Bug 1957532

Summary: [cloud-init] From RHEL 82+ cloud-init no longer displays sshd keys fingerprints from instance launched from a backup image
Product: Red Hat Enterprise Linux 8 Reporter: David Sedgmen <dsedgmen>
Component: cloud-initAssignee: Emanuele Giuseppe Esposito <eesposit>
Status: CLOSED ERRATA QA Contact: xiachen
Severity: high Docs Contact: Jiri Herrmann <jherrman>
Priority: unspecified    
Version: 8.2CC: cwainwright, davdunc, eesposit, eterrell, huzhao, jcalhoun, jgreguske, jherrman, jiazhang, linl, mmatsuya, mrezanin, ribarry, xiachen, xialiu, xiliang, yacao, ymao
Target Milestone: betaKeywords: Reopened, Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cloud-init-21.1-2.el8 Doc Type: Bug Fix
Doc Text:
.SSH keys are now generated correctly on EC2 instances created from a backup AMI Previously, when creating a new Amazon EC2 instance of RHEL 8 from a backup Amazon Machine Image (AMI), `cloud-init` deleted existing SSH keys on the VM but did not create new ones. Consequently, the VM in some cases could not connect to the host. This problem has been fixed for newly created RHEL 8.5 VMs. For VMs that were upgraded from RHEL 8.4 or earlier, you must work around the issue manually. To do so, edit the `cloud.cfg` file and changing the `ssh_genkeytypes: ~` line to `ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']`. This makes it possible for SSH keys to be deleted and generated correctly when provisioning a RHEL 8 VM in the described circumstances.
 Story Points: ---
Clone Of:
: 1963981 1963982 1970909 (view as bug list) Environment:
Last Closed: 2021-11-09 18:48:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1888761, 1963981, 1963982, 1970909    
Deadline: 2021-07-19   
Attachments:
Description Flags
cloud-init-19.4-11.el8.3.esposem202105211009.noarch.log none

Comment 6 Masahiro Matsuya 2021-05-10 09:42:08 UTC 
I'm working for a customer case with a same problem.

In /lib/systemd/system/cloud-init.service:

 [Unit]
 Wants=sshd-keygen.service
 Before=sshd-keygen.service

sshd-keygen.service doesn't exist. I think it should use the following existing systemd units.


 [Unit]
 Wants=sshd-keygen.target

 Before=sshd-keygen
 Before=sshd-keygen
 Before=sshd-keygen
Comment 7 John Ferlan 2021-05-14 18:59:13 UTC 
Assigned to Rick for initial triage per bz process and age of bug created or assigned to virt-maint without triage.
Comment 32 Frank Liang 2021-05-24 13:58:35 UTC 
Created attachment 1786392 [details]
cloud-init-19.4-11.el8.3.esposem202105211009.noarch.log
Comment 55 xiachen 2021-06-21 02:05:59 UTC 
Tested cloud-init-21.1-2.el8, PASS.
Comment 56 xiachen 2021-07-12 05:59:32 UTC 
Move to VERIFIED based on comment#55.
Comment 66 errata-xmlrpc 2021-11-09 18:48:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cloud-init bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:4294
Comment 67 xiachen 2022-08-29 07:46:01 UTC 
*** Bug 2117957 has been marked as a duplicate of this bug. ***