From 4619a27805c8fa066f59d122856d192c5deb3e78 Mon Sep 17 00:00:00 2001 From: Andrew Bays Date: Thu, 2 May 2024 13:35:22 +0000 Subject: [PATCH] Use list format for SSH authorized keys in OSBMS cloud-init --- controllers/openstackbaremetalset_controller.go | 9 ++++++++- templates/baremetalset/cloudinit/userdata | 7 ++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/controllers/openstackbaremetalset_controller.go b/controllers/openstackbaremetalset_controller.go index 914c4cca..09132c1b 100644 --- a/controllers/openstackbaremetalset_controller.go +++ b/controllers/openstackbaremetalset_controller.go @@ -1101,7 +1101,14 @@ func (r *OpenStackBaremetalSetReconciler) cloudInitProvision(ctx context.Context // Automatically generate user data cloud-init secret (i.e. user did not // already manually create it for the BMH) templateParameters := make(map[string]interface{}) - templateParameters["AuthorizedKeys"] = sshSecret + + // Split the keys into a list of separate strings, as cloud-init wants a list + // (a single-key string also works, but if there multiple keys in that string + // then passing the keys as a string results in *none* of them working, so it + // is better to create a list always) + splitKeys := strings.Split(strings.TrimSuffix(string(sshSecret), "\n"), "\n") + templateParameters["AuthorizedKeys"] = splitKeys + templateParameters["Hostname"] = hostName templateParameters["DomainName"] = osNetCfg.Spec.DomainName diff --git a/templates/baremetalset/cloudinit/userdata b/templates/baremetalset/cloudinit/userdata index bda5b2a5..c856e845 100644 --- a/templates/baremetalset/cloudinit/userdata +++ b/templates/baremetalset/cloudinit/userdata @@ -3,7 +3,12 @@ fqdn: {{ .Hostname }}{{ if .DomainName }}.{{ .DomainName }}{{ end }} users: - name: cloud-admin - ssh-authorized-keys: {{ .AuthorizedKeys }} + ssh_authorized_keys: +{{ range $ssh_key := .AuthorizedKeys }} +{{ if not (eq $ssh_key "") }} + - {{ $ssh_key }} +{{ end }} +{{ end }} sudo: ['ALL=(ALL) NOPASSWD:ALL'] shell: /bin/bash {{- if .NodeRootPassword }}