summaryrefslogtreecommitdiff
path: root/cloudinit
diff options
context:
space:
mode:
Diffstat (limited to 'cloudinit')
-rw-r--r--cloudinit/config/cc_snappy.py19
1 files changed, 14 insertions, 5 deletions
diff --git a/cloudinit/config/cc_snappy.py b/cloudinit/config/cc_snappy.py
index 899df10c..124452c0 100644
--- a/cloudinit/config/cc_snappy.py
+++ b/cloudinit/config/cc_snappy.py
@@ -6,7 +6,7 @@ Example config:
#cloud-config
snappy:
system_snappy: auto
- ssh_enabled: False
+ ssh_enabled: auto
packages: [etcd, pkg2.smoser]
config:
pkgname:
@@ -16,7 +16,12 @@ Example config:
packages_dir: '/writable/user-data/cloud-init/snaps'
- ssh_enabled:
- This defaults to 'False'. Set to a non-false value to enable ssh service
+ This controls the system's ssh service. The default value is 'auto'.
+ True: enable ssh service
+ False: disable ssh service
+ auto: enable ssh service if either ssh keys have been provided
+ or user has requested password authentication (ssh_pwauth).
+
- snap installation and config
The above would install 'etcd', and then install 'pkg2.smoser' with a
'<config-file>' argument where 'config-file' has 'config-blob' inside it.
@@ -275,19 +280,23 @@ def handle(name, cfg, cloud, log, args):
pkg_op['op'], pkg_op['name'], e)
# Default to disabling SSH
- ssh_enabled = mycfg.get('ssh_enabled', False)
+ ssh_enabled = mycfg.get('ssh_enabled', "auto")
# If the user has not explicitly enabled or disabled SSH, then enable it
# when password SSH authentication is requested or there are SSH keys
- if mycfg.get('ssh_enabled', None) is not False:
+ if ssh_enabled == "auto":
user_ssh_keys = cloud.get_public_ssh_keys() or None
password_auth_enabled = cfg.get('ssh_pwauth', False)
if user_ssh_keys:
- LOG.debug("Enabling SSH, user SSH keys provided")
+ LOG.debug("Enabling SSH, ssh keys found in datasource")
ssh_enabled = True
+ elif cfg.get('ssh_authorized_keys'):
+ LOG.debug("Enabling SSH, ssh keys found in config")
elif password_auth_enabled:
LOG.debug("Enabling SSH, password authentication requested")
ssh_enabled = True
+ elif ssh_enabled not in (True, False):
+ LOG.warn("Unknown value '%s' in ssh_enabled", ssh_enabled)
disable_enable_ssh(ssh_enabled)