Merge "Create runtime-ssh-host-keys element"

This commit is contained in:
Jenkins 2016-09-27 23:10:05 +00:00 committed by Gerrit Code Review
commit b0d72a3161
10 changed files with 87 additions and 4 deletions

View file

@ -0,0 +1,10 @@
=====================
runtime-ssh-host-keys
=====================
An element to generate SSH host keys on first boot.
Since ssh key generation is not yet common to all operating systems, we need to
create a DIB element to manage this. We force the removal of the SSH host keys,
then add init scripts to generate them on first boot.
This element currently supports Debian and Ubuntu (both systemd and upstart).

View file

@ -10,9 +10,6 @@ set -o pipefail
# in so that they are regenerated on first boot and # in so that they are regenerated on first boot and
# are unique. # are unique.
# TODO(greghaynes) This should be a thing we do for all images, not just
# simple-init.
if [ -d $TARGET_ROOT/etc/ssh ] ; then if [ -d $TARGET_ROOT/etc/ssh ] ; then
sudo find $TARGET_ROOT/etc/ssh -name 'ssh_host*' -type f -delete sudo find $TARGET_ROOT/etc/ssh -name 'ssh_host*' -type f -delete
fi fi

View file

@ -0,0 +1 @@
dib-init-system

View file

@ -0,0 +1,22 @@
[Unit]
Description=OpenSSH Server Key Generation
Before=ssh.service
ConditionPathExists=|!/etc/ssh/ssh_host_key
ConditionPathExists=|!/etc/ssh/ssh_host_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
[Service]
ExecStart=/usr/bin/ssh-keygen -A
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,8 @@
description "OpenSSH Server Key Generation"
start on starting ssh
console output
task
exec /usr/bin/ssh-keygen -A

View file

@ -0,0 +1 @@
openssh-client:

View file

@ -0,0 +1,7 @@
{
"family": {
"redhat": {
"openssh-client": "openssh"
}
}
}

View file

@ -0,0 +1,31 @@
#!/bin/bash
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
case "$DIB_INIT_SYSTEM" in
upstart)
# nothing to do
exit 0
;;
systemd)
if [[ $DISTRO_NAME = "ubuntu" || $DISTRO_NAME = "debian" ]]; then
# NOTE(pabelanger): Only support ubuntu / debian today.
systemctl enable ssh-keygen.service
else
# Since we are not enabling it, delete it.
rm /usr/lib/systemd/system/ssh-keygen.service
fi
;;
openrc)
# let dib-init-system's postinstall handle enabling init scripts
exit 0
;;
*)
echo "Unsupported init system"
exit 1
;;
esac

View file

@ -1,5 +1,5 @@
cloud-init-datasources cloud-init-datasources
dib-init-system
install-types install-types
pip-and-virtualenv pip-and-virtualenv
runtime-ssh-host-keys
source-repositories source-repositories

View file

@ -0,0 +1,6 @@
---
features:
- New element (runtime-ssh-host-keys) to manage SSH host keys at boot. Since
SSH host key generation is not standard across operating systems, add
support for both Debian and Ubuntu to handle it. While this is a new
element, simple-init has been updated to depend on it.