2021-08-17 08:42:10 |
Christian Ehrhardt |
bug |
|
|
added bug |
2021-08-17 08:42:20 |
Christian Ehrhardt |
summary |
cloud-init in impish makes /home/ubuntu/.ssh root.root breaking its use |
cloud-init in impish makes /home/ubuntu/.ssh root.root |
|
2021-08-17 08:45:52 |
Christian Ehrhardt |
attachment added |
|
cloud-init.tar https://bugs.launchpad.net/cloud-init/+bug/1940233/+attachment/5518387/+files/cloud-init.tar |
|
2021-08-17 09:03:48 |
Christian Ehrhardt |
description |
Hi,
I got to this by my systems complaining to be unable to do ssh-keygen
after deployment. Example:
$ uvt-kvm ssh --insecure impish-kvm 'ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N '\'''\'''
Saving key "/home/ubuntu/.ssh/id_rsa" failed: Permission denied
I found that is due to permissions after guest spawning:
Old:
drwx------ 2 ubuntu ubuntu 4096 Aug 17 08:20 .ssh/
New:
drwxr-xr-x 2 root root 4096 Aug 17 08:17 .ssh/
That beaks later things like ssh-keygen.
uvt-kvm only does instruct cloud-init to place a key.
This uses ssh_authorized_keys from
https://cloudinit.readthedocs.io/en/latest/topics/modules.html?highlight=ssh_authorized_keys#authorized-keys
Checked a few guests:
I've seen this on
- impish x86
- impish s390x
I've not seen this on
- bionic
- focal
- impish
You might say - wait a minute impish in both lists.
But it is the date:
Bad
com.ubuntu.cloud.daily:server:21.10:amd64 20210815
cloud-init 21.2-69-g65607405-0ubuntu1
Good
com.ubuntu.cloud.daily:server:21.10:amd64 20210706
cloud-init 21.2-3-g899bfaa9-0ubuntu2
And either this cloud-init version is broken or the underlying new impish image.
I mounted the underlying cloud-image (without customization by cloud-init)
and found that /home is empty (true for all those images).
So to me that seems to be an issue in the new cloud-init that now is in
those images. |
Hi,
I got to this by my systems complaining to be unable to do ssh-keygen
after deployment. Example:
$ uvt-kvm ssh --insecure impish-kvm 'ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N '\'''\'''
Saving key "/home/ubuntu/.ssh/id_rsa" failed: Permission denied
I found that is due to permissions after guest spawning:
/home/ubuntu/.ssh changed
Old:
drwx------ 2 ubuntu ubuntu 4096 Aug 17 08:20 .ssh/
New:
drwxr-xr-x 2 root root 4096 Aug 17 08:17 .ssh/
That beaks later things like ssh-keygen.
uvt-kvm only does instruct cloud-init to place a key.
This uses ssh_authorized_keys from
https://cloudinit.readthedocs.io/en/latest/topics/modules.html?highlight=ssh_authorized_keys#authorized-keys
Checked a few guests:
I've seen this on
- impish x86
- impish s390x
I've not seen this on
- bionic
- focal
- impish
You might say - wait a minute impish in both lists.
But it is the date:
Bad
com.ubuntu.cloud.daily:server:21.10:amd64 20210815
cloud-init 21.2-69-g65607405-0ubuntu1
Good
com.ubuntu.cloud.daily:server:21.10:amd64 20210706
cloud-init 21.2-3-g899bfaa9-0ubuntu2
And either this cloud-init version is broken or the underlying new impish image.
I mounted the underlying cloud-image (without customization by cloud-init)
and found that /home is empty (true for all those images).
So to me that seems to be an issue in the new cloud-init that now is in
those images. |
|
2021-08-17 09:07:23 |
Christian Ehrhardt |
bug task added |
|
cloud-init (Ubuntu) |
|
2021-08-17 09:07:34 |
Christian Ehrhardt |
cloud-init (Ubuntu): importance |
Undecided |
Critical |
|
2021-08-17 09:08:24 |
Christian Ehrhardt |
tags |
|
rls-ii-incoming |
|
2021-08-17 09:11:59 |
Christian Ehrhardt |
description |
Hi,
I got to this by my systems complaining to be unable to do ssh-keygen
after deployment. Example:
$ uvt-kvm ssh --insecure impish-kvm 'ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N '\'''\'''
Saving key "/home/ubuntu/.ssh/id_rsa" failed: Permission denied
I found that is due to permissions after guest spawning:
/home/ubuntu/.ssh changed
Old:
drwx------ 2 ubuntu ubuntu 4096 Aug 17 08:20 .ssh/
New:
drwxr-xr-x 2 root root 4096 Aug 17 08:17 .ssh/
That beaks later things like ssh-keygen.
uvt-kvm only does instruct cloud-init to place a key.
This uses ssh_authorized_keys from
https://cloudinit.readthedocs.io/en/latest/topics/modules.html?highlight=ssh_authorized_keys#authorized-keys
Checked a few guests:
I've seen this on
- impish x86
- impish s390x
I've not seen this on
- bionic
- focal
- impish
You might say - wait a minute impish in both lists.
