diff options
| author | Ryan Harper <ryan.harper@canonical.com> | 2021-10-12 09:31:36 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-12 09:31:36 -0500 |
| commit | b3e31ba228d32c318872fb68edda272f679e1004 (patch) | |
| tree | a942dc0ee783dfafa9884b5cf566434c48efacfd | |
| parent | 76166caff42b82aa55c6bcd9528f2c1e3575232a (diff) | |
| download | cloud-init-git-b3e31ba228d32c318872fb68edda272f679e1004.tar.gz | |
Inhibit sshd-keygen@.service if cloud-init is active (#1028)
In some cloud-init enabled images the sshd-keygen@.service
may race with cloud-init and prevent ssh host keys from being
generated or generating host keys twice slowing boot and consuming
additional entropy during boot. This drop-in unit adds a condition to
the sshd-keygen@.service which prevents running if cloud-init is active.
| -rw-r--r-- | packages/redhat/cloud-init.spec.in | 1 | ||||
| -rw-r--r-- | packages/suse/cloud-init.spec.in | 1 | ||||
| -rwxr-xr-x | setup.py | 5 | ||||
| -rw-r--r-- | systemd/disable-sshd-keygen-if-cloud-init-active.conf | 8 |
4 files changed, 14 insertions, 1 deletions
diff --git a/packages/redhat/cloud-init.spec.in b/packages/redhat/cloud-init.spec.in index b930709b..22db4b50 100644 --- a/packages/redhat/cloud-init.spec.in +++ b/packages/redhat/cloud-init.spec.in @@ -182,6 +182,7 @@ fi %if "%{init_system}" == "systemd" /usr/lib/systemd/system-generators/cloud-init-generator +%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf %{_unitdir}/cloud-* %else %attr(0755, root, root) %{_initddir}/cloud-config diff --git a/packages/suse/cloud-init.spec.in b/packages/suse/cloud-init.spec.in index 004b875f..da8107b4 100644 --- a/packages/suse/cloud-init.spec.in +++ b/packages/suse/cloud-init.spec.in @@ -126,6 +126,7 @@ version_pys=$(cd "%{buildroot}" && find . -name version.py -type f) %{_sysconfdir}/dhcp/dhclient-exit-hooks.d/hook-dhclient %{_sysconfdir}/NetworkManager/dispatcher.d/hook-network-manager +%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf # Python code is here... %{python_sitelib}/* @@ -40,6 +40,7 @@ def is_generator(p): def pkg_config_read(library, var): fallbacks = { 'systemd': { + 'systemdsystemconfdir': '/etc/systemd/system', 'systemdsystemunitdir': '/lib/systemd/system', 'systemdsystemgeneratordir': '/lib/systemd/system-generators', } @@ -270,7 +271,9 @@ if not platform.system().endswith('BSD'): (ETC + '/NetworkManager/dispatcher.d/', ['tools/hook-network-manager']), (ETC + '/dhcp/dhclient-exit-hooks.d/', ['tools/hook-dhclient']), - (LIB + '/udev/rules.d', [f for f in glob('udev/*.rules')]) + (LIB + '/udev/rules.d', [f for f in glob('udev/*.rules')]), + (ETC + '/systemd/system/sshd-keygen@.service.d/', + ['systemd/disable-sshd-keygen-if-cloud-init-active.conf']), ]) # Use a subclass for install that handles # adding on the right init system configuration files diff --git a/systemd/disable-sshd-keygen-if-cloud-init-active.conf b/systemd/disable-sshd-keygen-if-cloud-init-active.conf new file mode 100644 index 00000000..71e35876 --- /dev/null +++ b/systemd/disable-sshd-keygen-if-cloud-init-active.conf @@ -0,0 +1,8 @@ +# In some cloud-init enabled images the sshd-keygen template service may race +# with cloud-init during boot causing issues with host key generation. This +# drop-in config adds a condition to sshd-keygen@.service if it exists and +# prevents the sshd-keygen units from running *if* cloud-init is going to run. +# +[Unit] +ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target +EOF |