> * Máirín Duffy: > > > - Found out it's cloud-info stalling the boot. > > I think it's actually cloud-init. > > > - Yay I have a login prompt! What's the login info? Gahhhh... > > - Realize have to run virt-customize --uninstall cloud-init --root-password password:whatever --selinux-relabel -a theimage > > I have requested downstream that we ship separate KVM and cloud images > because cloud-init is a significant security risk when run outside a > cloud environment which supports instance data injection (which libvirt > does not provide). cloud-init probes the network and executes scripts > it finds there as root. It cannot perform authentication because it > performs customization of the image, and the owner of the VM is not > known to it before it runs. > > A dedicated cloud image with a document procedure for injecting > authentication information (could be an open root shell on the serial > console) would help your use case as well and discourage people from > abusing the insecure cloud images for KVM installs. Might be better to move them all to ignition in F-30? _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
