Support for ssh auth to VMs via public key or password

Registered by Andrea Frittoli on 2013-02-18

Some of tempest tests use ssh access to the VM to perform extra checks. In the current implementation ssh authentication is based only on username and password. Password injection in nova is an optional feature, and real life environment are more likely to use public-key authentication for improved security. This blueprint delivers supports for public key authentication, while maintaining the original password-based implementation as well.

Blueprint information

Status:
Started
Approver:
David Kranz
Priority:
Medium
Drafter:
Andrea Frittoli
Direction:
Approved
Assignee:
Andrea Frittoli
Definition:
Approved
Series goal:
Accepted for kilo
Implementation:
Good progress
Milestone target:
milestone icon kilo-rc
Started by
Giulio Fidente on 2013-12-11

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/ssh-auth-strategy,n,z

Addressed by: https://review.openstack.org/94741
    add bp:ssh-auth-strategy

Addressed by: https://review.openstack.org/146535
    WIP: Add new multi ssh configuration options

Addressed by: https://review.openstack.org/149229
    Define validation_resources function for ssh validation

Addressed by: https://review.openstack.org/151601
    WIP - Add create_test_server function

Addressed by: https://review.openstack.org/153899
    WIP - Create shared ssh verification by extending RemoteClient

Addressed by: https://review.openstack.org/165504
    DO NOT MERGE- Test ssh validation in the gate

Addressed by: https://review.openstack.org/169204
    DO NOT MERGE - test ssh-auth-strategy in the gate

Addressed by: https://review.openstack.org/173217
    Add or change default value some configs.

Gerrit topic: https://review.openstack.org/#q,topic:bug/1453936,n,z

Addressed by: https://review.openstack.org/182041
    Add new config option to globally trigger resource validation

Gerrit topic: https://review.openstack.org/#q,topic:bp/Partially,n,z

Addressed by: https://review.openstack.org/195433
    Support floating IP and configurable auth methods

Addressed by: https://review.openstack.org/207913
    Migrate telemetry tests to the ssh-auth-strategy

Addressed by: https://review.openstack.org/209144
    Migrate volume tests to the ssh-auth-strategy

Addressed by: https://review.openstack.org/225575
    WIP - Migrate scenario tests ssh-auth-strategy

Addressed by: https://review.openstack.org/253444
    Update configuration options ssh-auth-strategy

Gerrit topic: https://review.openstack.org/#q,topic:ssh-wrapper,n,z

Addressed by: https://review.openstack.org/259515
    Add a PINGABLE and a SSHABLE waiters

Addressed by: https://review.openstack.org/295185
    Update the docs on ssh validation

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.