Merge "Add an element to restore ssh keys from /mnt/state"

This commit is contained in:
Jenkins 2015-01-21 18:09:57 +00:00 committed by Gerrit Code Review
commit dd7eb91b5c
2 changed files with 35 additions and 0 deletions

View File

@ -0,0 +1,16 @@
Because of poor interactions with cloud-init and nova rebuilds, we
have a timing problem when trying to store SSH host keys on the state
drive. Basically cloud-init checks for them before it mounts the state
drive.
So we're going to back them up to the state drive when we intend to do
a rebuild, and then restore them if they are present. Note that there
is not currently a standard place to do such a backup in TripleO. The
operator would need to do this before any rebuilds are issued, or expect
that machines will get new SSH host keys after rebuild.
This element will restore host keys from /mnt/state/\_ssh\_host\_keys, if
they are found.
To allow external services to determine when the ssh host key has been
restored we are appending a string to the sshd version information when a host
key is restored.

View File

@ -0,0 +1,19 @@
#!/bin/bash
set -eux
set -o pipefail
CLOUD_DIR="/var/lib/cloud"
KEYS_DIR="/mnt/state/_ssh_host_keys"
if [ -d "$KEYS_DIR" ]; then
# Block this element from proceeding forward until cloud-init has written
# out new SSH keys in order to prevent the restored keys from being
# overwritten.
while [[ ! -f "$CLOUD_DIR/instances/$(cat $CLOUD_DIR/data/instance-id)/sem/config_ssh" ]]; do
echo "Waiting until cloud-init has completed SSH configuration."
sleep 1
done
mv -f ${KEYS_DIR}/ssh_host_*" /etc/ssh/ && rm -rf "$KEYS_DIR"
grep -q -F 'VersionAddendum TRIPLEO_HK_RESTORED' /etc/ssh/sshd_config || echo 'VersionAddendum TRIPLEO_HK_RESTORED' >> /etc/ssh/sshd_config
os-svc-restart -n ssh
fi