smoser and I had a conversation in #cloud-init about this on Friday.

Our conclusion was that we should mirror what the cloud vendor is doing
(i.e. ignore project-level keys if instance-level keys are specified).

We also discussed how we could configure an instance in a project _with_
SSH keys to start _without_ any SSH keys. smoser proposed (a) using the
presence of the empty string in the instance sshKeys metadata value. He
also noted that (b) creating a fresh key, attaching it as an instance-
level SSH key and instantly shredding it would also give the desired
behaviour.

I think that this requirement is uncommon enough that (b) should
suffice. Furthermore, I can imagine (a) breaking automation that would
work with just GCE's daemons (as they just ignore the empty string).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1403617

Title:
  gce datasource does not handle instance ssh keys

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1403617/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to