[00:51] <SnoFox> Hello. I have an Amazon Linux 2 VM that seems to have removed the cloud-init binary and systemd units. I feel like I'm misunderstanding the purpose of the tool - I don't see anything funny in userdata to cause that nor am I finding anything in the docs about persistence. Is this expected or is Amazon doing weird things?
[13:50] <MKS2020> Hello, i’d like report a bug at line https://github.com/canonical/cloud-init/blame/8116493950e7c47af0ce66fc1bb5d799ce5e477a/cloudinit/ssh_util.py#L260 not sure if this IRC channel is the right place.
[13:52] <MKS2020> cloud-init’s code by default makes a wrong assumption that all users using private .ssh folder for authorized_keys.
[13:57] <gnulnx> meena: Chef isn't even being installed.  The inital directories are created, but there is no chef-client binary, and the logs just say "running module chef ... failed", and "Ran chef but it failed!"
[13:57] <gnulnx> The cloud-init logs ^
[13:58] <MKS2020> But `AuthorizedKeysFile` directive in sshd_config could be used to have a system-wide folder with user keys which are managed by configuration management systems, for example puppet. The idea is to have configuration like `AuthorizedKeysFile /etc/ssh/authorized_keys/%u` to prevent users manage their authorized_keys or to rootkit other users from user who had a sudo permissions on host. Folder `/etc/ssh/authorized_keys/` and all files inside are owned b
[13:58] <MKS2020> root because user shouldn’t be able to modify this files. When cloud-init change mode to 700 for such folder it breaks whole consept.
[14:07] <MKS2020> so before applying 700 to folder defined in `AuthorizedKeysFile` cloud-init needs to validate that that folder located within user’s HOME folder.
[14:30] <meena> gnulnx: how is chef being installed?
[14:32] <gnulnx> meena: `install_type: "omnibus"`
[14:32] <meena> MKS2020: do you think you can patch that?
[14:32] <meena> gnulnx: ooohhh, aah? okay?
[14:32] <gnulnx> One sec, I'm pasting my config
[14:32] <MKS2020> meena: yes, https://github.com/canonical/cloud-init/pull/149
[14:33] <meena> MKS2020: i haven't looked all day at GitHub, i'm in a new paid job… and i…'ve mostly been busy setting up my laptop, 😆
[14:34] <meena> MKS2020: did you look at https://github.com/canonical/cloud-init/blob/master/HACKING.rst ?
[14:35] <MKS2020> hehe, it can wait right now we’re fixing this issue with runcmd: "awk  '/^AuthorizedKeysFile/ {print $2}' /etc/ssh/sshd_config | xargs dirname | xargs chmod 755" in our code but it really hard to use our own AMIs across different accounts and departments :)
[14:36] <gnulnx> meena: https://gist.github.com/kylejohnson/e44a1d72b634dd7fade4fc830f2a7ae6 is what I have
[14:36] <MKS2020> meena: yep, i’m at the middle of https://ubuntu.com/legal/contributors/agreement now
[14:37] <meena> MKS2020: oh. that was simpler than i thought… also: can you show us your cloud-init config that let's you do / break that? (as a comment to PR perhaps)
[14:38] <MKS2020> meena: ok, i’ll describe steps to reproduce a bug
[14:40] <MKS2020> meena: what should i write in `Please add the Canonical Project Manager or contact` ?
[14:40] <meena> MKS2020: that would be powersj
[14:44] <meena> gnulnx: we don't even capture if anything goes wrong in the installer: https://github.com/canonical/cloud-init/blob/master/cloudinit/config/cc_chef.py#L308
[14:44] <meena> gnulnx: so, i'd start by toggling that Flag, and seeing if you get more useful output.
[14:45] <gnulnx> Just toggle Capture and re-run?
[14:47] <meena> gnulnx: set capture=True; run cloud-init clean --logs --reboot ; and enjoy the show
[14:50] <gnulnx> thank ya
[14:51] <gnulnx> I've been doing rm -rf sem; cloud-init -d single --name chef
[14:51] <gnulnx> Would that get me (close to) the same result?
[14:54] <gnulnx> meena: https://gist.github.com/kylejohnson/1a157062f1bccc7106e9de2ed5cd639e
[14:55] <gnulnx> That's interesting.  It doesn't like any of my cef keys
[14:55] <MKS2020> meena: i’ve submited agreement and added steps to reproduce into MR. Let me know if some information is needed/missed from my side.
=== tds3 is now known as tds
[19:02] <meena> 15:51 <gnulnx> Would that get me (close to) the same result? ⬅️ no. clean nukes /var/lib/cloud-init and /run/cloud-init
[19:09] <meena> https://cloudinit.readthedocs.io/en/latest/topics/modules.html#chef this documentation seems to be incomplete, and, confusing
[19:19] <gnulnx> meena: Yeah, that's what I found too.  The documentation doesn't look up to date.
[19:22] <meena> gnulnx: which version are you on, btw?
[19:23] <gnulnx> meena: 19.3-41
[19:24] <meena> let's open… at least one bug, gnulnx .
[19:27] <gnulnx> Oh what's that?
[19:27] <gnulnx> So I added `validation_name: test` and it actually installed chef this time
[19:28] <gnulnx> Installed, daemonized and forked
[19:55] <meena> gnulnx: so that's that then
[20:03] <gnulnx> yup