Re: Fixes for cloud-init in Debian Stretch
On 2/22/19 10:04 PM, Konstantin wrote:
> Hello Noah,
>
> Problem happens on every new launch of ASG instance. Started to happen
> with upgrade to Debian 9.7 i guess.
> During startup we execute salt that cleans default admin user, but that
> was always there and worked fine until latest Debian upgrades from 9.6
> to 9.7 and then 9.8.
> Also salt should be executed after ssh key step.
> Please also check cloud-init logs attached. I stripped out salt part as
> it contains some sensitive information.
In your cloud-init.log, I can read:
2019-02-13 12:00:04,509 - util.py[DEBUG]: Writing to
/home/admin/.ssh/authorized_keys - wb: [384] 425 bytes
2019-02-13 12:00:04,509 - util.py[DEBUG]: Changing the ownership of
/home/admin/.ssh/authorized_keys to 1000:1000
2019-02-13 12:00:04,510 - util.py[DEBUG]: Changing the ownership of
/root/.ssh to 0:0
which means that the /home/admin ssh keys really are setup by
cloud-init. So this doesn't match the Red Hat bug you pointed out.
If I understand well, your problem is not having ssh authorized_keys
setup by cloud-init. But what's failing in your setup is:
cloudinit.config.cc_ssh_authkey_fingerprints
which displays the fingerprint. So, displaying fails, but I see no sign
that anything else fails. Do you have a way to check for this? Could you
log into a VNC console or something similar?
If you mentioned something broken between 9.4 and 9.5, I'd say that the
issue could have been some change in the OpenStack image datasouce_list
order, but between 9.6 and 9.7, I can't figure out what changed. We
didn't do anything to cloud-init, ever, in the lifespan of Stretch.
Cheers,
Thomas Goirand (zigo)
Reply to: