[Openstack] [Heat] admin_user property implementation

Steven Dake sdake at redhat.com
Mon Mar 24 17:09:12 UTC 2014


On 03/24/2014 09:19 AM, Clint Byrum wrote:
> Excerpts from Michaƫl Van de Borne's message of 2014-03-24 09:00:59 -0700:
>> Hi there,
>>
>> 1. When an instance is booted from a Heat stack, the user for whom the
>> ssh public key is injected is, by default, 'ec2-user'. Even if there is
>> a cloud-wide setting (instance_user in /etc/heat/heat.conf) that allows
>> to change this, it isn't a good solution, as all stack deployments will
>> then use that specific value (although various cloud images may require
>> various users). I would expect here that Heat runs its operations *on
>> behalf of the default user defined in the cloud-init configuration of
>> the instance*. I would be glad if there was a way to configure Heat that
>> way. Any idea??
>>
> I have to agree that we shouldn't be imposing a default user on people.
> I've never understood why CloudFormation did that. The images do a
> fine job of selecting an appropriate username. I actually created the
> admin_user setting because I found it a bit vulgar that Heat was putting
> 'ec2-user' on all of the servers we were spinning up to run OpenStack
> itself. :) So we call ours 'heat-admin' in TripleO.
>
> Note that in the fix for the bug below, it was realized that native
> Heat resources don't need to maintain compatibility with CloudFormation,
> so OS::Nova::Server will no longer create the 'ec2-user' user:
>
> https://bugs.launchpad.net/heat/+bug/1257410
>
> And you will in fact be able to expect that your default configuration
> for user will be left alone. Unfortunately that won't land until we
> un-freeze after the release.
Clint,

The bug is marked for i3-rc1, and the review is seeing good progress.  I 
would expect this bug fix to make Icehouse.

Regards
-steve

>> 2. However, it seems there'd be a workaround using the "admin_user"
>> property in the HOT file (documented here:
>> http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-props).
>> Unfortunately, this parameter is not recognized by heat-api. Here's the
>> error:
>>
>> 2014-03-24 16:32:23.940 1128 DEBUG root [-] JSON response :
>> {"explanation": "Unknown Property admin_user", "code": 400, "error":
>> {"message": "Unknown Property admin_user", "traceback": "  File
>> \"/usr/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 661, in
>> __call__\n    request, **action_args)\n  File
>> \"/usr/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 729, in
>> dispatch\n    return method(*args, **kwargs)\n  File
>> \"/usr/lib/python2.7/dist-packages/heat/api/openstack/v1/util.py\", line
>> 31, in handle_stack_method\n    return handler(controller, req,
>> **kwargs)\n  File
>> \"/usr/lib/python2.7/dist-packages/heat/api/openstack/v1/stacks.py\",
>> line 317, in validate_template\n    raise
>> exc.HTTPBadRequest(result['Error'])\n", "type": "HTTPBadRequest"},
>> "title": "Bad Request"} to_json
>> /usr/lib/python2.7/dist-packages/heat/common/wsgi.py:562
>>
>>
>> I'm running OpenStack Havana on Ubuntu 12.04.
>>
>> root at penny:/var/log/heat# dpkg -l heat-api
>> ||/ Name Version                                               Description
>> +++-=====================================================-=======================
>> ii  heat-api 2013.2.2-0ubuntu1~cloud0
>> OpenStack orchestration service - ReST API
>>
>>
>>
>> any help appreciated. thank you.
> You could also just configure your images to set up whatever user you
> want and ignore Heat's suggestion.
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack





More information about the Openstack mailing list