Consistent SSH host key setup when cloud-init / armbian-firstrun are both executed

[David A]

Hi,

 

Context

 

systemd's cloud-init.target and armbian-firstrun.service will be started concurrently (both are wanted by multi-user.target). Both will try to create SSH host keys by default:

 - armbian-firstrun will always delete SSH host keys and then generate new ones

 - cloud-init.target (by default) will always delete SSH host keys and then generate new ones.

 

Problem

 

When one must run armbian-firstrun and cloud-init, there is no deterministic ordering between the 2 files execution and therefore no one can guarantee which will be last to setup host keys. In my current scenario, host keys are explicitly setup in cloud-init and I would expect armbian-firstrun to not delete keys + no ssh host key generation.

 

Proposed Solution

 

armbian-firstrun support user defined config to control SSH host keys deletion + generation:

- on: ssh host key deleted + generated (compatibility: current armbian behaviour)

- off: no ssh key deleted + no ssh host key generated. Allow cloud-init to take over this behaviour deterministically.

 

Question

 

I am seeking guidance on where the user config setting should be added. Then I can write the if/else condition in the armbian-firstrun script.

Edited September 9 by David A

[Igor]

Interesting.

 

Perhaps extending this service?

https://github.com/armbian/build/blob/main/packages/bsp/common/lib/systemd/system/armbian-firstrun.service

At build time, this is cp to the image and enabled:
https://github.com/armbian/build/blob/main/lib/functions/rootfs/distro-agnostic.sh#L400-L401

Script:

https://github.com/armbian/build/blob/main/packages/bsp/common/usr/lib/armbian/armbian-firstrun

All those files you can edit, compile image and try. I hope this helps in some way.

[David A]

@Igor It did. Thank you. The final PR will be here: https://github.com/armbian/build/pull/7216