| 2018-07-10 19:21:44 |
Shane Peters |
bug |
|
|
added bug |
| 2018-07-10 19:22:21 |
Shane Peters |
cloud-init: assignee |
|
Shane Peters (shaner) |
|
| 2018-07-11 16:39:28 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu) |
|
| 2018-07-11 16:39:35 |
Scott Moser |
cloud-init: status |
New |
Fix Released |
|
| 2018-07-11 16:39:40 |
Scott Moser |
cloud-init: importance |
Undecided |
Low |
|
| 2018-07-11 16:39:44 |
Scott Moser |
cloud-init (Ubuntu): status |
New |
Fix Released |
|
| 2018-07-11 16:39:49 |
Scott Moser |
cloud-init (Ubuntu): importance |
Undecided |
Medium |
|
| 2018-07-11 16:39:56 |
Scott Moser |
nominated for series |
|
Ubuntu Trusty |
|
| 2018-07-11 16:39:56 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu Trusty) |
|
| 2018-07-11 16:40:03 |
Scott Moser |
cloud-init (Ubuntu Trusty): status |
New |
Confirmed |
|
| 2018-07-11 16:40:06 |
Scott Moser |
cloud-init (Ubuntu Trusty): importance |
Undecided |
Medium |
|
| 2018-07-11 16:41:45 |
Scott Moser |
cloud-init (Ubuntu Trusty): assignee |
|
Shane Peters (shaner) |
|
| 2018-08-06 20:50:20 |
Shane Peters |
attachment added |
|
lp-1781039-gce-datasource-update.patch https://bugs.launchpad.net/ubuntu/trusty/+source/cloud-init/+bug/1781039/+attachment/5172307/+files/lp-1781039-gce-datasource-update.patch |
|
| 2018-08-14 13:31:09 |
Scott Moser |
merge proposal linked |
|
https://code.launchpad.net/~shaner/cloud-init/+git/cloud-init/+merge/352572 |
|
| 2018-09-04 20:21:08 |
Scott Moser |
merge proposal linked |
|
https://code.launchpad.net/~shaner/cloud-init/+git/cloud-init/+merge/353997 |
|
| 2018-09-06 21:17:48 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~shaner/cloud-init/+git/cloud-init/+merge/354428 |
|
| 2018-09-12 19:46:10 |
Shane Peters |
description |
Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys ssh keys for cloudinit and ubuntu users should both be added to the 'ubuntu' users authorized_keys file.
This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04).
[REPRODUCE]
# create a file that contains ssh public keys
$ cat googlekeys
test:ssh-rsa <one example key> test@example.com
ubuntu:ssh-rsa <a second example key> test@example.com
cloudinit:ssh-rsa <a third example key> test@example.com
# create an ubuntu 14.04 instance
gcloud compute instances create ubuntu1404cloudinit --image-family ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
# create an ubuntu 16.04 instance
gcloud compute instances create ubuntu1604cloudinit --image-family ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys from cloud-init (the keys there are added by the google daemon):
$ sudo cat /home/ubuntu/.ssh/authorized_keys
# Added by Google
ssh-rsa <the second example key but added by google daemon> test@example.com
In 16.04,
$ sudo cat /home/ubuntu/.ssh/authorized_keys
ssh-rsa <the third example key added by cloud-init> test@example.com
ssh-rsa <the second example key added by cloud-init> test@example.com
# Added by Google
ssh-rsa <the second example key added by the google daemon> test@example.com
[EXPECTED BEHAVIOR]
The ubuntu and cloudinit keys in metadata should be added to the ubuntu user by cloud-init. |
[Impact]
* Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys ssh keys for cloudinit and ubuntu users should both be added to the 'ubuntu' users authorized_keys file.
* This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04).
[Test Case]
* Create a file that contains ssh public keys
$ cat googlekeys
test:ssh-rsa <one example key> test@example.com
ubuntu:ssh-rsa <a second example key> test@example.com
cloudinit:ssh-rsa <a third example key> test@example.com
* Create an ubuntu 14.04 instance
gcloud compute instances create ubuntu1404cloudinit --image-family ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
* Create an ubuntu 16.04 instance
gcloud compute instances create ubuntu1604cloudinit --image-family ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
* Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys from cloud-init (the keys there are added by the google daemon):
$ sudo cat /home/ubuntu/.ssh/authorized_keys
# Added by Google
ssh-rsa <the second example key but added by google daemon> test@example.com
* However, in 16.04,
$ sudo cat /home/ubuntu/.ssh/authorized_keys
ssh-rsa <the third example key added by cloud-init> test@example.com
ssh-rsa <the second example key added by cloud-init> test@example.com
# Added by Google
ssh-rsa <the second example key added by the google daemon> test@example.com
[Regression Potential]
* DatasourceGCE.py is heavily modified to fix this behavior in 14.04. That said, there is a medium amount of regression potential when using the GCE datasource. More specificallly, there is now stricter checking of the metadata source when used(platform_check=True).
* Significant testing has been completed via the Google Compute platform as well as other none-GCE datasources (lxd) to confirm functionality and to test for possible regressions. |
|
| 2018-09-17 19:39:12 |
Shane Peters |
tags |
sts |
sts sts-sponser |
|
| 2018-09-19 15:08:59 |
Edward Hope-Morley |
tags |
sts sts-sponser |
sts sts-sponsor |
|
| 2018-09-27 19:03:53 |
Brian Murray |
cloud-init (Ubuntu Trusty): status |
Confirmed |
Fix Committed |
|
| 2018-09-27 19:03:55 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2018-09-27 19:03:58 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2018-09-27 19:04:02 |
Brian Murray |
tags |
sts sts-sponsor |
sts sts-sponsor verification-needed verification-needed-trusty |
|
| 2018-09-28 20:20:05 |
David Coronel |
bug |
|
|
added subscriber David Coronel |
| 2018-10-24 15:20:38 |
David Coronel |
tags |
sts sts-sponsor verification-needed verification-needed-trusty |
sts sts-sponsor verification-done-trusty verification-needed |
|
| 2018-10-24 15:37:57 |
Dan Streetman |
tags |
sts sts-sponsor verification-done-trusty verification-needed |
sts sts-sponsor verification-done verification-done-trusty |
|
| 2018-10-24 15:38:11 |
Dan Streetman |
tags |
sts sts-sponsor verification-done verification-done-trusty |
sts verification-done verification-done-trusty |
|
| 2018-10-29 09:45:19 |
Ćukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2018-10-29 09:55:28 |
Launchpad Janitor |
cloud-init (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2023-05-11 14:59:30 |
James Falcon |
bug watch added |
|
https://github.com/canonical/cloud-init/issues/3208 |
|
