CPI should support passing a public SSH key when creating a VM about bosh-google-cpi-release HOT 7 CLOSED

@dsboulder, Personally I'm a fan of how GCP transparently integrates the Google identity which accesses the web console and a SSH key associated with that identity via gcloud compute ssh

Seems that passing in a set of public keys at VM creation time would be unnecessary given the above functionality.

Or am I misunderstanding the use case?

from bosh-google-cpi-release.

@mrdavidlaing
bosh-init needs an SSH keypair for it's tunnel when the director VM is being created. It's an ephemeral keypair, in that it's only used to bootstrap the VM, but we'd have to set it on the BOSH director. That's why OpsManager requires you to paste in the SSH private key when you setup BOSH.

I also think the CPI should provide as many of the options as make sense from the "Create VM" google console page. This is one set of options we haven't added yet, and I've got a good use for it when bootstrapping BOSH.

from bosh-google-cpi-release.

@dsboulder hold on doing this in the CPI. i think we can cover this generically through env key (last param to create_vm).

from bosh-google-cpi-release.

@cppforlife Doesn't the CPI have to be modified in order to setup SSH keys when a VM is being created? Or does the bosh-agent install the keys out the VM metadata? If so, that works for bosh-init VMs and SSH tunnels as well?

from bosh-google-cpi-release.

@dsboulder the bosh-agent downloads keys from metadata/config-drive just as e.g. cloud-init would do. The CPI writes that data when creating a VM (since on most IaaS layers you can write that data only once, at VM boot)

from bosh-google-cpi-release.

@dsboulder im pretty sure we can make it all through the director/bosh-init/agent.

from bosh-google-cpi-release.

@evandbrown @cppforlife I agree with Dmitriy then, BOSH agent should install SSH keys in an IaaS agnostic way. Let's wait for that and not put the feature in any of the CPIs.

from bosh-google-cpi-release.