Add Public-Key from Spec to Ignition Templates

[BugRoger]

No description provided.

[request-info]

The maintainers of this repository would appreciate it if you could provide more information.

[databus23]

This depends on #157 being closed first.

[databus23]

Putting this in the ignition template has the clear advantage that we don't need to sync the ssh pub key from the spec to the kluster's service user (and keep it in sync). On the other hand we circumvent the standard way of distributing ssh keys that nova offers. This is less portable when using other images for nodes than coreos.

I would favour using ignition for now because it requires less maintenance on the operator side. Counter thoughts?

[SchwarzM]

we have talked about this in the mob and i thought about adding the key to the service user that is used to create the nodes.
It will create additional overhead but uses the default way of openstack to distribute keys.
on the other hand cloud-init has to run then, and work.

[BugRoger]

Cloud-Init doesn't even work properly (due to DHCP timing issues?). At least at the moment, it times out on all machines. I would like to avoid it and possibly disable it completely. Therefore my +1 goes to Ignition and sparing us the service user key management problem.

[databus23]

But if cloud-init times out due to dhcp issues then ignition will suffer the same fate, no? In the end both rely on dhcp/network and the metadata service.

[BugRoger]

Yeah, it should. No idea. Need to check out what's up. It definitely times out but Ignition ran before.