Ask Your Question
1

Create private key per tenant?

asked 2015-01-21 00:05:47 -0600

gogasca gravatar image

updated 2015-01-21 00:29:45 -0600

JUNO Devstack

localrc

export OS_USERNAME=admin 
export OS_PASSWORD=password 
export OS_TENANT_NAME=admin 
export OS_AUTH_URL=http://1.1.1.1:5000/v2.0

Im using the following command:

source localrc

nova --os-tenant-name test keypair-add test > keys/test.pem

Private key is only visible to admin user, even though admin has Administrator role on test tenant. If I login with a user part of test tenant I can't see test.pem private key. This seems to be intended behavior as I can create a private key manually from Horizon and I see its only accesible per user base, not for all users which belong to same project.

Question: Can I create a shared "private" key which is accesible via Horizon to all users members of same project/tenant ?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by » oldest newest most voted
1

answered 2015-01-21 16:06:58 -0600

don gravatar image

keypairs are owned by user, not by tenant. this can lead to behaviour that is hard to understand. for example, if you use Heat, and let it create a keypair... if you have a tenant w/ 2 users sharing it. the first creates a stack, the 2nd cannot destroy it (since they cannot destroy the generated keypair, and don't see it in the project interface of Horizon).

I don't think u can have shared private key without handling it out of band (e.g. email it).

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2015-01-21 00:05:47 -0600

Seen: 995 times

Last updated: Jan 21 '15

Related questions

i can't run instance

How to fix "nova.servicegroup.drivers.db MessagingTimeout: Timed out waiting for a reply to message" on a HA setup

KVM over KVM- Openstack

How to run unit test for single module?

Cannot start instance after reboot on RDO OpenStack [closed]

unable to launch console from horizon

Why can’t I delete a private network?

Invalid user name or password

Horizon's ip address

Horizon vs CLI passing tokens to user