Inhibit sshd-keygen@.service if cloud-init is active (#1028)

In some cloud-init enabled images the sshd-keygen@.service may race with cloud-init and prevent ssh host keys from being generated or generating host keys twice slowing boot and consuming additional entropy during boot. This drop-in unit adds a condition to the sshd-keygen@.service which prevents running if cloud-init is active.
author: Ryan Harper <ryan.harper@canonical.com> 2021-10-12 09:31:36 -0500
committer: GitHub <noreply@github.com> 2021-10-12 09:31:36 -0500
commit: b3e31ba228d32c318872fb68edda272f679e1004 (patch)
tree: a942dc0ee783dfafa9884b5cf566434c48efacfd /systemd
parent: 76166caff42b82aa55c6bcd9528f2c1e3575232a (diff)
download: vyos-cloud-init-b3e31ba228d32c318872fb68edda272f679e1004.tar.gz
vyos-cloud-init-b3e31ba228d32c318872fb68edda272f679e1004.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/systemd/disable-sshd-keygen-if-cloud-init-active.conf b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
new file mode 100644
index 00000000..71e35876
--- /dev/null
+++ b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
@@ -0,0 +1,8 @@
+# In some cloud-init enabled images the sshd-keygen template service may race
+# with cloud-init during boot causing issues with host key generation.  This
+# drop-in config adds a condition to sshd-keygen@.service if it exists and
+# prevents the sshd-keygen units from running *if* cloud-init is going to run.
+#
+[Unit]
+ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target
+EOF
author	Ryan Harper <ryan.harper@canonical.com>	2021-10-12 09:31:36 -0500
committer	GitHub <noreply@github.com>	2021-10-12 09:31:36 -0500
commit	b3e31ba228d32c318872fb68edda272f679e1004 (patch)
tree	a942dc0ee783dfafa9884b5cf566434c48efacfd /systemd
parent	76166caff42b82aa55c6bcd9528f2c1e3575232a (diff)
download	vyos-cloud-init-b3e31ba228d32c318872fb68edda272f679e1004.tar.gz vyos-cloud-init-b3e31ba228d32c318872fb68edda272f679e1004.zip