From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH qemu-server] cloudinit: add sshdeletehostkeys option
Date: Thu, 14 Jan 2021 18:11:08 +0100 [thread overview]
Message-ID: <20210114171108.756728-1-aderumier@odiso.com> (raw)
This define behaviour of ssh server keys generation on cloudinit
config change.
different value:
- once : only once at vmstart (default value)
- no : never generate ssh key
- yes: always generate ssh key
When value is defined to 'once', the value is rewriten to 'no'
in vmconfig after vm start
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/QemuServer.pm | 9 ++++++++-
PVE/QemuServer/Cloudinit.pm | 11 +++++++++--
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 54278e5..cd6c26c 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -760,6 +760,13 @@ my $confdesc_cloudinit = {
format => 'urlencoded',
description => "cloud-init: Setup public SSH keys (one key per line, OpenSSH format).",
},
+ sshdeletehostkeys => {
+ optional => 1,
+ type => 'string',
+ enum => [qw(once yes no)],
+ default_key => 1,
+ description => "cloud-init: Regenerate host SSH keys on config change.",
+ },
};
# what about other qemu settings ?
@@ -4943,7 +4950,7 @@ sub vm_start_nolock {
$conf = PVE::QemuConfig->load_config($vmid); # update/reload
}
- PVE::QemuServer::Cloudinit::generate_cloudinitconfig($conf, $vmid);
+ PVE::QemuServer::Cloudinit::generate_cloudinitconfig($conf, $vmid, 1);
my $defaults = load_defaults();
diff --git a/PVE/QemuServer/Cloudinit.pm b/PVE/QemuServer/Cloudinit.pm
index dd643c1..4dbc4d6 100644
--- a/PVE/QemuServer/Cloudinit.pm
+++ b/PVE/QemuServer/Cloudinit.pm
@@ -135,7 +135,7 @@ sub cloudinit_userdata {
$content .= " - $k\n";
}
}
- $content .= "ssh_deletekeys: false\n" if PVE::QemuServer::check_running($vmid);
+ $content .= "ssh_deletekeys: false\n" if defined($conf->{sshdeletehostkeys}) && $conf->{sshdeletehostkeys} eq 'no';
$content .= "chpasswd:\n";
$content .= " expire: False\n";
@@ -464,9 +464,10 @@ my $cloudinit_methods = {
};
sub generate_cloudinitconfig {
- my ($conf, $vmid) = @_;
+ my ($conf, $vmid, $vmstart) = @_;
my $format = get_cloudinit_format($conf);
+ my $generated = undef;
PVE::QemuConfig->foreach_volume($conf, sub {
my ($ds, $drive) = @_;
@@ -479,7 +480,13 @@ sub generate_cloudinitconfig {
or die "missing cloudinit methods for format '$format'\n";
$generator->($conf, $vmid, $drive, $volname, $storeid);
+ $generated = 1;
});
+
+ if ($vmstart && $generated && (!defined($conf->{sshdeletehostkeys}) || $conf->{sshdeletehostkeys} eq 'once')) {
+ $conf->{sshdeletehostkeys} = 'no';
+ PVE::QemuConfig->write_config($vmid, $conf);
+ }
}
sub dump_cloudinit_config {
--
2.20.1
next reply other threads:[~2021-01-14 17:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-14 17:11 Alexandre Derumier [this message]
2021-01-27 16:56 ` Mira Limbeck
2021-02-01 16:12 ` aderumier
2021-02-03 8:28 ` aderumier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210114171108.756728-1-aderumier@odiso.com \
--to=aderumier@odiso.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox