-
Notifications
You must be signed in to change notification settings - Fork 36
coreos-base/oem-ec2-compat: pull ssh keys from metadata server #2246
Conversation
bc5e5b7
to
946f1b6
Compare
@@ -63,4 +63,6 @@ src_install() { | |||
if use ec2 ; then | |||
newins "${FILESDIR}/base/base-ec2.ign" base.ign | |||
fi | |||
|
|||
use openstack && newins "${FILESDIR}/base/openstack.ign" base.ign |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the return code of src_install
matter or can it be non-0?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
newins
calls die
if there is an error during the installation of the file: this operation should succeed or die.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the question is whether the return value of src_install
has any meaning. This function's return value will the return value of use openstack && newins "…"
, which will be 1 for non-openstack images (because use openstack
will return 1).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I'd recommend rewriting this as if use openstack; then newins "…"; fi
for consistency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I tend to follow this documentation: https://devmanual.gentoo.org/ebuild-writing/use-conditional-code/index.html
For single-statement conditions, the use foo && blah (or use foo || blah for negatives) form is often more readable.
But yes, in this case it's wrong to return use openstack && newins "…"
as it will be 1 for non-openstack image (AWS). Thanks!
Without this Ignition configuration, the SSH keys are not installed from the Openstack metadata server. Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
caaf1bf
to
9e982ff
Compare
cherry-picked to:
|
In this PR, we're enabling the
coreos-metadata-sshkeys@.service
for the OpenStack image in order to pull SSH keys from the OpenStack metadata server if no user configuration is provided.How to use
Boot an instance on OpenStack without Ignition provided SSH keys.
Testing done
Manually tested with flatcar/mantle#388
changelog/
directory (user-facing change, bug fix, security fix, update)/boot
and/usr
size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.Should fix: flatcar/Flatcar#817