[12:51] <Odd_Bloke> bswinnerton: I'm not 100% sure where that /run/network/interfaces.d file would be coming from; does it appear in /var/log/cloud-init.log at all?
[14:31] <lucasmoura> Hey everyone, were exactly we should print the authorized keys fingerprints ? https://github.com/canonical/cloud-init/blob/master/cloudinit/config/cc_ssh_authkey_fingerprints.py#L68
[14:32] <lucasmoura> I have create a dummy userdata with an ssh_authorized_keys but I could not find the output of this function in either cloud-init-output.logs or syslog
[14:35] <lucasmoura> PS: This is the PR I am trying to manually validate: https://github.com/canonical/cloud-init/pull/188/
[14:45] <bswinnerton> Odd_Bloke: it doesn't, no. I suspect that it must be coming from the Debian cloud image
[15:04] <smoser> bswinnerton: you're not really going to be able to use user-data to get rid of or have any effect on network config. as user-data is applied after network is up.
[15:05] <smoser> i suspect you have something else running in that image that thinks it shoudl write /run/ files.
[15:06] <smoser> commit a6faf3acef02bd8cd4d46ac9efeebf24b3f21d81 changed filename from /etc/network/interfaces.d/50-cloud-init.cfg to /etc/network/interfaces.d/50-cloud-init . so that is where one fix came from
[15:08] <smoser> pastebin /var/log/cloud-init.log , or a tarball created with 'cloud-init collect-logs'. and i'd do so after a `clean --logs`. so that we only have one boot around. or...best case scenario on first boot of a otherwise clean image.
[16:13] <blackboxsw> lucasmoura: your authorized key fingerprints should be emitted to /var/log/cloud-init-output.log ... yet look what I found :) https://github.com/canonical/cloud-init/blob/master/tests/cloud_tests/testcases/modules/TODO.md#ssh-authkey-fingerprints
[16:14] <blackboxsw> lucasmoura: I'm trying to dig through to find out how we can reproduce this issue.
[16:45] <blackboxsw> lucasmoura: ok I found it. util.multi_log actually logs to the console if a logger is not provided. so you can see this output in lxc by attaching to the console via: lxc console <your_container_name>    during first boot
[17:02] <lucasmoura> blackboxsw, Okay, I will try doing that. Thanks for the help :)
[17:03] <blackboxsw> lucasmoura: you could lxc launch ubuntu-daily:xenial sru-xenial -c user.user.data="$(cat seed_keys.yaml)" https://paste.ubuntu.com/p/5ddmcqkrVC/
[17:04] <blackboxsw> lxc console sru-xenial (in another term)
[17:04] <blackboxsw> upgrade cloud-init to proposed, cloud-init clean --logs --reboot
[17:04] <blackboxsw> and watch for the Fingerprint (md5/sha256) table
[17:05] <blackboxsw> I confirm I can see ci-info: | Keytype |                Fingerprint (md5)                | Options |    Comment    |   on xenial
[17:12] <lucasmoura> Great, I work on it
[17:12] <lucasmoura> Thanks blackboxsw :)
[19:12] <blackboxsw> lucasmoura: I've pushed that SRU consolidation script stuff up here https://github.com/cloud-init/ubuntu-sru/pull/113 if you have any thoughts or concerns there, just let me know
[19:13] <lucasmoura> blackboxsw, ack. I am just finishing the ssh PR and I will review it
[19:13] <blackboxsw> good deal thanks
[19:14] <taliptako> hey how can i edit the sshd_config with cloud-init
[19:14] <taliptako> i need to add AuthorizedPrincipalsFile to sshd_config
[19:21] <blackboxsw> taliptako: I see cloud-init updates sshd_config for values using our own helper function in https://github.com/canonical/cloud-init/blob/master/cloudinit/config/cc_set_passwords.py#L123 as part of setting password. I don't see that we do that elsewhere.  So I'd say maybe with a runcmd cloud-config
[19:24] <blackboxsw> taliptako: maybe like this https://pastebin.ubuntu.com/p/Hh9Dq7g2yv/
[19:25] <blackboxsw> and then probably need a "- restart ssh" line too
[19:39] <taliptako> blackboxsw, thank you i will try
[19:40] <taliptako> interestingly AuthorizedPrincipalsFile doesnt work with Ubuntu 20
[20:04] <lucasmoura> blackboxsw, just reviewed the azure refactor PR. I just have a doubt regarding the for loop that was dropped, but besides that, LGTM
[22:05] <lucasmoura> blackboxsw, I have looked at some PRs that I am not sure that we should cover with manual tests: https://paste.ubuntu.com/p/FXX6RSSD84/
[22:06] <lucasmoura> When you have some time to take a look and if you don't agree, just let me know
[22:09] <blackboxsw> lucasmoura: I had the same thought on the first one and I had already removed it from the card an hour ago
[22:10] <blackboxsw> second one is related to the CVE, so it would generally be important to verify, but none of our callsites provide pwlen, so our unittests cover that
[22:11] <blackboxsw> strike that, out unittests don't cover the pwlen, but the change is so trivial that we probably don't need to validate it w/ an integration test
[22:13] <blackboxsw> agreed lucasmoura, can drop those cases as they don't need validation
[22:13] <blackboxsw> thanks
[22:13] <lucasmoura> blackboxsw, okay, Shoul I just mark them on the list as done or remove from the card ?
[22:14] <blackboxsw> lucasmoura: how about delete them
[22:14] <blackboxsw> from the checklist
[22:14] <blackboxsw> thanks
[22:14] <lucasmoura> blackboxsw, No problem
[22:16] <blackboxsw> lucasmoura: if you get a chance tomorrow plz check for errors in the attached/big logs https://github.com/cloud-init/ubuntu-sru/pull/114 :)
[22:17] <lucasmoura> blackboxsw, ack
[22:20] <blackboxsw> https://github.com/cloud-init/ubuntu-sru/pull/116 merged thanks lucasmoura