-
Notifications
You must be signed in to change notification settings - Fork 23
Provide support for ssh-sk
for Nova
#1386
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
etc/kayobe/kolla.yml
Outdated
@@ -346,6 +346,11 @@ kolla_build_blocks: | |||
{% set magnum_capi_packages = ['magnum-capi-helm==1.1.0'] %} | |||
RUN {{ macros.install_pip(magnum_capi_packages | customizable("pip_packages")) }} | |||
{% endraw %} | |||
nova_base_footer: | | |||
{% raw %} | |||
{% set nova_packages = ['cryptography==43.0.0'] %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume cryptography is pulled in as a dependency to Nova? Just bump it up in upper-constraints using a macro?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't sure what the best approach is as adjusting upper-constraints would impact more than just Nova.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, we use u-c fork as a repo, but there are macros in Kolla that mangle u-c entries - you could use that only for Nova.
d335906
to
810c48f
Compare
@mnasiadka not sure why it is failing to build. I see |
810c48f
to
8390e6e
Compare
f36aba4
to
bffeda3
Compare
Support for `ssh-sk` keys was recently added in the cryptography package pyca/cryptography#10608. By installing version `43.0.3` we can benefit from such support within `Nova`
The `Nova` containers with the tag `20241126T110410` provides support for `ssh-sk` providing users the option of improving the security of SSH access to their instances. [skip ci]
bffeda3
to
36a0f44
Compare
Provide
ssh-sk
based keys for use withinNova
providing users with the ability to further secureSSH
access to their instances.This has been achieved with by bumping the
cryptography
package to version43.0.0
which includes pyca/cryptography#10608.