-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pass ssh keys from clusterconfig to machineconfig #164
Pass ssh keys from clusterconfig to machineconfig #164
Conversation
/assign @abhinavdahiya |
265be24
to
a59a92b
Compare
The best that I can tell is that the sshkeys need to move this way to make it to the MachineConfig: installerConfig(Admin.SSHKey)-> MCOConfig --> RenderConfig/ControllerConfig --> MachineConfig (Passwd.Users) Is this flow correct? I've traced through quite a few times, but in need of expertise on this. Can someone PTAL and let me know if my logic is correct? |
Yes, that looks like state of the art right now. |
Looks like this needs a rebase. |
c92b354
to
2a729e4
Compare
Rebased! @jlebon :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks sane at a high level (lots of debug print statements left over I see :)). Just one comment.
2a729e4
to
6acf9c0
Compare
@kikisdeliveryservice: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
6acf9c0
to
a82e94c
Compare
a82e94c
to
af8a56b
Compare
/retest |
Update: Now checking the machineconfigs for both master and worker shows (example)
|
However, I am seeing the daemon degrade and I'm not sure if this is this a product of when and how I'm applying my binaries and their timing or if I also need to allow reconcilable to account for this initialization of the configs... I'm going to try to test this with better timing tomorrow (assuming I can get a cluster up again) as I think the mcd got a headstart on the mco/mcc when I applied my binaries. I also put a sketch of what I might add to reconcilable if necessary, but it's untested. This is the last thing needed to wrap up the PR.
|
af8a56b
to
88395d6
Compare
cc @ashcrow @abhinavdahiya (some updates and questions above) |
@kikisdeliveryservice it looks like the reconcilable needs updating to allow for a different Password.User section: https://github.com/openshift/machine-config-operator/pull/164/files#diff-06961b075f1753956d802ba954d2cfb5R133 |
@ashcrow @abhinavdahiya Was definitely planning on squashing, but wanted to get a review settled before I removed all of my commits. :) Taking a look at the comments now, thank you! |
03900f5
to
bf658e8
Compare
/retest |
af5b091
to
a4b0b4a
Compare
@abhinavdahiya is this what you had in mind re: creating the ssh mc for each role: new commit Don't worry I'll squash this commit too once it's all settled 😇 |
/test e2e-aws |
/retest |
/test e2e-aws |
a4b0b4a
to
9527f23
Compare
Flakes. Unable to pull images. |
/approve |
/retest |
allow the installer to use the mco to distribute ssh keys. this is the first step in adding the ability to update existing ssh keys. closes installer issue openshift#578
9527f23
to
a46fcad
Compare
FYI: just squashed my last commit in since I got @abhinavdahiya 's final review. :) |
@ashcrow I know you already approved this, so could I get a LGTM so this can be merged? Tests aren't flaking anymore. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, ashcrow, kikisdeliveryservice The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Closes openshift/installer#578
Summary of issue: the ClusterConfig has the SSH key and while that key is being passed into the MCO, the MCO isn't properly adding it to the MachineConfig. This prevents us from being able add functionality to MCD updating existing SSH keys in a MachineConfig's Spec.Config.Passwd.Users.
Comments & feedback welcome!
cc: @abhinavdahiya @wking