implement cloud-init query
Bug #1037753 reported by
Scott Moser
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cloud-init |
Fix Released
|
Low
|
Joshua Harlow | ||
Bug Description
at one point there was a 'cloud-init-query' tool that woudl look just report data from the datasource.
This wasn't that useful though, because it only would work as root. That was because it read the pickled /var/lib/
It'd be nice if we could have the datasources save off a clean version of data to world readable, and then
have a tool that could read that.
| Changed in cloud-init: | |
| status: | New → Triaged |
| importance: | Undecided → Low |
Revision history for this message
| Joshua Harlow (harlowja) wrote | #1 |
Revision history for this message
| Joshua Harlow (harlowja) wrote | #2 |
| Changed in cloud-init: | |
| assignee: | nobody → Joshua Harlow (harlowja) |
Revision history for this message
| Dan Watkins (oddbloke) wrote | #3 |
| Changed in cloud-init: | |
| status: | Triaged → Fix Released |
Revision history for this message
| James Falcon (falcojr) wrote | #4 |
To post a comment you must log in.
Cool, so possible idea here.
Have the 'root' datasource expose a 'public' (readable) copy of itself with the following restrictions.
If there is any userdata:
If there is a config option 'encrypt_
Otherwise if true, attempt to encrpyt with ssh keys (generated by previous module).
- openssl rsautl -encrypt -inkey /tmp/public.pub -pubin -in /tmp/msg.txt -out /tmp/file.enc (or similar)
- if that fails, just remove the user-data (empty string)
Then write out that public copy to a file that can be used by this new cloud-init query tool.
The tool itself can be asked for certain datasource fields and show them back, more features here to inspect other files can be added later (?)