#cloud-init log

17:25 <blackboxsw> #startmeeting cloud-init status meeting  && office hours
17:25 <meetingology> Meeting started Tue Nov 17 17:25:00 2020 UTC.  The chair is blackboxsw. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
17:25 <meetingology> 
17:25 <meetingology> Available commands: action commands idea info link nick
17:25 <blackboxsw> community-notice: hi folks just starting up an our cloud-init satus update and office hours community meeting.
17:26 <blackboxsw> As of the cloud-init summit,  we decided  to try to host these primarily async in discourse to allow folks in other timezones to participate as available.
17:26 <blackboxsw> I've just finished posting a status update for cloud-init upstream to https://discourse.ubuntu.com/t/cloud-init-statue-11-17-20/19391
17:26 <blackboxsw> #link https://discourse.ubuntu.com/t/cloud-init-statue-11-17-20/19391
17:27 <blackboxsw> #chairs rharper smoser Odd_Bloke
17:28 <rharper> o/
17:28 <blackboxsw> Generally I think this status meeting can be used as a platform for communication and discussion with the community.
17:29 <blackboxsw> for this week, as brought up by a few folks in the community, is that we are trying to define a "go" date for the next upstream cloud-init release 20.4.
17:30 <blackboxsw> The hope is to target this Friday Nov 20th. as a deadline for requesting specific PRs and reviews that are needed to get features or fixes included in this 20.4 release.
17:31 <meena> so, i just responded to falcojr's email
17:32 <blackboxsw> The goal of this date, from an Ubuntu standpoint,  is also to be able to SRU (stable release update) and publish this functionality back to Xenial, Bionic and Focal before the end of the calendar year
17:32 <meena> https://github.com/canonical/cloud-init/pull/655 i'd love this too get merged, so we don't have to carry the patch on ports
17:33 <blackboxsw> thanks meena there  https://github.com/canonical/cloud-init/pull/655  ahh I'm too late
17:34 <blackboxsw> So, for those who happen to be on this channel now, let's add links to the meeting log and I'll make sure they are also reflected on the discourse post and PRs that need review assessment and hopefully landing before upstream release cut.
17:34 <blackboxsw> #link  https://github.com/canonical/cloud-init/pull/655
17:34 <blackboxsw> rharper or smoser are there any concerns with existing PRs that you are aware of that should be destined for this 20.4  release?
17:35 <meena> rharper, i'd also love your historic knowledge on https://github.com/canonical/cloud-init/pull/588 but that can wait until after the release
17:36 <blackboxsw> rharper: I wanted to put a solid review on the cached ds handling  today/tomorrow
17:36 <blackboxsw> #link https://github.com/canonical/cloud-init/pull/647
17:36 <blackboxsw> I've looked it over a couple times, but wanted to but some investment in the review myself today.
17:37 <blackboxsw> AnhVoMSFT: welcome and thanks for peeking in to checkup. If your team also have any hopes for PRs you can pitch us here, discourse or email.
17:38 <AnhVoMSFT> I have a quick question on the cc_set_passwords. I'm still looking through the code but if anyone knows this one well and can point me to the right place to look it would be appreciated
17:39 <AnhVoMSFT> it seems like if we create an image that previously was deployed with password ABC, but during image preparation we don't delete that user, then when we deploy a VM with that image and specifying a new password DEF, it isn't applied. I.e., the user will still have password ABC
17:39 <rharper> blackboxsw: I'm not aware of anything critical PR wise; maybe the networking_cls bits; but not sure if that's ready;
17:40 <meena> from my understanding, that needs to get in
17:40 <blackboxsw> AnhVoMSFT: poking around now on that
17:41 <rharper> meena: yes; that makes sense; just hadn't looked at the current state of the PR since I last commented;
17:42 <rharper> meena: re: 588 (genreate_fallback_config); did you have a specific question you wanted some background on?
17:43 <meena> rharper, search for your name
17:44 <rharper> hidden under a "Load more Items"
17:44 <rharper> I'll respond
17:44 <blackboxsw> so instance-id should have changed on the newly deployed vm, so cc_set_passwords should get retriggered due to https://github.com/canonical/cloud-init/blob/master/cloudinit/config/cc_set_passwords.py#L49 (the default frequency for cc modules). AnhVoMSFT: what the userdata password field you are using? top-level password or chpasswd?
17:45 <AnhVoMSFT> this is the user password passed in from ovf
17:45 <blackboxsw> as that'd be different code paths I think
17:45 <meena> https://github.com/canonical/cloud-init/pull/588#pullrequestreview-529957360
17:46 <AnhVoMSFT> in a newly created instance without the existing user, I could see the password getting created during the initial useradd call when the user is created
17:47 <AnhVoMSFT> however, if the user existed, that code path isn't invoked. There's some code in cc_set_passwords to change the password for existing user, but I'm unsure when it's invoked (or why it's not invoked in the case of azure)
17:48 <blackboxsw> AnhVoMSFT: could you provide a paste of redacted userdata from that instance via `sudo cloud-init query userdata`... redacting the specific passwords ?
