[pve-devel] cloudinit: generate server ssh keys on proxmox side ?
Alexandre DERUMIER
aderumier at odiso.com
Thu Jun 25 13:38:44 CEST 2020
> Maybe could we generate them once at proxmox side ?
>>-1
>>
>>Copying private keys is bad ...
I'll look if I can make sshkey gen occur only once, or simply chattr files
it's possible to configure cloudinit modules, to launch only [once,instance,always].
by default, almost all modules run only 1 by instance, but as we recreate an instance each time,
they are reapplying again.
and the network configuration is not done in a module, so the only way is really a new instance each time.
in /etc/cloud/cloud.cfg
"
cloud_init_modules:
- ssh
"
->
"
cloud_init_modules:
- [ssh, once ]
"
Like this, it's creating a .sem file in
/var/lib/cloud/sem/
instead
/var/lib/cloud/instance/sem/
So, I think it'll not regenerate ssh config again again.
BTW, I'm able to apply configuration change live, without need reboot, with a simple udev rule
/etc/udev/rules.d/90-cloudinit.rules
------------------------------------
ACTION=="change", SUBSYSTEM=="block", KERNEL=="sr[0-9]*", ENV{ID_FS_LABEL}=="cidata", RUN+="/usr/local/bin/cloudinit-reload.sh"
and
/usr/local/bin/cloudinit-reload.sh
----------------------------------
rm /var/lib/cloud/instance
systemctl restart cloud-init
systemctl reload networking
I think I'll write some tuning docs, it could be very helpfull for users.
----- Mail original -----
De: "dietmar" <dietmar at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Jeudi 25 Juin 2020 11:00:10
Objet: Re: [pve-devel] cloudinit: generate server ssh keys on proxmox side ?
> Maybe could we generate them once at proxmox side ?
-1
Copying private keys is bad ...
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list