Bug 2084476
| Summary: | The Virtual Machine Authorized SSH Key is not shown in the scripts tab. | ||
|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | Yaacov Zamir <yzamir> |
| Component: | User Experience | Assignee: | Ugo Palatucci <upalatuc> |
| Status: | CLOSED ERRATA | QA Contact: | Guohua Ouyang <gouyang> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.11.0 | CC: | cnv-qe-bugs, gouyang |
| Target Milestone: | --- | ||
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-09-14 19:33:14 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Yaacov Zamir
2022-05-12 08:40:53 UTC
Note for verification: vm with no previous secret: show nothing in input box, and create new secret vm with previous secret: show secret content. when saving if nothing chnaged to nothing if changes: - create new secret. - inform user if a new secret was not created, and the old one will contiune to work - if old secret owned by VM, delete it - inform user that a new secret was created, but the old one was not deleted - if ols secret not owned by VM, don't delete it Adding or removing ssh key should has no impact with the existing ssh service. It should be hard to implement it and would be buggy. If the key is changed, we should tell user to delete the ssh service and re-generate it, wdyt? (In reply to Guohua Ouyang from comment #2) > Adding or removing ssh key should has no impact with the existing ssh > service. It should be hard to implement it and would be buggy. > If the key is changed, we should tell user to delete the ssh service and > re-generate it, wdyt? ssh service is not changed when ssh key change A user need to start the vm first time to use the new key with cloud init, you need: a - create a vm without running it, with one key b - check that you see the old key in the vm script tab c - change the key, start the vm d - check the ssh key in the vm, should be the new one. --- Q1: maybe we need to disable editing authorized key for vms that already run once vms ? how do we know if vm already runed ? Q2 we can make the authorized key work for machines already running, to make this work for an already running machine, we will need to switch to using guest agent instead of cloud-init https://kubevirt.io/api-reference/master/definitions.html#_v1_sshpublickeyaccesscredentialpropagationmethod but allowing users to choose qemuGuestAgent, is an RFE bug (different from this one?), because in the original design we only allowed for cloud-init. verified the bug on CNV-v4.11.0-423/OCP-v4.11.0-36 1. add a key which is not matching, ssh can connect to the VM, but rejected as the key is not matching 2. add a correct key, ssh to the VM is successfully Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.11.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6526 |