Odd_Bloke | bswinnerton: I'm not 100% sure where that /run/network/interfaces.d file would be coming from; does it appear in /var/log/cloud-init.log at all? | 12:51 |
---|---|---|
lucasmoura | Hey everyone, were exactly we should print the authorized keys fingerprints ? https://github.com/canonical/cloud-init/blob/master/cloudinit/config/cc_ssh_authkey_fingerprints.py#L68 | 14:31 |
lucasmoura | I have create a dummy userdata with an ssh_authorized_keys but I could not find the output of this function in either cloud-init-output.logs or syslog | 14:32 |
lucasmoura | PS: This is the PR I am trying to manually validate: https://github.com/canonical/cloud-init/pull/188/ | 14:35 |
bswinnerton | Odd_Bloke: it doesn't, no. I suspect that it must be coming from the Debian cloud image | 14:45 |
smoser | bswinnerton: you're not really going to be able to use user-data to get rid of or have any effect on network config. as user-data is applied after network is up. | 15:04 |
smoser | i suspect you have something else running in that image that thinks it shoudl write /run/ files. | 15:05 |
smoser | commit a6faf3acef02bd8cd4d46ac9efeebf24b3f21d81 changed filename from /etc/network/interfaces.d/50-cloud-init.cfg to /etc/network/interfaces.d/50-cloud-init . so that is where one fix came from | 15:06 |
smoser | pastebin /var/log/cloud-init.log , or a tarball created with 'cloud-init collect-logs'. and i'd do so after a `clean --logs`. so that we only have one boot around. or...best case scenario on first boot of a otherwise clean image. | 15:08 |
blackboxsw | lucasmoura: your authorized key fingerprints should be emitted to /var/log/cloud-init-output.log ... yet look what I found :) https://github.com/canonical/cloud-init/blob/master/tests/cloud_tests/testcases/modules/TODO.md#ssh-authkey-fingerprints | 16:13 |
blackboxsw | lucasmoura: I'm trying to dig through to find out how we can reproduce this issue. | 16:14 |
blackboxsw | lucasmoura: ok I found it. util.multi_log actually logs to the console if a logger is not provided. so you can see this output in lxc by attaching to the console via: lxc console <your_container_name> during first boot | 16:45 |
lucasmoura | blackboxsw, Okay, I will try doing that. Thanks for the help :) | 17:02 |
blackboxsw | lucasmoura: you could lxc launch ubuntu-daily:xenial sru-xenial -c user.user.data="$(cat seed_keys.yaml)" https://paste.ubuntu.com/p/5ddmcqkrVC/ | 17:03 |
blackboxsw | lxc console sru-xenial (in another term) | 17:04 |
blackboxsw | upgrade cloud-init to proposed, cloud-init clean --logs --reboot | 17:04 |
blackboxsw | and watch for the Fingerprint (md5/sha256) table | 17:04 |
blackboxsw | I confirm I can see ci-info: | Keytype | Fingerprint (md5) | Options | Comment | on xenial | 17:05 |
lucasmoura | Great, I work on it | 17:12 |
lucasmoura | Thanks blackboxsw :) | 17:12 |
blackboxsw | lucasmoura: I've pushed that SRU consolidation script stuff up here https://github.com/cloud-init/ubuntu-sru/pull/113 if you have any thoughts or concerns there, just let me know | 19:12 |
lucasmoura | blackboxsw, ack. I am just finishing the ssh PR and I will review it | 19:13 |
blackboxsw | good deal thanks | 19:13 |
taliptako | hey how can i edit the sshd_config with cloud-init | 19:14 |
taliptako | i need to add AuthorizedPrincipalsFile to sshd_config | 19:14 |
blackboxsw | taliptako: I see cloud-init updates sshd_config for values using our own helper function in https://github.com/canonical/cloud-init/blob/master/cloudinit/config/cc_set_passwords.py#L123 as part of setting password. I don't see that we do that elsewhere. So I'd say maybe with a runcmd cloud-config | 19:21 |
blackboxsw | taliptako: maybe like this https://pastebin.ubuntu.com/p/Hh9Dq7g2yv/ | 19:24 |
blackboxsw | and then probably need a "- restart ssh" line too | 19:25 |
taliptako | blackboxsw, thank you i will try | 19:39 |
taliptako | interestingly AuthorizedPrincipalsFile doesnt work with Ubuntu 20 | 19:40 |
lucasmoura | blackboxsw, just reviewed the azure refactor PR. I just have a doubt regarding the for loop that was dropped, but besides that, LGTM | 20:04 |
lucasmoura | blackboxsw, I have looked at some PRs that I am not sure that we should cover with manual tests: https://paste.ubuntu.com/p/FXX6RSSD84/ | 22:05 |
lucasmoura | When you have some time to take a look and if you don't agree, just let me know | 22:06 |
blackboxsw | lucasmoura: I had the same thought on the first one and I had already removed it from the card an hour ago | 22:09 |
blackboxsw | second one is related to the CVE, so it would generally be important to verify, but none of our callsites provide pwlen, so our unittests cover that | 22:10 |
blackboxsw | strike that, out unittests don't cover the pwlen, but the change is so trivial that we probably don't need to validate it w/ an integration test | 22:11 |
blackboxsw | agreed lucasmoura, can drop those cases as they don't need validation | 22:13 |
blackboxsw | thanks | 22:13 |
lucasmoura | blackboxsw, okay, Shoul I just mark them on the list as done or remove from the card ? | 22:13 |
blackboxsw | lucasmoura: how about delete them | 22:14 |
blackboxsw | from the checklist | 22:14 |
blackboxsw | thanks | 22:14 |
lucasmoura | blackboxsw, No problem | 22:14 |
blackboxsw | lucasmoura: if you get a chance tomorrow plz check for errors in the attached/big logs https://github.com/cloud-init/ubuntu-sru/pull/114 :) | 22:16 |
lucasmoura | blackboxsw, ack | 22:17 |
blackboxsw | https://github.com/cloud-init/ubuntu-sru/pull/116 merged thanks lucasmoura | 22:20 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!