Bug 1831107

Summary: [RHV] cloud-init with empty fields injects configurations
Product: Red Hat Enterprise Linux 8 Reporter: Beni Pelled <bpelled>
Component: cloud-initAssignee: Emanuele Giuseppe Esposito <eesposit>
Status: CLOSED NOTABUG QA Contact: xiachen
Severity: low Docs Contact:
Priority: low    
Version: 8.2CC: eesposit, huzhao, jgreguske, ribarry, xiachen, yacao
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-08 11:27:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Beni Pelled 2020-05-04 16:18:56 UTC 
Description of problem:
Running a VM on RHV environment with cloud-init checked (on run-once mode) with empty fields injects an empty .ssh/authorized_keys and adds HWADDR=<MAC> to the ifcfg file

Version-Release number of selected component (if applicable):
- ovirt-engine-4.4.0-0.33.master.el8ev.noarch
- Red Hat Enterprise Linux 8.2 Beta (Ootpa)
- cloud-init-18.5-12.el8.noarch

How reproducible:
100%

Steps to Reproduce:
1. Create a VM from a sealed template
2. Run the VM as run-once and under 'Initial Run' check the cloud-init, remove the content from 'VM Hostname' field and make sure all other fields are empty

Actual results:
An empty .ssh/authorized_keys is created and 'HWADDR=<MAC>' is added to the ifcfg file (and maybe other irrelevant settings inject by cloud-init)

Expected results:
No .ssh/authorized_keys file or any other settings should be injected if they not specified in advance.

Additional info:
I know that at least in rhel7.4 this wasn't the behavior - the file and settings were not injected.
Comment 2 Eduardo Otubo 2020-10-08 11:56:05 UTC 
I don't believe producing an empty `.ssh/authorized_keys' should be a problem. Do you think that having an empty keys file could impact on something?

Regarding the `HWADDR=<MAC>', that's definitely a bug. Even though I feel this is more a testing corner case than real problem. Cloud-init shouldn't be operating with empty configuration files.

Please consider attaching some logs for an easier debugging. You can get all the necessary logs with:

  cloud-init collect-logs

Thanks!
Comment 3 Beni Pelled 2020-10-11 08:54:05 UTC 
(In reply to Eduardo Otubo from comment #2)
> I don't believe producing an empty `.ssh/authorized_keys' should be a
> problem. Do you think that having an empty keys file could impact on
> something?
It affects our automation-tests (expect an empty .ssh folder) but no, I can't see an urgent issue caused by an empty keys file,
We can definitely adjust our automation but it's not the issue here, IMO it should behave like any clean OS-installation with no unexpected files.

> 
> Regarding the `HWADDR=<MAC>', that's definitely a bug. Even though I feel
> this is more a testing corner case than real problem. Cloud-init shouldn't
> be operating with empty configuration files.
> 
> Please consider attaching some logs for an easier debugging. You can get all
> the necessary logs with:
> 
>   cloud-init collect-logs
Attached.

> 
> Thanks!
Comment 6 Eduardo Otubo 2020-10-14 12:25:40 UTC 
I see that even though an empty ~/.ssh/authorized_keys is not a bug, the Python code is crashing raising IOError on a logging function and that should be investigated.

Also from the logs it looks like all configuration was applied correctly (IP and Mac on eth0 interface), there's no place on cloud-init that it's injecting the specific string "<MAC>" on the configuration file, but it is passing along strings being given to cloud-init. Can you double check if RHV is not responsible for this?