yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1189838] Re: xenapi: when agent injects ssh key, host keys should also be regenerated

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: John Garbutt <john@xxxxxxxxxxxxxxx>
Date: Thu, 13 Jun 2013 12:48:59 -0000
Reply-to: Bug 1189838 <1189838@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

OK, this is quite an edge case, and as Russell says, maybe shouldn't be
in nova.

But I have reworded things to make it a little clearer.

** Summary changed:

- ssh host keys are not getting regenerated on build from image
+ xenapi: when agent injects ssh key, host keys should also be regenerated

** Changed in: nova
   Importance: Undecided => Low

** Changed in: nova
       Status: Won't Fix => Triaged

** Description changed:

- Host keys in /etc/ssh/ are not getting regenerated when a server is
- built from an image. The ssh host keys are the same as the keys of the
- server from which the image was taken.
+ Currently when the xenapi agent is used to inject the ssh keys, the host
+ keys are not regenerated.
  
- Steps to Recreate: 
- 1. Take an image of an existing server. 
+ While this should be done by the agent, when a snapshot is taken, the
+ keys are already present, and so are not regenerated.
+ 
+ A workaround for users is to delete the keys before taking the snapshot.
+ 
+ However we could get nova to generate and inject host keys, but this
+ might be overkill.
+ 
+ Steps to Recreate:
+ 1. Take an image of an existing server.
  2. Build a new server from that image
  Verify the host keys are same on the new server.

** Tags added: xenserver

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1189838

Title:
  xenapi: when agent injects ssh key, host keys should also be
  regenerated

Status in OpenStack Compute (Nova):
  Triaged

Bug description:
  Currently when the xenapi agent is used to inject the ssh keys, the
  host keys are not regenerated.

  While this should be done by the agent, when a snapshot is taken, the
  keys are already present, and so are not regenerated.

  A workaround for users is to delete the keys before taking the
  snapshot.

  However we could get nova to generate and inject host keys, but this
  might be overkill.

  Steps to Recreate:
  1. Take an image of an existing server.
  2. Build a new server from that image
  Verify the host keys are same on the new server.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1189838/+subscriptions