One approach to updating (and making PCI DSS-compliant…) Ubuntu cloud images would be to start a stock instance with an unmodified image, customise this VM, and then either snapshot or save and convert the resulting filesystem. The two drawbacks of this methodology are that the resulting image isn’t necessarily pristine – the commands run to migrate its state and and temporary files will still be present – and the image will be much larger than the original compressed/deduplicated source. This latter aspect is important when there is a need to spin-up a large number of VMs quickly, and the smaller the source image the faster this can occur.
Month: August 2015
I’ve recently been working on upgrading the stock Ubuntu cloud image(*) to meet the requirements for PCI DSS compliance – and a hugely non-obvious issue I ran into went as follows:
# passwd newuser
passwd: Module is unknown
passwd: password unchanged
It’s not uncommon, especially when using chroot() gaols, to find that “modern” systemd-equipped Linux distributions seem to get a bit possessive when it comes to mounting filesystems such as devtmpfs on /dev or tmpfs on /run, and when you want to remove the gaol this filesystems can show as still in use – although lsof/fuser -m output suggests that everything using root-dev and nothing respectively are actually using these mount-points.
https://twitter.com/srcshelton/status/630674999636918272
Dear HTC device owners, please reset your fingerprints as they were stored as easily accessible bitmaps: http://t.co/ty8jsnkYd6
— Troy Hunt (@troyhunt) August 10, 2015
https://twitter.com/srcshelton/status/630778702582804481
How I accidentally captured the ISS in a self portrait: http://t.co/jX0iZDon4f pic.twitter.com/QW1gobo90v
— PetaPixel (@petapixel) August 10, 2015
http://t.co/y8jutU1A9Y is the first part of the funniest thing I've ever read written by someone who has just been diagnosed with leukemia.
— Neil Gaiman (@neilhimself) August 10, 2015
And here is the second part. Just as funny and as painful and as human: http://t.co/UGsLzXGnms #JohnVsCancer
— Neil Gaiman (@neilhimself) August 10, 2015
https://twitter.com/srcshelton/status/631079555097165824