Skip to content

Commit

Permalink
Merge pull request openstack-k8s-operators#1044 from openshift-cherry…
Browse files Browse the repository at this point in the history
…pick-robot/cherry-pick-1043-to-v1.3.x

[v1.3.x] [OSPK8-803] Use list format for SSH authorized keys in OSBMS cloud-init
  • Loading branch information
openshift-merge-bot[bot] authored May 6, 2024
2 parents 50c9289 + 4619a27 commit 409c3db
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
9 changes: 8 additions & 1 deletion controllers/openstackbaremetalset_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -1101,7 +1101,14 @@ func (r *OpenStackBaremetalSetReconciler) cloudInitProvision(ctx context.Context
// Automatically generate user data cloud-init secret (i.e. user did not
// already manually create it for the BMH)
templateParameters := make(map[string]interface{})
templateParameters["AuthorizedKeys"] = sshSecret

// Split the keys into a list of separate strings, as cloud-init wants a list
// (a single-key string also works, but if there multiple keys in that string
// then passing the keys as a string results in *none* of them working, so it
// is better to create a list always)
splitKeys := strings.Split(strings.TrimSuffix(string(sshSecret), "\n"), "\n")
templateParameters["AuthorizedKeys"] = splitKeys

templateParameters["Hostname"] = hostName
templateParameters["DomainName"] = osNetCfg.Spec.DomainName

Expand Down
7 changes: 6 additions & 1 deletion templates/baremetalset/cloudinit/userdata
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,12 @@
fqdn: {{ .Hostname }}{{ if .DomainName }}.{{ .DomainName }}{{ end }}
users:
- name: cloud-admin
ssh-authorized-keys: {{ .AuthorizedKeys }}
ssh_authorized_keys:
{{ range $ssh_key := .AuthorizedKeys }}
{{ if not (eq $ssh_key "") }}
- {{ $ssh_key }}
{{ end }}
{{ end }}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
shell: /bin/bash
{{- if .NodeRootPassword }}
Expand Down

0 comments on commit 409c3db

Please sign in to comment.