Merge "Add an element to restore ssh keys from /mnt/state"
This commit is contained in:
commit
dd7eb91b5c
|
@ -0,0 +1,16 @@
|
|||
Because of poor interactions with cloud-init and nova rebuilds, we
|
||||
have a timing problem when trying to store SSH host keys on the state
|
||||
drive. Basically cloud-init checks for them before it mounts the state
|
||||
drive.
|
||||
|
||||
So we're going to back them up to the state drive when we intend to do
|
||||
a rebuild, and then restore them if they are present. Note that there
|
||||
is not currently a standard place to do such a backup in TripleO. The
|
||||
operator would need to do this before any rebuilds are issued, or expect
|
||||
that machines will get new SSH host keys after rebuild.
|
||||
This element will restore host keys from /mnt/state/\_ssh\_host\_keys, if
|
||||
they are found.
|
||||
|
||||
To allow external services to determine when the ssh host key has been
|
||||
restored we are appending a string to the sshd version information when a host
|
||||
key is restored.
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
CLOUD_DIR="/var/lib/cloud"
|
||||
KEYS_DIR="/mnt/state/_ssh_host_keys"
|
||||
if [ -d "$KEYS_DIR" ]; then
|
||||
# Block this element from proceeding forward until cloud-init has written
|
||||
# out new SSH keys in order to prevent the restored keys from being
|
||||
# overwritten.
|
||||
while [[ ! -f "$CLOUD_DIR/instances/$(cat $CLOUD_DIR/data/instance-id)/sem/config_ssh" ]]; do
|
||||
echo "Waiting until cloud-init has completed SSH configuration."
|
||||
sleep 1
|
||||
done
|
||||
mv -f ${KEYS_DIR}/ssh_host_*" /etc/ssh/ && rm -rf "$KEYS_DIR"
|
||||
grep -q -F 'VersionAddendum TRIPLEO_HK_RESTORED' /etc/ssh/sshd_config || echo 'VersionAddendum TRIPLEO_HK_RESTORED' >> /etc/ssh/sshd_config
|
||||
os-svc-restart -n ssh
|
||||
fi
|
Loading…
Reference in New Issue