Merge #513

513: spire: don't scan for supervisor keys during auto-launch r=cryslith a=cryslith When launching an existing virtual cluster, don't attempt to authenticate to the supervisor with the pre-keysystem method of using the preseeded authorized ssh key. Doing so won't work because that ssh key is no longer authorized on the supervisor after the keysystem is set up. (Previously, it sometimes appeared to work when the keysystem-provided ssh keys were still loaded from a prior auto-install.) This also avoids unnecessarily pulling the host key from the keysystem and verifying it using the fingerprint displayed on the supervisor console; once the keysystem is set up the supervisor can authenticate itself using the CA. Co-authored-by: Lily Chung <[email protected]>
sipb · Apr 21, 2020 · dcc313e · dcc313e
2 parents ced57ff + c12588f
commit dcc313e
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/platform/spire/src/virt.py b/platform/spire/src/virt.py
@@ -549,10 +549,10 @@ def auto_install_supervisor(ops: command.Operations, tc: TerminationContext, sup
 
 
 @command.wrapseq
-def auto_launch_supervisor(ops: command.Operations, tc: TerminationContext, supervisor: configuration.Node, debug_qemu=False):
+def auto_launch_supervisor(ops: command.Operations, tc: TerminationContext, supervisor: configuration.Node, autoadd_fingerprint=False, debug_qemu=False):
     # TODO: annotations, so that this can be --dry-run'd
     vm = VirtualMachine(supervisor, tc, debug_qemu=debug_qemu)
-    ops.add_operation("start up supervisor node", lambda: vm.boot_launch(autoadd_fingerprint=True))
+    ops.add_operation("start up supervisor node", lambda: vm.boot_launch(autoadd_fingerprint=autoadd_fingerprint))
 
 
 @command.wrapseq
@@ -591,7 +591,7 @@ def auto_install(ops: command.Operations, authorized_key=None, persistent: bool=
         with ops.context("termination", TerminationContext()) as tc:
             with ops.context("debug shell", DebugContext(persistent)):
                 ops.add_subcommand(auto_install_supervisor, tc, config.keyserver, iso_path, cdrom_install=cdrom_install, debug_qemu=debug_qemu)
-                ops.add_subcommand(auto_launch_supervisor, tc, config.keyserver, debug_qemu=debug_qemu)
+                ops.add_subcommand(auto_launch_supervisor, tc, config.keyserver, autoadd_fingerprint=True, debug_qemu=debug_qemu)
                 ops.add_subcommand(seq.sequence_supervisor)
 
                 other_nodes = [n for n in config.nodes if n != config.keyserver]