[pve-devel] cloudinit: generate server ssh keys on proxmox side ?

Alexandre DERUMIER aderumier at odiso.com
Thu Jun 25 13:38:44 CEST 2020


> Maybe could we generate them once at proxmox side ? 

>>-1 
>>
>>Copying private keys is bad ... 

I'll look if I can make sshkey gen occur only once, or simply chattr files 

it's possible to configure cloudinit modules, to launch only [once,instance,always].
by default, almost all modules run only 1 by instance, but as we recreate an instance each time,
they are reapplying again.

and the network configuration is not done in a module, so the only way is really a new instance each time.

in /etc/cloud/cloud.cfg
"
cloud_init_modules:
  - ssh
"

->

"
cloud_init_modules:
  - [ssh, once ]
"

Like this, it's creating a .sem file in 
/var/lib/cloud/sem/

instead
/var/lib/cloud/instance/sem/


So, I think it'll not regenerate ssh config again again.





BTW, I'm able to apply configuration change live, without need reboot, with a simple udev rule

/etc/udev/rules.d/90-cloudinit.rules
------------------------------------
ACTION=="change", SUBSYSTEM=="block", KERNEL=="sr[0-9]*", ENV{ID_FS_LABEL}=="cidata", RUN+="/usr/local/bin/cloudinit-reload.sh"

and 
/usr/local/bin/cloudinit-reload.sh
----------------------------------
rm /var/lib/cloud/instance
systemctl restart cloud-init
systemctl reload networking




I think I'll write some tuning docs, it could be very helpfull for users.


----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Jeudi 25 Juin 2020 11:00:10
Objet: Re: [pve-devel] cloudinit: generate server ssh keys on proxmox side ?

> Maybe could we generate them once at proxmox side ? 

-1 

Copying private keys is bad ... 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 




More information about the pve-devel mailing list