On Tue, Sep 25, 2018 at 10:54 AM Peter Robinson <pbrobinson@xxxxxxxxx> wrote: > > > * Máirín Duffy: > > > > > - Found out it's cloud-info stalling the boot. > > > > I think it's actually cloud-init. > > > > > - Yay I have a login prompt! What's the login info? Gahhhh... > > > - Realize have to run virt-customize --uninstall cloud-init --root-password password:whatever --selinux-relabel -a theimage > > > > I have requested downstream that we ship separate KVM and cloud images > > because cloud-init is a significant security risk when run outside a > > cloud environment which supports instance data injection (which libvirt > > does not provide). cloud-init probes the network and executes scripts > > it finds there as root. It cannot perform authentication because it > > performs customization of the image, and the owner of the VM is not > > known to it before it runs. > > > > A dedicated cloud image with a document procedure for injecting > > authentication information (could be an open root shell on the serial > > console) would help your use case as well and discourage people from > > abusing the insecure cloud images for KVM installs. > > Might be better to move them all to ignition in F-30? How is ignition any better? Aside from it being written in Go (which reduces the architectures and platforms that can be supported), it functions more or less the same way as cloud-init. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
