yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #73744
[Bug 1781039] [NEW] GCE cloudinit and ubuntu keys from metadata to ubuntu authorized_keys
Public bug reported:
Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys
ssh keys for cloudinit and ubuntu users should both be added to the
'ubuntu' users authorized_keys file.
This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04).
[REPRODUCE]
# create a file that contains ssh public keys
$ cat googlekeys
test:ssh-rsa <one example key> test@xxxxxxxxxxx
ubuntu:ssh-rsa <a second example key> test@xxxxxxxxxxx
cloudinit:ssh-rsa <a third example key> test@xxxxxxxxxxx
# create an ubuntu 14.04 instance
gcloud compute instances create ubuntu1404cloudinit --image-family
ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file
=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
# create an ubuntu 16.04 instance
gcloud compute instances create ubuntu1604cloudinit --image-family
ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file
=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
Notice that the ubuntu user in the ubuntu 14.04 instance contains no
keys from cloud-init (the keys there are added by the google daemon):
$ sudo cat /home/ubuntu/.ssh/authorized_keys
# Added by Google
ssh-rsa <the second example key but added by google daemon> test@xxxxxxxxxxx
In 16.04,
$ sudo cat /home/ubuntu/.ssh/authorized_keys
ssh-rsa <the third example key added by cloud-init> test@xxxxxxxxxxx
ssh-rsa <the second example key added by cloud-init> test@xxxxxxxxxxx
# Added by Google
ssh-rsa <the second example key added by the google daemon> test@xxxxxxxxxxx
[EXPECTED BEHAVIOR]
The ubuntu and cloudinit keys in metadata should be added to the ubuntu
user by cloud-init.
** Affects: cloud-init
Importance: Undecided
Assignee: Shane Peters (shaner)
Status: New
** Tags: sts
** Changed in: cloud-init
Assignee: (unassigned) => Shane Peters (shaner)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1781039
Title:
GCE cloudinit and ubuntu keys from metadata to ubuntu authorized_keys
Status in cloud-init:
New
Bug description:
Per documentation at
https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys ssh keys for
cloudinit and ubuntu users should both be added to the 'ubuntu' users
authorized_keys file.
This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04).
[REPRODUCE]
# create a file that contains ssh public keys
$ cat googlekeys
test:ssh-rsa <one example key> test@xxxxxxxxxxx
ubuntu:ssh-rsa <a second example key> test@xxxxxxxxxxx
cloudinit:ssh-rsa <a third example key> test@xxxxxxxxxxx
# create an ubuntu 14.04 instance
gcloud compute instances create ubuntu1404cloudinit --image-family
ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file
=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
# create an ubuntu 16.04 instance
gcloud compute instances create ubuntu1604cloudinit --image-family
ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file
=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True
Notice that the ubuntu user in the ubuntu 14.04 instance contains no
keys from cloud-init (the keys there are added by the google daemon):
$ sudo cat /home/ubuntu/.ssh/authorized_keys
# Added by Google
ssh-rsa <the second example key but added by google daemon> test@xxxxxxxxxxx
In 16.04,
$ sudo cat /home/ubuntu/.ssh/authorized_keys
ssh-rsa <the third example key added by cloud-init> test@xxxxxxxxxxx
ssh-rsa <the second example key added by cloud-init> test@xxxxxxxxxxx
# Added by Google
ssh-rsa <the second example key added by the google daemon> test@xxxxxxxxxxx
[EXPECTED BEHAVIOR]
The ubuntu and cloudinit keys in metadata should be added to the
ubuntu user by cloud-init.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1781039/+subscriptions
Follow ups
