[Bug 1890922] Re: ed25519 keys unsupported due to old pyopenssl

Radosław Piliszek 1890922 at bugs.launchpad.net
Sun Aug 9 08:00:17 UTC 2020 

Indeed, Ubuntu Bionic does not seem to meet the requirements:
https://opendev.org/openstack/requirements/src/commit/7ea3fea5458a8e3ef4e03ba15ea64b2ff16dfcf1
/upper-constraints.txt#L184

However, this is not a Kolla issue as binary builds simply ensure
compatibility with distributions and this distribution delivers this
version.

If Ubuntu ever provided a newer version, we would pick it up.

** Changed in: kolla-ansible
       Status: New => Invalid

** Changed in: kolla
       Status: New => Opinion

** Also affects: ubuntu
   Importance: Undecided
       Status: New

** Changed in: ubuntu
       Status: New => Confirmed

** Also affects: cloud-archive
   Importance: Undecided
       Status: New

** Changed in: cloud-archive
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1890922

Title:
  ed25519 keys unsupported due to old pyopenssl

Status in Ubuntu Cloud Archive:
  Confirmed
Status in kolla:
  Opinion
Status in kolla-ansible:
  Invalid
Status in Ubuntu:
  Confirmed

Bug description:
  What happened:
  When attempting to import an ed25519 based ssh key horizon reports the error "Error: Unable to import the keypair."

  What you expected to happen:
  The import will succeed as the key has been used in previous Openstack deploys (non kolla based) and the key is known to be valid.

  How to reproduce it (minimal and precise):
  Import a key through horizon that was generated using ssh-keygen -t ed25519, the import will fail with the above horizon. The nova api error is "HTTP exception thrown: Keypair data is invalid: failed to generate fingerprint" The internal error is "cryptography.exceptions.UnsupportedAlgorithm: ed25519 is not supported by this version of OpenSSL."

  While testing we found that the version of pyOpenSSL shipped with the
  most recent version of kolla/ubuntu-binary-nova-api:ussuri was 17.5.0.
  That version does not support ed25519 keys, updating to the newest
  version 19.1.0 will fixe the issue.

  Environment:
  Docker image Install type (source/binary): Binary
  Docker image distribution: Ubuntu
  Are you using official images from Docker Hub or self built? Official
  Docker images: Ussuri

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1890922/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list