17:49 <blackboxsw> yeah I would have expected a                 log.debug("Changing password for %s:", users) log
17:53 <AnhVoMSFT> let me run the query
17:53 <AnhVoMSFT> there's nothing returned (since there's no userdata)
17:54 <AnhVoMSFT> looks like the ds Azure is adding the user/password information retrieved from OVF to cfg['defuser']
18:00 <AnhVoMSFT> https://github.com/canonical/cloud-init/blob/eeef783b0322d99840f39a58de052772afefe822/cloudinit/sources/DataSourceAzure.py#L1325
18:00 <AnhVoMSFT> if I'm reading the code of cc_set_password correctly we will need to add cfg['password'] as well if we want the defuser's password to be changed?
18:01 <Odd_Bloke> rharper: We are treating the networking_cls PR as critical, and AFA(I/we)K it's pretty much ready to land.
18:02 <rharper> Odd_Bloke: ok, makes sense
18:06 <smoser> blackboxsw: i dont have anything critical.
18:06 <blackboxsw> AnhVoMSFT: so normalize_users_groups is what pulls the default_user configuration out of /etc/cloud/cloud.cfg(.d/*)
18:06 <blackboxsw> https://github.com/canonical/cloud-init/blob/eeef783b0322d99840f39a58de052772afefe822/cloudinit/config/cc_set_passwords.py#L163
18:07 <blackboxsw> that ug_util.extract_default is what should be seeing the passwords set/changed
18:07 <smoser> 
18:08 <smoser> #669 looks reasonable.
18:08 <blackboxsw> yet interestingly. password referenced there is only set from the top-level "password" value https://github.com/canonical/cloud-init/blob/eeef783b0322d99840f39a58de052772afefe822/cloudinit/config/cc_set_passwords.py#L143
18:08 <blackboxsw> thanks smoser for that
18:08 <blackboxsw> #link https://github.com/canonical/cloud-init/pull/663
18:12 <AnhVoMSFT> let me test it out real quick by setting the cfg['password'] key in the ds azure
18:12 <blackboxsw> AnhVoMSFT: so, I may be mistaken but if a password key is set on the default_user in system_info (which is what it looks like azure does), then that default password is only used if there is no top-level "password" key provided in merged cloud-config, then and the default_user specific password key is ignored
18:12 <blackboxsw> +1 AnhVoMSFT
18:13 <AnhVoMSFT> yep that worked
18:13 <AnhVoMSFT> it's a one liner change, I'll submit a PR asap
18:14 <blackboxsw> AnhVoMSFT: good. ok, I wonder if this ever worked (having the password key hung under default_user scope?)
18:14 <blackboxsw> as in, I wonder if there was a regression introduced with some of the is_FreeBSD restructuring
18:15 <AnhVoMSFT> I don't think so. customer reported this issue in cloud-init 18.5 and I repro-ed it in master
18:15 <blackboxsw> ok, ok. good thanks for that context
18:15 <blackboxsw> and checking the recent BSD change it looking completely unrelated
18:17 <blackboxsw> ok AnhVoMSFT when the PR is submitted. let's get that queued for this upstream 20.4  if we can
18:18 <blackboxsw> do folks have an opinion on whether it helps to add a custom label to active PRs that we intend to land before upstream release like 'upstream-blocker'  or 'upstream-release'?
18:19 <blackboxsw> just for more public tracking/transparency. not sure if that's helpful or just needless process?
18:19 <blackboxsw> do folks have an opinion on whether it helps to add a custom label to active PRs that we intend to land before upstream release like 'upstream-blocker'  or 'upstream-release'?
18:23 <AnhVoMSFT> I think that would be helpful, yes
18:25 <blackboxsw> ok, let's try it out. let's try specific 'release 20.4' and see how that feels to folks. easy enough to drop if it doesn't improve communication
18:30 <blackboxsw> also added pickling upgrade test validation PR
18:30 <blackboxsw> #link https://github.com/canonical/cloud-init/pull/659
18:31 <blackboxsw> ok, last call for cloud-init status / office hours. Any other takers for discussion at the moment? If not I'll close out the meeting in a few mins and publish minutes.
18:33 <blackboxsw> my plan is still to publish to cloud-init.github.io status meetings and link it from the primary post at https://discourse.ubuntu.com/t/cloud-init-status-11-17-20/19391
18:34 <blackboxsw> the following will list prs we hope to work toward landing this week
18:34 <blackboxsw> #link https://github.com/canonical/cloud-init/pulls?q=is%3Apr+is%3Aopen+label%3A%22release+20.4%22
18:35 <blackboxsw> thanks again for the discussion and suggestions folks. Have a good one!
18:35 <blackboxsw> #endmeeting