plain text passwords in cloud-init templates

the fix depends on https://review.openstack.org/#/c/277353

Hi, I would like to help on this issue, If no one else if presently working.

The cloud-config uses a `plain_text_passwd: {{ user.password }}` which creates a security issues. So based on the changes being worked on in https://review.openstack.org/#/c/277353. The cloud-config file, need to be replace plain text with a hash value of password `passwd: {{ user.password }}`. Please confirm ?

Anil, no, but you're on the right way.

the idea is to switch to `hashed_password` property instead of plain text password.

https://review.openstack.org/#/c/277353/14/fuel_agent/objects/users.py@32

therefore,

the cloud-config file needs plain text password to be replaced with a hashed value of password, ie: `passwd: {{ user.hashed_password }}`.

then `passwd` value will be passed to `useradd` cli tool

https://github.com/number5/cloud-init/blob/0.7.5/cloudinit/distros/__init__.py#L317

Fix proposed to branch: master
Review: https://review.openstack.org/294540

Reviewed: https://review.openstack.org/294540
Committed: https://git.openstack.org/cgit/openstack/fuel-agent/commit/?id=2c93034a2b7c8b3d8111ac3dc9aca8792d177046
Submitter: Jenkins
Branch: master

commit 2c93034a2b7c8b3d8111ac3dc9aca8792d177046
Author: Anil Belur <email address hidden>
Date: Fri Mar 18 17:12:54 2016 +0530

    Fixes #1553236 - remove plain text passwords in cloud-init templates

    The cloud-config uses a `plain_text_passwd: {{ user.password }}` which
    could create potential security issues.

    Therefore the cloud-config file, requires the 'plain text password'
    replaced with a 'hashed password'.

    Closes-bug: #1553236
    Change-Id: Ic0c5992b5302f84819498ccd311cf19224142fa5
    Signed-off-by: Anil Belur <email address hidden>

Does this bug affects also previous Fuel versions? 8.0, 7.0, 6.1, 6.0? Thanks.

MOS <=8.0 does not have this option in cloud-init config.
So closed as Invalid.