* Mon Oct 18 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-10
- ci-Inhibit-sshd-keygen-.service-if-cloud-init-is-active.patch [bz#2002492] - ci-add-the-drop-in-also-in-the-files-section-of-cloud-i.patch [bz#2002492] - Resolves: bz#2002492 (util.py[WARNING]: Failed generating key type rsa to file /etc/ssh/ssh_host_rsa_key)
This commit is contained in:
Miroslav Rezanina
parent
16ef4c53ca
commit
7202aee4b8
|
|
@ -0,0 +1,104 @@
|
|||
From e6412be62079bbec5d67d178711ea42f21cafab8 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Tue, 12 Oct 2021 16:35:00 +0200
|
||||
Subject: [PATCH 1/2] Inhibit sshd-keygen@.service if cloud-init is active
|
||||
(#1028)
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 11: Add drop-in to prevent race with sshd-keygen service
|
||||
RH-Commit: [1/2] 77ba3f167e71c43847aa5b38e1833d84568ed5a7 (eesposit/cloud-init-centos-)
|
||||
RH-Bugzilla: 2002492
|
||||
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
TESTED: by me and QA
|
||||
BREW: 40286693
|
||||
|
||||
commit 02c71f097bca455a0f87d3e0a2af4d04b1cbd727
|
||||
Author: Ryan Harper <ryan.harper@canonical.com>
|
||||
Date: Tue Oct 12 09:31:36 2021 -0500
|
||||
|
||||
Inhibit sshd-keygen@.service if cloud-init is active (#1028)
|
||||
|
||||
In some cloud-init enabled images the sshd-keygen@.service
|
||||
may race with cloud-init and prevent ssh host keys from being
|
||||
generated or generating host keys twice slowing boot and consuming
|
||||
additional entropy during boot. This drop-in unit adds a condition to
|
||||
the sshd-keygen@.service which prevents running if cloud-init is active.
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
|
||||
Conflicts: minor conflict in setup.py (line 253), where we still use
|
||||
"/usr/lib/" instead of LIB
|
||||
---
|
||||
packages/redhat/cloud-init.spec.in | 1 +
|
||||
packages/suse/cloud-init.spec.in | 1 +
|
||||
setup.py | 5 ++++-
|
||||
systemd/disable-sshd-keygen-if-cloud-init-active.conf | 8 ++++++++
|
||||
4 files changed, 14 insertions(+), 1 deletion(-)
|
||||
create mode 100644 systemd/disable-sshd-keygen-if-cloud-init-active.conf
|
||||
|
||||
diff --git a/packages/redhat/cloud-init.spec.in b/packages/redhat/cloud-init.spec.in
|
||||
index 16138012..1491822b 100644
|
||||
--- a/packages/redhat/cloud-init.spec.in
|
||||
+++ b/packages/redhat/cloud-init.spec.in
|
||||
@@ -175,6 +175,7 @@ fi
|
||||
|
||||
%if "%{init_system}" == "systemd"
|
||||
/usr/lib/systemd/system-generators/cloud-init-generator
|
||||
+%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
|
||||
%{_unitdir}/cloud-*
|
||||
%else
|
||||
%attr(0755, root, root) %{_initddir}/cloud-config
|
||||
diff --git a/packages/suse/cloud-init.spec.in b/packages/suse/cloud-init.spec.in
|
||||
index 004b875f..da8107b4 100644
|
||||
--- a/packages/suse/cloud-init.spec.in
|
||||
+++ b/packages/suse/cloud-init.spec.in
|
||||
@@ -126,6 +126,7 @@ version_pys=$(cd "%{buildroot}" && find . -name version.py -type f)
|
||||
|
||||
%{_sysconfdir}/dhcp/dhclient-exit-hooks.d/hook-dhclient
|
||||
%{_sysconfdir}/NetworkManager/dispatcher.d/hook-network-manager
|
||||
+%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
|
||||
|
||||
# Python code is here...
|
||||
%{python_sitelib}/*
|
||||
diff --git a/setup.py b/setup.py
|
||||
index d5cd01a4..ec03fa27 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -38,6 +38,7 @@ def is_generator(p):
|
||||
def pkg_config_read(library, var):
|
||||
fallbacks = {
|
||||
'systemd': {
|
||||
+ 'systemdsystemconfdir': '/etc/systemd/system',
|
||||
'systemdsystemunitdir': '/lib/systemd/system',
|
||||
'systemdsystemgeneratordir': '/lib/systemd/system-generators',
|
||||
}
|
||||
@@ -249,7 +250,9 @@ if not platform.system().endswith('BSD'):
|
||||
data_files.extend([
|
||||
(ETC + '/NetworkManager/dispatcher.d/',
|
||||
['tools/hook-network-manager']),
|
||||
- ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')])
|
||||
+ ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')]),
|
||||
+ (ETC + '/systemd/system/sshd-keygen@.service.d/',
|
||||
+ ['systemd/disable-sshd-keygen-if-cloud-init-active.conf']),
|
||||
])
|
||||
# Use a subclass for install that handles
|
||||
# adding on the right init system configuration files
|
||||
diff --git a/systemd/disable-sshd-keygen-if-cloud-init-active.conf b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
|
||||
new file mode 100644
|
||||
index 00000000..71e35876
|
||||
--- /dev/null
|
||||
+++ b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
|
||||
@@ -0,0 +1,8 @@
|
||||
+# In some cloud-init enabled images the sshd-keygen template service may race
|
||||
+# with cloud-init during boot causing issues with host key generation. This
|
||||
+# drop-in config adds a condition to sshd-keygen@.service if it exists and
|
||||
+# prevents the sshd-keygen units from running *if* cloud-init is going to run.
|
||||
+#
|
||||
+[Unit]
|
||||
+ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target
|
||||
+EOF
|
||||
--
|
||||
2.27.0
|
||||
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
Name: cloud-init
|
||||
Version: 21.1
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
Summary: Cloud instance init scripts
|
||||
License: ASL 2.0 or GPLv3
|
||||
URL: http://launchpad.net/cloud-init
|
||||
|
|
@ -24,6 +24,8 @@ Patch8: ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch
|
|||
Patch9: ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch
|
||||
# For bz#2002302 - cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9]
|
||||
Patch10: ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch
|
||||
# For bz#2002492 - util.py[WARNING]: Failed generating key type rsa to file /etc/ssh/ssh_host_rsa_key
|
||||
Patch11: ci-Inhibit-sshd-keygen-.service-if-cloud-init-is-active.patch
|
||||
|
||||
# Source-git patches
|
||||
|
||||
|
|
@ -215,12 +217,18 @@ fi
|
|||
%{_bindir}/cloud-id
|
||||
%{_libexecdir}/%{name}/ds-identify
|
||||
%{_systemdgeneratordir}/cloud-init-generator
|
||||
|
||||
%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
|
||||
|
||||
%dir %{_sysconfdir}/rsyslog.d
|
||||
%config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
|
||||
|
||||
%changelog
|
||||
* Mon Oct 18 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-10
|
||||
- ci-Inhibit-sshd-keygen-.service-if-cloud-init-is-active.patch [bz#2002492]
|
||||
- ci-add-the-drop-in-also-in-the-files-section-of-cloud-i.patch [bz#2002492]
|
||||
- Resolves: bz#2002492
|
||||
(util.py[WARNING]: Failed generating key type rsa to file /etc/ssh/ssh_host_rsa_key)
|
||||
|
||||
* Fri Sep 10 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-9
|
||||
- ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch [bz#2002302]
|
||||
- Resolves: bz#2002302
|
||||
|
|
|
|||
Loading…
Reference in New Issue