Bug 1950196
| Summary: | ssh Key is added even with 'Expose SSH access to this virtual machine' unchecked | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Guohua Ouyang <gouyang> |
| Component: | Console Kubevirt Plugin | Assignee: | Matan Schatzman <mschatzm> |
| Status: | CLOSED ERRATA | QA Contact: | Guohua Ouyang <gouyang> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.8 | CC: | aos-bugs, gouyang, mschatzm, yzamir |
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 23:01:26 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Guohua Ouyang
2021-04-16 02:41:34 UTC
Set it to high because it prevent other VMs to run if the ssh key is added. Notes: a. It's ok to add authorized key to a machine even if it currently does not have a k8s-service exposing sshd. b. It does not prevent other VMs to run. Its not what was designed, so we need to align implementation to design by not injecting authorized keys when not exposing the ssh service on VM creation (user may expose the service while VM is running and in 4.9 they will be able to "ssh-copy-id" and inject authorized keys while VM is running from the UI) Guohua hi,
> it prevent other VMs to run if the ssh key is added.
ssh key should not prevent other MVs from running, am I missing something ?
(In reply to Yaacov Zamir from comment #3) > Guohua hi, > > > it prevent other VMs to run if the ssh key is added. > > ssh key should not prevent other MVs from running, am I missing something ? It's another issue, if the key is remembered in one template and create vm via another template the key is still there and it prevent the vm to start up(seems a new secrets is needed but not actually). The error is """ Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> Successfully assigned default/virt-launcher-rhel6-colourful-quail-bpwnr to uit02-lkcsd-worker-0-zf6mz Warning FailedMount 65s kubelet, uit02-lkcsd-worker-0-zf6mz Unable to attach or mount volumes: unmounted volumes=[authorizedsshkeys-rhel6-colourful-quail-access-cred], unattached volumes=[hotplug-disks libvirt-runtime sockets rhel6-colourful-quail authorizedsshkeys-rhel6-colourful-quail-access-cred ephemeral-disks container-disks]: timed out waiting for the condition Warning FailedMount 60s (x9 over 3m7s) kubelet, uit02-lkcsd-worker-0-zf6mz MountVolume.SetUp failed for volume "authorizedsshkeys-rhel6-colourful-quail-access-cred" : secret "authorizedsshkeys-rhel6-colourful-quail" not found """ Opened a new bug for c#5: https://bugzilla.redhat.com/show_bug.cgi?id=1952310 And move this bug to verified as the problem in this bug is fixed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |