From 4480d0418ee4f8b092f14745b93855127bc65915 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 27 May 2020 08:58:10 -0400
Subject: [PATCH] Fix permissions of SSH CA key

It was creating CA as root, which
blocked confluent functionality.
---
 confluent_server/confluent/sshutil.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/confluent_server/confluent/sshutil.py b/confluent_server/confluent/sshutil.py
index 9085dc8a..efe79d7f 100644
--- a/confluent_server/confluent/sshutil.py
+++ b/confluent_server/confluent/sshutil.py
@@ -28,7 +28,9 @@ def initialize_ca():
         os.seteuid(ouid)
     myname = collective.get_myname()
     caname = '{0} SSH CA'.format(myname)
-    subprocess.check_call(['ssh-keygen', '-C', caname, '-t', 'ed25519', '-f', '/etc/confluent/ssh/ca', '-N', ''])
+    subprocess.check_call(
+        ['ssh-keygen', '-C', caname, '-t', 'ed25519', '-f',
+         '/etc/confluent/ssh/ca', '-N', ''], preexec_fn=normalize_uid)
     try:
         os.makedirs('/var/lib/confluent/public/site/ssh/', mode=0o755)
     except OSError as e: