implement cloud-init query
Bug #1037753 reported by
Scott Moser
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Low
|
Joshua Harlow |
Bug Description
at one point there was a 'cloud-init-query' tool that woudl look just report data from the datasource.
This wasn't that useful though, because it only would work as root. That was because it read the pickled /var/lib/
It'd be nice if we could have the datasources save off a clean version of data to world readable, and then
have a tool that could read that.
Changed in cloud-init: | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in cloud-init: | |
assignee: | nobody → Joshua Harlow (harlowja) |
To post a comment you must log in.
Cool, so possible idea here.
Have the 'root' datasource expose a 'public' (readable) copy of itself with the following restrictions.
If there is any userdata:
If there is a config option 'encrypt_ queryable_ user_data' : false (default true), then just leave userdata alone.
Otherwise if true, attempt to encrpyt with ssh keys (generated by previous module).
- openssl rsautl -encrypt -inkey /tmp/public.pub -pubin -in /tmp/msg.txt -out /tmp/file.enc (or similar)
- if that fails, just remove the user-data (empty string)
Then write out that public copy to a file that can be used by this new cloud-init query tool.
The tool itself can be asked for certain datasource fields and show them back, more features here to inspect other files can be added later (?)