yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2108974] [NEW] Keypairs lost during cross-cell resize in instance_extra

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Daniel Failing <2108974@xxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Apr 2025 08:31:05 -0000
Reply-to: Bug 2108974 <2108974@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

When resizing cross-cell we found that the metadata key keys is missing after a resize.
For VMs that are rebuilt after a cross cell resize, cloud-init might not be able to find the SSH key in the metadata anymore and don't install the key.


Steps to reproduce
==================
1. Create VM with keypair
openstack server create --flavor flavor_src_cell --image "RHEL9 - x86_64" --key-name mysshkey test-vm
2. Resize/Migrate the VM to a different cell
openstack server resize --flavor flavor_dst_cell test-vm
openstack server resize confirm test-vm
3. (optional) Rebuild the VM => loose access
openstack server rebuild test-vm


Expected result
===============
SSH key still being present in the metadata

Actual result
=============
The keypair is no longer in the metadata/instance_extra.

You can verify after during step 2 before confirming the resize:
select keypairs from src_cell.instance_extra where instance_uuid = "...";
nova-KeypairList-json
select keypairs from dst_cell.instance_extra where instance_uuid = "...";
NULL

In the first query the src_cell still has the keypair in the DB, while
the dst_cell does not have the value. Note the other fields seem to be
properly filled in instance_extra, only keypairs will be NULL.

Corresponding endpoint that looses the keys:
curl -q 169.254.169.254/openstack/latest/meta_data.json | jq .keys

Meanwhile the key-name and pub-key are still in instances table, so the metadata endpoint will continue to work:
curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
However cloud-init does not install this key in the ssh step.


Environment
===========
1. Exact version of OpenStack you are running. See the following
Yoga: 25.1.1

2. Which hypervisor did you use?
Libvirt+KVM

3. Which networking type did you use?
Neutron + LinuxBridge/OVN

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2108974

Title:
  Keypairs lost during cross-cell resize in instance_extra

Status in OpenStack Compute (nova):
  New

Bug description:
  When resizing cross-cell we found that the metadata key keys is missing after a resize.
  For VMs that are rebuilt after a cross cell resize, cloud-init might not be able to find the SSH key in the metadata anymore and don't install the key.

  
  Steps to reproduce
  ==================
  1. Create VM with keypair
  openstack server create --flavor flavor_src_cell --image "RHEL9 - x86_64" --key-name mysshkey test-vm
  2. Resize/Migrate the VM to a different cell
  openstack server resize --flavor flavor_dst_cell test-vm
  openstack server resize confirm test-vm
  3. (optional) Rebuild the VM => loose access
  openstack server rebuild test-vm

  
  Expected result
  ===============
  SSH key still being present in the metadata

  Actual result
  =============
  The keypair is no longer in the metadata/instance_extra.

  You can verify after during step 2 before confirming the resize:
  select keypairs from src_cell.instance_extra where instance_uuid = "...";
  nova-KeypairList-json
  select keypairs from dst_cell.instance_extra where instance_uuid = "...";
  NULL

  In the first query the src_cell still has the keypair in the DB, while
  the dst_cell does not have the value. Note the other fields seem to be
  properly filled in instance_extra, only keypairs will be NULL.

  Corresponding endpoint that looses the keys:
  curl -q 169.254.169.254/openstack/latest/meta_data.json | jq .keys

  Meanwhile the key-name and pub-key are still in instances table, so the metadata endpoint will continue to work:
  curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
  However cloud-init does not install this key in the ssh step.

  
  Environment
  ===========
  1. Exact version of OpenStack you are running. See the following
  Yoga: 25.1.1

  2. Which hypervisor did you use?
  Libvirt+KVM

  3. Which networking type did you use?
  Neutron + LinuxBridge/OVN

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2108974/+subscriptions