From e50810e293bc86af9f28d01649215ee635676f24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Tue, 30 Apr 2024 15:49:48 +0200 Subject: [PATCH] Ensure ssh_authorized_keys is a list in cloud-init According to the official documentation[1], `ssh_authorized_keys` is a list, not a string. This patch should hopefully correct the issue we faced while trying to inject multiple authorized keys: the cloud-init configuration file was broken, preventing to apply any credential related data, leading to failures when RHOSO deploy actually started. [1] https://cloudinit.readthedocs.io/en/latest/reference/examples.html#configure-instance-s-ssh-keys Co-Authored-By: @pablintino --- pkg/openstackbaremetalset/baremetalhost.go | 10 +++++++++- templates/openstackbaremetalset/cloudinit/userdata | 7 ++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/pkg/openstackbaremetalset/baremetalhost.go b/pkg/openstackbaremetalset/baremetalhost.go index 27f8ffe..ae39254 100644 --- a/pkg/openstackbaremetalset/baremetalhost.go +++ b/pkg/openstackbaremetalset/baremetalhost.go @@ -70,7 +70,15 @@ func BaremetalHostProvision( // User data cloud-init secret if userDataSecret == nil { templateParameters := make(map[string]interface{}) - templateParameters["AuthorizedKeys"] = strings.TrimSuffix(string(sshSecret.Data["authorized_keys"]), "\n") + + // Import from https://github.com/openstack-k8s-operators/osp-director-operator/pull/1043 + // Split the keys into a list of separate strings, as cloud-init wants a list + // (a single-key string also works, but if there multiple keys in that string + // then passing the keys as a string results in *none* of them working, so it + // is better to create a list always) + splitKeys := strings.Split(strings.TrimSuffix(string(sshSecret), "\n"), "\n") + templateParameters["AuthorizedKeys"] = splitKeys + templateParameters["HostName"] = bmhStatus.Hostname //If Hostname is fqdn, use it if !hostNameIsFQDN(bmhStatus.Hostname) && instance.Spec.DomainName != "" { diff --git a/templates/openstackbaremetalset/cloudinit/userdata b/templates/openstackbaremetalset/cloudinit/userdata index ba5222d..5c0b179 100644 --- a/templates/openstackbaremetalset/cloudinit/userdata +++ b/templates/openstackbaremetalset/cloudinit/userdata @@ -4,7 +4,12 @@ hostname: {{ .HostName }} fqdn: {{ .FQDN }} users: - name: {{ .CloudUserName }} - ssh-authorized-keys: {{ .AuthorizedKeys }} + ssh_authorized_keys: +{{ range $ssh_key := .AuthorizedKeys }} +{{ if not (eq $ssh_key "") }} + - {{ $ssh_key }} +{{ end }} +{{ end }} sudo: ['ALL=(ALL) NOPASSWD:ALL'] shell: /bin/bash {{- if (index . "NodeRootPassword") }}