Host key harvesting QoL improvements

* Host key harvesting changed to be async/non-blocking
* Change "service" name to be more specific and auto-enable

VERSION

@@ -1 +1 @@
-1.1-14
+1.1-15

bin/make_deb.sh

@@ -57,8 +57,8 @@ sed -i "s%/usr/bin/%%g" "${pkgdir}"/ec2-instance-connect/*
 sed -i "s%^/bin/%%g" "${pkgdir}"/ec2-instance-connect/*
 sed -i "s%\([^\#][^\!]\)/bin/%\1%g" "${pkgdir}"/ec2-instance-connect/*
 # Copy ec2-instance-connect service file
-cp -r "${TOPDIR}/src/deb_systemd/ec2-instance-connect.service" "${pkgdir}/"
-cp -r "${TOPDIR}/src/ec2-instance-connect.preset" "${pkgdir}/95-ec2-instance-connect.preset"
+cp -r "${TOPDIR}/src/deb_systemd/ec2-instance-connect-harvest-hostkeys.service" "${pkgdir}/"
+cp -r "${TOPDIR}/src/ec2-instance-connect-harvest-hostkeys.preset" "${pkgdir}/95-ec2-instance-connect-harvest-hostkeys.preset"
 
 mkdir "${pkgdir}/debian"
 cp -r "${TOPDIR}"/debian/* "${pkgdir}/debian/"

bin/make_rpm.sh

@@ -52,8 +52,8 @@ function cleanup {
 }
 trap cleanup EXIT
 
-cp "${TOPDIR}/src/rpm_systemd/ec2-instance-connect.service" "${BUILDDIR}/SOURCES/"
-cp "${TOPDIR}/src/ec2-instance-connect.preset" "${BUILDDIR}/SOURCES"
+cp "${TOPDIR}/src/rpm_systemd/ec2-instance-connect-harvest-hostkeys.service" "${BUILDDIR}/SOURCES/"
+cp "${TOPDIR}/src/ec2-instance-connect-harvest-hostkeys.preset" "${BUILDDIR}/SOURCES"
 ls "${BUILDDIR}/SOURCES"
 
 cd "${BUILDDIR}" || exit 1 # Will ensure some paths are set correctly in rpmbuild

debian/changelog

@@ -1,3 +1,10 @@
+ec2-instance-connect (1.1.15) xenial; urgency=high
+
+  * Change EIC Hostkeys Harvesting to be asynchronous from SSHD to improve instance boot time
+  * Rename and enable ec2-instance-connect-harvest-hostkeys.service. Remove pointer to old ec2-instance-connect.service.
+
+ -- Vishrutha Konappa Reddy <[email protected]>  Thu, Sep 9 2021 12:50:55 -0400
+
 ec2-instance-connect (1.1.14) xenial; urgency=high
 
   * Ensure failure to run host key harvesting does not leave instances in degraded state

debian/install

@@ -1,3 +1,3 @@
 ec2-instance-connect/* usr/share/ec2-instance-connect/
-ec2-instance-connect.service lib/systemd/system/
-95-ec2-instance-connect.preset lib/systemd/system-preset/
+ec2-instance-connect-harvest-hostkeys.service lib/systemd/system/
+95-ec2-instance-connect-harvest-hostkeys.preset lib/systemd/system-preset/

rpmsrc/SPECS/generic.spec

@@ -24,8 +24,8 @@ BuildArch: noarch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: systemd
 Source0: %{name}-%{version}.tar.gz
-Source1: ec2-instance-connect.service
-Source2: ec2-instance-connect.preset
+Source1: ec2-instance-connect-harvest-hostkeys.service
+Source2: ec2-instance-connect-harvest-hostkeys.preset
 Requires: openssh >= 6.9.0, coreutils, openssh-server >= 6.9.0, openssl, curl, systemd
 Requires(pre): /usr/bin/getent, /usr/sbin/adduser, /usr/sbin/usermod, systemd, systemd-units
 Requires(post): /bin/grep, /usr/bin/printf, openssh-server >= 6.9.0, systemd, systemd-units
@@ -45,13 +45,13 @@ Requires(postun): /usr/sbin/userdel, systemd, systemd-units
 /bin/rm -rf %{buildroot}
 /bin/mkdir -p  %{buildroot}
 
-/usr/bin/install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/ec2-instance-connect.service
+/usr/bin/install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/ec2-instance-connect-harvest-hostkeys.service
 # While the former is the RHEL standard, both are populated.  And not symlinked.
-/usr/bin/install -D -m 644 %{SOURCE2} %{buildroot}/usr/lib/systemd/system-preset/95-ec2-instance-connect.preset
-/usr/bin/install -D -m 644 %{SOURCE2} %{buildroot}/lib/systemd/system-preset/95-ec2-instance-connect.preset
+/usr/bin/install -D -m 644 %{SOURCE2} %{buildroot}/usr/lib/systemd/system-preset/95-ec2-instance-connect-harvest-hostkeys.preset
+/usr/bin/install -D -m 644 %{SOURCE2} %{buildroot}/lib/systemd/system-preset/95-ec2-instance-connect-harvest-hostkeys.preset
 
