yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #47785
[Bug 1555521] [NEW] "failed to generate fingerprint" when importing ed25519 key
Public bug reported:
While RSA keys are most established, and still prevalent, ed25519 are
gaining significance. However, trying to import an ed25519 pubkey fails:
==> /var/log/nova/nova-api.log <==
2016-03-10 09:52:09.538 2823 INFO nova.api.openstack.wsgi [req-e9474955-458c-4cf0-b8ca-fcbd4129824d 133e8f3fc1ad43efa9e7bd2401282ebd 801bf0d65c9646118905853d5615f6ee - - -] HTTP exception thrown: Keypair data is invalid: failed to generate fingerprint
2016-03-10 09:52:09.539 2823 INFO nova.osapi_compute.wsgi.server [req-e9474955-458c-4cf0-b8ca-fcbd4129824d 133e8f3fc1ad43efa9e7bd2401282ebd 801bf0d65c9646118905853d5615f6ee - - -] 172.25.16.58 "POST /v2/801bf0d65c9646118905853d5615f6ee/os-keypairs HTTP/1.1" status: 400 len: 319 time: 0.0246069
In this example, it was tried to upload the key through Horizon, but the
error occured in Nova as shown above.
This was using the latest ci-passed Mitaka packages from RDO on CentOS
7:
[root@red-test ~]# rpm -qa | grep openstack-nova
openstack-nova-conductor-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-scheduler-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-common-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-console-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-cert-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-api-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-novncproxy-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-compute-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
To generate an ed25519 key to try this yourself, simply run:
ssh-keygen -t ed25519
Note, that support for ed25519 in openssl (and openssh) is only
available in somewhat modern distributions (CentOS 7, Fedora and Ubuntu
should be fine).
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1555521
Title:
"failed to generate fingerprint" when importing ed25519 key
Status in OpenStack Compute (nova):
New
Bug description:
While RSA keys are most established, and still prevalent, ed25519 are
gaining significance. However, trying to import an ed25519 pubkey
fails:
==> /var/log/nova/nova-api.log <==
2016-03-10 09:52:09.538 2823 INFO nova.api.openstack.wsgi [req-e9474955-458c-4cf0-b8ca-fcbd4129824d 133e8f3fc1ad43efa9e7bd2401282ebd 801bf0d65c9646118905853d5615f6ee - - -] HTTP exception thrown: Keypair data is invalid: failed to generate fingerprint
2016-03-10 09:52:09.539 2823 INFO nova.osapi_compute.wsgi.server [req-e9474955-458c-4cf0-b8ca-fcbd4129824d 133e8f3fc1ad43efa9e7bd2401282ebd 801bf0d65c9646118905853d5615f6ee - - -] 172.25.16.58 "POST /v2/801bf0d65c9646118905853d5615f6ee/os-keypairs HTTP/1.1" status: 400 len: 319 time: 0.0246069
In this example, it was tried to upload the key through Horizon, but
the error occured in Nova as shown above.
This was using the latest ci-passed Mitaka packages from RDO on CentOS
7:
[root@red-test ~]# rpm -qa | grep openstack-nova
openstack-nova-conductor-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-scheduler-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-common-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-console-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-cert-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-api-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-novncproxy-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
openstack-nova-compute-13.0.0.0b4-0.20160304162843.c5a45a2.el7.centos.noarch
To generate an ed25519 key to try this yourself, simply run:
ssh-keygen -t ed25519
Note, that support for ed25519 in openssl (and openssh) is only
available in somewhat modern distributions (CentOS 7, Fedora and
Ubuntu should be fine).
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1555521/+subscriptions
Follow ups
