cloud-init team mailing list archive

[Michael Felt <michael@xxxxxxxxxxxxx>]

I am working through cloud-init and shall pose questions as I go. I am 
hoping for enlightenment from any/all of you.

Had a discussion about the /etc/cloud/cloud.cfg contents - just these 
two lines for now:

Currently they are:

# Delete existing SSH host keys
ssh_deletekeys: true

# Regen rsa and dsa host keys
ssh_genkeytypes: ['rsa', 'dsa']

IMHO - they should be: (because "straight dsa" is considered too "weak")

# Delete existing SSH host keys
ssh_deletekeys: true

# Regen rsa and dsa host keys
ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']

I have been told that ssh_deletekeys: true
ONLY deletes the keys that are included in the "genkeytypes" list. 
certainly not what I expected from a "instance initialization machine". 
I was expecting it to delete all keys, regardless - in other words, by 
default: true means delete all from the default location.

What I see as a useability feature is an option to say something like: 
(I do not know json yet, so PLEASE, pick away - fix it!)

ssh_deletekeys: true: { true, [path1, path2]} or

ssh_deletekeys: true: {["key1", "key2"], ["path1", ..., "pathN"]}

Again, the default, imho, should be, if true, to delete all keys from 
(all) default path(s)

The ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] would be very similiar 
- except we have no need for an additional 'true' - calling it implies 
'true'. However, to make a path "override" easy to see and do have the 
call ALSO support:

ssh_genkeytypes: { ['rsa', 'ecdsa', 'ed25519'], ["path1", ..., "pathN"]}


So, in summary

a) is current behavior to only delete the keys selected for generation - 
other keys, if any, are not deleted.

b) change default behavior for delete to ALL in (ALL) default location(s)

c) add a way to specify both specific keys and/or (additional) paths to 
both "calls"

Michael