Astara

appliance ssh key isn't sanitized and can break cloud-init

Bug #1573167 reported by Adam Gandelman on 2016-04-21

This bug affects 1 person

	Status	Importance	Assigned to
Astara	Fix Released	Critical	Adam Gandelman
Liberty	Fix Committed	Critical	Unassigned
Mitaka	Fix Committed	Critical	Unassigned

Bug Description

If the configured ssh public key, which is read from disk and injected into cloud-init, contains any new lines, it will be injected directly into the cloud-init yaml with those new lines, breaking its yaml format and making cloud-init unable to process it. This results in the boot-cmd never running and initial appliance networking not coming up.

Adam Gandelman (gandelman-a) on 2016-04-21

Changed in astara:
assignee:	nobody → Adam Gandelman (gandelman-a)
importance:	Undecided → Critical

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-21: Fix proposed to astara (master)

Fix proposed to branch: master
Review: https://review.openstack.org/309133

Changed in astara:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-21: Fix proposed to astara (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/309134

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-21: Fix proposed to astara (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/309135

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-21: Fix merged to astara (stable/liberty)

Reviewed: https://review.openstack.org/309135
Committed: https://git.openstack.org/cgit/openstack/astara/commit/?id=5d428949c6d971cf86e932e57433fc52a1bc47cb
Submitter: Jenkins
Branch: stable/liberty

commit 5d428949c6d971cf86e932e57433fc52a1bc47cb
Author: Adam Gandelman <email address hidden>
Date: Thu Apr 21 11:00:14 2016 -0700

Ensure ssh key is sanitized when read from disk

    We currently pass the ssh key read from disk straight into
    cloud-init. If it contains newlines before or after, it can
    break the yaml formatting of the cloud-init causing the appliance
    to fail to successfull boot.

    Change-Id: I26ef83dc7b02afc5e30f09447363ee27c9dca07c
    Closes-bug: #1573167
    (cherry picked from commit 158cf8d670654a569e793802a7e026f07efef715)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-21: Fix merged to astara (stable/mitaka)

Reviewed: https://review.openstack.org/309134
Committed: https://git.openstack.org/cgit/openstack/astara/commit/?id=5f3edfe1b68807b33dc53e32737a662ff40aeccd
Submitter: Jenkins
Branch: stable/mitaka

commit 5f3edfe1b68807b33dc53e32737a662ff40aeccd
Author: Adam Gandelman <email address hidden>
Date: Thu Apr 21 11:00:14 2016 -0700

Ensure ssh key is sanitized when read from disk

    Change-Id: I26ef83dc7b02afc5e30f09447363ee27c9dca07c
    Closes-bug: #1573167
    (cherry picked from commit 158cf8d670654a569e793802a7e026f07efef715)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-21: Fix merged to astara (master)

Reviewed: https://review.openstack.org/309133
Committed: https://git.openstack.org/cgit/openstack/astara/commit/?id=158cf8d670654a569e793802a7e026f07efef715
Submitter: Jenkins
Branch: master

commit 158cf8d670654a569e793802a7e026f07efef715
Author: Adam Gandelman <email address hidden>
Date: Thu Apr 21 11:00:14 2016 -0700

Ensure ssh key is sanitized when read from disk

Change-Id: I26ef83dc7b02afc5e30f09447363ee27c9dca07c
Closes-bug: #1573167

Changed in astara:
status:	In Progress → Fix Released

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-06-02: Fix included in openstack/astara 9.0.0.0b1

This issue was fixed in the openstack/astara 9.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.