________<br>
> From: Jeremy Stanley <fungi@yuggoth.org><br>
> Sent: Monday, August 21, 2023 7:19 PM<br>
> To: openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org><br>
> Subject: Re: [nova-api] Inject public key without create key pair in nova ?<br>
><br>
> Caution:This email send from outside the company. DO NOT click links, open attachments or forward unless you recognize<br>
> the sender and know the content is safe.<br>
<br>
</div>
</span></font></div>
</body>
</html>