ed25519 keys unsupported due to old pyopenssl
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Confirmed
|
Undecided
|
Unassigned | ||
kolla |
Opinion
|
Undecided
|
Unassigned | ||
kolla-ansible |
Invalid
|
Undecided
|
Unassigned | ||
Ubuntu |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
What happened:
When attempting to import an ed25519 based ssh key horizon reports the error "Error: Unable to import the keypair."
What you expected to happen:
The import will succeed as the key has been used in previous Openstack deploys (non kolla based) and the key is known to be valid.
How to reproduce it (minimal and precise):
Import a key through horizon that was generated using ssh-keygen -t ed25519, the import will fail with the above horizon. The nova api error is "HTTP exception thrown: Keypair data is invalid: failed to generate fingerprint" The internal error is "cryptography.
While testing we found that the version of pyOpenSSL shipped with the most recent version of kolla/ubuntu-
Environment:
Docker image Install type (source/binary): Binary
Docker image distribution: Ubuntu
Are you using official images from Docker Hub or self built? Official
Docker images: Ussuri
Indeed, Ubuntu Bionic does not seem to meet the requirements: https:/ /opendev. org/openstack/ requirements/ src/commit/ 7ea3fea5458a8e3 ef4e03ba15ea64b 2ff16dfcf1/ upper-constrain ts.txt# L184
However, this is not a Kolla issue as binary builds simply ensure compatibility with distributions and this distribution delivers this version.
If Ubuntu ever provided a newer version, we would pick it up.