From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH qemu-server] cloudinit: add sshdeletehostkeys option
Date: Thu, 14 Jan 2021 18:11:08 +0100 [thread overview]
Message-ID: <20210114171108.756728-1-aderumier@odiso.com> (raw)
This define behaviour of ssh server keys generation on cloudinit
config change.
different value:
- once : only once at vmstart (default value)
- no : never generate ssh key
- yes: always generate ssh key
When value is defined to 'once', the value is rewriten to 'no'
in vmconfig after vm start
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/QemuServer.pm | 9 ++++++++-
PVE/QemuServer/Cloudinit.pm | 11 +++++++++--
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 54278e5..cd6c26c 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -760,6 +760,13 @@ my $confdesc_cloudinit = {
format => 'urlencoded',
description => "cloud-init: Setup public SSH keys (one key per line, OpenSSH format).",
},
+ sshdeletehostkeys => {
+ optional => 1,
+ type => 'string',
+ enum => [qw(once yes no)],
+ default_key => 1,
+ description => "cloud-init: Regenerate host SSH keys on config change.",
+ },
};
# what about other qemu settings ?
@@ -4943,7 +4950,7 @@ sub vm_start_nolock {
$conf = PVE::QemuConfig->load_config($vmid); # update/reload
}
- PVE::QemuServer::Cloudinit::generate_cloudinitconfig($conf, $vmid);
+ PVE::QemuServer::Cloudinit::generate_cloudinitconfig($conf, $vmid, 1);
my $defaults = load_defaults();
diff --git a/PVE/QemuServer/Cloudinit.pm b/PVE/QemuServer/Cloudinit.pm
index dd643c1..4dbc4d6 100644
--- a/PVE/QemuServer/Cloudinit.pm
+++ b/PVE/QemuServer/Cloudinit.pm
@@ -135,7 +135,7 @@ sub cloudinit_userdata {
$content .= " - $k\n";
}
}
- $content .= "ssh_deletekeys: false\n" if PVE::QemuServer::check_running($vmid);
+ $content .= "ssh_deletekeys: false\n" if defined($conf->{sshdeletehostkeys}) && $conf->{sshdeletehostkeys} eq 'no';
$content .= "chpasswd:\n";
$content .= " expire: False\n";
@@ -464,9 +464,10 @@ my $cloudinit_methods = {
};
sub generate_cloudinitconfig {
- my ($conf, $vmid) = @_;
+ my ($conf, $vmid, $vmstart) = @_;
my $format = get_cloudinit_format($conf);
+ my $generated = undef;
PVE::QemuConfig->foreach_volume($conf, sub {
my ($ds, $drive) = @_;
@@ -479,7 +480,13 @@ sub generate_cloudinitconfig {
or die "missing cloudinit methods for format '$format'\n";
$generator->($conf, $vmid, $drive, $volname, $storeid);
+ $generated = 1;
});
+
+ if ($vmstart && $generated && (!defined($conf->{sshdeletehostkeys}) || $conf->{sshdeletehostkeys} eq 'once')) {
+ $conf->{sshdeletehostkeys} = 'no';
+ PVE::QemuConfig->write_config($vmid, $conf);
+ }
}
sub dump_cloudinit_config {
--
2.20.1
next reply other threads:[~2021-01-14 17:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-14 17:11 Alexandre Derumier [this message]
2021-01-27 16:56 ` Mira Limbeck
2021-02-01 16:12 ` aderumier
2021-02-03 8:28 ` aderumier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210114171108.756728-1-aderumier@odiso.com \
--to=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.