RFE: Compatibility with OS Login

[verdurin]

The provisioner SSH connection fails when OS Login is enabled on a GCP project.

[milliams]

We use the provisioner account to connect to the management server while the cluster is being created in order to pass in some configuration files. This is done by adding the provisioner's SSH key into the instance's metadata. Enabling OS Login disables the ability to use this method for SSH authentication.

To fix this we have two options:

1. Explicitly disable OS Login for this particular instance
2. Use OS Login to do the provisioning step

I've added an issue at ACRC/citc-terraform#45 to track the development of this.

In the short term I've created a branch in the citc-terraform repo called disable_oslogin. If you could check out that branch (tracked at ACRC/citc-terraform#46) and let me know if it works for you then that would be very helpful.

[verdurin]

Thanks for the response. Should be able to test that by the end of the week.

[verdurin]

First attempt to try this failed with a permissions error during the creation of the VPC network, in a way that it didn't when I tried again with master. Will try again in case it's a local config problem.

[verdurin]

Right, second attempt, it worked with the disable_oslogin branch when the project was still set with:

  - key: enable-oslogin
    value: 'TRUE'

The instance had its own metadata set to disable oslogin and the provisioning step worked as normal:

$ gcloud compute instances describe mgmt --zone=europe-west3-c | grep oslogin -A1
  - key: enable-oslogin
    value: 'FALSE'