1831107 – [RHV] cloud-init with empty fields injects configurations

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1831107 - [RHV] cloud-init with empty fields injects configurations

Summary: [RHV] cloud-init with empty fields injects configurations

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	cloud-init
Sub Component:
Version:	8.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	8.0
Assignee:	Emanuele Giuseppe Esposito
QA Contact:	xiachen
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-05-04 16:18 UTC by Beni Pelled
Modified:	2022-10-20 08:28 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-06-08 11:27:36 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Beni Pelled 2020-05-04 16:18:56 UTC

Description of problem:
Running a VM on RHV environment with cloud-init checked (on run-once mode) with empty fields injects an empty .ssh/authorized_keys and adds HWADDR=<MAC> to the ifcfg file

Version-Release number of selected component (if applicable):
- ovirt-engine-4.4.0-0.33.master.el8ev.noarch
- Red Hat Enterprise Linux 8.2 Beta (Ootpa)
- cloud-init-18.5-12.el8.noarch

How reproducible:
100%

Steps to Reproduce:
1. Create a VM from a sealed template
2. Run the VM as run-once and under 'Initial Run' check the cloud-init, remove the content from 'VM Hostname' field and make sure all other fields are empty

Actual results:
An empty .ssh/authorized_keys is created and 'HWADDR=<MAC>' is added to the ifcfg file (and maybe other irrelevant settings inject by cloud-init)

Expected results:
No .ssh/authorized_keys file or any other settings should be injected if they not specified in advance.

Additional info:
I know that at least in rhel7.4 this wasn't the behavior - the file and settings were not injected.

Comment 2 Eduardo Otubo 2020-10-08 11:56:05 UTC

I don't believe producing an empty `.ssh/authorized_keys' should be a problem. Do you think that having an empty keys file could impact on something?

Regarding the `HWADDR=<MAC>', that's definitely a bug. Even though I feel this is more a testing corner case than real problem. Cloud-init shouldn't be operating with empty configuration files.

Please consider attaching some logs for an easier debugging. You can get all the necessary logs with:

  cloud-init collect-logs

Thanks!

Comment 3 Beni Pelled 2020-10-11 08:54:05 UTC

(In reply to Eduardo Otubo from comment #2)
> I don't believe producing an empty `.ssh/authorized_keys' should be a
> problem. Do you think that having an empty keys file could impact on
> something?
It affects our automation-tests (expect an empty .ssh folder) but no, I can't see an urgent issue caused by an empty keys file,
We can definitely adjust our automation but it's not the issue here, IMO it should behave like any clean OS-installation with no unexpected files.

> 
> Regarding the `HWADDR=<MAC>', that's definitely a bug. Even though I feel
> this is more a testing corner case than real problem. Cloud-init shouldn't
> be operating with empty configuration files.
> 
> Please consider attaching some logs for an easier debugging. You can get all
> the necessary logs with:
> 
>   cloud-init collect-logs
Attached.

> 
> Thanks!

Comment 6 Eduardo Otubo 2020-10-14 12:25:40 UTC

I see that even though an empty ~/.ssh/authorized_keys is not a bug, the Python code is crashing raising IOError on a logging function and that should be investigated.

Also from the logs it looks like all configuration was applied correctly (IP and Mac on eth0 interface), there's no place on cloud-init that it's injecting the specific string "<MAC>" on the configuration file, but it is passing along strings being given to cloud-init. Can you double check if RHV is not responsible for this?

Note You need to log in before you can comment on or make changes to this bug.