Feature #20485
closedOption to skip automatic SSH key deployment on cloud VMs
100%
Description
When creating a new cloud instance, arvados-dispatch-cloud generates the public key counterpart of Containers.DispatchPrivateKey
and installs it as an authorized SSH key for the relevant login account (LinuxConfiguration.SSH.PublicKeys on Azure, ImportKeyPair/KeyName on AWS).
Some sites may prefer to use a different approach (e.g., pre-install the public key on the worker image or retrieve it from some other source during instance boot). In that case the automatic deployment would be superfluous at best, and could prevent instance creation from working at all if the relevant cloud APIs are disabled by policy.
Proposed option
CloudVMs:
# Install the dispatcher's SSH public key (derived from
# DispatchPrivateKey) when creating new cloud instances. Change
# this to false if you are using a different mechanism to
# pre-install the public key on new instances.
DeployPublicKey: true
Updated by Tom Clegg 3 days ago
- Status changed from New to In Progress
20485-optional-deploy-ssh-key @ 5a148d937308202b392bd05a25b28f9fc2ca81cc -- developer-run-tests: #3672
Updated by Brett Smith 1 day ago
Tom Clegg wrote in #note-3:
20485-optional-deploy-ssh-key @ 5a148d937308202b392bd05a25b28f9fc2ca81cc -- developer-run-tests: #3672
This looks good to me. Tests would be nice but I understand if that's not reasonable. The changes are straightforward enough that I'm not too worried about it.
Updated by Tom Clegg 1 day ago
Turns out it wasn't too hard to exercise the nil publickey option in tests.
20485-optional-deploy-ssh-key @ 756b80504e55ff7d9b9ec3f221bd11e231e9c1c6 -- developer-run-tests: #3681
Updated by Brett Smith 1 day ago
Tom Clegg wrote in #note-6:
Turns out it wasn't too hard to exercise the nil publickey option in tests.
Awesome, this looks good too, I don't have anything else. Thanks again.
Updated by Tom Clegg about 13 hours ago
- % Done changed from 0 to 100
- Status changed from In Progress to Resolved
Applied in changeset arvados-private:commit:arvados|d5c62f5e6473a225646d6ab0a7a8b1353dd5855b.