[Openstack] [Heat] admin_user property implementation
Clint Byrum
clint at fewbar.com
Mon Mar 24 16:19:40 UTC 2014
Excerpts from Michaƫl Van de Borne's message of 2014-03-24 09:00:59 -0700:
> Hi there,
>
> 1. When an instance is booted from a Heat stack, the user for whom the
> ssh public key is injected is, by default, 'ec2-user'. Even if there is
> a cloud-wide setting (instance_user in /etc/heat/heat.conf) that allows
> to change this, it isn't a good solution, as all stack deployments will
> then use that specific value (although various cloud images may require
> various users). I would expect here that Heat runs its operations *on
> behalf of the default user defined in the cloud-init configuration of
> the instance*. I would be glad if there was a way to configure Heat that
> way. Any idea??
>
I have to agree that we shouldn't be imposing a default user on people.
I've never understood why CloudFormation did that. The images do a
fine job of selecting an appropriate username. I actually created the
admin_user setting because I found it a bit vulgar that Heat was putting
'ec2-user' on all of the servers we were spinning up to run OpenStack
itself. :) So we call ours 'heat-admin' in TripleO.
Note that in the fix for the bug below, it was realized that native
Heat resources don't need to maintain compatibility with CloudFormation,
so OS::Nova::Server will no longer create the 'ec2-user' user:
https://bugs.launchpad.net/heat/+bug/1257410
And you will in fact be able to expect that your default configuration
for user will be left alone. Unfortunately that won't land until we
un-freeze after the release.
> 2. However, it seems there'd be a workaround using the "admin_user"
> property in the HOT file (documented here:
> http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-props).
> Unfortunately, this parameter is not recognized by heat-api. Here's the
> error:
>
> 2014-03-24 16:32:23.940 1128 DEBUG root [-] JSON response :
> {"explanation": "Unknown Property admin_user", "code": 400, "error":
> {"message": "Unknown Property admin_user", "traceback": " File
> \"/usr/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 661, in
> __call__\n request, **action_args)\n File
> \"/usr/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 729, in
> dispatch\n return method(*args, **kwargs)\n File
> \"/usr/lib/python2.7/dist-packages/heat/api/openstack/v1/util.py\", line
> 31, in handle_stack_method\n return handler(controller, req,
> **kwargs)\n File
> \"/usr/lib/python2.7/dist-packages/heat/api/openstack/v1/stacks.py\",
> line 317, in validate_template\n raise
> exc.HTTPBadRequest(result['Error'])\n", "type": "HTTPBadRequest"},
> "title": "Bad Request"} to_json
> /usr/lib/python2.7/dist-packages/heat/common/wsgi.py:562
>
>
> I'm running OpenStack Havana on Ubuntu 12.04.
>
> root at penny:/var/log/heat# dpkg -l heat-api
> ||/ Name Version Description
> +++-=====================================================-=======================
> ii heat-api 2013.2.2-0ubuntu1~cloud0
> OpenStack orchestration service - ReST API
>
>
>
> any help appreciated. thank you.
You could also just configure your images to set up whatever user you
want and ignore Heat's suggestion.
More information about the Openstack
mailing list