-
Notifications
You must be signed in to change notification settings - Fork 30
EC2 CoreOS Cloud Init Running when using Ignition #1933
Comments
This is a known issue in older versions of Container Linux. It was fixed in 1367.5.0 when we moved away from running coreos-cloudinit for provisioning. You'll either need to reprovision using at least that version or manually mask coreos-cloudinit with the following Container Linux Config: systemd:
units:
- name: oem-cloudinit.service
mask: true The reason this is broken is because we decided long ago that coreos-cloudinit would always apply SSH keys, regardless of how broken the userdata was. This was to facilitate debugging. The side effect of this is that if coreos-cloudinit ever runs, it reapplies your SSH keys. It wasn't until the aforementioned version that we stopped using coreos-cloudinit at all. I hate coreos-cloudinit. |
To further clarify this behavior, even after the switch to Ignition, Thinking out loud, I wonder if we should change |
Thanks @crawford! We're going to give that a spin. |
@crawford that work around worked beautifully. Thank you! That would be excellent to have in the documentation somewhere? |
@troyfontaine great! Yeah, that might be worth calling out somewhere. This is a non-issue in later releases (starting with 1367.5.0), but those haven't worked their way through all of the channels yet. |
I've opened #2070 for changing |
Issue Report
Bug
Bug
Container Linux Version
Environment
ec2 AMI: ami-fcc4539c
Instance configured using Ignition-not cloud-config
Expected Behavior
Utilizing update-ssh-keys to remove existing keys for the Core user will remove the key chosen at instance creation and prevent it from persisting across restarts. E.g.
Actual Behavior
Once restarting after removing the key, the key is re-added to the Core user by CloudInit.
Reproduction Steps
Other Information
Checking journalctl from the last reboot, I see the following:
This behavior is contrary to the information posted on the Google Group
The text was updated successfully, but these errors were encountered: