This bug was fixed in the package cloud-init - 0.7.5-0ubuntu1.23
---------------
cloud-init (0.7.5-0ubuntu1.23) trusty; urgency=medium
- debian/control: added python-six dependency.
- debian/patches/lp-1781039-gce-datasource-update.patch:
Backport GCE datasource functionality from Xenial (LP: #1781039).
-- Shane Peters <[email protected]> Tue, 06 Sep 2018 17:57:23
-0400
** Changed in: cloud-init (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1781039
Title:
GCE cloudinit and ubuntu keys from metadata to ubuntu authorized_keys
Status in cloud-init:
Fix Released
Status in cloud-init package in Ubuntu:
Fix Released
Status in cloud-init source package in Trusty:
Fix Released
Bug description:
[Impact]
* Per documentation at
https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys ssh keys for
cloudinit and ubuntu users should both be added to the 'ubuntu' users
authorized_keys file.
* This works fine in Xenial (16.04) and higher, but doesn't work for
Trusty (14.04).
[Test Case]
* Create a file that contains ssh public keys
$ cat googlekeys
test:ssh-rsa <one example key> [email protected]
ubuntu:ssh-rsa <a second example key> [email protected]
cloudinit:ssh-rsa <a third example key> [email protected]
* Create an ubuntu 14.04 instance
gcloud compute instances create ubuntu1404cloudinit --image-family
ubuntu-1404-lts --image-project ubuntu-os-cloud
--metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
* Create an ubuntu 16.04 instance
gcloud compute instances create ubuntu1604cloudinit --image-family
ubuntu-1604-lts --image-project ubuntu-os-cloud
--metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
* Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys
from cloud-init (the keys there are added by the google daemon):
$ sudo cat /home/ubuntu/.ssh/authorized_keys
# Added by Google
ssh-rsa <the second example key but added by google daemon>
[email protected]
* However, in 16.04,
$ sudo cat /home/ubuntu/.ssh/authorized_keys
ssh-rsa <the third example key added by cloud-init> [email protected]
ssh-rsa <the second example key added by cloud-init> [email protected]
# Added by Google
ssh-rsa <the second example key added by the google daemon>
[email protected]
[Regression Potential]
* DatasourceGCE.py is heavily modified to fix this behavior in 14.04.
That said, there is a medium amount of regression potential when using
the GCE datasource. More specificallly, there is now stricter checking
of the metadata source when used(platform_check=True).
* Significant testing has been completed via the Google Compute
platform as well as other none-GCE datasources (lxd) to confirm
functionality and to test for possible regressions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1781039/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
