// Module included in the following assemblies: // // * virt/virtual_machines/virt-accessing-vm-ssh.adoc ifeval::["{context}" == "static-key"] :static-key: :header: Adding a key when creating a VM endif::[] ifeval::["{context}" == "dynamic-key"] :dynamic-key: :header: Enabling dynamic key injection endif::[] :_mod-docs-content-type: PROCEDURE [id="virt-adding-public-key-cli_{context}"] = {header} by using the command line ifdef::static-key[] You can add a statically managed public SSH key when you create a virtual machine (VM) by using the command line. The key is added to the VM at first boot. The key is added to the VM as a cloud-init data source. This method separates the access credentials from the application data in the cloud-init user data. This method does not affect cloud-init user data. endif::[] ifdef::dynamic-key[] You can enable dynamic key injection for a virtual machine (VM) by using the command line. Then, you can update the public SSH key at runtime. [NOTE] ==== Only {op-system-base-full} 9 supports dynamic key injection. ==== The key is added to the VM by the QEMU guest agent, which is installed automatically with {op-system-base} 9. endif::[] .Prerequisites * You generated an SSH key pair by running the `ssh-keygen` command. .Procedure . Create a manifest file for a `VirtualMachine` object and a `Secret` object: + [source,yaml] ---- apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: example-vm namespace: example-namespace spec: dataVolumeTemplates: - apiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: name: example-vm-disk spec: sourceRef: kind: DataSource name: rhel9 namespace: openshift-virtualization-os-images storage: resources: requests: storage: 30Gi running: false template: metadata: labels: kubevirt.io/domain: example-vm spec: domain: cpu: cores: 1 sockets: 2 threads: 1 devices: disks: - disk: bus: virtio name: rootdisk - disk: bus: virtio name: cloudinitdisk interfaces: - masquerade: {} name: default rng: {} features: smm: enabled: true firmware: bootloader: efi: {} resources: requests: memory: 8Gi evictionStrategy: LiveMigrate networks: - name: default pod: {} volumes: - dataVolume: name: example-volume name: example-vm-disk - cloudInitConfigDrive: <.> userData: |- #cloud-config user: cloud-user password: chpasswd: { expire: False } ifdef::dynamic-key[] runcmd: - [ setsebool, -P, virt_qemu_ga_manage_ssh, on ] endif::[] name: cloudinitdisk accessCredentials: - sshPublicKey: propagationMethod: ifdef::static-key[] configDrive: {} endif::[] ifdef::dynamic-key[] qemuGuestAgent: users: ["user1","user2","fedora"] <.> endif::[] source: secret: secretName: authorized-keys <.> --- apiVersion: v1 kind: Secret metadata: name: authorized-keys data: key: | MIIEpQIBAAKCAQEAulqb/Y... <.> ---- <.> Specify `cloudInitConfigDrive` to create a configuration drive. ifdef::dynamic-key[] <.> Specify the user names. endif::[] <.> Specify the `Secret` object name. <.> Paste the public SSH key. . Create the `VirtualMachine` and `Secret` objects: + [source,terminal] ---- $ oc create -f .yaml ---- . Start the VM: + [source,terminal] ---- $ virtctl start vm example-vm -n example-namespace ---- .Verification * Get the VM configuration: + [source,terminal] ---- $ oc describe vm example-vm -n example-namespace ---- + .Example output [source,yaml] ---- apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: name: example-vm namespace: example-namespace spec: template: spec: accessCredentials: - sshPublicKey: propagationMethod: ifdef::static-key[] configDrive: {} endif::[] ifdef::dynamic-key[] qemuGuestAgent: users: ["user1","user2","fedora"] endif::[] source: secret: secretName: authorized-keys # ... ---- ifeval::["{context}" == "static-key"] :!static-key: endif::[] ifeval::["{context}" == "dynamic-key"] :!dynamic-key: endif::[]