Bug 1570905
Summary: | [RFE] [Satellite 6] Option to Select available KeyPair in EC2 Compute Resource | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Anto P Joseph <ajoseph> |
Component: | Compute Resources - EC2 | Assignee: | satellite6-bugs <satellite6-bugs> |
Status: | CLOSED WONTFIX | QA Contact: | Lukáš Hellebrandt <lhellebr> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | Unspecified | CC: | bkearney, lhellebr, rjerrido, smercurio |
Target Milestone: | Unspecified | Keywords: | FutureFeature, Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-04 14:03:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Anto P Joseph
2018-04-23 16:46:51 UTC
I will clarify the issue: If the foreman-<GUID> key is going to be added to any other user other than root (ec2-user) This needs to be clear in the DOCs. ALSO I think that is WRONG unless you are using cloud-init which I CAN/WILL NOT due to the following: 1) OTP with IDM initial registration is BROKEN on cloud-init (known issue/BZ) NOT ssh finish scripts 2) Many clients want a STANDARD that works on ALL public clouds - Users should NOT have to treat EC2 ANY different that their VMware/RHV image builds as in mine and MANY other cases THE RHV BUILD IMAGE IS WHAT I UPLOADED TO/CONVERTED IN AWS to use as my AWS AMI *** READ AS: GET DOCS WRITTEN FOR NON-REDHAT/BYOL PROVIDED IMAGES *** 3) I do not want to use cloud init as it does NOT support all the functionality I can get right now out of an SSH finish script. 4) Why should I have to write and maintain ANOTHER script template set when I already have exactly what I need in the SSH finish templates - I shouldn't HAVE to. It's GREAT to have the option but BOTH should be (and after figuring it out ARE) able to work. 5) Why would I want yet another pkg/service (cloud-init) to worry about/secure on EVERY system? Some may want it but NOT all just like for RHV/VMware. When I use the AWS web console to provision a VM I get to pick the key and AWS puts that in *ROOT'S* authorized_keys file. WHY CAN'T SAT6 DO THE SAME by putting the foreman-GUID key in root's auth_keys file ***WHICH IS WHERE THE SSH FINISH SCRIPT NEEDS IT - NOT IN ec2-user (which it doesn't even do anyway as neither that user or cloud-init is present/running) *** I don't understand WHY you would add that key ANYWHERE else for images with no cloud-init box checked in the CR. Once I figured out what was going on and MANUALLY: 1) pulled foreman-GUID priv key out of Sat6 2) generated pub key for foreman-GUID 3) added the pub key to root auth_keys in my image SSH FINISH SCRIPTED WORKED GREAT. The *REAL* solution is ALLOW ssh password access as root just like kickstarts/RHV but at the very least either: 1) put the key in roots auth_keys like the AWS web console OR 2) DOC the fact that this is on the user and here is the steps to do it. I and *MANY* others just take the on-prem standard OS image for VMware/RHV and upload and convert it right into an AMI so that the SAME puppet/apps/etc code just works on AWS SAME AS RHV/VMWARE. Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you. |