Ask Your Question

Create private key per tenant?

asked 2015-01-21 00:05:47 -0500

gogasca gravatar image

updated 2015-01-21 00:29:45 -0500

JUNO Devstack


export OS_USERNAME=admin 
export OS_PASSWORD=password 
export OS_TENANT_NAME=admin 
export OS_AUTH_URL=

Im using the following command:

source localrc

nova --os-tenant-name test keypair-add test > keys/test.pem

Private key is only visible to admin user, even though admin has Administrator role on test tenant. If I login with a user part of test tenant I can't see test.pem private key. This seems to be intended behavior as I can create a private key manually from Horizon and I see its only accesible per user base, not for all users which belong to same project.

Question: Can I create a shared "private" key which is accesible via Horizon to all users members of same project/tenant ?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-01-21 16:06:58 -0500

don gravatar image

keypairs are owned by user, not by tenant. this can lead to behaviour that is hard to understand. for example, if you use Heat, and let it create a keypair... if you have a tenant w/ 2 users sharing it. the first creates a stack, the 2nd cannot destroy it (since they cannot destroy the generated keypair, and don't see it in the project interface of Horizon).

I don't think u can have shared private key without handling it out of band (e.g. email it).

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2015-01-21 00:05:47 -0500

Seen: 1,024 times

Last updated: Jan 21 '15