yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #32515
[Bug 1450454] [NEW] RFE: allow admin to upload SSH keypair on behalf of an user
Public bug reported:
I am setting up OpenStack instance configuration in Ansible manifest, so
in case of a failure, I can rebuild the instance. We have a lot of users
and we have central storage of their ssh keys.
I can upload the SSH keys at early hours of OpenStack instance by:
nova --os-username USER1 --os-password USER1_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1
However this require that we track the password we initially set and I could not do that once user changes his password (and I do not know the password).
I can then do:
nova --os-username ADMIN --os-password ADMIN_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1
but then user1 does not see this keypair and is unable to manage his own key.
It would be nice if admin user can upload and delete ssh key on behalf
of user. I.e. admin uploads ssh key for user and that user can
see/delete that ssh key.
This way when user alter his ssh key on central repository, we can sync
it to OpenStack. It will tighten security because we would not need to
track users initial passwords separetely. And lower need of human
assistance when reprovision whole OpenStack infrastructure.
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1450454
Title:
RFE: allow admin to upload SSH keypair on behalf of an user
Status in OpenStack Compute (Nova):
New
Bug description:
I am setting up OpenStack instance configuration in Ansible manifest,
so in case of a failure, I can rebuild the instance. We have a lot of
users and we have central storage of their ssh keys.
I can upload the SSH keys at early hours of OpenStack instance by:
nova --os-username USER1 --os-password USER1_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1
However this require that we track the password we initially set and I could not do that once user changes his password (and I do not know the password).
I can then do:
nova --os-username ADMIN --os-password ADMIN_PASSWORD --os-tenant-name FOO keypair-add --pub-key user1.pub user1
but then user1 does not see this keypair and is unable to manage his own key.
It would be nice if admin user can upload and delete ssh key on behalf
of user. I.e. admin uploads ssh key for user and that user can
see/delete that ssh key.
This way when user alter his ssh key on central repository, we can
sync it to OpenStack. It will tighten security because we would not
need to track users initial passwords separetely. And lower need of
human assistance when reprovision whole OpenStack infrastructure.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1450454/+subscriptions
Follow ups
References