From: David Galloway <david.galloway@ibm.com>
Date: Thu, 8 Jan 2026 17:53:04 +0000 (-0500)
Subject: prep-fog-capture: systemd unit to generate host ssh keys
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F809%2Fhead;p=ceph-cm-ansible.git

prep-fog-capture: systemd unit to generate host ssh keys

Ubuntu does not automatically regenerate SSH host keys after image-based
deployments. When keys are removed prior to FOG capture, sshd fails to
start on redeploy.

Add a one-shot systemd service to regenerate host keys on first boot and
disable itself after running.

Signed-off-by: David Galloway <david.galloway@ibm.com>
---

diff --git a/tools/prep-fog-capture.yml b/tools/prep-fog-capture.yml
index d0aec2dd..260e2890 100644
--- a/tools/prep-fog-capture.yml
+++ b/tools/prep-fog-capture.yml
@@ -61,6 +61,35 @@
       path: /var/lib/ceph
       state: unmounted
 
+  - name: Install one-shot service to regenerate SSH host keys on first boot
+    copy:
+      dest: /etc/systemd/system/regen-ssh-hostkeys.service
+      owner: root
+      group: root
+      mode: '0644'
+      content: |
+        [Unit]
+        Description=Regenerate SSH host keys on first boot
+        ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key
+        Before=ssh.service
+  
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/bin/ssh-keygen -A
+        ExecStartPost=/bin/systemctl disable regen-ssh-hostkeys.service
+  
+        [Install]
+        WantedBy=multi-user.target
+  
+  - name: Reload systemd daemon
+    systemd:
+      daemon_reload: true
+  
+  - name: Enable regen-ssh-hostkeys.service
+    systemd:
+      name: regen-ssh-hostkeys.service
+      enabled: true
+
   - name: Get list of SSH host keys
     shell: "ls -1 /etc/ssh/ssh_host_*"
     register: ssh_host_keys