OpenStack Compute (nova)

Should instance creation fail if key-pair injection fails

Asked by Unmesh Gurjar

While launching an instance with a key-pair specified, even if the key-pair injection fails, the instance comes up active and running. The user comes to know of this (unless Compute logs are being monitored), only when he is unable to ssh into the instance using the specified key-pair.

What should be the behavior in such a scenario? Should instance creation fail?

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
Unmesh Gurjar
Solved:
Last query:
Last reply:
Revision history for this message
Unmesh Gurjar (unmesh-gurjar) said : 		#1

The root password can be set for an instance using the change password API. However, that feature is not supported for KVM.
Therefore I think the instance creation should fail if key injection fails.

Revision history for this message
Tom Fifield (fifieldt) said : 		#2

Hi Umesh,

Does this comment from Vish Ishaya (Nova core developer) in the associated bug (https://bugs.launchpad.net/nova/+bug/967994) answer your question:

"
Keypair injection is for developer convenience. The guest can still set up keypairs via the metadata server via cloud_init. In general we lean towards not messing with guest instances, so it should be the responsibility of the guest to setup keypairs. In fact, keypair injection should be optional and I would expect most cloud providers to turn it off.

By the way, libvirt can try to inject passwords as well via the config option:

libvirt_inject_password=true
"

?

Regards,

Tom

Revision history for this message
Unmesh Gurjar (unmesh-gurjar) said : 		#3

I agree that key injection should not be fatal.