[Openstack] [Heat] admin_user property implementation

Clint Byrum clint at fewbar.com
Mon Mar 24 16:19:40 UTC 2014


Excerpts from Michaƫl Van de Borne's message of 2014-03-24 09:00:59 -0700:
> Hi there,
> 
> 1. When an instance is booted from a Heat stack, the user for whom the 
> ssh public key is injected is, by default, 'ec2-user'. Even if there is 
> a cloud-wide setting (instance_user in /etc/heat/heat.conf) that allows 
> to change this, it isn't a good solution, as all stack deployments will 
> then use that specific value (although various cloud images may require 
> various users). I would expect here that Heat runs its operations *on 
> behalf of the default user defined in the cloud-init configuration of 
> the instance*. I would be glad if there was a way to configure Heat that 
> way. Any idea??
> 

I have to agree that we shouldn't be imposing a default user on people.
I've never understood why CloudFormation did that. The images do a
fine job of selecting an appropriate username. I actually created the
admin_user setting because I found it a bit vulgar that Heat was putting
'ec2-user' on all of the servers we were spinning up to run OpenStack
itself. :) So we call ours 'heat-admin' in TripleO.

Note that in the fix for the bug below, it was realized that native
Heat resources don't need to maintain compatibility with CloudFormation,
so OS::Nova::Server will no longer create the 'ec2-user' user:

https://bugs.launchpad.net/heat/+bug/1257410

And you will in fact be able to expect that your default configuration
for user will be left alone. Unfortunately that won't land until we
un-freeze after the release.

> 2. However, it seems there'd be a workaround using the "admin_user" 
> property in the HOT file (documented here: 
> http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-props). 
> Unfortunately, this parameter is not recognized by heat-api. Here's the 
> error:
> 
> 2014-03-24 16:32:23.940 1128 DEBUG root [-] JSON response : 
> {"explanation": "Unknown Property admin_user", "code": 400, "error": 
> {"message": "Unknown Property admin_user", "traceback": "  File 
> \"/usr/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 661, in 
> __call__\n    request, **action_args)\n  File 
> \"/usr/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 729, in 
> dispatch\n    return method(*args, **kwargs)\n  File 
> \"/usr/lib/python2.7/dist-packages/heat/api/openstack/v1/util.py\", line 
> 31, in handle_stack_method\n    return handler(controller, req, 
> **kwargs)\n  File 
> \"/usr/lib/python2.7/dist-packages/heat/api/openstack/v1/stacks.py\", 
> line 317, in validate_template\n    raise 
> exc.HTTPBadRequest(result['Error'])\n", "type": "HTTPBadRequest"}, 
> "title": "Bad Request"} to_json 
> /usr/lib/python2.7/dist-packages/heat/common/wsgi.py:562
> 
> 
> I'm running OpenStack Havana on Ubuntu 12.04.
> 
> root at penny:/var/log/heat# dpkg -l heat-api
> ||/ Name Version                                               Description
> +++-=====================================================-=======================
> ii  heat-api 2013.2.2-0ubuntu1~cloud0                              
> OpenStack orchestration service - ReST API
> 
> 
> 
> any help appreciated. thank you.

You could also just configure your images to set up whatever user you
want and ignore Heat's suggestion.




More information about the Openstack mailing list