[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GCE completed the switch to bootstrap-vz! Plus a possible SSH auth regression

On 13 August 2014 12:40, Jimmy Kaplowitz <jkaplowitz@google.com> wrote:
Effective with the Debian images we published yesterday (dated 20140807), Google Compute Engine is now using bootstrap-vz to build our Debian images, in place of the old build-debian-cloud tool. All of the necessary code is merged upstream in the development branch. Naturally we're also updated to 7.6, though this is actually the second batch of 7.6 images we've published, not the first.

Adopting bootstrap-vz should make it easier to get Debian cloud team members involved in building the image, since this is the actively maintained codebase, and even has a package in NEW for a slightly older version. Looking forward to seeing some of you at DebConf.

When making the switch, we did notice that SSH password authentication is unexpectedly no longer disabled across all clouds as it was in the old tasks/38-security file. Was this intentional or accidentally lost in some refactor? We're planning to push new images this week (and send a pull request) restoring the pre-existing behavior on GCE, but if it was an oversight more broadly, I can fix it in a shared part of the codebase rather than just a GCE-specific part.

- Jimmy

Great news! A quick note about the regression: It's because GCE doesn't use the ssh task group. I think, for it to be more generally useful, the init script task should be removed. Alternatively you could just add DisableSSHPasswordAuthentication to the GCE tasklist.


Reply to: