Support OpenStack deployments that do not auto-generate server admin passwords

[devcamcar]

Originally reported here: https://groups.google.com/forum/#!topic/jclouds/1P6zs20yvgQ

Nova supports (and has for a while) a flag called enable_instance_password. For HP and Rackspace public clouds, this value is set to yes, meaning that when a new virtual server is created, you can either specify your own password or have Nova generate one for you automatically. In the metadata returned from the server create API there is a value called adminPass.

However, many OpenStack deployments choose to set enable_instance_password=False, which more closely mimics the Amazon EC2 style of authentication for guests. In this mode, you are required to use public/private key pairs in order to authenticate an SSH login.

I came upon this issue when evaluating Cloudify against my private cloud and quickly became blocked by this.

I hope this ticket is triaged quickly as this is currently preventing JClouds from being compatible with a very large number of OpenStack deployments.

Here is the relevant stack trace:

using jclouds 1.5.3 and an openstack environment configured with: enable_instance_password=false

I get the following exception: Error parsing input: Operation failed. java.lang.NullPointerException: adminPass at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:208) at org.jclouds.openstack.nova.v2_0.domain.ServerCreated.(ServerCreated.java:86) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.jclouds.json.internal.DeserializationConstructorAndReflectiveTypeAdapterFactory$DeserializeWithParameterizedConstructorSerializeWithDelegate.newInstance(DeserializationConstructorAndReflectiveTypeAdapterFactory.java:219) ...

There are more details here: https://cloudifysource.zendesk.com/entries/23016522 including a log file with the "jclouds.wire" and "jcloudes.headers" output. The 'adminPass' element is definitely not there.

[codefromthecrypt]

quick question. is this either or? meaning is it the case that there will either be an admin pass or ssh key injection? Or, is it possible that neither are present?

[devcamcar]

It's either set to true, and then no ssh keypairs are used and the adminPass will always be present upon server creation, or it is set to false, and you must specify the name of the keypair you are using which nova will then inject into the server and adminPass will always be missing.

[devcamcar]

After re-reading your question I want to elaborate a bit more - what I said in my previous comment is true but with one clarification.

When enable_instance_password is false, then no admin pass is generated. However in this case if you don't specify the name of the SSH keypair to inject, then you simply cannot log in to the server.

So three cases:

enable_instance_password = True: adminPass always returned enable_instance_password = False and SSH key pair specificed: adminPass never returned and you can SSH to the guest with that key enable_instance_password = False and no SSH key pair specified: adminPass never returned and SSH access to the guest is not possible

[codefromthecrypt]

yeah the reason I asked was I know some people bake images with no ssh access at all, and was wondering if this is a possibility.

[devcamcar]

Yes, effectively it's the exact same behavior as launching an instance on EC2.

[codefromthecrypt]

ok, still time to get this into 1.5.6

[devcamcar]

epicly fast turnaround <3

[codefromthecrypt]

ok this will be in 1.5.6, as it is on the release branch (1.5.x)