I'm wondering how you keep the root password secure. Right now, it works similarly to userdata and metadata, in that the instance queries its router as it boots, but then the password is wiped once queried. If this didn't happen, non-root users could query for the root password all day. Do you suggest this be special userdata that is handled like this after first access? Or is there another way this is normally handled?
Is the push for cloud-init just that it is easier to install than cloud-set-guest-password? On Tue, Aug 26, 2014 at 4:00 PM, Erik Weber <terbol...@gmail.com> wrote: > On Tue, Aug 26, 2014 at 11:44 PM, Nux! <n...@li.nux.ro> wrote: > > > Hi Erik and thanks for your effort. Using user data is a nice idea. > > Let's see what more experienced programmers have to say on this. > > > > > Sure thing > > One thing that I noticed; though it might have been OK in your particular > > case, "rm -rf /var/lib/cloud/" is a bad idea as it can include various > > useful scripts along that path. As you noticed I copy the > > cloudstack-set-password script in /var/lib/cloud/scripts/per-boot, so > > that's one example. :-) > > > > > Guess I should note that this was on a test vm, to force refreshing the > user-data. It can probably be done with in a less harmful way. > > DO NOT DO THIS ON ANYTHING IN PRODUCTION :-) > > -- > Erik >
