On 09/27/2018 03:26 PM, Florian Weimer wrote:
> * Adam Williamson:
>
>> I don't think we ship anything that is exactly a *disk image* for this
>> kind of non-cloud, non-Atomic, minimal, probably-virtual deployment,
>> aside from the ones intended for vagrant use. At least not for x86_64.
>> I suppose I'd tend to use virt-install or just install from the network
>> install image, for this kind of use.
>
> Maybe we should look at this backwards and try to implement an
> instance-data injection environment in libvirt, by default. Then it
> would be possible to use images which contain cloud-init unmodified, and
> safely.
>
Coming to this thread late. There's been an RFE for virt-manager for a
while to send in cloud-init data for cloud images:
https://bugzilla.redhat.com/show_bug.cgi?id=981693
That would require using libguestfs to detect that the disk image is a
ex. Fedora cloud image. And nowadays I'd lean more towards just
disabling cloud-init and setting an empty password instead of doing
the specific cloud-init dance. It's not trivial though.
I think that running a web server that merely serves the intended SSH
public key for the root account would not have to be disabled by libvirt
for non-cloud images. That data isn't really secret.