Disable provisioning with password #57
Conversation
dongsupark
force-pushed
the
disable-password-auth
branch
from
5762e37
to
0699dfb
Compare
dongsupark
force-pushed
the
disable-password-auth
branch
from
2db1745
to
e49ea68
Compare
There was a problem hiding this comment.
Just a few style nits which you should feel free to ignore if you like 😄
It would be nice to have a functional test that attempts to provision a host with a password and demonstrate it fails, as well, but that might need a bit more thought on how testing should be organized and whatnot.
dongsupark
force-pushed
the
disable-password-auth
branch
from
e49ea68
to
a0a37ed
Compare
|
Tested this PR manually in Azure, with help of the existing script A provisioning with a ssh key seems to work well, at least no regression. On that machine, a systemd unit I did not yet manage to actually test the case of failing when a non-empty password. |
| match imds::get_username(imds_body.clone()) { | ||
| Ok(username) => Ok(username), | ||
| Err(_err) => Err("Failed to get username".into()), | ||
| } |
There was a problem hiding this comment.
This was a case I missed that could also be a map_err, but it's up to you if you want to adjust it. I'm touching all the errors in #59 anyway and need to rebase it after this is merged so I can adjust it there.
There was a problem hiding this comment.
It looks a little tricky touch that in this PR, because main does not return error in this context.
It might be probably better to touch in your PR.
Password authentication by itself not as secure as ssh key. For better security, we should disable password authentication. So if user enabled password authentication in Azure, azure-init now simply fails to provision. Clean up unnecessary functions in libazureinit, like mount_media, unmount_media, allow_password_authentication.
…bled Rename function name from get_provision_with_password to is_password_authentication_disabled, because that function actually returns true if the password authentication is disabled. The original name is rather the opposite of the actual meaning.
Also tested the scenario, by passing |
dongsupark
force-pushed
the
disable-password-auth
branch
from
2bdfc39
to
000a851
Compare
You can try to deploy a VM with boot diagnostic enabled, using password. The deployment will fail in about 20 minutes due to OS Provisioning timeout (because the agent returned an error). Assuming the output from azure-init makes it to serial console (if not we should make any err/warn/into output go to console to aid with debugging) we should see the error about non-empty pasword |
Thanks for the tip. However, provisioning itself seems to run even when the systemd unit failed. |
Currently azure-init does not fail, even when it should fail with error. That's why azure-init systemd service simply keeps running even on failure. Make it exit with exit code, so systemd unit azure-init fails in case of failure.
dongsupark
force-pushed
the
disable-password-auth
branch
from
902dd22
to
266fc98
Compare
I think we should investigate why provisioning didn't timeout. Likely there's another entity/agent in the VM that was reporting health. It would be good to know what it is and if it is expected. We might want to remove such noise in our testing. It shouldn't block this PR, however. See #61 |
Functions mount_media and remove_media were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions.
Functions mount_media and remove_media were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions.
Functions mount_media and remove_media were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions. Adjust return types according to the new LibError interface as well.
Functions mount_media and remove_media were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions. Adjust return types according to the new LibError interface as well.
Functions mount_media and remove_media were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions. Adjust return types according to the new LibError interface as well. Define const PATH_MOUNT_DEVICE, PATH_MOUNT_POINT for path to mount point for media source and target to be mounted, and replace hard-coded path with the new const. Co-authored-by: Jeremy Cline <jeremycline@microsoft.com>
Functions mount_media and remove_media were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions. Adjust return types according to the new LibError interface as well. Define const PATH_MOUNT_DEVICE, PATH_MOUNT_POINT for path to mount point for media source and target to be mounted, and replace hard-coded path with the new const. Co-authored-by: Jeremy Cline <jeremycline@microsoft.com>
Functions mount_media and remove_media were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions. Adjust return types according to the new LibError interface as well. Define const PATH_MOUNT_DEVICE, PATH_MOUNT_POINT for path to mount point for media source and target to be mounted, and replace hard-coded path with the new const. Co-authored-by: Jeremy Cline <jeremycline@microsoft.com>
Functions `mount_media` and `remove_media` were removed in #57. To parse a ovf_env file, however, both mount_media and remove_media are necessary. Bring back the functions. Adjust return types according to the new LibError interface as well. Co-authored-by: Jeremy Cline <jeremycline@microsoft.com>
Password authentication by itself not as secure as ssh key. For better security, we should disable password authentication. So if user enabled password authentication in Azure, azure-init now simply fails to provision.
Clean up unnecessary functions in libazureinit, like
mount_media,unmount_media,allow_password_authentication.Fixes #52.
Testing done
Manual test is done.