Ensure cloud-init is configured to generated host keys

It may happen a base image has an edited version of cloud-init "cloud.cfg" that prevents the host keys to be generated. While it didn't represent an issue with older releases of cloud-init, starting cloud-init-22 this isn't true anymore. Before that release, an sshd-keygen@.service was present and called by sshd-keygen.target (which was called by sshd.service), and we ended up with ssh host keys in any cases - either generated from cloud-init, or generated by sshd-keygen.service. But cloud-init-22 introduced an edition to the sshd-keygen.service, making it check for the presence of cloud-init service, and preventing this sshd-keygen to kick in this case. So we'd better ensure cloud-init is able to generate the keys, else we'll be in a bad state, since it's instructed to remove the ones present. Closes-Bug: #1971751 Change-Id: I37b2f3e9d57a86544ef14e74a4a927309c18bbf0
2022-05-06 09:13:01 +02:00 · 2022-05-06 09:13:01 +02:00 · 6645f47db4
parent d3ce32016a
commit 6645f47db4
1 changed files with 15 additions and 0 deletions
--- a/diskimage_builder/elements/cloud-init/post-install.d/22-cloud-init-ssh_genkeytypes
+++ b/diskimage_builder/elements/cloud-init/post-install.d/22-cloud-init-ssh_genkeytypes
@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+# Set cloud-init to generate ssh authkeys
+if [ -f "/etc/cloud/cloud.cfg" ]; then
+    echo "Ensure ssh_genkeytypes is not present"
+    sudo sed -i '/ssh_genkeytypes/d' /etc/cloud/cloud.cfg
+    echo "Ensure ssh_genkeytypes value"
+    echo "ssh_genkeytypes:  ['rsa', 'ecdsa', 'ed25519']" | sudo tee -a /etc/cloud/cloud.cfg
+fi