Ask Your Question
1

Create private key per tenant?

asked 2015-01-21 00:05:47 -0600

gogasca gravatar image

updated 2015-01-21 00:29:45 -0600

JUNO Devstack

localrc

export OS_USERNAME=admin 
export OS_PASSWORD=password 
export OS_TENANT_NAME=admin 
export OS_AUTH_URL=http://1.1.1.1:5000/v2.0

Im using the following command:

source localrc

nova --os-tenant-name test keypair-add test > keys/test.pem

Private key is only visible to admin user, even though admin has Administrator role on test tenant. If I login with a user part of test tenant I can't see test.pem private key. This seems to be intended behavior as I can create a private key manually from Horizon and I see its only accesible per user base, not for all users which belong to same project.

Question: Can I create a shared "private" key which is accesible via Horizon to all users members of same project/tenant ?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-01-21 16:06:58 -0600

don gravatar image

keypairs are owned by user, not by tenant. this can lead to behaviour that is hard to understand. for example, if you use Heat, and let it create a keypair... if you have a tenant w/ 2 users sharing it. the first creates a stack, the 2nd cannot destroy it (since they cannot destroy the generated keypair, and don't see it in the project interface of Horizon).

I don't think u can have shared private key without handling it out of band (e.g. email it).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-01-21 00:05:47 -0600

Seen: 867 times

Last updated: Jan 21 '15