Image refresh for opensuse-tumbleweed

[github-actions]

Image refresh for opensuse-tumbleweed

• FAIL: image-refresh opensuse-tumbleweed

[cockpituous]

Failed. Log: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh-opensuse-tumbleweed-1b8cb101-20250216-223832/log.html

[martinpitt]

@Nykseli @SludgeGirl: Apparently the SSH key setup with cloud-init got broken? 😢

[Nykseli]

Tumbleweed switched from AppArmor to selinux as the default MAC and it seems to not be happy about login in via ssh as root. Login as admin works and with setenforcing 0 root login works too.

So cloud-init seems to working fine. We just need to figure out what's going on with the selinux and tumbleweed 😅

[SludgeGirl]

Hey @martinpitt, Sorry for the wait we had a deadline recently so it's been a mad dash haha. I've had an extra five seconds today so I've had a proper look into this and I've got a bug reported here: https://bugzilla.suse.com/show_bug.cgi?id=1237764

In short because we're passing ssh_pwauth: True this is creating a new /etc/ssh/sshd_config with just the content:

PasswordAuthentication yes

This is overwriting some system defaults, including UsePAM yes and it seems without that option (and with selinux enabled as @Nykseli says), it breaks root login which is fun. I'll keep an eye on the bug report and let you know when we can get the image updated. Once again sorry for the wait!

[martinpitt]

Thanks @SludgeGirl ! That's a really bad cloud-init bug indeed -- it ought to create sshd_config.d/01-cloud-init.conf, not completely stomp over the default config.