Diff comments:
> diff --git a/cloudinit/config/cc_set_passwords.py > b/cloudinit/config/cc_set_passwords.py > index bb24d57..3e5ba4c 100755 > --- a/cloudinit/config/cc_set_passwords.py > +++ b/cloudinit/config/cc_set_passwords.py > @@ -68,16 +68,49 @@ import re > import sys > > from cloudinit.distros import ug_util > -from cloudinit import ssh_util > +from cloudinit import log as logging > +from cloudinit.ssh_util import update_ssh_config > from cloudinit import util > > from string import ascii_letters, digits > > +LOG = logging.getLogger(__name__) > + > # We are removing certain 'painful' letters/numbers > PW_SET = (''.join([x for x in ascii_letters + digits > if x not in 'loLOI01'])) > > > +def handle_ssh_pwauth(pw_auth, service_cmd=None, service_name="ssh"): could use docstrings here with params > + cfg_name = "PasswordAuthentication" > + if service_cmd is None: > + service_cmd = ["service"] > + > + if util.is_true(pw_auth): > + cfg_val = 'yes' > + elif util.is_false(pw_auth): > + cfg_val = 'no' > + else: > + bmsg = "Leaving ssh config '%s' unchanged." % cfg_name > + if pw_auth is None or pw_auth.lower() == 'unchanged': > + LOG.debug("%s ssh_pwauth=%s", bmsg, pw_auth) > + else: > + LOG.warning("%s Unrecognized value: ssh_pwauth=%s", bmsg, > pw_auth) > + return > + > + updated = update_ssh_config({cfg_name: cfg_val}) > + if not updated: > + LOG.debug("No need to restart ssh service, %s not updated.", > cfg_name) While ssh was always restarted even if no config change, We could skip this message and only emit a debug if we did restart sshd on config-change. > + return > + > + if 'systemctl' in service_cmd: > + cmd = list(service_cmd) + ["restart", service_name] > + else: > + cmd = list(service_cmd) + [service_name, "restart"] > + util.subp(cmd) We're no longer handling the possible subp exception; does that change the result of handle? > + LOG.debug("Restarted the ssh daemon.") > + > + > def handle(_name, cfg, cloud, log, args): > if len(args) != 0: > # if run from command line, and give args, wipe the chpasswd['list'] > diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py > index 882517f..3cb235b 100644 > --- a/cloudinit/ssh_util.py > +++ b/cloudinit/ssh_util.py > @@ -310,4 +314,55 @@ def parse_ssh_config_map(fname): > ret[line.key] = line.value > return ret > > + > +def update_ssh_config(updates, fname=DEF_SSHD_CFG): > + """Read fname, and update if changes are necessary. > + What's the updates param? add to docstring > + @return: boolean indicating if an update was done.""" > + lines = parse_ssh_config(fname) > + changed = update_ssh_config_lines(lines=lines, updates=updates) > + if changed: > + util.write_file( > + fname, "\n".join([str(l) for l in lines]) + "\n", copy_mode=True) > + return bool(changed) Would it be better to be explicit here? return len(changed) > 0 ? > + > + > +def update_ssh_config_lines(lines, updates): > + """Update the ssh config lines per updates. > + > + @param lines: array of SshdConfigLine. This array is updated in place. > + @param update: dictionary of desired values {Option: value} s,update,updates to match the function signature > + @return: A list of keys in updates that were changed.""" > + found = set() > + changed = [] > + > + # Keywords are case-insensitive and arguments are case-sensitive > + casemap = dict([(k.lower(), k) for k in updates.keys()]) > + > + for (i, line) in enumerate(lines, start=1): > + if not line.key: > + continue > + if line.key in casemap: > + key = casemap[line.key] > + value = updates[key] > + found.add(key) If the values are equivalent, then why add it to found? Aren't we going to ignore them? > + if line.value == value: > + LOG.debug("line %d: option %s already set to %s", > + i, key, value) > + else: > + changed.append(key) > + LOG.debug("line %d: option %s updated %s -> %s", i, > + key, line.value, value) > + line.value = value > + > + if len(found) != len(updates): > + for key, value in updates.items(): > + if key in found: > + continue > + changed.append(key) > + lines.append(SshdConfigLine('', key, value)) > + LOG.debug("line %d: option %s added with %s", > + len(lines), key, value) > + return changed > + > # vi: ts=4 expandtab -- https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/343246 Your team cloud-init commiters is requested to review the proposed merge of ~smoser/cloud-init:fix/1677205-eol-on-sshd_config into cloud-init:master. _______________________________________________ Mailing list: https://launchpad.net/~cloud-init-dev Post to : cloud-init-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~cloud-init-dev More help : https://help.launchpad.net/ListHelp