| jbg | how can I prevent cloud-init from starting openssh? the service is not enabled via systemd but gets started anyway when cloud-init runs | 09:12 |
|---|---|---|
| falcojr | jbg: ssh.service is disabled? ssh is included and enabled in cloud images, but running cloud-init shouldn't affect it | 13:51 |
| jbg | falcojr: yes, sshd.service is disabled. the distro is arch. it seems that cloud-init effectively runs `systemctl restart sshd`, which starts sshd if it was not already running | 14:01 |
| jbg | after cloud-init completes, the service is still not enabled (would not start automatically), but it is started | 14:01 |
| jbg | i worked around it by stopping sshd after cloud-init completes, but it's annoying | 14:02 |
| falcojr | have you tried masking the ssh service? | 14:10 |
| jbg | i could do that, but i do want sshd to run on some systems that use this image (on those systems i run systemctl enable --now sshd during startup) | 14:43 |
| jbg | i'd rather find out why something is starting it | 14:44 |
| jbg | it appears to be cloud-init so i guess it's some module | 14:44 |
| falcojr | nothing in the codebase starts it. It's likely just the dependency chain. I'll admit I don't know systemd as well as I should, but IIRC a disabled service will still get started if another service depends on it | 16:11 |
| === smoser1 is now known as smoser | ||
| andyf | the set user passwords module restarts ssh if it tweaks the config. | 16:48 |
| rharper | falcojr: if pw_auth is set, then cc_setup_passwords.py will update sshd config and do a service restart on ssh | 16:52 |
| rharper | jbg: if cloud-init restarts ssh, you can see the command it runs in /var/log/cloud-init.log ; | 16:59 |
| jbg | rharper: thanks, i'll check that out | 18:12 |
| jbg | and yes, it does look like setup passwords is doing it | 18:13 |
| jbg | and restarting ssh starts it if it's not already running, even if it's not enabled | 18:14 |
| jbg | i wonder if it could be changed to do systemctl try-restart | 18:14 |
| rharper | alternatively jbg you can not include ssh_pwauth in your user-config, or use ssh_pwauth: unchanged | 18:57 |
| rharper | jbg: I think using try-restart would also be an acceptable upstream change | 19:00 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!