Merge #513

hyades-bors[bot] · cryslith · hyades-bors[bot] · commit dcc313e7175a · 2020-04-21T05:45:55.000Z
513: spire: don't scan for supervisor keys during auto-launch r=cryslith a=cryslith

When launching an existing virtual cluster, don't attempt to
authenticate to the supervisor with the pre-keysystem method
of using the preseeded authorized ssh key.
Doing so won't work because that ssh key is no longer authorized
on the supervisor after the keysystem is set up.
(Previously, it sometimes appeared to work when the
keysystem-provided ssh keys were still loaded from a prior
auto-install.)

This also avoids unnecessarily pulling the host key
from the keysystem and verifying it using the fingerprint
displayed on the supervisor console; once the keysystem is
set up the supervisor can authenticate itself using the CA.



Co-authored-by: Lily Chung &lt;lkdc@mit.edu&gt;
diff --git a/platform/spire/src/virt.py b/platform/spire/src/virt.py
@@ -549,10 +549,10 @@ def auto_install_supervisor(ops: command.Operations, tc: TerminationContext, sup
 
 
 @command.wrapseq
-def auto_launch_supervisor(ops: command.Operations, tc: TerminationContext, supervisor: configuration.Node, debug_qemu=False):
+def auto_launch_supervisor(ops: command.Operations, tc: TerminationContext, supervisor: configuration.Node, autoadd_fingerprint=False, debug_qemu=False):
     # TODO: annotations, so that this can be --dry-run'd
     vm = VirtualMachine(supervisor, tc, debug_qemu=debug_qemu)
-    ops.add_operation("start up supervisor node", lambda: vm.boot_launch(autoadd_fingerprint=True))
+    ops.add_operation("start up supervisor node", lambda: vm.boot_launch(autoadd_fingerprint=autoadd_fingerprint))
 
 
 @command.wrapseq
@@ -591,7 +591,7 @@ def auto_install(ops: command.Operations, authorized_key=None, persistent: bool=
         with ops.context("termination", TerminationContext()) as tc:
             with ops.context("debug shell", DebugContext(persistent)):
                 ops.add_subcommand(auto_install_supervisor, tc, config.keyserver, iso_path, cdrom_install=cdrom_install, debug_qemu=debug_qemu)
-                ops.add_subcommand(auto_launch_supervisor, tc, config.keyserver, debug_qemu=debug_qemu)
+                ops.add_subcommand(auto_launch_supervisor, tc, config.keyserver, autoadd_fingerprint=True, debug_qemu=debug_qemu)
                 ops.add_subcommand(seq.sequence_supervisor)
 
                 other_nodes = [n for n in config.nodes if n != config.keyserver]
