Skip to content

Avoid unnecessary SSH key regeneration in developer mode #12059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Avoid unnecessary SSH key regeneration in developer mode #12059

wants to merge 1 commit into from
+3 −1

Conversation

@pavanaravapalli
Copy link

@pavanaravapalli pavanaravapalli commented Nov 12, 2025
edited
Loading

Description

This PR addresses an issue #12055 where SSH keys were being unnecessarily regenerated in developer mode even when valid keys already existed on disk.

When both the public and private key files are present at the expected file paths but missing from the database, CloudStack will now reuse the existing keys on disk instead of regenerating them. The existing keys are injected into the database, ensuring consistency without overwriting the developer’s configured keys.

Impact

Prevents loss of existing SSH keys in developer environments.
Ensures smoother setup by reusing valid keys already present on disk.
No impact on normal operation or production deployments.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Verified behavior in developer mode with pre-existing SSH key files but no DB entries.
Confirmed that no new keys are generated and the existing keys are properly persisted in the database.

Before Fix

Pasted Graphic Pasted Graphic 1 Pasted Graphic 2

After Fix

Pasted Graphic

How did you try to break this feature and the system with this change?

@pavanaravapalli pavanaravapalli marked this pull request as draft November 12, 2025 17:12
@DaanHoogland DaanHoogland requested review from Copilot and weizhouapache and removed request for Copilot November 13, 2025 07:49
DaanHoogland
DaanHoogland approved these changes Nov 13, 2025
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm

Copilot AI reviewed Nov 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR aims to fix unnecessary regeneration of SSH keys in developer mode when they already exist. The change adds a conditional check to skip key generation if the key files are already present on the filesystem.

  • Adds file existence check before SSH key generation
  • Targets developer mode to prevent overwriting existing SSH keys
  • Reduces unnecessary file system operations during startup

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
boolean onWindows = isOnWindows();
if(!onWindows) {
Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ecdsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ecdsa -N '' -f " + privkeyfile + " -q");
if (!privkeyfile.exists() && !pubkeyfile.exists()) {
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The condition !privkeyfile.exists() && !pubkeyfile.exists() uses AND logic, which will prevent SSH key generation if only one of the key files exists. This could leave the system in an inconsistent state. Consider using OR logic (||) instead, or check if BOTH files exist before skipping generation:

if (privkeyfile.exists() && pubkeyfile.exists()) {
    // Both keys exist, skip generation
} else {
    // At least one key is missing, regenerate both
    Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t ecdsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t ecdsa -N '' -f " + privkeyfile + " -q");
}

This ensures that both keys are always present and consistent when the code proceeds to read them at lines 628-638.

Suggested change
if (!privkeyfile.exists() && !pubkeyfile.exists()) {
if (!privkeyfile.exists() || !pubkeyfile.exists()) {

Copilot uses AI. Check for mistakes.
@DaanHoogland DaanHoogland self-requested a review November 13, 2025 08:17
@codecov
Copy link

codecov bot commented Nov 13, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.56%. Comparing base (5f9e131) to head (fac6a8e).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
...java/com/cloud/server/ConfigurationServerImpl.java 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main   #12059      +/-   ##
============================================
+ Coverage     17.55%   17.56%   +0.01%     
- Complexity    15537    15538       +1     
============================================
  Files          5910     5910              
  Lines        529336   529352      +16     
  Branches      64654    64656       +2     
============================================
+ Hits          92904    92977      +73     
+ Misses       425975   425917      -58     
- Partials      10457    10458       +1
Flag Coverage Δ
uitests 3.58% <ø> (ø)
unittests 18.63% <0.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pavanaravapalli pavanaravapalli changed the title WIP : { Fixed: unnecessary regeneration of SSH keys in developer mode when t…} WIP : Avoid unnecessary SSH key regeneration in developer mode Nov 13, 2025
@pavanaravapalli pavanaravapalli changed the title WIP : Avoid unnecessary SSH key regeneration in developer mode Avoid unnecessary SSH key regeneration in developer mode Nov 13, 2025
@pavanaravapalli pavanaravapalli marked this pull request as ready for review November 13, 2025 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@weizhouapache weizhouapache Awaiting requested review from weizhouapache

@DaanHoogland DaanHoogland Awaiting requested review from DaanHoogland

Assignees

No one assigned

Labels

component:management-server

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pavanaravapalli @DaanHoogland