** Description changed:
It is Vagrant convention that the default user is named "vagrant"[0],
and a whole host of scripts assume this to be the default.
The xenial box is substantially less useful to Vagrant users with the
"ubuntu" user as the default, and there is limited benefit to having the
"ubuntu" user.
+ [0] Search for "user to SSH" in
+ https://www.vagrantup.com/docs/boxes/base.html.
- [0] Search for "user to SSH" in
https://www.vagrantup.com/docs/boxes/base.html.
+ ------------
+
+ Xenial SRU:
+
+ [impact]
+
+ * The vagrant boxes produced by livecd-rootfs hooks do not conform to
+ the vagrant community's guidelines for box creation, leading vagrant
+ users to use non-official (unaudited) boxes instead, where a "vagrant"
+ user can be found.
+
+ * A large portion of vagrant automation (3rd party tools, scripts) rely
+ on the presence of a "vagrant" user conforming to the above guidelines.
+ The official ubuntu images are ones of the very few not conforming to
+ the expected user layout.
+
+ [test case]
+
+ From a fresh Ubuntu install:
+
+ * sudo apt install vagrant
+
+ * vagrant init ubuntu/xenial64
+
+ * vagrant up
+
+ * vagrant ssh
+
+ notice the user being logged in as is "ubuntu"
+
+ With either ubuntu/artful64 or ubuntu/bionic64, the same steps log the
+ user in as "vagrant".
+
+ [Regression potential]
+
+ * Users who worked around this behavior in their automation are the most
+ at-risk. They might not be able to login to their boxes anymore, if they
+ worked around by extracting the ubuntu password from the box metadata.
+ If they worked around the problem using cloud-init, no regression will
+ be visible.
+
+ * The changes introduce a new insecure user, users having worked around
+ the problem on their own might be be unaware of this.
+
+ * The general consensus in the vagrant community is to install third-
+ party boxes instead of spending time to try and workaround the problems
+ with the official ubuntu boxes, so it is likely to be a limited real-
+ world impact.
+
+ * The change might affect exotic systems where people for some reason
+ decided to build a non-vagrant machine out of our official vagrant image
+
+ Note that these regressions will apply to users upgrading their
+ installations to future releases (artful, bionic, and later).
** Also affects: livecd-rootfs (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1569237
Title:
vagrant xenial box is not provided with vagrant/vagrant username and
password
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1569237/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
