Flatcar images built by image-builder does not support key auth in Openstack provider
okozachenko1203 opened this issue · 3 comments
What steps did you take and what happened:
- I built a qcow2 image by following https://image-builder.sigs.k8s.io/capi/providers/openstack.html#building-qcow2-image to build flatcar image for Openstack.
$ make build-qemu-flatcar
- Uploaded it to glance
- Spin up a VM using that image
$ openstack server create flatcar --image flatcar-3374.2.0-v1.25.3 --flavor v3-starter-2 --network public --key-name okozachenko_git
- Trying to access via ssh and it requires password
$ ssh core@162.253.55.100
The authenticity of host '162.253.55.100 (162.253.55.100)' can't be established.
ECDSA key fingerprint is SHA256:5n95nOYl/1TDiDTiIgrM3g0h7y9y+/DP3M4lTvQgGK8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '162.253.55.100' (ECDSA) to the list of known hosts.
Password:
What did you expect to happen:
I expect key auth.
Anything else you would like to add:
If i use the vanilla flatcar image, key auth is working.
Environment:
Project (Image Builder for Cluster API, kube-deploy/imagebuilder, konfigadm): Image Builder for Cluster API
Additional info for Image Builder for Cluster API related issues:
- OS (e.g. from
/etc/os-release
, orcmd /c ver
):
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
- image builder version: v0.1.13
/kind bug
/area
I'm scared it might work but can you try logging in using username builder
and password builder
?
I'm scared it might work but can you try logging in using username
builder
and passwordbuilder
?
@mnaser it does not work
Following this doc , I generated ignition JSON file from https://github.com/kubernetes-sigs/image-builder/blob/master/images/capi/packer/files/flatcar/clc/bootstrap.yaml for openstack provider.
cat bootstrap.yaml | docker run --rm -i ghcr.io/flatcar/ct:latest -platform openstack-metadata > ignition.json
The result ignition file is;
{
"ignition": {
"config": {},
"security": {
"tls": {}
},
"timeouts": {},
"version": "2.3.0"
},
"networkd": {},
"passwd": {
"users": [
{
"groups": [
"wheel",
"sudo",
"docker"
],
"name": "builder",
"passwordHash": "BUILDERPASSWORDHASH"
}
]
},
"storage": {},
"systemd": {
"units": [
{
"dropins": [
{
"contents": "[Service]\nEnvironment=COREOS_METADATA_OPT_PROVIDER=--provider=openstack-metadata",
"name": "20-clct-provider-override.conf"
}
],
"name": "coreos-metadata.service"
},
{
"dropins": [
{
"contents": "[Service]\nEnvironment=COREOS_METADATA_OPT_PROVIDER=--provider=openstack-metadata",
"name": "20-clct-provider-override.conf"
}
],
"enabled": true,
"name": "coreos-metadata-sshkeys@.service"
},
{
"enable": true,
"name": "docker.service"
},
{
"mask": true,
"name": "update-engine.service"
},
{
"mask": true,
"name": "locksmithd.service"
}
]
}
}
To recap, coreos-metadata-sshkeys@.service
should be running.