Merge pull request #274 from stackhpc/feat/ephemeral-ssh-keys

sjpb · web-flow · commit 6b702e131658 · 2023-05-11T09:42:50.000+01:00
Use of ephemeral SSH keys when building Packer images
diff --git a/environments/.stackhpc/builder.pkrvars.hcl b/environments/.stackhpc/builder.pkrvars.hcl
@@ -3,6 +3,7 @@ networks = ["a262aabd-e6bf-4440-a155-13dbc1b5db0e"] # WCDC-iLab-60
 source_image_name = "openhpc-230503-0944-bf8c3f63.qcow2" # https://github.com/stackhpc/ansible-slurm-appliance/pull/252
 fatimage_source_image_name = "Rocky-8-GenericCloud-8.6.20220702.0.x86_64.qcow2"
 ssh_keypair_name = "slurm-app-ci"
+ssh_private_key_file = "~/.ssh/id_rsa"
 security_groups = ["default", "SSH"]
 ssh_bastion_host = "128.232.222.183"
 ssh_bastion_username = "slurm-app-ci"
diff --git a/packer/README.md b/packer/README.md
@@ -22,9 +22,10 @@ Building an environment-specific compute node image will[^1] require a cluster t
   flavor = "general.v1.small"                           # VM flavor to use for builder VMs
   networks = ["26023e3d-bc8e-459c-8def-dbd47ab01756"]   # List of network UUIDs to attach the VM to
   source_image_name = "Rocky-8.5-GenericCloud"          # Name of source image. This must exist in OpenStack and should be a Rocky Linux 8.5 GenericCloud-based image.
-  ssh_keypair_name = "slurm-app-ci"                     # Name of an existing keypair in OpenStack. The private key must be on the host running Packer.
   ```
   
+  This configuration will generate and use an ephemeral SSH key for communicating with the Packer VM. If this is undesirable, set `ssh_keypair_name` to the name of an existing keypair in OpenStack. The private key must be on the host running Packer, and its path can be set using `ssh_private_key_file`.
+
   The network used for the Packer VM must provide outbound internet access but does not need to provide access to resources which the final cluster nodes require (e.g. Slurm control node, network filesystem servers etc.).
   
   For additional options such as non-default private key locations or jumphost configuration see the variable descriptions in `./openstack.pkr.hcl`.
diff --git a/packer/openstack.pkr.hcl b/packer/openstack.pkr.hcl
@@ -64,11 +64,12 @@ variable "ssh_username" {
 
 variable "ssh_private_key_file" {
   type = string
-  default = "~/.ssh/id_rsa"
+  default = null
 }
 
 variable "ssh_keypair_name" {
   type = string
+  default = null
 }
 
 variable "security_groups" {

Original file line number	Diff line number	Diff line change
`@@ -64,11 +64,12 @@ variable "ssh_username" {`
`64`	`64`
`65`	`65`	`variable "ssh_private_key_file" {`
`66`	`66`	`type = string`
`67`		`- default = "~/.ssh/id_rsa"`
	`67`	`+ default = null`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`variable "ssh_keypair_name" {`
`71`	`71`	`type = string`
	`72`	`+ default = null`
`72`	`73`	`}`
`73`	`74`
`74`	`75`	`variable "security_groups" {`