1

I'm trying to create a profile to automate the creation of a container, but I'm having trouble with cloud-init. For some reason the password is not being set for the user and is also not being added as a sudoer. Here is the YAML:

config:
  boot.autostart: "false"
  limits.cpu: "2"
  limits.memory: "4GB"
  user.user-data: |
    #cloud-config
    users:
      - name: matheus
        gecos: Matheus Saraiva da Silva
        lock_password: false
        plain_text_passwd: tyy7854
        ssh-authorized-keys:
          - ssh-rsa myrsa
    package_update: true
    package_upgrade: true
    package_reboot_if_required: true
    snap:
      commands:
        00: snap install juju --classic
        01: snap install charmcraft --classic
        02: snap install node --classic
    apt:
      preserve_source_list: true
    packages:
      - gcc
      - podman
    runcmd:
      - usermod, -aG, sudo matheus
      - [su, matheus, -c, "wget https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb -P /home/matheus/Downloads"]
      - [su, matheus, -c, "sudo dpkg -i /home/matheus/minikube_latest_amd64.deb"]
      - [su, matheus, -c, "git config --global user.name matheusssilva"]
      - [su, matheus, -c, "git config --global user.email matheus.saraiva@gmail.com"]

description: TaskStack enviroment lxd profile
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: TaskStack
used_by: []

When I try to do something with sudo, the password that is in the configuration file does not work. So I am obliged to change the user's password using the root user #passwd matheus. Is it a bug?

Matheus Saraiva
  • 113
  • 3

1 Answers1

1

Make sure you're using the proper key names:

  • lock_passwd instead of lock_password
  • preserve_sources_list instead of preserve_source_list
  • ssh_authorized_keys instead of ssh-authorized-keys (this one is just a deprecation warning and currently isn't hurting anything)

These sorts of errors can be more easily caught using cloud-init schema --system:

$ cloud-init schema --system
Cloud config schema deprecations: 
Error:
Cloud config schema errors: apt: Additional properties are not allowed ('preserve_source_list' was unexpected), users.0: {'name': 'matheus', 'gecos': 'Matheus Saraiva da Silva', 'lock_password': False, 'plain_text_passwd': 'tyy7854', 'ssh-authorized-keys': ['ssh-rsa myrsa']} is not valid under any of the given schemas

The runcmd script gets stored in /var/lib/cloud/instance/scripts/runcmd. If you take a look, you'll see it's probably not quite what you're expecting. The first line needs to be an array rather than just a string. I.e.,

    runcmd:
      - [usermod, -aG, sudo, matheus]
      - [su, matheus, -c, "wget https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb -P /home/matheus/Downloads"]
      - [su, matheus, -c, "sudo dpkg -i /home/matheus/minikube_latest_amd64.deb"]
      - [su, matheus, -c, "git config --global user.name matheusssilva"]
      - [su, matheus, -c, "git config --global user.email matheus.saraiva@gmail.com"]

Instead of using runcmd for setting sudo, if you look at the cloud-init docs, the Users and Groups module allows for setting sudo rules:

sudo: (string/null) Sudo rule to use or false. Absence of a sudo value or null will result in no sudo rules added for this user.

Using part of the example a little further down:

users:
- name: newsuper
  sudo: ALL=(ALL) NOPASSWD:ALL

You can use something like this to replace your runcmd sudo line if desired.

falcojr
  • 251
  • 1
  • 2