cloud-init team mailing list archive
-
cloud-init team
-
Mailing list archive
-
Message #00108
How to properly "clean" cloud instance data
-
To:
"cloud-init@xxxxxxxxxxxxxxxxxxx" <cloud-init@xxxxxxxxxxxxxxxxxxx>
-
From:
Stephen Zarkos <Stephen.Zarkos@xxxxxxxxxxxxx>
-
Date:
Thu, 12 Oct 2017 18:49:32 +0000
-
Accept-language:
en-US
-
Authentication-results:
spf=none (sender IP is ) smtp.mailfrom=Stephen.Zarkos@xxxxxxxxxxxxx;
-
Deferred-delivery:
Thu, 12 Oct 2017 18:49:26 +0000
-
Msip_labels:
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=szark@xxxxxxxxxxxxx; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-10-12T11:48:26.2605984-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
-
Spamdiagnosticmetadata:
NSPM
-
Spamdiagnosticoutput:
1:99
-
Thread-index:
AdNDiZvNdEeuiWcmTvyakNBvowmwOQ==
-
Thread-topic:
How to properly "clean" cloud instance data
Hi All,
I have a question about what is the best way to clear /var/lib/cloud/ data when creating a new VM image for a public cloud. On Azure we have a concept of "deprovisioning" which essentially clears any artifacts from a previous provision (mostly anything in /var/lib/waagent/). More recent versions of the agent will also attempt to clean out any instance metadata in /var/lib/cloud when the customer runs "waagent -deprovision". The trouble is that currently this can break how per-once and per-instance works.
The intent was to remove any stale user data in case it contains sensitive information. So is there a general way to remove stale user data without breaking per-once/per-instance? Maybe this isn't something the Azure agent should be doing at all, but if we can provide some guidance about this for the customer that would be helpful.
Thanks,
Steve
Follow ups
