Fuel for OpenStack

Bug #1669378
Comment #7

Comment 7 for bug 1669378

Revision history for this message

Anton (achivkun) wrote on 2017-03-13:

settings.yaml.txt Edit (2.5 KiB, text/plain)

Hi Anton.

To be honest, I can't find where in "settings.yaml" old key might be mentioned.

I've attached our "settings.yaml" file.
As far as I understand next 3 parameters might be important:
PATH_TO_SSH_KEY: "/root/.ssh/id_rsa" - currently in this file we have actual key (not those, which was there after Master node installation):

[root@fuel opnfv]# ssh-keygen -y -f /root/.ssh/id_rsa
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Mymded2E3JSyV+VTR37hK//pH1UzROIQhx5r+d+WgbnFBPH2wVLk8yxMDZtHAkNsHQuWaIOcP8ra26/tLkMoZnN4nbLHzbKLdzqBYyOepBxqQ4G+T886V2vVXQGZanX65szohipkjj2moajc9H+JB9AckuxCv/cZuQIiJnQlxLp/2YCz++VA+izmwHAsiVkfSoM2+iI64hxhCR3EU1+6AdHWIDxIlhG3Zjm6VMrMKLZhLAcIxJRYKMvM8fuvSRAeZnMZN4wDPMorOdWQOQPr8QnUtqNuEnTHto12NSXsjogP9+9cef3Y/ebBfNDKBarWfkwR9OMTBlATu/R1j8bl
[root@fuel opnfv]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Mymded2E3JSyV+VTR37hK//pH1UzROIQhx5r+d+WgbnFBPH2wVLk8yxMDZtHAkNsHQuWaIOcP8ra26/tLkMoZnN4nbLHzbKLdzqBYyOepBxqQ4G+T886V2vVXQGZanX65szohipkjj2moajc9H+JB9AckuxCv/cZuQIiJnQlxLp/2YCz++VA+izmwHAsiVkfSoM2+iI64hxhCR3EU1+6AdHWIDxIlhG3Zjm6VMrMKLZhLAcIxJRYKMvM8fuvSRAeZnMZN4wDPMorOdWQOQPr8QnUtqNuEnTHto12NSXsjogP9+9cef3Y/ebBfNDKBarWfkwR9OMTBlATu/R1j8bl root@fuel

PATH_TO_BOOTSTRAP_SSH_KEY: "/root/.ssh/bootstrap.rsa" - this file doesn't exist in our case.

AUTHORIZED_KEYS:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVFUulCbREWAVvoAKrL/zDOzVBK2GwhTQhn9U8148Uwhq3wsS3Ulum0OLz3R+oa1qygzP/TuqCry8h04QHcAFLGhATQXO3zMX6VUEjtQ0GkkcJq2L5aO0Qg8wS8h7HFmPn6dl8BUideVfD6lwQkBxuyVHUrEj/VqBlDIn2zZhDqYEa/vCfeS2tYxs/81JsCsFVHNJ3yVKPruM3dx+2ZXB+6LwSLGB05nBUXrxl0EBJ15jyWboBcRnMhdlCHFb77wF75Ins1QcRUcOa49nMc9el/sKg1SSHLWJkzB/IuHI8XSa+PNIyFzniBRoaBb5Ko7xFn8qNCXKmeDPJcMtN40FX <email address hidden>"
here we have only key for "fuel.domain.tld" domain. I'm not 100% sure, but if I remember correctly, after each re-deploy, key for this domain was new (when we logged to slave nodes manually we saw different key for this domain each time)

Could you please point out which place of this file should be updated? Should we add key for "root@fuel" to section AUTHORIZED_KEYS:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVFUulCbREWAVvoAKrL/zDOzVBK2GwhTQhn9U8148Uwhq3wsS3Ulum0OLz3R+oa1qygzP/TuqCry8h04QHcAFLGhATQXO3zMX6VUEjtQ0GkkcJq2L5aO0Qg8wS8h7HFmPn6dl8BUideVfD6lwQkBxuyVHUrEj/VqBlDIn2zZhDqYEa/vCfeS2tYxs/81JsCsFVHNJ3yVKPruM3dx+2ZXB+6LwSLGB05nBUXrxl0EBJ15jyWboBcRnMhdlCHFb77wF75Ins1QcRUcOa49nMc9el/sKg1SSHLWJkzB/IuHI8XSa+PNIyFzniBRoaBb5Ko7xFn8qNCXKmeDPJcMtN40FX <email address hidden>"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Mymded2E3JSyV+VTR37hK//pH1UzROIQhx5r+d+WgbnFBPH2wVLk8yxMDZtHAkNsHQuWaIOcP8ra26/tLkMoZnN4nbLHzbKLdzqBYyOepBxqQ4G+T886V2vVXQGZanX65szohipkjj2moajc9H+JB9AckuxCv/cZuQIiJnQlxLp/2YCz++VA+izmwHAsiVkfSoM2+iI64hxhCR3EU1+6AdHWIDxIlhG3Zjm6VMrMKLZhLAcIxJRYKMvM8fuvSRAeZnMZN4wDPMorOdWQOQPr8QnUtqNuEnTHto12NSXsjogP9+9cef3Y/ebBfNDKBarWfkwR9OMTBlATu/R1j8bl root@fuel"

Thank you in advance!

