openstack team mailing list archive

[Anne Gentle <anne@xxxxxxxxxxxxx>]

Hi all, especially our friendly neighborhood Horizon developers -

Can you better explain to Jamie how keypair injection works and what
Compute API commands correspond with the Dashboard creation and association
of keypairs?

Thanks,
Anne

---------- Forwarded message ----------
From: Jamie Marshall <ijm667@xxxxxxxxxxx>
Date: Wed, Apr 24, 2013 at 11:59 PM
Subject: RE: Nova API Keypairs
To: Anne Gentle <anne@xxxxxxxxxxxxx>


Hello Anne,

Thanks for your answer. Yes I know how to add the keypairs through the
dashboard and then to log in using the SSH. My issue is replicating what
the dashboard is to be able to do what HORIZON is doing but by using only
the official NOVA REST API.

I build a SECURITY GROUP with SECURITY RULES
I select an IMAGE
I select a FLAVOR
I create a SERVER for tyhe selected IMAGE, FLAVOR and SECURITY GROUP
I then associate the FLOATING IP to the SERVER

I then wait for the SERVER to become available and then I install and
configure the application software.

All of this is done by the Accords Platform of CompatibleOne and works
great.

Now I need to push forward and be able to handle the KEYPAIRS in this
automatic sequence to be able to use images
that have not been prepared to include our COSACS application configuration
interface.

I do not want to use the METADATA and PERSONALITY since I have found that
it is not at all reliable being very much hypervisor dependant.

I must therefore rely on KEYPAIR injection to allow SSH and SCP access to
the automated tool set.

I can create, list, retrieve and delete KEYPAIRS using the NOVA REST API.

The only piece of information that eludes me is the way that the KEYPAIR is
to be attatched, injected or associated with a SERVER.
I see how it is done using the nova command line tool using the -key_name
"keynamevalue" option but this cannot be used for remote operation.

Someone in the OpenStack community must know how this works.

Sincerely
Jamie
CTO CompatibleOne

------------------------------
From: anne@xxxxxxxxxxxxx
Date: Wed, 24 Apr 2013 13:20:07 -0500

Subject: Re: Nova API Keypairs
To: ijm667@xxxxxxxxxxx

If you only have Dashboard access, then you can still use ssh -i keyname to
log into the instance.

You can see this done in this demo:
http://www.youtube.com/watch?v=yNdIRCn6Mo8 On the launch instance dashboard
screen at about :55 you'll see adding a keypair using the dashboard. Then
in the Terminal when I use ssh to get to the instance I use the .pem file.

Some images may not allow this, however. Can you talk to your cloud
provider to better understand how to do what you're trying to do?

Anne

On Sat, Apr 20, 2013 at 5:00 AM, Jamie Marshall <ijm667@xxxxxxxxxxx> wrote:

Dear Thierry and Anne,

I am writing to you to try and find precise information concerning the use
of "keypairs" through the NOVA API for OpenStack. The documentation that is
currently available via api.openstack.org show how key pairs may be
created, via POST, retrieved and listed, via GET, and of course deleted.
There is however no perspective with respect to the use of the key pair
with a deployed compute or server instance. There is information dating
from early 2012 which leands me to believe that the relation between the
key pair and a compute instance is through the instance name. This is not
clear to me since the standard nova tool uses a key_name command line
switch to specify a previously created key pair name to be associated with
the "soon to be" created compute instance.  There is currently no reference
to a key pair name attribute or element in the official API description of
the request message for the POST /servers request. I need to be able to
manage this aspect completly within the OpenStack PROCCI interface of the
CompatibleOne Accords Platform and would appreciate if either of you could
point me to the corresponding documents or persons that would allow me to
complete this final aspect of OpenStack Automated provisioning.

Sincerely
Jamie Marshall
CTO CompatibleOne