cloud-init-dev team mailing list archive

Thread
Date

Re: [Merge] ~smoser/cloud-init:fix/1781094-ssh-deletekeys into cloud-init:master

To: Scott Moser <ssmoser2+ubuntu@xxxxxxxxx>
From: Ryan Harper <ryan.harper@xxxxxxxxxxxxx>
Date: Fri, 03 Aug 2018 20:48:21 -0000
In-reply-to: <153332786728.3153.18175184999599235509.codereview@wampee.canonical.com>
Reply-to: mp+349359@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

On Fri, Aug 3, 2018 at 3:24 PM Scott Moser <ssmoser2+ubuntu@xxxxxxxxx> wrote:
>
> I really don't know what you're expecting to hear.

The distro put in ssh-keygen service and presumably has a reason for
doing so.  They may have some expected properties of the types of keys
that it generates and cloud-init could generate different keys than
what the distro expected.

So, for images in which there are both cloud-init and ssh-keygen
service, I'd like the distro to make a configuration choice that
reflects the intention of the image builder.

> cloud-init is guaranteed to run Before ssh-keygen.
> Worst case,
>  a.) ssh-keygen creates keys that cloud-init didn't write (but since cloud-init deleted *all* keys on new-instance, this actually works pretty well).
>  b.) ssh-kegen does nothing and wastes some 'stat' of files that it would have executed.
>
> I guess we could drop-in a 'disable' of keygen-service on package install. that just seems like more work than necessary.

Can you imagine a scenario where having both cloud-init and ssh-keygen
manage keys is complementary (neither a or b look complementary
without further work to understand who created which keys and who is
control of when they get deleted)?  If not, then why shouldn't we just
conflict ?

>
> --
> https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/349359
> Your team cloud-init commiters is requested to review the proposed merge of ~smoser/cloud-init:fix/1781094-ssh-deletekeys into cloud-init:master.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~cloud-init-dev
> Post to     : cloud-init-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~cloud-init-dev
> More help   : https://help.launchpad.net/ListHelp

-- 
https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/349359
Your team cloud-init commiters is requested to review the proposed merge of ~smoser/cloud-init:fix/1781094-ssh-deletekeys into cloud-init:master.

References

Re: [Merge] ~smoser/cloud-init:fix/1781094-ssh-deletekeys into cloud-init:master
From: Scott Moser, 2018-08-03