Closed dsboulder closed 8 years ago
@dsboulder, Personally I'm a fan of how GCP transparently integrates the Google identity which accesses the web console and a SSH key associated with that identity via gcloud compute ssh
Seems that passing in a set of public keys at VM creation time would be unnecessary given the above functionality.
Or am I misunderstanding the use case?
@mrdavidlaing
bosh-init
needs an SSH keypair for it's tunnel when the director VM is being created. It's an ephemeral keypair, in that it's only used to bootstrap the VM, but we'd have to set it on the BOSH director. That's why OpsManager requires you to paste in the SSH private key when you setup BOSH.
I also think the CPI should provide as many of the options as make sense from the "Create VM" google console page. This is one set of options we haven't added yet, and I've got a good use for it when bootstrapping BOSH.
@dsboulder hold on doing this in the CPI. i think we can cover this generically through env
key (last param to create_vm).
@cppforlife Doesn't the CPI have to be modified in order to setup SSH keys when a VM is being created? Or does the bosh-agent install the keys out the VM metadata? If so, that works for bosh-init VMs and SSH tunnels as well?
@dsboulder the bosh-agent downloads keys from metadata/config-drive just as e.g. cloud-init would do. The CPI writes that data when creating a VM (since on most IaaS layers you can write that data only once, at VM boot)
@dsboulder im pretty sure we can make it all through the director/bosh-init/agent.
@evandbrown @cppforlife I agree with Dmitriy then, BOSH agent should install SSH keys in an IaaS agnostic way. Let's wait for that and not put the feature in any of the CPIs.
As part of a VM cloud properties, it would be nice if I could do 2 things:
What do y'all think?