<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-cloud-init.git/cloudinit/config/cc_set_passwords.py, branch rolling</title>
<subtitle> (mirror of https://github.com/vyos/vyos-cloud-init.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-cloud-init.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-cloud-init.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/'/>
<updated>2021-12-16T02:16:38+00:00</updated>
<entry>
<title>Adopt Black and isort (SC-700) (#1157)</title>
<updated>2021-12-16T02:16:38+00:00</updated>
<author>
<name>James Falcon</name>
<email>james.falcon@canonical.com</email>
</author>
<published>2021-12-16T02:16:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf'/>
<id>urn:sha1:bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf</id>
<content type='text'>
Applied Black and isort, fixed any linting issues, updated tox.ini
and CI.
</content>
</entry>
<entry>
<title>Leave the details of service management to the distro (#1074)</title>
<updated>2021-10-20T20:58:27+00:00</updated>
<author>
<name>Andy Fiddaman</name>
<email>omnios@citrus-it.co.uk</email>
</author>
<published>2021-10-20T20:58:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=8c89009e75c7cf6c2f87635b82656f07f58095e1'/>
<id>urn:sha1:8c89009e75c7cf6c2f87635b82656f07f58095e1</id>
<content type='text'>
Various modules restart services and they all have logic to try and
detect if they are running on a system that needs 'systemctl' or
'service', and then have code to decide which order the arguments
need to be etc. On top of that, not all modules do this in the same way.

The duplication and different approaches are not ideal but this also
makes it hard to add support for a new distribution that does not use
either 'systemctl' or 'service'.

This change adds a new manage_service() method to the distro class
and updates several modules to use it.</content>
</entry>
<entry>
<title>Improve ug_util.py (#1013)</title>
<updated>2021-09-13T19:41:45+00:00</updated>
<author>
<name>Shreenidhi Shedi</name>
<email>53473811+sshedi@users.noreply.github.com</email>
</author>
<published>2021-09-13T19:41:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=f3cc94949d9f153b4a5135f8b989ff11b36ab7ea'/>
<id>urn:sha1:f3cc94949d9f153b4a5135f8b989ff11b36ab7ea</id>
<content type='text'>
No functional changes.</content>
</entry>
<entry>
<title>write passwords only to serial console, lock down cloud-init-output.log (#847)</title>
<updated>2021-03-19T14:06:42+00:00</updated>
<author>
<name>Daniel Watkins</name>
<email>oddbloke@ubuntu.com</email>
</author>
<published>2021-03-19T14:06:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=b794d426b9ab43ea9d6371477466070d86e10668'/>
<id>urn:sha1:b794d426b9ab43ea9d6371477466070d86e10668</id>
<content type='text'>
Prior to this commit, when a user specified configuration which would
generate random passwords for users, cloud-init would cause those
passwords to be written to the serial console by emitting them on
stderr.  In the default configuration, any stdout or stderr emitted by
cloud-init is also written to `/var/log/cloud-init-output.log`.  This
file is world-readable, meaning that those randomly-generated passwords
were available to be read by any user with access to the system.  This
presents an obvious security issue.

This commit responds to this issue in two ways:

* We address the direct issue by moving from writing the passwords to
  sys.stderr to writing them directly to /dev/console (via
  util.multi_log); this means that the passwords will never end up in
  cloud-init-output.log
* To avoid future issues like this, we also modify the logging code so
  that any files created in a log sink subprocess will only be
  owner/group readable and, if it exists, will be owned by the adm
  group.  This results in `/var/log/cloud-init-output.log` no longer
  being world-readable, meaning that if there are other parts of the
  codebase that are emitting sensitive data intended for the serial
  console, that data is no longer available to all users of the system.

LP: #1918303</content>
</entry>
<entry>
<title>Move subp into its own module. (#416)</title>
<updated>2020-06-08T16:49:12+00:00</updated>
<author>
<name>Scott Moser</name>
<email>smoser@brickies.net</email>
</author>
<published>2020-06-08T16:49:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=3c551f6ebc12f7729a2755c89b19b9000e27cc88'/>
<id>urn:sha1:3c551f6ebc12f7729a2755c89b19b9000e27cc88</id>
<content type='text'>
This was painful, but it finishes a TODO from cloudinit/subp.py.

