Code review comment for ~smoser/cloud-init:fix/1781094-ssh-deletekeys

On Fri, Aug 3, 2018 at 3:24 PM Scott Moser <email address hidden> wrote:
>
> I really don't know what you're expecting to hear.

The distro put in ssh-keygen service and presumably has a reason for
doing so. They may have some expected properties of the types of keys
that it generates and cloud-init could generate different keys than
what the distro expected.

So, for images in which there are both cloud-init and ssh-keygen
service, I'd like the distro to make a configuration choice that
reflects the intention of the image builder.

> cloud-init is guaranteed to run Before ssh-keygen.
> Worst case,
> a.) ssh-keygen creates keys that cloud-init didn't write (but since cloud-init deleted *all* keys on new-instance, this actually works pretty well).
> b.) ssh-kegen does nothing and wastes some 'stat' of files that it would have executed.
>
> I guess we could drop-in a 'disable' of keygen-service on package install. that just seems like more work than necessary.

Can you imagine a scenario where having both cloud-init and ssh-keygen
manage keys is complementary (neither a or b look complementary
without further work to understand who created which keys and who is
control of when they get deleted)? If not, then why shouldn't we just
conflict ?

>
> --
> https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/349359
> Your team cloud-init commiters is requested to review the proposed merge of ~smoser/cloud-init:fix/1781094-ssh-deletekeys into cloud-init:master.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~cloud-init-dev
> Post to : <email address hidden>
> Unsubscribe : https://launchpad.net/~cloud-init-dev
> More help : https://help.launchpad.net/ListHelp