I'm provisioning VMs using cloud-config to install SSH keys. I set the kitchen driver settings private_key_path and ssh_key so that it can use those keys. However, during convergence kitchen-openstack then tries to do do_ssh_setup, which 1. isn't required because the keys are already installed, and 2. fails because it tries to log in using password authentication.

My workaround is that I set key_name to a dummy value, which causes do_ssh_setup to be skipped. But that seems like a hack, since there's not actually any key with that name on the openstack cluster. Is there a cleaner way?

Yeah this makes sense. I know with the openstack cluster i test with the key is already there too, so there is so need for the do_ssh_setup.

At the same time there is a possibility that there could be some clusters out there that still need the key injected in. I don't like the idea of removing this code, but at the same time maybe a feature flip around this? I'm gonna chew on it.

Maybe we should add to the README.md on how to get around this?

Could you either put in this issue exactly how you got around it, config edited and the like, or even better put a PR in to help out future people?

I think https://github.com/test-kitchen/kitchen-openstack/blob/master/lib/kitchen/driver/openstack.rb#L363 this is exactly what you want. I'll add to the README, and reference this as a possible pain point.

Added this to a PR for version 2 of the driver.

If you do key injection via cloud-init like this issue:
#77 the best
way is to make a "dummy-key."

I know this issue is closed but this workaround doesn't work for me as my company doesn't allow me to set up openstack keys. We need a better solution for this.

@chilicheech how do you get into your machines? username/password? odd that keys aren't allowed.

hey @jjasghar, i get into the machines by setting up ssh keys using cloud-init. When I specify a dummy key_name in the .kitchen.yml I get this error:

-----> Starting Kitchen (v1.4.2)
-----> Creating <****>...
>>>>>> Create failed on instance <****>.
>>>>>> Please see .kitchen/logs/****.log for more details
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: Expected([200, 202]) <=> Actual(400 Bad Request)
excon.error.response
  :body          => "{\"badRequest\": {\"message\": \"Invalid key_name provided.\", \"code\": 400}}"
  :headers       => {
    "Content-Length" => "70"
    "Content-Type"   => "application/json; charset=UTF-8"
    "Date"           => "Wed, 11 Nov 2015 17:31:50 GMT"
  }
  :local_address => "*.*.*.*"
  :local_port    => *****
  :reason_phrase => "Bad Request"
  :remote_ip     => "*.*.*.*"
  :status        => 400
  :status_line   => "HTTP/1.1 400 Bad Request\r\n"

>>>>>> ----------------------

If I don't specify a dummy key_name I get the following:

-----> Starting Kitchen (v1.4.2)
-----> Creating <****>...
       OpenStack instance with ID of <****> is ready.
       Waiting for network information to be available...
       Waiting for server to be ready...
       Waiting for SSH service on *.*.*.*:*, retrying in 3 seconds
root@*.*.*.*'s password:

It tries to login as root even though I've specified a transport username.

I'm at a loss here. I'll have to try to repo this, it's odd that it's falling back to root.

Can you scrub your .kitchen.yml and post it here too?

Sure, this is what my .kitchen.yml looks like. I'm gonna do some more digging as well.

---
driver:
  name: openstack
  openstack_username: chilicheech
  openstack_api_key: my_awesome_password
  openstack_auth_url: http://my_openstack_auth_url
  flavor_ref: small
  image_ref: rhel-6.5.7-x86_64
#  key_name: dummy_key
  private_key_path: /Users/chilicheech/.ssh/id_rsa
  user_data: cloud_init
  transport:
    username: kitchen
    ssh_key: kitchen_rsa

provisioner:
  name: chef_zero

platforms:
  - name: rhel6

suites:
  - name: default
    run_list:
      - role[base]

Ok, got it to work. @john-karp hinted that key_name needs to be set to an empty string for it to work. maybe the docs can be updated to reflect that instead of dummy-key?
The issue with logging it attempting to log in as root was due to the fact that I had set transport: inside of driver: instead of as a sibling of driver:. This .kitchen.yml is now working for me:

---
driver:
  name: openstack
  openstack_username: chilicheech
  openstack_api_key: my_awesome_openstack_api_key
  openstack_auth_url: http://my_awesome_openstack_auth_url
  require_chef_omnibus: true
  image_ref: rhel7
  flavor_ref: small
  private_key_path: kitchen_rsa
  key_name: ""
  user_data: cloud_init

transport:
  username: kitchen
  ssh_key: kitchen_rsa

provisioner:
  name: chef_zero

platforms:
  - name: rhel7

suites:
  - name: default
    run_list:
      - role[base]

Also, it seems driver: private_key_path and transport: ssh_key are redundant. Why do we need to set both? I've tried with either one or the other but it fails. Need to set both.

Yep, the driver: private_key_path and transport: ssh_key are redundant. The next release of the gem i'm deprecating the code the 1.4 TK transport layer does. I havent started that process yet, but I'll be removing it soon.

@chilicheech this good? #127

that's perfect. thanks for your help with this @jjasghar

@jjasghar
Is this still the correct way to set a key when doing cloud init? Using v3 I get:

:body => "{"badRequest": {"message": "Invalid input for field/attribute key_name. Value: . u'' is too short", "code": 400}}"

@rlewkowicz i don't think, or should i say, i havent validated against v3 yet. So I'm not sure how to help you here.

No worries, I had some confusion about the user data and cloud init so that may have been hindering my attempts. I ended up just manually adding my key and creating a snapshot. Sorry for the hassle!