From addccd4a821a17215dfc91425312a1e453c8a535 Mon Sep 17 00:00:00 2001
From: Joakim Persson <joakim.persson@icloud.com>
Date: Sun, 19 Apr 2026 16:36:15 +0200
Subject: [PATCH] Remove --key-name from OpenStack examples, clarify SSH key is
 in cloud-init

---
 deploy/README.md      | 6 +++---
 deploy/cloud-init.yml | 5 ++++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/deploy/README.md b/deploy/README.md
index 70bd307..fe3be8b 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -27,7 +27,9 @@ Customize `cloud-init.yml` — replace the SSH public key and optionally the hos
 
 #### Full OpenStack example
 
-Cloud-init only handles guest configuration — flavor, image, network, and security group must be specified explicitly at creation time:
+Cloud-init only handles guest configuration — flavor, image, network, and security group must be specified explicitly at creation time.
+
+> **Note:** Do not use `--key-name` — the SSH key is configured in `cloud-init.yml` under `ssh_authorized_keys` for the `devbox` user. The `--key-name` flag injects into the image's default user (e.g. `debian`), not the `devbox` user created by cloud-init.
 
 ```bash
 # List available flavors to choose appropriate sizing
@@ -42,7 +44,6 @@ openstack server create \
   --image debian-13-trixie \
   --network my-network \
   --security-group opencode-devbox \
-  --key-name my-ssh-key \
   --user-data cloud-init.yml \
   devbox-vm
 ```
@@ -55,7 +56,6 @@ openstack server create \
   --flavor c4m8 \
   --network my-network \
   --security-group opencode-devbox \
-  --key-name my-ssh-key \
   --user-data cloud-init.yml \
   --block-device source=image,id=$(openstack image show debian-13-trixie -f value -c id),dest=volume,size=40,shutdown=preserve,bootindex=0,volume_type=performance \
   devbox-vm
diff --git a/deploy/cloud-init.yml b/deploy/cloud-init.yml
index dacd485..478e730 100644
--- a/deploy/cloud-init.yml
+++ b/deploy/cloud-init.yml
@@ -20,7 +20,10 @@ users:
     shell: /bin/bash
     sudo: ALL=(ALL) NOPASSWD:ALL
     ssh_authorized_keys:
-      # CUSTOMIZE: replace with your public SSH key
+      # CUSTOMIZE: replace with your public SSH key.
+      # This is the only SSH key config needed — do NOT use --key-name with
+      # openstack server create, as that injects into the image's default
+      # user (e.g. debian), not the devbox user defined here.
       - ssh-ed25519 AAAA... your-key-here
 
 # ── Optional: console password ───────────────────────────────────────