In the overcloud heat, heat.conf instance_user is set to heat-admin.
The consequence of this is that SSHing into heat created guest VMs will require the user 'heat-admin'. I predict that this will result in user confusion as to how to SSH into their VMs since they will be attempting default usernames (centos, cloud-user etc) or the documented heat default user (ec2-user)
Upstream, instance_user is deprecated and will be removed in Liberty, meaning image default usernames would be used to SSH into VMs (centos, cloud-user etc).
Overcloud heat should have instance_user set to <empty> now so that default usernames are used. Since heat-admin will cause user confusion, and upstream behaviour will change, I'd like this to be considered a blocker for GA.
Having instance_user set to heat-admin on the undercloud heat *is* appropriate, since we document how operators should ssh into their overcloud nodes.
Upstream puppet-heat patch: https://review.openstack.org/#/c/197147
Upstream tripleo-heat-templates patch: https://review.openstack.org/#/c/198947/
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.