Bug 1240449 - overcloud heat instance_user is set to heat-admin
Summary: overcloud heat instance_user is set to heat-admin
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: Director
Hardware: Unspecified
OS: Unspecified
Target Milestone: ga
: Director
Assignee: Steve Baker
QA Contact: Amit Ugol
Depends On: 1240833
TreeView+ depends on / blocked
Reported: 2015-07-06 22:55 UTC by Steve Baker
Modified: 2015-08-05 13:58 UTC (History)
6 users (show)

Fixed In Version: openstack-tripleo-heat-templates-0.8.6-38.el7ost
Doc Type: Bug Fix
Doc Text:
The Overcloud configured the heat service with instance_user=heat-admin. This meant SSH communication into heat-provisioned guest VMs required the heat-admin user. This fix sets instance_user to an empty value. Now you can SSH into guest VMs using the default image user.
Clone Of:
: 1240833 (view as bug list)
Last Closed: 2015-08-05 13:58:31 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
OpenStack gerrit 198947 None None None Never
Red Hat Bugzilla 1238844 None None None Never
Red Hat Product Errata RHEA-2015:1549 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform director Release 2015-08-05 17:49:10 UTC

Internal Links: 1238844

Description Steve Baker 2015-07-06 22:55:36 UTC
In the overcloud heat, heat.conf instance_user is set to heat-admin.

The consequence of this is that SSHing into heat created guest VMs will require the user 'heat-admin'. I predict that this will result in user confusion as to how to SSH into their VMs since they will be attempting default usernames (centos, cloud-user etc) or the documented heat default user (ec2-user)

Upstream, instance_user is deprecated and will be removed in Liberty, meaning image default usernames would be used to SSH into VMs (centos, cloud-user etc).

Overcloud heat should have instance_user set to <empty> now so that default usernames are used. Since heat-admin will cause user confusion, and upstream behaviour will change, I'd like this to be considered a blocker for GA.

Having instance_user set to heat-admin on the undercloud heat *is* appropriate, since we document how operators should ssh into their overcloud nodes.

Comment 4 Steve Baker 2015-07-07 03:29:24 UTC
Upstream puppet-heat patch: https://review.openstack.org/#/c/197147
Upstream tripleo-heat-templates patch: https://review.openstack.org/#/c/198947/

Comment 10 errata-xmlrpc 2015-08-05 13:58:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.