[ovirt-users] How to extract root ssh

[Fabrice Bacchella]

> Le 10 août 2017 à 07:51, Yedidyah Bar David <didi at redhat.com> a écrit :
> 
> On Wed, Aug 9, 2017 at 5:27 PM, Fabrice Bacchella
> <fabrice.bacchella at orange.fr> wrote:
>> 
>>> Le 9 août 2017 à 16:03, Yedidyah Bar David <didi at redhat.com> a écrit :
>>> 
>>> On Wed, Aug 9, 2017 at 4:35 PM, Fabrice Bacchella
>>> <fabrice.bacchella at orange.fr> wrote:
>>>> oVirt own a private ssh keys that it can use to do remote installation on
>>>> host, instead of using a password. But I didn't found at
>>>> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/rest_api_guide/
>>>> how to find it's public key. Where can I found it ?
>>> 
>>> For the public key, see:
>>> 
>>> http://www.ovirt.org/develop/release-management/features/infra/pki/#services
>>> 
>>> Not sure if it's part of the API, or if it should be - adding Juan.
>> 
>> I'm writing code to create automatically datacenter/cluster/host, without storing the root password in scripts.
> 
> How do you provision your hosts? If using pxe or cloud-init or
> something like that, you can arrange to add a public key to the
> authorized keys during installation, and then you can use the matching
> private key later on for management, with no relation to oVirt.

I have no problem putting it in hosts, they are prepared using puppet, and the public key is pushed at this time.

> 
>> Having a way to have the sdk automatically get it would be nice. Having a known URL is good enough, but it it's not obvious to find it.
> 
> Doc patches/Blog posts/etc. are welcome :-)

A simple service like /api/pki-resource that does the same thing that  /ovirt-engine/services/pki-resource?resource=RESOURCE&format=FORMAT would make finding it much easier. It could simply send a redirect or wrap the content.

Code using the sdk already have all the http connexion stuff prepared, it juste another sdk call. Calling /ovirt-engine/services/pki-resource make writing custom code mandatory.