← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #32515

[Bug 1450454] [NEW] RFE: allow admin to upload SSH keypair on behalf of an user

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I am setting up OpenStack instance configuration in Ansible manifest, so
in case of a failure, I can rebuild the instance. We have a lot of users
and we have central storage of their ssh keys.

I can upload the SSH keys at early hours of OpenStack instance by:
  nova --os-username USER1 --os-password USER1_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1

However this require that we track the password we initially set and I could not do that once user changes his password (and I do not know the password).
I can then do:
  nova --os-username ADMIN --os-password ADMIN_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1
but then  user1 does not see this keypair and is unable to manage his own key.

It would be nice if admin user can upload and delete ssh key on behalf
of user. I.e. admin uploads ssh key  for user and that user can
see/delete that ssh key.

This way when user alter his ssh key on central repository, we can sync
it to OpenStack. It will tighten security because we would not need to
track users initial passwords separetely. And lower need of human
assistance when reprovision whole OpenStack infrastructure.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1450454

Title:
  RFE: allow admin to upload SSH keypair on behalf of an user

Status in OpenStack Compute (Nova):
  New

Bug description:
  I am setting up OpenStack instance configuration in Ansible manifest,
  so in case of a failure, I can rebuild the instance. We have a lot of
  users and we have central storage of their ssh keys.

  I can upload the SSH keys at early hours of OpenStack instance by:
    nova --os-username USER1 --os-password USER1_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1

  However this require that we track the password we initially set and I could not do that once user changes his password (and I do not know the password).
  I can then do:
    nova --os-username ADMIN --os-password ADMIN_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1
  but then  user1 does not see this keypair and is unable to manage his own key.

  It would be nice if admin user can upload and delete ssh key on behalf
  of user. I.e. admin uploads ssh key  for user and that user can
  see/delete that ssh key.

  This way when user alter his ssh key on central repository, we can
  sync it to OpenStack. It will tighten security because we would not
  need to track users initial passwords separetely. And lower need of
  human assistance when reprovision whole OpenStack infrastructure.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1450454/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next