Use better variable values for ssh_public_key#11
Merged
fghaas merged 3 commits intocleura:mainfrom Mar 5, 2026
Merged
Conversation
Without this change, if the user neglects to set the ssh_public_key stack parameter, they get an error message that is rather unhelpful to a new user: ERROR: The public_key property is required by the nova API version currently used. By setting it to null (instead of the empty string) in heat/environment.yaml, they instead get: ERROR: The Parameter (ssh_public_key) was not provided. ... which is a much more self-explanatory message.
When setting ssh_public_key to null or the empty string, the Ansible playbook proceeds and completes successfully, but creates an invalid SSH keypair and thus an invalid authorized_keys file in the Pad Ramp host. Thus, comment out the variable in ansible/vars.yaml (leaving it undefined), which causes the playbook to fail outright because of a reference to an undefined variable.
When setting ssh_public_key to null or the empty string, "tofu apply" proceeds and completes successfully, but creates an invalid SSH keypair and thus an invalid authorized_keys file in the Pad Ramp host. Thus, comment out the variable in tf/vars.tfvars (leaving it undefined), which causes OpenTofu to prompt for the missing variable (unless a TF_VAR_ssh_public_key environment variable is set).
fghaas
changed the title
colder-is-better
approved these changes
Mar 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix: Set ssh_public_key to null (not "") in heat/environment.yaml
Without this change, if the user neglects to set the ssh_public_key
stack parameter, they get an error message that is rather unhelpful to
a new user:
ERROR: The public_key property is required by the nova API version currently used.
By setting it to null (instead of the empty string) in
heat/environment.yaml, they instead get:
ERROR: The Parameter (ssh_public_key) was not provided.
... which is a much more self-explanatory message.
fix: Comment ssh_public_key in ansible/vars.yaml
When setting ssh_public_key to null or the empty string, the Ansible
playbook proceeds and completes successfully, but creates an invalid
SSH keypair and thus an invalid authorized_keys file in the Pad Ramp
host.
Thus, comment out the variable in ansible/vars.yaml (leaving it
undefined), which causes the playbook to fail outright because of a
reference to an undefined variable.
fix: Comment ssh_public_key in tf/vars.tfvars
When setting ssh_public_key to null or the empty string, "tofu apply"
proceeds and completes successfully, but creates an invalid SSH
keypair and thus an invalid authorized_keys file in the Pad Ramp host.
Thus, comment out the variable in tf/vars.tfvars (leaving it
undefined), which causes OpenTofu to prompt for the missing variable
(unless a TF_VAR_ssh_public_key environment variable is set).