[15:20] <smoser> hoonetorg, there have been a couple attempts to resolve your general query.
[15:20] <smoser> some thigns you can do:
[15:21] <smoser>  iso9660 or vfat on writable drive can simply be destroyed after you've read it.
[15:22] <smoser>  that quite easilys olves your "x2go" situation above.  you do have to tell cloud-init that it is 'manual_cache_clean', so it does not go looking for the datasource again, but the data is gone once you've deleted it (assuming you've shred'd' or what not).
[15:22] <smoser> the second thing you can do via http metadata service is to
[15:22] <smoser> a.) null-route the datasource url after you've consumed it.
[15:24] <smoser> also you can use '#include-once' in user-data.  and have some service that allows data to be read once.
[15:24] <smoser> and then generate long un-guessable urls.
[15:24] <smoser> i guess that was 'b'
[15:24] <smoser> oh yeah. and cluod-init can null-route the ec2 metadata service for you with :
[15:24] <smoser>  disable_ec2_metadata: true
[15:25] <smoser> http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt
[15:25] <smoser> for reference.
[16:35] <hoonetorg> smoser: thank your very much for your answer
[16:37] <hoonetorg> smoser: i hv a patch lying around for implementing injecting ca_certs for rh based distries. it implements what has begun at http://bazaar.launchpad.net/~jbellone/cloud-init/redhat-cc-ca-certs/view/head:/cloudinit/config/cc_ca_certs.py except the remove_default_ca_certs functionality.
[16:39] <hoonetorg> smoser: i hv written mr. kai engert from rh an email, and asked him to explain how to remove standard ca-certs on rh the right way, but did not get an answer yet.
[16:45] <hoonetorg> smoser: i hv no launchpad account and would like to show you what has been done as gist: https://gist.github.com/hoonetorg/c88e071885295d05dd95#file-gistfile1-txt
[16:48] <smoser> hoonetorg, that seems reasonable.
[16:48] <hoonetorg> smoser: i recompiled rpm package cloud-init on el7 and put it in my self made cloud images (oz). ca-cert injection works for me
[16:49] <hoonetorg> and should work on el6 too (did not try yet). not sure bout el5.
[16:50] <hoonetorg> not true, would not work on el5, command update-ca-trust does not exist there afaik.
[16:51] <hoonetorg> smoser: once i hv remove_default_ca_certs implemented, would it be ok for you to include it, if I send you a gist link here.
[16:52] <hoonetorg> or is there an easy way to use launchpad without creating an account?
[16:52] <smoser> well, its nto that hard to create a launchpad account :)
[16:52] <hoonetorg> :) i could imagine --- one account more --- o.k. I'll do
[16:53] <smoser> i'm not terribly opposed to accepting a patch outside of launchpad but we still have to have cla signed and such.
[16:58] <hoonetorg> :) i hv an account already and (surprise) the password i tried works, don't laugh, last login 2013, i can't remember, getting old.
[18:10] <SimonTremblay> Hi, I have some question about using cloud-init to modify ubuntu cloud image disk partitions, but maybe it's not possible to do what I want with these tools.
[18:10] <SimonTremblay>  If I want to create a specific partition layout like one partition for /var, one for /home, /tmp, etc. using ubuntu cloud image and cloud-init, I was thinking that I can use Disk Setup, but as I can see it's being run when root partition has been mounted...
[18:11] <SimonTremblay> like that can say that error message:  [CLOUDINIT] util.py[DEBUG]: Failed reading the partition table Unexpected error while running command.#012Command: ['/sbin/blockdev', '--rereadpt', '/dev/sda']#012Exit code: 1#012Reason: -#012Stdout: ''#012Stderr: 'BLKRRPART: Device or resource busy\n'#012Traceback (most recent call last):#012  File "/usr/lib/python2.7/dist-packages/cloudinit/config/cc_disk_setup.py", line 588, in read
[18:13] <SimonTremblay> I try to figure out how I can partition the disk automatically from ubuntu cloud image
[18:13] <SimonTremblay> maybe I should create a custom image?
[18:16] <SimonTremblay> (and sorry if I'm not at the right place to ask that question, I was wondering if there was a cloud-init user group too and can't find any yet)
[18:22] <smoser> SimonTremblay, well, the image comes the way it is. you could probably get away with putting /home on a different partition and /tmp even with a reboot, and could deasily enough move /var/ content elsehwere.
[18:23] <smoser>  /home cuold make some sense, but id' suggest for /var/ it might be better for you to manage whatever you're doing with the image to confine its data writing to /var/lib/your-app or some other directory  entirely
[18:23] <smoser> and then just mount that directory to a different volume