From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 013936CA23 for ; Mon, 1 Feb 2021 17:12:34 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E9BDB27C71 for ; Mon, 1 Feb 2021 17:12:34 +0100 (CET) Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id EC91E27C5B for ; Mon, 1 Feb 2021 17:12:32 +0100 (CET) Received: by mail-wr1-x42d.google.com with SMTP id g10so17207806wrx.1 for ; Mon, 01 Feb 2021 08:12:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=odiso-com.20150623.gappssmtp.com; s=20150623; h=message-id:subject:from:to:date:in-reply-to:references:user-agent :mime-version; bh=HWPnAt8YkDi8rxvArq+jQnRGIozpYG/y7vLfT7cud34=; b=dyv7yUAFrtsXEkXqg67IZPf9h4lMtPxX7dEe86kWWNnP0mda9v9GvsXVZ4lESFJAJy A8e70bIOrh93lwN9SqWUyur1v02dpbELh8KLXUfbGzfU/xGNmbZVYzXZ1cjh1PHkpNdD WDFkBGPjnu3k37hDxATXJ1Q4y2DM/Qfr0fkcrhFD2Ox84ofroiajI7zEia/wkjIohdJq dWpXbullSqkaAzgANm0ORit+SxyCPhDjv2/Ts+VPyiLbQ1+W79sor3VLQMgCfnFRSead rhvXpt3833+VpOKCSLZIqFy7TEoHYUzHq0GNJSJO95dqn4gQsKMmtJuTPV8iX2oFN/zs GoDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:user-agent:mime-version; bh=HWPnAt8YkDi8rxvArq+jQnRGIozpYG/y7vLfT7cud34=; b=t7OPXFED1r4Qhp9eEC5cBm538lDvF38GhRb3j20Zt+Vrks7ggvDu+3GLgrRmEyB2kJ vhQx9jlzI/gWwtIZazNNxCgezRAXNRVfeQjx//Y1P/UIY3qK8rWeF1hGb1KabN1HV4tC XOTtLt2LkbXj4zciEx+9xTDp8wsrrrtOXebsJpjJXiXbZegvoX1esOdQ8KlkCSVDRdRo ZJq4oe2gu3JOsItYgHxcit8Mado45Xd37bzcJucwSMw6qPCRpMTOpyrQsrxN+VSGoCQ/ 7JqrBbk+GU3U0/llsvFTb8Pl01HWa1VaLG/tgAE/6opWOPSmuHZ74nLTmSpnUjBHvIX3 a3Rw== X-Gm-Message-State: AOAM5337unp84ZEkafa56f5uruxoQNWT4mP8jYCBsyke3z2vjLtrjCbr qNdJKfkOWlLKnlweEex+x0NNFGX0ZQCqHiga X-Google-Smtp-Source: ABdhPJxMvpwA+c3EztVUQd/LDFZSWAyey8nKwlxkJCqRCclwPPrFIbzvBtb/7JmQPXrieX5OHEJclQ== X-Received: by 2002:adf:f4c1:: with SMTP id h1mr19090748wrp.102.1612195946467; Mon, 01 Feb 2021 08:12:26 -0800 (PST) Received: from ?IPv6:2a0a:1580:0:1::100c? (ovpn1.odiso.net. [2a0a:1580:2000::3f]) by smtp.gmail.com with ESMTPSA id v4sm31437742wrw.42.2021.02.01.08.12.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Feb 2021 08:12:25 -0800 (PST) Message-ID: <46f3dc57889d0bd0bfc84f5a946dad12d179ed5b.camel@odiso.com> From: aderumier@odiso.com To: Proxmox VE development discussion Date: Mon, 01 Feb 2021 17:12:24 +0100 In-Reply-To: References: <20210114171108.756728-1-aderumier@odiso.com> User-Agent: Evolution 3.38.3 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.161 Adjusted score from AWL reputation of From: address DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [pve-devel] [PATCH qemu-server] cloudinit: add sshdeletehostkeys option X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 16:12:35 -0000 Le mercredi 27 janvier 2021 à 17:56 +0100, Mira Limbeck a écrit : > Thank you for the patch. > > It doesn't apply on the latest qemu-server master. Looks like your > Cloudinit.pm file already contained changes which are not part of the > patch. > > Was it just the previous patch you sent? > Hi, sorry, I didn't see your response. I'll rebase my patch. > > Some additional comments inline. > > On 1/14/21 6:11 PM, Alexandre Derumier wrote: > > This define behaviour of ssh server keys generation on cloudinit > > config change. > > > > different value: > > > > - once : only once at vmstart  (default value) > > - no : never generate ssh key > > - yes: always generate ssh key > > > > When value is defined to 'once', the value is rewriten to 'no' > > in vmconfig after vm start > > This is exactly the use case of vendor data (run once at boot): > https://cloudinit.readthedocs.io/en/latest/topics/vendordata.html > > Maybe this could be done in addition to the instance-id change > suggested > below? > > > Maybe it would make sense to create an instance id once and only > change  > it if requested afterwards, instead of basing it on the user and > network  > configs? This would also remove the need for this option. > > Then we could simply regenerate the instance id on a clone, or if  > requested when restoring from a backup to a new VMID. What do you > think? > > > I'll probably extend the documentation with info on preparing a  > cloudimg, as sometimes they do not work out of the box and require  > cleaning of the cloud-init artifacts [0] as well as changing the  > pre-configured cloud.cfg file. > > > [0] https://cloudinit.readthedocs.io/en/latest/topics/cli.html#clean The main problem currently is indeed that we change instance-id at each rebuild of the cloud-init disk. But I'm not sure that's it's possible to change ip address when keeping same instance-id, because ip configuration is done at the cloudinit-init-local service, at it's already done once.  Maybe this was the historic reason why we change the the instance-id each time, I don't remember exactly. I'll check that tomorrow to be sure, but indeed, keeping the instance- id should be the clean way. > > > > Signed-off-by: Alexandre Derumier > > --- > >   PVE/QemuServer.pm           |  9 ++++++++- > >   PVE/QemuServer/Cloudinit.pm | 11 +++++++++-- > >   2 files changed, 17 insertions(+), 3 deletions(-) > > > > diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm > > index 54278e5..cd6c26c 100644 > > --- a/PVE/QemuServer.pm > > +++ b/PVE/QemuServer.pm > > @@ -760,6 +760,13 @@ my $confdesc_cloudinit = { > >         format => 'urlencoded', > >         description => "cloud-init: Setup public SSH keys (one key > > per line, OpenSSH format).", > >       }, > > +    sshdeletehostkeys => { > > +       optional => 1, > > +       type => 'string', > > +       enum => [qw(once yes no)], > > +       default_key => 1, > > +       description => "cloud-init: Regenerate host SSH keys on > > config change.", > > +    }, > >   }; > > Consensus was that we do not want additional cloud-init options in > the > global options namespace. So instead it would be better to add it to > cicustom instead and open that up for other custom options (as was > initially intended). > > Regarding the enum => [qw(once yes no)] line, we probably want to > accept > everything type 'Boolean' accepts, not just 'yes' and 'no'. Ok no problem, I'll change that Thanks for the review !