[pve-devel] [PATCH RFC 11/21] setup_rootsshconfig: generate $ssh_rsa_cert

[Dietmar Maurer]

Also added $force flag

Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
 data/PVE/CLI/pvecm.pm |  2 +-
 data/PVE/Cluster.pm   | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index db7cb63..2b4668d 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -826,7 +826,7 @@ __PACKAGE__->register_method ({
 	}
 
 	PVE::Cluster::setup_sshd_config(0, $param->{force});
-	PVE::Cluster::setup_rootsshconfig();
+	PVE::Cluster::setup_rootsshconfig($param->{force});
 	PVE::Cluster::gen_pve_vzdump_symlink();
 
 	if (!$quorate) {
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 1b1b0a7..5223eb1 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1245,6 +1245,9 @@ sub setup_sshd_config {
 }
 
 sub setup_rootsshconfig {
+    my ($force) = @_;
+
+    my $nodename = PVE::INotify::nodename();
 
     # create ssh key if it does not exist
     if (! -f $ssh_rsa_id) {
@@ -1254,6 +1257,13 @@ sub setup_rootsshconfig {
 				 '-f', $ssh_rsa_id_priv]);
     }
 
+    if ($force || ! -s $ssh_rsa_cert) {
+	my $pubkey = PVE::Tools::file_get_contents($ssh_rsa_id);
+	my $cert = gen_pve_ssh_cert($pubkey, $nodename,
+				    "PVE-ROOT-$nodename", 0);
+	PVE::Tools::file_set_contents($ssh_rsa_cert, $cert);
+    }
+
     # create ssh config if it does not exist
     if (! -f $rootsshconfig) {
         mkdir '/root/.ssh';
-- 
2.1.4