← Back to team overview

cloud-init team mailing list archive

How to properly "clean" cloud instance data


Hi All,

I have a question about what is the best way to clear /var/lib/cloud/ data when creating a new VM image for a public cloud.  On Azure we have a concept of "deprovisioning" which essentially clears any artifacts from a previous provision (mostly anything in /var/lib/waagent/).  More recent versions of the agent will also attempt to clean out any instance metadata in /var/lib/cloud when the customer runs "waagent -deprovision".  The trouble is that currently this can break how per-once and per-instance works.
The intent was to remove any stale user data in case it contains sensitive information.  So is there a general way to remove stale user data without breaking per-once/per-instance?  Maybe this isn't something the Azure agent should be doing at all, but if we can provide some guidance about this for the customer that would be helpful.


Follow ups