[Bug 1890922] Re: ed25519 keys unsupported due to old pyopenssl
Radosław Piliszek
1890922 at bugs.launchpad.net
Fri Sep 4 07:07:28 UTC 2020
Kolla is officially supporting Focal since Victoria but it should not be
too hard for users to switch the base image for Ussuri too.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1890922
Title:
ed25519 keys unsupported due to old pyopenssl
Status in Ubuntu Cloud Archive:
Confirmed
Status in kolla:
Opinion
Status in kolla-ansible:
Invalid
Status in Ubuntu:
Confirmed
Bug description:
What happened:
When attempting to import an ed25519 based ssh key horizon reports the error "Error: Unable to import the keypair."
What you expected to happen:
The import will succeed as the key has been used in previous Openstack deploys (non kolla based) and the key is known to be valid.
How to reproduce it (minimal and precise):
Import a key through horizon that was generated using ssh-keygen -t ed25519, the import will fail with the above horizon. The nova api error is "HTTP exception thrown: Keypair data is invalid: failed to generate fingerprint" The internal error is "cryptography.exceptions.UnsupportedAlgorithm: ed25519 is not supported by this version of OpenSSL."
While testing we found that the version of pyOpenSSL shipped with the
most recent version of kolla/ubuntu-binary-nova-api:ussuri was 17.5.0.
That version does not support ed25519 keys, updating to the newest
version 19.1.0 will fixe the issue.
Environment:
Docker image Install type (source/binary): Binary
Docker image distribution: Ubuntu
Are you using official images from Docker Hub or self built? Official
Docker images: Ussuri
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1890922/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list