b5a7fc38aa
In a cloud environment instance images are typically cloned. This implies that the credentials used by the Cloudbase-Init service, even if randomly generated, are identical across instances of the same image, unless replaced during boot, e.g. by the post-sysprep specialize actions. Since this cannot be controlled in cases in which sysprep or similar mechanisms are not used (e.g. a Nova image snapshot), this patch adds a mechanism to reset the Cloudbase-Init service password at each execution. This avoids potential "pass the hash" type of attacks executed from user-data across instances booted from the same image. Change-Id: Ib778acc4c01f476c600e15aa77ed777523a77538 Closes-Bug: #1631567 Co-Authored-By: Adrian Vladu <avladu@cloudbasesolutions.com> Co-Authored-By: Alexandru Coman <acoman@cloudbasesolutions.com> |
||
---|---|---|
cloudbaseinit | ||
doc | ||
etc/cloudbase-init | ||
.gitattributes | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
LICENSE | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Portable Multi-Cloud Initialization Service
- Author: Cloudbase Solutions Srl
- Contact: info@cloudbasesolutions.com
- Home page: http://www.cloudbase.it/cloud-init-windows/
- Documentation: http://cloudbase-init.readthedocs.org/en/latest/
- Source: https://github.com/openstack/cloudbase-init
- License: Apache 2.0
Downloads
Stable
- (64bit) https://www.cloudbase.it/downloads/CloudbaseInitSetup_Stable_x64.msi
- (32bit) https://www.cloudbase.it/downloads/CloudbaseInitSetup_Stable_x86.msi
Beta
- (64bit) https://www.cloudbase.it/downloads/CloudbaseInitSetup_x64.msi
- (32bit) https://www.cloudbase.it/downloads/CloudbaseInitSetup_x86.msi