Updated SRU template. Let me know if there's anything I'm missing. ** Description changed:
- Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys - ssh keys for cloudinit and ubuntu users should both be added to the - 'ubuntu' users authorized_keys file. + [Impact] + + * Per documentation at + https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys ssh keys for + cloudinit and ubuntu users should both be added to the 'ubuntu' users + authorized_keys file. + + * This works fine in Xenial (16.04) and higher, but doesn't work for + Trusty (14.04). - This works fine in Xenial (16.04) and higher, but doesn't work for Trusty (14.04). + [Test Case] + + * Create a file that contains ssh public keys + + $ cat googlekeys + test:ssh-rsa <one example key> t...@example.com + ubuntu:ssh-rsa <a second example key> t...@example.com + cloudinit:ssh-rsa <a third example key> t...@example.com + + * Create an ubuntu 14.04 instance + + gcloud compute instances create ubuntu1404cloudinit --image-family ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True + + * Create an ubuntu 16.04 instance + + gcloud compute instances create ubuntu1604cloudinit --image-family ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file=ssh-keys=googlekeys --metadata=block-project-ssh-keys=True + + * Notice that the ubuntu user in the ubuntu 14.04 instance contains no keys from cloud-init (the keys there are added by the google daemon): + + $ sudo cat /home/ubuntu/.ssh/authorized_keys + # Added by Google + ssh-rsa <the second example key but added by google daemon> t...@example.com + + * However, in 16.04, + + $ sudo cat /home/ubuntu/.ssh/authorized_keys + ssh-rsa <the third example key added by cloud-init> t...@example.com + ssh-rsa <the second example key added by cloud-init> t...@example.com + # Added by Google + ssh-rsa <the second example key added by the google daemon> t...@example.com - [REPRODUCE] + [Regression Potential] - # create a file that contains ssh public keys + * DatasourceGCE.py is heavily modified to fix this behavior in 14.04. + That said, there is a medium amount of regression potential when using + the GCE datasource. More specificallly, there is now stricter checking + of the metadata source when used(platform_check=True). - $ cat googlekeys - test:ssh-rsa <one example key> t...@example.com - ubuntu:ssh-rsa <a second example key> t...@example.com - cloudinit:ssh-rsa <a third example key> t...@example.com - - - # create an ubuntu 14.04 instance - - gcloud compute instances create ubuntu1404cloudinit --image-family - ubuntu-1404-lts --image-project ubuntu-os-cloud --metadata-from-file - =ssh-keys=googlekeys --metadata=block-project-ssh-keys=True - - # create an ubuntu 16.04 instance - - gcloud compute instances create ubuntu1604cloudinit --image-family - ubuntu-1604-lts --image-project ubuntu-os-cloud --metadata-from-file - =ssh-keys=googlekeys --metadata=block-project-ssh-keys=True - - - Notice that the ubuntu user in the ubuntu 14.04 instance contains no - keys from cloud-init (the keys there are added by the google daemon): - - $ sudo cat /home/ubuntu/.ssh/authorized_keys - # Added by Google - ssh-rsa <the second example key but added by google daemon> t...@example.com - - - In 16.04, - - $ sudo cat /home/ubuntu/.ssh/authorized_keys - ssh-rsa <the third example key added by cloud-init> t...@example.com - ssh-rsa <the second example key added by cloud-init> t...@example.com - # Added by Google - ssh-rsa <the second example key added by the google daemon> t...@example.com - - - [EXPECTED BEHAVIOR] - - The ubuntu and cloudinit keys in metadata should be added to the ubuntu - user by cloud-init. + * Significant testing has been completed via the Google Compute + platform as well as other none-GCE datasources (lxd) to confirm + functionality and to test for possible regressions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1781039 Title: GCE cloudinit and ubuntu keys from metadata to ubuntu authorized_keys To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1781039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
