[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] IRC question about virt-builder ubuntu-* images



On Tue, Jul 12, 2016 at 07:23:36PM +0100, Richard W.M. Jones wrote:
> On Tue, Jul 12, 2016 at 07:40:51PM +0200, Guido Günther wrote:
> > On Sat, Jul 09, 2016 at 08:20:27AM +0100, Richard W.M. Jones wrote:
> > > 
> > > 22:06 < adam12> rwmjones: If you're still around, just curious - any reason why the ubuntu14 image doesn't come with `dpkg-reconfigure openssh-server` 
> > >                 already configured for firstboot?
> > > 
> > > The reason is because I couldn't work out how to automate this in the
> > > preseed script.  If you want to have a go, then see:
> > > 
> > > https://github.com/libguestfs/libguestfs/blob/master/builder/website/ubuntu.sh
> > > https://github.com/libguestfs/libguestfs/blob/master/builder/website/ubuntu.preseed
> > 
> > s.th. like
> > 
> > d-i preseed/late_command string \
> >    in-target dpkg-reconfigure openssh-server;
> > 
> > If you need special vealues before hand there's debconf-set-selection
> 
> Thanks Guido (.. and long time, no see :-) I guess you noticed we are
> using your example for preseeding Debian images which was very helpful.
> 
> The above preseed command works to run 'dpkg-reconfigure openssh-server'.
> I tested this by adding it to the debian.preseed file, recreating the
> debian-8 image and testing it again.
> 
> Unfortunately that command creates SSH host keys in the template,
> which is not a good thing since virt-builder will duplicate the
> template multiple times and each copy will share the same key.
> 
> But luckily we also run virt-sysprep on the template after creating it
> which deletes those host keys:
> http://libguestfs.org/virt-sysprep.1.html#ssh-hostkeys
> That resolves the above problem.
> 
> But unluckily the Debian openssh package doesn't automatically
> recreate host keys when it starts up, as Fedora does, see the several
> sshd*.{service,target} files here:
> http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/
> 
> I think this is a bug or missing functionality in the Debian openssh
> package.

Yeah, I think so as well:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594175

We thought about adding a separate systemd unit that creates the host
keys if missing. It would be a pitty since we'd have to keep the logic
in sync with the openssh-server package.

Cheers,
 -- Guido


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]