 /bin/mkdir -p %{buildroot}/lib/systemd/hostkey.d
-/bin/echo 'ec2-instance-connect.service' > %{buildroot}/lib/systemd/hostkey.d/60-ec2-instance-connect.list
+/bin/echo 'ec2-instance-connect-harvest-hostkeys.service' > %{buildroot}/lib/systemd/hostkey.d/60-ec2-instance-connect.list
 
 # in builddir
 /bin/cp -a * %{buildroot}
@@ -66,20 +66,22 @@ Requires(postun): /usr/sbin/userdel, systemd, systemd-units
 /opt/aws/bin/eic_parse_authorized_keys
 /opt/aws/bin/eic_harvest_hostkeys
 %defattr(644, root, root, -)
-%{_unitdir}/ec2-instance-connect.service
+%{_unitdir}/ec2-instance-connect-harvest-hostkeys.service
 /lib/systemd/hostkey.d/60-ec2-instance-connect.list
-/lib/systemd/system-preset/95-ec2-instance-connect.preset
-/usr/lib/systemd/system-preset/95-ec2-instance-connect.preset
+/lib/systemd/system-preset/95-ec2-instance-connect-harvest-hostkeys.preset
+/usr/lib/systemd/system-preset/95-ec2-instance-connect-harvest-hostkeys.preset
 
 %pre
 # Create/configure system user
 /usr/bin/getent passwd ec2-instance-connect || /usr/sbin/useradd -r -M -s /sbin/nologin ec2-instance-connect
 /usr/sbin/usermod -L ec2-instance-connect
 
 %post
-%systemd_post ec2-instance-connect.service
+# Remove dangling pointers to ec2-instance-connect.service
+/bin/rm -f /etc/systemd/system/multi-user.target.wants/ec2-instance-connect.service
+/usr/bin/systemctl preset ec2-instance-connect-harvest-hostkeys.service
 # XXX: %system_post just loads any presets (ie, auto-enable/disable).  It does NOT try to start the service!
-/usr/bin/systemctl start ec2-instance-connect.service
+/usr/bin/systemctl start ec2-instance-connect-harvest-hostkeys.service
 
 modified=1
 
@@ -121,7 +123,7 @@ if [ $modified -eq 0 ] ; then
 fi
 
 %preun
-%systemd_preun ec2-instance-connect.service
+%systemd_preun ec2-instance-connect-harvest-hostkeys.service
 
 if [ $1 -eq 0 ] ; then
     modified=1
@@ -146,7 +148,7 @@ if [ $1 -eq 0 ] ; then
 fi
 
 %postun
-%systemd_postun_with_restart ec2-instance-connect.service
+%systemd_postun_with_restart ec2-instance-connect-harvest-hostkeys.service
 
 if [ $1 -eq 0 ] ; then
     # Delete system user
@@ -155,6 +157,9 @@ fi
 
 
 %changelog
+* Thu Sep 9 2021 Vishrutha Konappa Reddy <[email protected]> 1.1-15
+- Change EIC Hostkeys Harvesting to be asynchronous from SSHD to improve instance boot time
+- Rename and enable ec2-instance-connect-harvest-hostkeys.service. Remove pointer to old ec2-instance-connect.service.
 * Fri Feb 26 2021 Paul Oh <[email protected]> 1.1-14
 - Ensure failure to run host key harvesting does not leave instances in degraded state
 * Thu Oct 22 2020 Jacob Meisler <[email protected]> 1.1-13

src/deb_systemd/ec2-instance-connect.service → src/deb_systemd/ec2-instance-connect-harvest-hostkeys.service

@@ -1,6 +1,5 @@
 [Unit]
 Description=EC2 Instance Connect Host Key Harvesting
-Before=ssh.service
 After=network.target ssh-keygen.service
 
 [Install]

src/ec2-instance-connect-harvest-hostkeys.preset

@@ -0,0 +1 @@
+enable ec2-instance-connect-harvest-hostkeys.service

src/rpm_systemd/ec2-instance-connect.service → src/rpm_systemd/ec2-instance-connect-harvest-hostkeys.service

@@ -1,6 +1,5 @@
 [Unit]
 Description=EC2 Instance Connect Host Key Harvesting
-Before=sshd.service
 After=network.target sshd-keygen.service
 
 [Install]