From e56b55452549cb037da0a4165154ffa494e9678a Mon Sep 17 00:00:00 2001
From: Thomas Stringer <git@trstringer.com>
Date: Thu, 10 Sep 2020 14:29:54 -0400
Subject: Retrieve SSH keys from IMDS first with OVF as a fallback (#509)

* pull ssh keys from imds first and fall back to ovf if unavailable

* refactor log and diagnostic messages

* refactor the OpenSSLManager instantiation and certificate usage

* fix unit test where exception was being silenced for generate cert

* fix tests now that certificate is not always generated

* add documentation for ssh key retrieval

* add ability to check if http client has security enabled

* refactor certificate logic to GoalState
---
 doc/rtd/topics/datasources/azure.rst | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'doc/rtd/topics')

diff --git a/doc/rtd/topics/datasources/azure.rst b/doc/rtd/topics/datasources/azure.rst
index fdb919a5..e04c3a33 100644
--- a/doc/rtd/topics/datasources/azure.rst
+++ b/doc/rtd/topics/datasources/azure.rst
@@ -68,6 +68,12 @@ configuration information to the instance. Cloud-init uses the IMDS for:
 - network configuration for the instance which is applied per boot
 - a preprovisioing gate which blocks instance configuration until Azure fabric
   is ready to provision
+- retrieving SSH public keys. Cloud-init will first try to utilize SSH keys
+  returned from IMDS, and if they are not provided from IMDS then it will
+  fallback to using the OVF file provided from the CD-ROM. There is a large
+  performance benefit to using IMDS for SSH key retrieval, but in order to
+  support environments where IMDS is not available then we must continue to
+  all for keys from OVF
 
 
 Configuration
-- 
cgit v1.2.3