yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1718867] [NEW] [gce] cloud-init ignores project metadata ssh-keys if instance metadata is not empty

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sergey Gavrilov <srg.gavrilov@xxxxxxxxx>
Date: Fri, 22 Sep 2017 07:56:54 -0000
Reply-to: Bug 1718867 <1718867@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I've got the following terraform config:

resource "google_compute_instance" "instance" {
  name         = "${var.name}"
  machine_type = "${var.type}"
  zone         = "${var.zone}"


  boot_disk {
    initialize_params {
      image = "ubuntu-os-cloud/ubuntu-1604-lts"
    }
  }

  attached_disk {
    source = "${google_compute_disk.data-disk.self_link}"
  }

  # metadata {
  #   ssh-keys = "${var.ssh_keys}"
  # }

  provisioner "remote-exec" {
    script = "${path.module}/attach-data-disk.sh"

    connection {
      type = "ssh"
      user = "ubuntu"
    }
  }
}

It creates a disk and an instance with that disk attached. After that it tries to connect over ssh to that instance as ubuntu user and keys from ssh-agent to format and mount attached disk.
It works well since I've got my public key in project metadata and cloud-init adds it as authorized key for ubuntu user on startup.

If I uncomment metadata block it'll add ssh-keys field to instance
metadata and I'll be never success with the following ssh connection
unless I add my public key to instance metadata.


Provider: Google Cloud Platform
cloud-init version: 0.7.9-153-g16a7302f-0ubuntu1~16.04.2
Logs:
ci-info: no authorized ssh keys fingerprints found for user ubuntu

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1718867

Title:
  [gce] cloud-init ignores project metadata ssh-keys if instance
  metadata is not empty

Status in cloud-init:
  New

Bug description:
  I've got the following terraform config:

  resource "google_compute_instance" "instance" {
    name         = "${var.name}"
    machine_type = "${var.type}"
    zone         = "${var.zone}"

  
    boot_disk {
      initialize_params {
        image = "ubuntu-os-cloud/ubuntu-1604-lts"
      }
    }

    attached_disk {
      source = "${google_compute_disk.data-disk.self_link}"
    }

    # metadata {
    #   ssh-keys = "${var.ssh_keys}"
    # }

    provisioner "remote-exec" {
      script = "${path.module}/attach-data-disk.sh"

      connection {
        type = "ssh"
        user = "ubuntu"
      }
    }
  }

  It creates a disk and an instance with that disk attached. After that it tries to connect over ssh to that instance as ubuntu user and keys from ssh-agent to format and mount attached disk.
  It works well since I've got my public key in project metadata and cloud-init adds it as authorized key for ubuntu user on startup.

  If I uncomment metadata block it'll add ssh-keys field to instance
  metadata and I'll be never success with the following ssh connection
  unless I add my public key to instance metadata.

  
  Provider: Google Cloud Platform
  cloud-init version: 0.7.9-153-g16a7302f-0ubuntu1~16.04.2
  Logs:
  ci-info: no authorized ssh keys fingerprints found for user ubuntu

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1718867/+subscriptions

Follow ups

[Bug 1718867] Re: [gce] cloud-init ignores project metadata ssh-keys if instance metadata is not empty
From: Launchpad Bug Tracker, 2019-04-24