Open termie opened 13 years ago
(by smoser) I would suggest that key injection should be turned off by default.
The hypervisor (or cloud platform) should not need to know anything about the instances it is starting.
key injection is actually a bug, where by openstack is doing something possibly against the AMI author's wishes.
(by vishvananda) I agree with this once we have a decent library of images of various distros with proper startup scripts and a reliable metadata server that works without complex configuration in all networking modes On Dec 2, 2010 5:35 PM, "Scott Moser" smoser@canonical.com wrote:
I would suggest that key injection should be turned off by default.
The hypervisor (or cloud platform) should not need to know anything about the instances it is starting.
key injection is actually a bug, where by openstack is doing something possibly against the AMI author's wishes.
You received this bug notification because you are a member of Nova Bugs, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/683525
Title: Key injection should be configurable
Status in OpenStack Compute (Nova): New
Bug description: At the moment (r430-ish), we unconditionally inject ssh keys (if such a reference is passed in RunInstances) into the guest filesystem's /root/.ssh/authorized_keys.
There needs to be a way to disable this behaviour.
(by smoser) I think ideally this is configurable on a per-ami or per-instance level. Having a global switch of "inject keys" means that AMIs that have explicitly disabled root login (like the Ubuntu ones) are in a sense violated if any image you want to run does not support pulling keys from a metadata service.
If you believe that you have to support image manipulation by the host (which i generally disagree with), then I think that per-ami is probably the right level, and turn it off by default.
At the moment (r430-ish), we unconditionally inject ssh keys (if such a reference is passed in RunInstances) into the guest filesystem's /root/.ssh/authorized_keys.
There needs to be a way to disable this behaviour.
Imported from Launchpad using lp2gh.