sudeephb
commented
8 months ago (by afreiberger) This is definitely an issue, and why we've stopped deploying to cloud nodes, it breaks nova migration due to the key copying.
I think we might be better off having a list of users that sshd uses ~/.ssh/authorized_keys for, instead of forcing all user keys to /var/lib/misc/ or /etc/ssh/user-authorized-keys, rather than having to have a cron to keep up with variable auth-keys files.
The "copy_user_key" method is only called upon "install" hook
hooks.hook("install") def install(): setup_udldap() copy_user_keys() reconfigure_sshd()
This means that every time a key is refreshed somehow by any other means, we never refresh it.
I guess it shall be called upon update-status and be a noop operation if there is no difference and only append key, not delete any.
This way if something else (say a nova-compute charm) refresh some ssh keys, they are refreshed automatically.
Arguably this could be handled by the nova-compute charm itself but I fear this is going to collide, so the "append only" feature makes sense anyway.
Imported from Launchpad using lp2gh.
date created: 2020-08-14T14:03:47Z
owner: ballot
assignee: None
the launchpad url