> Maybe could we generate them once at proxmox side ?
>>-1
>>
>>Copying private keys is bad ...
I'll look if I can make sshkey gen occur only once, or simply chattr files
it's possible to configure cloudinit modules, to launch only
[once,instance,always].
by default, almost all modules run only 1 by instance, but as we recreate an
instance each time,
they are reapplying again.
and the network configuration is not done in a module, so the only way is
really a new instance each time.
in /etc/cloud/cloud.cfg
"
cloud_init_modules:
- ssh
"
->
"
cloud_init_modules:
- [ssh, once ]
"
Like this, it's creating a .sem file in
/var/lib/cloud/sem/
instead
/var/lib/cloud/instance/sem/
So, I think it'll not regenerate ssh config again again.
BTW, I'm able to apply configuration change live, without need reboot, with a
simple udev rule
/etc/udev/rules.d/90-cloudinit.rules
------------------------------------
ACTION=="change", SUBSYSTEM=="block", KERNEL=="sr[0-9]*",
ENV{ID_FS_LABEL}=="cidata", RUN+="/usr/local/bin/cloudinit-reload.sh"
and
/usr/local/bin/cloudinit-reload.sh
----------------------------------
rm /var/lib/cloud/instance
systemctl restart cloud-init
systemctl reload networking
I think I'll write some tuning docs, it could be very helpfull for users.
----- Mail original -----
De: "dietmar" <diet...@proxmox.com>
À: "pve-devel" <pve-devel@pve.proxmox.com>
Envoyé: Jeudi 25 Juin 2020 11:00:10
Objet: Re: [pve-devel] cloudinit: generate server ssh keys on proxmox side ?
> Maybe could we generate them once at proxmox side ?
-1
Copying private keys is bad ...
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