Hi Anton.

To be honest, I can't find where in "settings.yaml" old key might be mentioned.

[root@fuel opnfv]# ssh-keygen -y -f /root/.ssh/id_rsa
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Mymded2E3JSyV+VTR37hK//pH1UzROIQhx5r+d+WgbnFBPH2wVLk8yxMDZtHAkNsHQuWaIOcP8ra26/tLkMoZnN4nbLHzbKLdzqBYyOepBxqQ4G+T886V2vVXQGZanX65szohipkjj2moajc9H+JB9AckuxCv/cZuQIiJnQlxLp/2YCz++VA+izmwHAsiVkfSoM2+iI64hxhCR3EU1+6AdHWIDxIlhG3Zjm6VMrMKLZhLAcIxJRYKMvM8fuvSRAeZnMZN4wDPMorOdWQOQPr8QnUtqNuEnTHto12NSXsjogP9+9cef3Y/ebBfNDKBarWfkwR9OMTBlATu/R1j8bl
[root@fuel opnfv]# cat /root/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Mymded2E3JSyV+VTR37hK//pH1UzROIQhx5r+d+WgbnFBPH2wVLk8yxMDZtHAkNsHQuWaIOcP8ra26/tLkMoZnN4nbLHzbKLdzqBYyOepBxqQ4G+T886V2vVXQGZanX65szohipkjj2moajc9H+JB9AckuxCv/cZuQIiJnQlxLp/2YCz++VA+izmwHAsiVkfSoM2+iI64hxhCR3EU1+6AdHWIDxIlhG3Zjm6VMrMKLZhLAcIxJRYKMvM8fuvSRAeZnMZN4wDPMorOdWQOQPr8QnUtqNuEnTHto12NSXsjogP9+9cef3Y/ebBfNDKBarWfkwR9OMTBlATu/R1j8bl root@fuel

PATH_TO_BOOTSTRAP_SSH_KEY: "/root/.ssh/bootstrap.rsa" - this file doesn't exist in our case.

AUTHORIZED_KEYS:
  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVFUulCbREWAVvoAKrL/zDOzVBK2GwhTQhn9U8148Uwhq3wsS3Ulum0OLz3R+oa1qygzP/TuqCry8h04QHcAFLGhATQXO3zMX6VUEjtQ0GkkcJq2L5aO0Qg8wS8h7HFmPn6dl8BUideVfD6lwQkBxuyVHUrEj/VqBlDIn2zZhDqYEa/vCfeS2tYxs/81JsCsFVHNJ3yVKPruM3dx+2ZXB+6LwSLGB05nBUXrxl0EBJ15jyWboBcRnMhdlCHFb77wF75Ins1QcRUcOa49nMc9el/sKg1SSHLWJkzB/IuHI8XSa+PNIyFzniBRoaBb5Ko7xFn8qNCXKmeDPJcMtN40FX root@fuel.domain.tld"
here we have only key for "fuel.domain.tld" domain. I'm not 100% sure, but if I remember correctly, after each re-deploy, key for this domain was new (when we logged to slave nodes manually we saw different key for this domain each time)

Could you please point out which place of this file should be updated? Should we add key for "root@fuel" to section AUTHORIZED_KEYS:
  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVFUulCbREWAVvoAKrL/zDOzVBK2GwhTQhn9U8148Uwhq3wsS3Ulum0OLz3R+oa1qygzP/TuqCry8h04QHcAFLGhATQXO3zMX6VUEjtQ0GkkcJq2L5aO0Qg8wS8h7HFmPn6dl8BUideVfD6lwQkBxuyVHUrEj/VqBlDIn2zZhDqYEa/vCfeS2tYxs/81JsCsFVHNJ3yVKPruM3dx+2ZXB+6LwSLGB05nBUXrxl0EBJ15jyWboBcRnMhdlCHFb77wF75Ins1QcRUcOa49nMc9el/sKg1SSHLWJkzB/IuHI8XSa+PNIyFzniBRoaBb5Ko7xFn8qNCXKmeDPJcMtN40FX root@fuel.domain.tld"
  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Mymded2E3JSyV+VTR37hK//pH1UzROIQhx5r+d+WgbnFBPH2wVLk8yxMDZtHAkNsHQuWaIOcP8ra26/tLkMoZnN4nbLHzbKLdzqBYyOepBxqQ4G+T886V2vVXQGZanX65szohipkjj2moajc9H+JB9AckuxCv/cZuQIiJnQlxLp/2YCz++VA+izmwHAsiVkfSoM2+iI64hxhCR3EU1+6AdHWIDxIlhG3Zjm6VMrMKLZhLAcIxJRYKMvM8fuvSRAeZnMZN4wDPMorOdWQOQPr8QnUtqNuEnTHto12NSXsjogP9+9cef3Y/ebBfNDKBarWfkwR9OMTBlATu/R1j8bl root@fuel"

Thank you in advance!