diff options
| author | Scott Moser <smoser@ubuntu.com> | 2015-09-11 16:58:28 -0400 |
|---|---|---|
| committer | Scott Moser <smoser@ubuntu.com> | 2015-09-11 16:58:28 -0400 |
| commit | b417d532daa93f7629a997d90b33986eef8b38cd (patch) | |
| tree | 29dd4a9ea171397c03fa8404d92177e4956c91cd | |
| parent | ba3e59cbb5ae58a2267fcbcd23eecaaa26f2c396 (diff) | |
| parent | 988174dca9e4e5593b357c6def82c857f718282d (diff) | |
| download | vyos-cloud-init-b417d532daa93f7629a997d90b33986eef8b38cd.tar.gz vyos-cloud-init-b417d532daa93f7629a997d90b33986eef8b38cd.zip | |
snappy: enable ssh on snappy if ssh keys are provided or password auth
If the user provides ssh keys or requests password auth in their
user-data then we will enable ssh by default.
LP: #1494816
| -rw-r--r-- | cloudinit/config/cc_snappy.py | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/cloudinit/config/cc_snappy.py b/cloudinit/config/cc_snappy.py index 7aaec94a..124452c0 100644 --- a/cloudinit/config/cc_snappy.py +++ b/cloudinit/config/cc_snappy.py @@ -6,7 +6,7 @@ Example config: #cloud-config snappy: system_snappy: auto - ssh_enabled: False + ssh_enabled: auto packages: [etcd, pkg2.smoser] config: pkgname: @@ -16,7 +16,12 @@ Example config: packages_dir: '/writable/user-data/cloud-init/snaps' - ssh_enabled: - This defaults to 'False'. Set to a non-false value to enable ssh service + This controls the system's ssh service. The default value is 'auto'. + True: enable ssh service + False: disable ssh service + auto: enable ssh service if either ssh keys have been provided + or user has requested password authentication (ssh_pwauth). + - snap installation and config The above would install 'etcd', and then install 'pkg2.smoser' with a '<config-file>' argument where 'config-file' has 'config-blob' inside it. @@ -274,7 +279,26 @@ def handle(name, cfg, cloud, log, args): LOG.warn("'%s' failed for '%s': %s", pkg_op['op'], pkg_op['name'], e) - disable_enable_ssh(mycfg.get('ssh_enabled', False)) + # Default to disabling SSH + ssh_enabled = mycfg.get('ssh_enabled', "auto") + + # If the user has not explicitly enabled or disabled SSH, then enable it + # when password SSH authentication is requested or there are SSH keys + if ssh_enabled == "auto": + user_ssh_keys = cloud.get_public_ssh_keys() or None + password_auth_enabled = cfg.get('ssh_pwauth', False) + if user_ssh_keys: + LOG.debug("Enabling SSH, ssh keys found in datasource") + ssh_enabled = True + elif cfg.get('ssh_authorized_keys'): + LOG.debug("Enabling SSH, ssh keys found in config") + elif password_auth_enabled: + LOG.debug("Enabling SSH, password authentication requested") + ssh_enabled = True + elif ssh_enabled not in (True, False): + LOG.warn("Unknown value '%s' in ssh_enabled", ssh_enabled) + + disable_enable_ssh(ssh_enabled) if fails: raise Exception("failed to install/configure snaps") |