I have an older setup using Terraform and Openstack. Via Terraform there will be keypairs injected to Openstack instances:
resource "openstack_compute_instance_v2" "bamboo_agent" {
name = var.agents[count.index].name
image_name = "${var.image}"
flavor_name = "${var.flavor}"
key_pair = "${openstack_compute_keypair_v2.bamboo_ssh[0].name}"
user_data = "${file("scripts/init_instance.cfg")}"
network {
port = "${openstack_networking_port_v2.bamboo[count.index].id}"
}
count= length(var.agents)
}
And in scripts/init_instance.cfg there will be keys added:
ssh_authorized_keys:
- ssh-rsa ...
AFAIK both methods are doing the same, right? Do I need both? Wouldn't it be enough to remove one of it?
I want to remove the keypair and add the keys via ssh_authorized_keys to the default account and via users: to further accounts in cloud-init.
Effectively they should be doing the same, but as far as I know they won't be applied at the same time.
cloud-init runs in the image/template used to create the new instance and will customise the template with instance specific settings at first boot. Cloud-init calls on the OpenStack meta-data provider fairly early on and will download meta-data, such as the OpenStack ssh key and your user-data/cloud-config script
scripts/init_instance.cfgI think that the SSH key from OpenStack will be applied first.
Since it validates the key before it is accepted relying on OpenStack to deploy a key should be quite robust and reliable. But OpenStack has the limitation that it only allows you to assign a single key to deploy to an instance.
A user-data / cloud-config script such as your
scripts/init_instance.cfgis the last thing that gets executed by cloud-init.cloud-config does't have the one key limitation and allows you to assign multiple ssh key's and perform many additional configuration tasks as well.
It might be beneficial to have a key deployed by OpenStack, in case your cloud-config scripts contains invalid yaml and fails completely ; you should then still have an instance you can access and debug...