Listing all key pairs in OpenStack

Posted by

I’m pretty to new OpenStack, but I’ve noticed that pre-Liberty if you wanted to list all key pairs for a user, you needed to be logged in as that user. If this isn’t correct, please let me know. We are working on a project at work where I needed to retrieve key pairs for specific users while acting as an admin user.  In this post I’ll show how to do just that. All commands are ran as an admin user.

In my Kilo lab my nova client is version 2.22.0

nova –version

Displaying help for the keypair-list command results in:

nova help keypair-list
usage: nova keypair-list

Print a list of keypairs for a user

Note that there are no options available for specifying other users, tenants/projects, etc so it only acts on the user who is running the command.

I then found the following bug report: keypair-list should allow you to specify a user or all-users. To test this out I installed a DevStack instance of Liberty. Let’s see what version of the nova client is in provided:

nova –version

Now for the options:

nova help keypair-list
usage: nova keypair-list [–user <user-id>]

Print a list of keypairs for a user (Supported by API versions ‘2.0’ –
‘2.latest’) [hint: use ‘–os-compute-api-version’ flag to show help message
for proper version]

Optional arguments:
–user <user-id>  List key-pairs of specified user ID (Admin only).

Notice the new –user argument.

Let’s see if we can view the key pairs of the demo user. First we will get the demo user’s ID since the nova –user argument specifies that it only accepts an ID:

openstack user list 
| ID                               | Name     |
| 0f170c032ff74a1f9e5548c16bd76dcc | nova     |
| 2848a301af4e4b6faec536102b3d292b | glance   |
| 290e7f84f951426a9c5d63fa67aa506d | admin    |
| 5d1a93152efb4b00af59b3620bfd8cc3 | alt_demo |
| 6fc465ae0e944dc3b08eb661c43ba922 | demo     |
| d961ddcad066415f96a44fa8c7349166 | cinder   |
nova keypair-list --user 6fc465ae0e944dc3b08eb661c43ba922
| Name | Type | Fingerprint                                     |
| demo | ssh  | 8d:e2:65:ec:8c:91:52:bb:40:22:55:2e:9b:1f:f0:45 |

I’d probably do it differently, but for something quick, if you want to list all users/key pairs, you could do something like this.

for user in $(openstack user list -f value -c ID); do nova keypair-list –user ${user} | grep -P “\|\s(([a-f0-9]{2}:)?){15}[a-f0-9]{2}\s\|$”; done

| admin | ssh  | 2e:93:fd:9b:45:30:e1:47:fe:93:4e:4a:21:74:40:d0 |
| demo | ssh  | 8d:e2:65:ec:8c:91:52:bb:40:22:55:2e:9b:1f:f0:45 |

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s