← Back to team overview

cloud-init team mailing list archive

Re: How to properly "clean" cloud instance data


Hi Scott,
Just following up, I need to document the current best practice guidance in this scenario for a user who wants to clear down the artifacts as Steve mentioned.

Would the current guidance be removing these directories:
- /var/lib/cloud/instances/
  - /var/lib/cloud



On 10/13/17, 11:49 AM, "Cloud-init on behalf of Scott Moser" <cloud-init-bounces+danis=microsoft.com@xxxxxxxxxxxxxxxxxxx on behalf of smoser@xxxxxxxxxx> wrote:

    On Thu, 12 Oct 2017, Stephen Zarkos wrote:
    > Hi All,
    > I have a question about what is the best way to clear /var/lib/cloud/
    > data when creating a new VM image for a public cloud.  On Azure we have
    > a concept of "deprovisioning" which essentially clears any artifacts
    > from a previous provision (mostly anything in /var/lib/waagent/).  More
    > recent versions of the agent will also attempt to clean out any instance
    > metadata in /var/lib/cloud when the customer runs "waagent
    > -deprovision".  The trouble is that currently this can break how
    > per-once and per-instance works.
    My goal has always been to not require "cleanup".
    I definitely understand the desire for more complete cleaning than
    gets re-done on new instance.  If there is a cleanup step, then
    I think it should include removing /var/lib/cloud/instances/ all together.
    I can't come up with a scenario other than testing that I'd want to
    "clean/deprovision" and keep /var/lib/cloud/instances at all.
    Did you have some use case where you'd want to keep that?
    > The intent was to remove any stale user data in case it contains
    > sensitive information.  So is there a general way to remove stale user
    > data without breaking per-once/per-instance?  Maybe this isn't something
    > the Azure agent should be doing at all, but if we can provide some
    > guidance about this for the customer that would be helpful.
    We've talked before on the team about wanting a 'cloud-init clean',
    and I definitely think the time is right to put something in.
    I'm sure there would be different options on how much to clean, including
     a.) should provisioned user be removed
     b.) should current instance authorized_keys be removed
    Then further it would be possible that each config module could clean up
    after itself.
    I'm not opposed to getting a basic clean command into 17.2 (due in December).
    Would that help you out?
    is there mroe you're looking for?
    Mailing list: https://na01.safelinks.protection.outlook.com/?url=https:%2F%2Flaunchpad.net%2F~cloud-init&data=02%7C01%7Cdanis%40microsoft.com%7C85e4087b77bd41c10c2b08d5126b1b4a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636435173609864954&sdata=pJq6EQMkPzCR7oRndmQCpBlMaKzbHeQIYAfMeYPqoGI%3D&reserved=0
    Post to     : cloud-init@xxxxxxxxxxxxxxxxxxx
    Unsubscribe : https://na01.safelinks.protection.outlook.com/?url=https:%2F%2Flaunchpad.net%2F~cloud-init&data=02%7C01%7Cdanis%40microsoft.com%7C85e4087b77bd41c10c2b08d5126b1b4a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636435173609864954&sdata=pJq6EQMkPzCR7oRndmQCpBlMaKzbHeQIYAfMeYPqoGI%3D&reserved=0
    More help   : https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.launchpad.net%2FListHelp&data=02%7C01%7Cdanis%40microsoft.com%7C85e4087b77bd41c10c2b08d5126b1b4a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636435173609864954&sdata=yvnZNLN8Dr%2BZP%2FjkhsRSgUtUcCbC5NqzmxBKQ1q219w%3D&reserved=0