But it is the date:
Bad
com.ubuntu.cloud.daily:server:21.10:amd64 20210815
cloud-init 21.2-69-g65607405-0ubuntu1
Good
com.ubuntu.cloud.daily:server:21.10:amd64 20210706
cloud-init 21.2-3-g899bfaa9-0ubuntu2
And either this cloud-init version is broken or the underlying new impish image.
I mounted the underlying cloud-image (without customization by cloud-init)
and found that /home is empty (true for all those images).
So to me that seems to be an issue in the new cloud-init that now is in
those images. |
Hi,
I got to this by my systems complaining to be unable to do ssh-keygen
after deployment. Example:
$ uvt-kvm ssh --insecure impish-kvm 'ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N '\'''\'''
Saving key "/home/ubuntu/.ssh/id_rsa" failed: Permission denied
I found that is due to permissions after guest spawning:
/home/ubuntu/.ssh changed
Old:
drwx------ 2 ubuntu ubuntu 4096 Aug 17 08:20 .ssh/
New:
drwxr-xr-x 2 root root 4096 Aug 17 08:17 .ssh/
That beaks later things like ssh-keygen.
uvt-kvm only does instruct cloud-init to place a key.
This uses ssh_authorized_keys from
https://cloudinit.readthedocs.io/en/latest/topics/modules.html?highlight=ssh_authorized_keys#authorized-keys
Checked a few guests:
I've seen this on
- impish x86
- impish s390x
I've not seen this on
- bionic
- focal
- impish
You might say - wait a minute impish in both lists.
But it is the date:
Bad
com.ubuntu.cloud.daily:server:21.10:amd64 20210815
cloud-init 21.2-69-g65607405-0ubuntu1
Good
com.ubuntu.cloud.daily:server:21.10:amd64 20210706
cloud-init 21.2-3-g899bfaa9-0ubuntu2
And either this cloud-init version is broken or the underlying new impish image.
I mounted the underlying cloud-image (without customization by cloud-init)
and found that /home is empty (true for all those images).
So to me that seems to be an issue in the new cloud-init that now is in
those images.
Steps to reproduce
# if your host has no keys to push to the guest run ssh-keygen
# sync the latest broken images
$ uvt-simplestreams-libvirt --verbose sync --source http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=impish
# spawn guest
$ uvt-kvm create --password=ubuntu i release=impish arch=amd64 label=daily
# wait for it and check the permissions
$ uvt-kvm wait i
$ uvt-kvm ssh i "ls -laF /home/ubuntu/"
drwxr-xr-x 2 root root 4096 Aug 17 08:17 .ssh/ |
|
2021-08-17 10:10:59 |
Paride Legovini |
bug |
|
|
added subscriber Paride Legovini |
2021-08-17 15:07:33 |
James Falcon |
cloud-init (Ubuntu): status |
New |
Triaged |
|
2021-08-17 15:07:37 |
James Falcon |
cloud-init: status |
New |
Triaged |
|
2021-08-17 15:07:41 |
James Falcon |
cloud-init: importance |
Undecided |
Critical |
|
2021-08-21 03:32:20 |
Chad Smith |
cloud-init: status |
Triaged |
Fix Committed |
|
2021-08-21 03:32:23 |
Chad Smith |
cloud-init (Ubuntu): status |
Triaged |
Fix Committed |
|
2021-08-23 20:16:43 |
James Falcon |
cloud-init: status |
Fix Committed |
Fix Released |
|
2021-08-23 21:18:31 |
Chad Smith |
nominated for series |
|
Ubuntu Hirsute |
|
2021-08-23 21:18:31 |
Chad Smith |
bug task added |
|
cloud-init (Ubuntu Hirsute) |
|
2021-08-23 21:18:31 |
Chad Smith |
nominated for series |
|
Ubuntu Focal |
|
2021-08-23 21:18:31 |
Chad Smith |
bug task added |
|
cloud-init (Ubuntu Focal) |
|
2021-08-23 21:18:31 |
Chad Smith |
nominated for series |
|
Ubuntu Impish |
|
2021-08-23 21:18:31 |
Chad Smith |
bug task added |
|
cloud-init (Ubuntu Impish) |
|
2021-08-23 21:18:31 |
Chad Smith |
nominated for series |
|
Ubuntu Bionic |
|
2021-08-23 21:18:31 |
Chad Smith |
bug task added |
|
cloud-init (Ubuntu Bionic) |
|
2021-08-24 05:08:18 |
Launchpad Janitor |
cloud-init (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
2021-08-25 05:40:00 |
Christian Ehrhardt |
cloud-init (Ubuntu Bionic): status |
New |
Invalid |
|
2021-08-25 05:40:03 |
Christian Ehrhardt |
cloud-init (Ubuntu Focal): status |
New |
Invalid |
|
2021-08-25 05:40:06 |
Christian Ehrhardt |
cloud-init (Ubuntu Hirsute): status |
New |
Invalid |
|
2023-05-12 14:00:54 |
James Falcon |
bug watch added |
|
https://github.com/canonical/cloud-init/issues/3894 |
|