make ssh host key deletion configurable

Garret's patch cloud-init-0.6.2-sshsvc.patch did 2 separate
things.  This hunk makes deletion of keys configurable, and
then makes generation of the keys only done if the key
does not exist.

TODO: document ssh_genkeytypes.

taken from
git://pkgs.fedoraproject.org/cloud-init.git
commit 87f33190f43d2b26cced4597e7298835024466c2
Author: Garrett Holmstrom <gholms@fedoraproject.org>
Patch11: cloud-init-0.6.2-sshsvc.patch

1 files changed, 8 insertions, 5 deletions

diff --git a/cloudinit/CloudConfig/cc_ssh.py b/cloudinit/CloudConfig/cc_ssh.py
index 296b18f2..9f5dc567 100644
--- a/cloudinit/CloudConfig/cc_ssh.py
+++ b/cloudinit/CloudConfig/cc_ssh.py
@@ -31,9 +31,10 @@ def handle(name,cfg,cloud,log,args):
     global_log = log
 
     # remove the static keys from the pristine image
-    for f in glob.glob("/etc/ssh/ssh_host_*key*"):
-        try: os.unlink(f)
-        except: pass
+    if cfg.get("ssh_deletekeys", True):
+        for f in glob.glob("/etc/ssh/ssh_host_*key*"):
+            try: os.unlink(f)
+            except: pass
 
     if cfg.has_key("ssh_keys"):
         # if there are keys in cloud-config, use them
@@ -63,8 +64,10 @@ def handle(name,cfg,cloud,log,args):
         # if not, generate them
         for keytype in util.get_cfg_option_list_or_str(cfg, 'ssh_genkeytypes',
                                                        ['rsa', 'dsa', 'ecdsa']):
-            subprocess.call(['ssh-keygen', '-t', keytype, '-N', '',
-                             '-f', '/etc/ssh/ssh_host_%s_key' % keytype])
+            keyfile = '/etc/ssh/ssh_host_%s_key' % keytype
+            if not os.path.exists(keyfile):
+                subprocess.call(['ssh-keygen', '-t', keytype, '-N', '',
+                                 '-f', keyfile])
 
     util.restorecon_if_possible('/etc/ssh', recursive=True)