Description of problem: While creating a VM with 'Expose SSH access to this virtual machine' unchecked, if there is a ssh key in `Authorized Key`, the key is added any way. The problem is once the key is remembered, it will be always there until user clear it manually, as the `Authorized Key` is not expended by default, user have no idea whether the ssk key is added or not. Version-Release number of selected component (if applicable): master How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: No ssh key added to VM when 'Expose SSH access to this virtual machine' is unchecked Additional info:
Set it to high because it prevent other VMs to run if the ssh key is added.
Notes: a. It's ok to add authorized key to a machine even if it currently does not have a k8s-service exposing sshd. b. It does not prevent other VMs to run. Its not what was designed, so we need to align implementation to design by not injecting authorized keys when not exposing the ssh service on VM creation (user may expose the service while VM is running and in 4.9 they will be able to "ssh-copy-id" and inject authorized keys while VM is running from the UI)
Guohua hi, > it prevent other VMs to run if the ssh key is added. ssh key should not prevent other MVs from running, am I missing something ?
(In reply to Yaacov Zamir from comment #3) > Guohua hi, > > > it prevent other VMs to run if the ssh key is added. > > ssh key should not prevent other MVs from running, am I missing something ? It's another issue, if the key is remembered in one template and create vm via another template the key is still there and it prevent the vm to start up(seems a new secrets is needed but not actually). The error is """ Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> Successfully assigned default/virt-launcher-rhel6-colourful-quail-bpwnr to uit02-lkcsd-worker-0-zf6mz Warning FailedMount 65s kubelet, uit02-lkcsd-worker-0-zf6mz Unable to attach or mount volumes: unmounted volumes=[authorizedsshkeys-rhel6-colourful-quail-access-cred], unattached volumes=[hotplug-disks libvirt-runtime sockets rhel6-colourful-quail authorizedsshkeys-rhel6-colourful-quail-access-cred ephemeral-disks container-disks]: timed out waiting for the condition Warning FailedMount 60s (x9 over 3m7s) kubelet, uit02-lkcsd-worker-0-zf6mz MountVolume.SetUp failed for volume "authorizedsshkeys-rhel6-colourful-quail-access-cred" : secret "authorizedsshkeys-rhel6-colourful-quail" not found """
Opened a new bug for c#5: https://bugzilla.redhat.com/show_bug.cgi?id=1952310 And move this bug to verified as the problem in this bug is fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438