It moves the following from util to subp:
  ProcessExecutionError
  subp
  which
  target_path

I moved subp_blob_in_tempfile into cc_chef, which is its only caller.
That saved us from having to deal with it using write_file
and temp_utils from subp (which does not import any cloudinit things now).

It is arguable that 'target_path' could be moved to a 'path_utils' or
something, but in order to use it from subp and also from utils,
we had to get it out of utils.</content>
</entry>
<entry>
<title>set_passwords: avoid chpasswd on BSD (#268)</title>
<updated>2020-03-25T17:44:10+00:00</updated>
<author>
<name>Gonéri Le Bouder</name>
<email>goneri@lebouder.net</email>
</author>
<published>2020-03-25T17:44:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=993f3e3e76e56266a83776a8f54dbb3ba59cfce7'/>
<id>urn:sha1:993f3e3e76e56266a83776a8f54dbb3ba59cfce7</id>
<content type='text'>
Avoid chpasswd on all the BSD variants.</content>
</entry>
<entry>
<title>cc_set_password: increase random pwlength from 9 to 20 (#189)</title>
<updated>2020-01-24T19:33:12+00:00</updated>
<author>
<name>Ryan Harper</name>
<email>ryan.harper@canonical.com</email>
</author>
<published>2020-01-24T19:33:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=42788bf24a1a0a5421a2d00a7f59b59e38ba1a14'/>
<id>urn:sha1:42788bf24a1a0a5421a2d00a7f59b59e38ba1a14</id>
<content type='text'>
Increasing the bits of security from 52 to 115.

LP: #1860795</content>
</entry>
<entry>
<title>cloud-init: fix capitalisation of SSH (#126)</title>
<updated>2019-12-18T21:22:02+00:00</updated>
<author>
<name>Daniel Watkins</name>
<email>oddbloke@ubuntu.com</email>
</author>
<published>2019-12-18T21:22:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=8116493950e7c47af0ce66fc1bb5d799ce5e477a'/>
<id>urn:sha1:8116493950e7c47af0ce66fc1bb5d799ce5e477a</id>
<content type='text'>
* cc_ssh: fix capitalisation of SSH

* doc: fix capitalisation of SSH

* cc_keys_to_console: fix capitalisation of SSH

* ssh_util: fix capitalisation of SSH

* DataSourceIBMCloud: fix capitalisation of SSH

* DataSourceAzure: fix capitalisation of SSH

* cs_utils: fix capitalisation of SSH

* distros/__init__: fix capitalisation of SSH

* cc_set_passwords: fix capitalisation of SSH

* cc_ssh_import_id: fix capitalisation of SSH

* cc_users_groups: fix capitalisation of SSH

* cc_ssh_authkey_fingerprints: fix capitalisation of SSH
</content>
</entry>
<entry>
<title>set_passwords: support for FreeBSD (#46)</title>
<updated>2019-11-26T16:44:21+00:00</updated>
<author>
<name>Igor Galić</name>
<email>me+github@igalic.co</email>
</author>
<published>2019-11-26T16:44:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=b6055c40189afba323986059434b8d8adc85bba3'/>
<id>urn:sha1:b6055c40189afba323986059434b8d8adc85bba3</id>
<content type='text'>
Allow setting of user passwords on FreeBSD

The www/chpasswd utility which we depended on for FreeBSD installations
does *not* do the same thing as the equally named Linux utility.

For FreeBSD, we now use the pw(8) utility (which can only process one
user at a time)

Additionally, we abstract expire passwd into a function, and override it
in the FreeBSD distro class.

Co-Authored-By: Chad Smith &lt;chad.smith@canonical.com&gt;</content>
</entry>
<entry>
<title>replace any deprecated log.warn with log.warning</title>
<updated>2019-10-17T14:36:40+00:00</updated>
<author>
<name>Dominic Schlegel</name>
<email>dominic.schlegel@hostpoint.ch</email>
</author>
<published>2019-10-17T14:36:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=7e699256b319cdf41e747211763e593a6b5f3393'/>
<id>urn:sha1:7e699256b319cdf41e747211763e593a6b5f3393</id>
<content type='text'>
Commit 6797e822959b84c98cf73e02b2a6e3d6ab3fd4fe replaced
the LOG.warn calls that linters were warning about; this
also replaces calls that linters would not have recognised
(as `log` is generally a parameter in these scenarios).

LP: #1508442
</content>
</entry>
</feed>
