(mirror of https://github.com/marekm72/vyos-cloud-init.git) https://git.amelek.net/marekm72/vyos-cloud-init.git/atom?h=circinus 2019-03-26T18:53:50+00:00 2019-03-26T18:53:50+00:00 Jason Zions (MSFT) jasonzio@microsoft.com 2019-03-26T18:53:50+00:00 urn:sha1:0dc3a77f41f4544e4cb5a41637af7693410d4cdf The Azure platform surfaces random bytes into /sys via Hyper-V. Python 2.7 json.dump() raises an exception if asked to convert a str with non-character content, and python 3.0 json.dump() won't serialize a "bytes" value. As a result, c-i instance data is often not written by Azure, making reboots slower (c-i has to repeat work). The random data is base64-encoded and then decoded into a string (str or unicode depending on the version of Python in use). The base64 string has just as many bits of entropy, so we're not throwing away useful "information", but we can be certain json.dump() will correctly serialize the bits. 2019-02-22T13:26:31+00:00 Jason Zions (MSFT) jasonzio@microsoft.com 2019-02-22T13:26:31+00:00 urn:sha1:34f54360fcc1e0f805002a0b639d0a84eb2cb8ee The Azure data source is expected to expose a list of ssh keys for the user-to-be-provisioned in the crawled metadata. When configured to use the __builtin__ agent this list is built by the WALinuxAgentShim. The shim retrieves the full set of certificates and public keys exposed to the VM from the wireserver, extracts any ssh keys it can, and returns that list. This fix reduces that list of ssh keys to just the ones whose fingerprints appear in the "administrative user" section of the ovf-env.xml file. The Azure control plane exposes other ssh keys to the VM for other reasons, but those should not be added to the authorized_keys file for the provisioned user.