project-lakitu/app-admin/compute-image-packages/files/20190801-publish-hostkeys-from-stateful-partition.patch

From 54248185371a5017913e15451858959a78c9621d Mon Sep 17 00:00:00 2001
From: Dexter Rivera <riverade@google.com>
Date: Wed, 4 Mar 2020 16:00:12 -0800
Subject: [PATCH] publish hostkeys from stateful partition

---
 .../instance_setup/instance_setup.py          | 38 ++++++++++++++-----
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py b/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py
index cb1a2a6..531b7d4 100755
--- a/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py
+++ b/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py
@@ -207,23 +207,41 @@ class InstanceSetup(object):
     """
     section = 'Instance'
     instance_id = self._GetInstanceId()
-    if instance_id != self.instance_config.GetOptionString(
-        section, 'instance_id'):
+    prev_instance_id = None
+
+    instance_id_file = '/mnt/stateful_partition/.instance_id'
+    if os.path.isfile(instance_id_file):
+      with open(instance_id_file, 'rb') as f:
+        prev_instance_id = f.read().strip()
+
+    if not prev_instance_id or prev_instance_id != instance_id:
       self.logger.info('Generating SSH host keys for instance %s.', instance_id)
       file_regex = re.compile(r'ssh_host_(?P<type>[a-z0-9]*)_key\Z')
-      key_dir = '/etc/ssh'
+      key_dir = '/mnt/stateful_partition/etc/ssh'
       key_files = [f for f in os.listdir(key_dir) if file_regex.match(f)]
-      key_types = host_key_types.split(',') if host_key_types else []
-      key_types_files = ['ssh_host_%s_key' % key_type for key_type in key_types]
-      for key_file in set(key_files) | set(key_types_files):
+      for key_file in set(key_files):
         key_type = file_regex.match(key_file).group('type')
         key_dest = os.path.join(key_dir, key_file)
-        key_data = self._GenerateSshKey(key_type, key_dest)
-        if key_data:
-          self._WriteHostKeyToGuestAttributes(key_data[0], key_data[1])
-      self._StartSshd()
+        if not prev_instance_id:
+          # On first boot, the hostkeys will be generated by a script
+          # that runs before sshd is started, so publish those keys
+          with open('%s.pub' % key_dest, 'rb') as pk:
+            key_data = pk.read().split()
+            if len(key_data) < 2:
+              self.logger.warning(
+                  'Could not read host key from %s.pub. Unable to publish '
+                  '%s key to instance guest attributes', key_dest, key_type)
+              continue
+        else:
+          # If the instance id changes, need to regenerate the hostkeys
+          key_data = self._GenerateSshKey(key_type, key_dest)
+        self._WriteHostKeyToGuestAttributes(key_data[0], key_data[1])
       self.instance_config.SetOption(section, 'instance_id', str(instance_id))
 
+      # Write the instance_id to the stateful partition
+      with open(instance_id_file, 'wb') as f:
+        f.write(instance_id)
+
   def _GetNumericProjectId(self):
     """Get the numeric project ID.
 
-- 
2.25.0.265.gbab2e86ba0-goog