Bug 823634
| Summary: | Always Retrieve New SSH key in RHEL AMIs | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jay Greguske <jgreguske> | |
| Component: | cloud-init | Assignee: | Jay Greguske <jgreguske> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | mkovacik | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 6.3 | CC: | atodorov, jgreguske, syeghiay | |
| Target Milestone: | rc | Keywords: | EC2 | |
| Target Release: | 6.4 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 823635 (view as bug list) | Environment: | ||
| Last Closed: | 2013-03-20 17:38:49 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 823635 | |||
|
Description
Jay Greguske
2012-05-21 18:29:12 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. Modifying cloud-init to overwrite existing key might make the rebundling process a little more bullet proof but would not be a good solution. Other users of cloud-init might very well expect existing keys not to be overwritten. I really think this should be address by improving the bundling process to ensure the keys are removed. Can the reporter, Jay Greguske, please comment? The bundling process in EC2 is under Amazon's control, not ours, so we can't really improve that directly. I've heard arguments on both sides about what to do about existing keys, and personally I agree that the keys should not be overwritten. A warning that they exist should be emitted though. For 6.4, I'm fine with whatever cloud init decides to do, as long as the behavior is consistent. (In reply to comment #8) > The bundling process in EC2 is under Amazon's control, not ours, so we can't > really improve that directly. I've heard arguments on both sides about what > to do about existing keys, and personally I agree that the keys should not > be overwritten. Sure but perhaps prior to creating the bundle the ssh keys should be removed. > A warning that they exist should be emitted though. No warning is currently issued. It's not clear what value logging that would be since the user would need to log into the instance to view the log and since they can't log it would be a bit of the: If a tree falls in a forest and no one is there does it make a noise. ;) > For 6.4, I'm fine with whatever cloud init decides to do, as long as the > behavior is consistent. Great. So can this bug be closed or changed to a low priority RFE to consider having a message written to the log when existing ssh keys are found? We cannot close the bug until 6.4 ships, we'll be using it to track that cloud-init does in fact land in the official RHEL AMIs. That's a Rel-Eng issue though, no action needs to be take on your part. (In reply to comment #10) > We cannot close the bug until 6.4 ships, we'll be using it to track that > cloud-init does in fact land in the official RHEL AMIs. That's a Rel-Eng > issue though, no action needs to be take on your part. So I will assign it to you, Jay Greguske, since no action on my part is required. Since no action required on my part (AFAICS) reassigning to jgregusk as per comment #11 cloud-init shipped with 6.4 AMIs, we're taking its default behaviors with respect to ssh keys. |