Stephen Lowrie

> Adding WIP label. Need to fix a few things due to #1573 Whoops sorry about that Mike, forgot to check open PRs to see if anything would be affected.

So my understanding of the afterburn code on OpenStack is the following: 1. If configdrive exists then it will check for `openstack/latest/meta_data.json`, attempt to parse it for the `public_keys` field...

> > If no SSH keys are provided this endpoint should still return but just be empty. > > I think that might be where things are differing, at least...

If you run `curl http://169.254.169.254/latest` does anything respond?

Seems like we need to update https://github.com/coreos/afterburn/blob/v4.5.3/src/providers/openstack/network.rs#L20 to `let client = retry::Client::try_new()?.return_on_404(true);` similar to what is being done in AWS & GCP

> Should AWS and GCP platforms show Afterburn: wrote ssh authorized keys file for user: core when this test is run? My understanding is "no" because the NoSSHKeyInMetadata flag is...

https://github.com/coreos/afterburn/pull/513 adds `return_on_404` to both `openstack` & `cloudstack` network providers

The online validator existed before the `ignition-validate` command was created. It's code can be viewed here: https://github.com/coreos/container-linux-userdata-validator

At a minimum I think we need to make it clean up the resources if it experiences an error during initial creation. Probably also worth looking into if we can...

@cgwalters the [code](https://github.com/coreos/mantle/blob/master/platform/api/aws/iam.go#L61) currently checks if the InstanceProfile exists, if it does it immediately exits without checking the underlying roles, if it doesn't it attempts to create said underlying roles....