Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

systemd/system: run update-ssh-keys once after Ignition #66

Merged
merged 1 commit into from
Apr 4, 2022

Conversation

pothos
Copy link
Member

@pothos pothos commented Apr 1, 2022

The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.

Fixes flatcar/Flatcar#699

How to use

Test with distro.writeAuthorizedKeysFragment set to the defaul when compiling Ignition

Testing done

Tested the new unit on a VM that booted with keys from Ignition

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
    ↑ in coreos-overlay

pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Apr 1, 2022
This pulls in
flatcar/init#66
to fix the problem that Ignition keys would be lost as soon as
update-ssh-keys runs. This is done by placing Ignition's keys in as
files in the authorized_keys.d folder and calling update-ssh-keys after
Ignition ran.
@pothos pothos self-assigned this Apr 1, 2022
@pothos pothos force-pushed the kai/update-ssh-keys-after-ignition branch from aac449d to 901282d Compare April 4, 2022 12:48
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Apr 4, 2022
This pulls in
flatcar/init#66
to fix the problem that Ignition keys would be lost as soon as
update-ssh-keys runs. This is done by placing Ignition's keys in as
files in the authorized_keys.d folder and calling update-ssh-keys after
Ignition ran.
@pothos pothos requested a review from a team April 4, 2022 15:30
@pothos pothos marked this pull request as ready for review April 4, 2022 15:30
Copy link
Member

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose that no ordering is necessary for the update-ssh-keys-after-ignition.service unit file, because this stuff will be executed after switching the root, right?

systemd/system/update-ssh-keys-after-ignition.service Outdated Show resolved Hide resolved
@pothos pothos force-pushed the kai/update-ssh-keys-after-ignition branch from 901282d to 3464a3e Compare April 4, 2022 18:23
The new Ignition version dropped support for creating the
authorized_keys file alongside the authorized_keys.d entry and can only
write one of them.
Call update-ssh-keys once after Ignition ran, for each user that has
the authorized_keys.d folder.

Fixes flatcar/Flatcar#699
@pothos pothos force-pushed the kai/update-ssh-keys-after-ignition branch from 3464a3e to 1c54411 Compare April 4, 2022 18:30
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Apr 4, 2022
This pulls in
flatcar/init#66
to fix the problem that Ignition keys would be lost as soon as
update-ssh-keys runs. This is done by placing Ignition's keys in as
files in the authorized_keys.d folder and calling update-ssh-keys after
Ignition ran.
@pothos pothos merged commit d76453b into flatcar-master Apr 4, 2022
@pothos pothos deleted the kai/update-ssh-keys-after-ignition branch April 4, 2022 18:34
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Apr 4, 2022
This pulls in
flatcar/init#66
to fix the problem that Ignition keys would be lost as soon as
update-ssh-keys runs. This is done by placing Ignition's keys in as
files in the authorized_keys.d folder and calling update-ssh-keys after
Ignition ran.
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Apr 4, 2022
This pulls in
flatcar/init#66
to fix the problem that Ignition keys would be lost as soon as
update-ssh-keys runs. This is done by placing Ignition's keys in as
files in the authorized_keys.d folder and calling update-ssh-keys after
Ignition ran.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Alpha: ignition v3 should write SSH pub keys to authorized_keys.d
2 participants