openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
058e1713b5d53f7607bab71fc500a04471fdb79b
openshift-docs/modules/virt-adding-public-key-cli.adoc
Avital Pinnick 35b62de408 CNV- 36284: cloudInitNoCloud 
Signed-off-by: Avital Pinnick <apinnick@redhat.com>
2023-12-13 10:01:15 +00:00

197 lines
4.5 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * virt/virtual_machines/virt-accessing-vm-ssh.adoc
ifeval::["{context}" == "static-key"]
:static-key:
:header: Adding a key when creating a VM
endif::[]
ifeval::["{context}" == "dynamic-key"]
:dynamic-key:
:header: Enabling dynamic key injection
endif::[]
:_mod-docs-content-type: PROCEDURE
[id="virt-adding-public-key-cli_{context}"]
= {header} by using the command line
ifdef::static-key[]
You can add a statically managed public SSH key when you create a virtual machine (VM) by using the command line. The key is added to the VM at first boot.
The key is added to the VM as a cloud-init data source. This method separates the access credentials from the application data in the cloud-init user data. This method does not affect cloud-init user data.
endif::[]
ifdef::dynamic-key[]
You can enable dynamic key injection for a virtual machine (VM) by using the command line. Then, you can update the public SSH key at runtime.
[NOTE]
====
Only {op-system-base-full} 9 supports dynamic key injection.
====
The key is added to the VM by the QEMU guest agent, which is installed automatically with {op-system-base} 9.
endif::[]
.Prerequisites
* You generated an SSH key pair by running the `ssh-keygen` command.
.Procedure
. Create a manifest file for a `VirtualMachine` object and a `Secret` object:
+
[source,yaml]
----
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: example-vm
namespace: example-namespace
spec:
dataVolumeTemplates:
- apiVersion: cdi.kubevirt.io/v1beta1
kind: DataVolume
metadata:
name: example-vm-disk
spec:
sourceRef:
kind: DataSource
name: rhel9
namespace: openshift-virtualization-os-images
storage:
resources:
requests:
storage: 30Gi
running: false
template:
metadata:
labels:
kubevirt.io/domain: example-vm
spec:
domain:
cpu:
cores: 1
sockets: 2
threads: 1
devices:
disks:
- disk:
bus: virtio
name: rootdisk
- disk:
bus: virtio
name: cloudinitdisk
interfaces:
- masquerade: {}
name: default
rng: {}
features:
smm:
enabled: true
firmware:
bootloader:
efi: {}
resources:
requests:
memory: 8Gi
evictionStrategy: LiveMigrate
networks:
- name: default
pod: {}
volumes:
- dataVolume:
name: example-volume
name: example-vm-disk
- cloudInitNoCloud: <.>
userData: |-
#cloud-config
user: cloud-user
password: <password>
chpasswd: { expire: False }
ifdef::dynamic-key[]
runcmd:
- [ setsebool, -P, virt_qemu_ga_manage_ssh, on ]
endif::[]
name: cloudinitdisk
accessCredentials:
- sshPublicKey:
propagationMethod:
ifdef::static-key[]
configDrive: {}
endif::[]
ifdef::dynamic-key[]
qemuGuestAgent:
users: ["user1","user2","fedora"] <.>
endif::[]
source:
secret:
secretName: authorized-keys <.>
---
apiVersion: v1
kind: Secret
metadata:
name: authorized-keys
data:
key: |
MIIEpQIBAAKCAQEAulqb/Y... <.>
----
<.> Specify the `cloudInitNoCloud` data source.
ifdef::dynamic-key[]
<.> Specify the user names.
endif::[]
<.> Specify the `Secret` object name.
<.> Paste the public SSH key.
. Create the `VirtualMachine` and `Secret` objects:
+
[source,terminal]
----
$ oc create -f <manifest_file>.yaml
----
. Start the VM:
+
[source,terminal]
----
$ virtctl start vm example-vm
----
.Verification
. Get the VM configuration:
+
[source,terminal]
----
$ oc describe vm example-vm -n example-namespace
----
+
.Example output
[source,yaml]
----
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: example-vm
namespace: example-namespace
spec:
template:
spec:
accessCredentials:
- sshPublicKey:
propagationMethod:
ifdef::static-key[]
configDrive: {}
endif::[]
ifdef::dynamic-key[]
qemuGuestAgent:
users: ["user1","user2","fedora"]
endif::[]
source:
secret:
secretName: authorized-keys
----
ifeval::["{context}" == "static-key"]
:!static-key:
endif::[]
ifeval::["{context}" == "dynamic-key"]
:!dynamic-key:
endif::[]
View Git Blame Copy Permalink