Creating multiple machines with the same SSH key

[am97]

Hello,

I'm trying to create multiple machines with the same SSH Key. The first machine is created successfully, but the creation fails for the next machines with the following error:

Error creating machine: Error in driver during machine creation: could not create ssh key: SSH key with the same fingerprint already exists (uniqueness_error)

How to reproduce

I have an already existent SSH keypair: /home/am/.ssh/id_rsa and /home/am/.ssh/id_rsa.pub.

I create the first machine with docker-machine create --driver hetzner --hetzner-api-token $MY_TOKEN --hetzner-existing-key-path /home/am/.ssh/id_rsa machine1. The machine is created successfully.

I try to create the second machine with docker-machine create --driver hetzner --hetzner-api-token $MY_TOKEN --hetzner-existing-key-path /home/am/.ssh/id_rsa machine2. The creation fails

Detailed log: machine.log

[JonasProgrammer]

Hi,

the driver attempts to create a remote key corresponding with the local public key. Apparently, hetzner disallows the creation of keys with the same fingerprint; I did not know this until now, perhaps this is worth mentioning in the README.

As a workaround, I'd suggest creating the public key manually and refer to it using --hetzner-existing-key-id.

Of course, we could simply add a heuristic searching for an existing key by fingerprint, if --hetzner-existing-key-path is passed, but IMHO this will create issues downstream. When not passed --hetzner-existing-key-id. the driver attempts to also destroy the key on machine destruction.
Now suppose we had this heuristic, someone could create machine-a, thereby creating a managed key k. Then machine-b is created and uses the existing k in unmanaged mode, as it is found by fingerprint. Attempting to destroy machine-a now will not work anymore, as it will be unable to delete k.

I don't have a good solution for this problem right now, but the workaround of passing the ID should get you up and running for now.

[am97]

Thanks for your answer !

I implemented the search for an existing key by fingerprint, then created successfully 2 machines. Attempting to destroy machine-a works (the key is deleted from Hetzner, even if it's still used by machine-b). Destroying machine-b also works !

I only changed the Create() function, I will open a WIP pull request so you can see my changes

[JonasProgrammer]

Thank you very much for investigating this further; apparently there was some confusion on my side. While I'm positive I've faced some referential integrity issues in the past, either Hetzner changed something or -- most likely -- I got things mixed up. Nonetheless, thank you for pushing for a solution despite my negative and, as it turns out, wrong answer.

Your PR looks good in general, but I've added a few comments. You can try and resolve them yourself; don't hesitate to let me know if you need help or want me to make the requested changes.