cloud-init team mailing list archive

[Scott Moser <smoser@xxxxxxxxxx>]

On Wed, 11 Jan 2017, Michael Felt wrote:

> > But that is much more verbose for someone wanting to modify config or
> > change it.
> >
> > > So, in summary
> > >
> > > a) is current behavior to only delete the keys selected for generation -
> > > other
> > > keys, if any, are not deleted.
> > No.
> :) Happy me!
> > > b) change default behavior for delete to ALL in (ALL) default location(s)
> > Sounds like the original intent for 'true'.
> >
> > > c) add a way to specify both specific keys and/or (additional) paths to
> > > both
> > > "calls"
> > I agree with generate for sure, i'm not convinced that a boolean for
> > delete doesnt suffice, with code that "does the right thing" (deleting
> > them from whatever directory they'd likely be in).
> >
> Footnote: As mentioned above - I port OSS to AIX. And one of the dangers of
> OSS is breaking a working situation aka I do not believe I have the 'right' to
> overwrite system files - this is the whole point of why "/usr/local"
> originated 40 years ago. I assume I am a "minority of one", but I have learned
> the hard way that changes to ssh/sshd can break things (many many clients are
> ancient - I only recently found my last "dsa" key I was still using.)
>
> ** I just re-read the LHS document - and being 'smarter now' I see some things
> I will need to think about making some changes to how I select certain
> directories. In LHS they distinguish between "shareable" aka "not host/machine
> bound", and "unshareable" aka "host/machine" bound. AIX has three categories:
> "root" is the LHS concept of "unshareable". For the "shared" category, AIX has
> two labels: "USR" (originally for /usr only, it now include /opt as well).
> These are meant to be "static" (in the LHS sense) and shareable with any other
> AIX system at the same OS level (not not shareable between AIX 6.1 TL8 and AIX
> 6.1 TL9) - and the third category is "share": these files follow the "Linux"
> shared in that they are meant to be shareable over any version of AIX or UNIX
> (or Linux). Man pages, terminal definitions (e.g. curses) are examples.
>
> To get to a close: Every distribution will have slight differences - and I
> would like to continue to think about a manageable way to specify what has a
> default, and how to modify a default.
>
> As far as "/etc/ssh" is concerned (as a path) - I have a vested interest in it
> being able to be something else. Feel free to ignore me in this specific case.
> However, I do hope you are at least thinking about other cases (that you know
> of) with different packages, device names, etc..

I think we're on the same page here.
I want whatever does the configuration of ssh to do the right thing.  It
may require looking at where its running to decide where ssh on the system
would put these files.

If that behavior doesn't work for some system, then its good to be able to
provide config that has the right paths.  Its just better if you dont have
to.

>
> Sigh :p@me
>
>