This bug was fixed in the package cloud-init - 21.3-1-g6803368d-0ubuntu1
---------------
cloud-init (21.3-1-g6803368d-0ubuntu1) impish; urgency=medium
* New upstream snapshot.
- testing: Fix ssh keys integration test (#992)
- Release 21.3 (#993) (LP: #1940839)
- Azure: During primary nic detection, check interface status continuously
before rebinding again (#990) [aswinrajamannar]
- Fix home permissions modified by ssh module (SC-338) (#984)
(LP: #1940233)
- Add integration test for sensitive jinja substitution (#986)
- Ignore hotplug socket when collecting logs (#985) (LP: #1940235)
- testing: Add missing mocks to test_vmware.py (#982)
- add Zadara Edge Cloud Platform to the supported clouds list (#963)
[sarahwzadara]
- testing: skip upgrade tests on LXD VMs (#980)
-- James Falcon <james.fal...@canonical.com> Mon, 23 Aug 2021 16:53:23
-0500
** Changed in: cloud-init (Ubuntu Impish)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1940233
Title:
cloud-init in impish makes /home/ubuntu/.ssh root.root
Status in cloud-init:
Fix Released
Status in cloud-init package in Ubuntu:
Fix Released
Status in cloud-init source package in Bionic:
New
Status in cloud-init source package in Focal:
New
Status in cloud-init source package in Hirsute:
New
Status in cloud-init source package in Impish:
Fix Released
Bug description:
Hi,
I got to this by my systems complaining to be unable to do ssh-keygen
after deployment. Example:
$ uvt-kvm ssh --insecure impish-kvm 'ssh-keygen -b 2048 -t rsa -f
~/.ssh/id_rsa -q -N '\'''\'''
Saving key "/home/ubuntu/.ssh/id_rsa" failed: Permission denied
I found that is due to permissions after guest spawning:
/home/ubuntu/.ssh changed
Old:
drwx------ 2 ubuntu ubuntu 4096 Aug 17 08:20 .ssh/
New:
drwxr-xr-x 2 root root 4096 Aug 17 08:17 .ssh/
That beaks later things like ssh-keygen.
uvt-kvm only does instruct cloud-init to place a key.
This uses ssh_authorized_keys from
https://cloudinit.readthedocs.io/en/latest/topics/modules.html?highlight=ssh_authorized_keys#authorized-keys
Checked a few guests:
I've seen this on
- impish x86
- impish s390x
I've not seen this on
- bionic
- focal
- impish
You might say - wait a minute impish in both lists.
But it is the date:
Bad
com.ubuntu.cloud.daily:server:21.10:amd64 20210815
cloud-init 21.2-69-g65607405-0ubuntu1
Good
com.ubuntu.cloud.daily:server:21.10:amd64 20210706
cloud-init 21.2-3-g899bfaa9-0ubuntu2
And either this cloud-init version is broken or the underlying new impish
image.
I mounted the underlying cloud-image (without customization by cloud-init)
and found that /home is empty (true for all those images).
So to me that seems to be an issue in the new cloud-init that now is in
those images.
Steps to reproduce
# if your host has no keys to push to the guest run ssh-keygen
# sync the latest broken images
$ uvt-simplestreams-libvirt --verbose sync --source
http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=impish
# spawn guest
$ uvt-kvm create --password=ubuntu i release=impish arch=amd64 label=daily
# wait for it and check the permissions
$ uvt-kvm wait i
$ uvt-kvm ssh i "ls -laF /home/ubuntu/"
drwxr-xr-x 2 root root 4096 Aug 17 08:17 .ssh/
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1940233/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
