giovtorres
cloud init custom user-data script not picked up
Platform
Hypervisor OS: Ubuntu-18.04 Guest OS: Ubuntu-18.04 kvm-install-vm: latest github version
Goal
I want to add an additional user with a specified password and without NOPASSWD in sudoers. By default kvm-install-vm uses ALL=(ALL) NOPASSWD:ALL for additional users.
Attempt
I tried to create a user-data.sh and run kvm-install-vm create -s "$HOME/user-data.sh" my-vm01, but it seems to have no effect. I can't login with ssh, nor through tty with virt-manager's graphical interface.
My guess is the config is not picked up. What might I be missing?
user-data.sh
# Users
users:
- default
- name: my-user
groups: ['sudo']
shell: /bin/bash
sudo: ALL=(ALL) ALL
ssh-authorized-keys:
- ssh-ed25519 <my-pub-key>
lock-passwd: false
passwd: <my-salted-password-hash>
.kivrc
AUTOSTART=true
CPUS=1
MEMORY=1024
DISK_SIZE=20
IMAGEDIR="/mnt/500g01/virtualbox/image"
VMDIR="/mnt/500g01/virtualbox"
BRIDGE=br2
PUBKEY="${HOME}/.ssh/user01_ed25519.pub"
DISTRO=ubuntu1804
MACADDRESS=$(printf '%02x' $((0x$(od /dev/urandom -N1 -t x1 -An | cut -c 2-) & 0xFE | 0x02)); od /dev/urandom -N5 -t x1 -An | sed 's/ /:/g')
TIMEZONE=Berlin/Europe
VERBOSE=1
Cause
The reason it's not picked is because -s user-data.sh allows to execute a shell script and not add cloud-config settings, as seen by the Content-Type: text/x-shellscript; charset="us-ascii" boundary.
Feature request
Can you allow supplying a custom cloud-config? If no cloud-config has been supplied, then the default can be used. I think the cloud config should not be hardcoded. By default kvm-install-vm uses NOPASSWD for sudo users. I prefer to provide a hashed password to cloud-init like so:
Example without sudo's NOPASSWD
users:
- default
- name: ${ADDITIONAL_USER}
groups: ['${SUDOGROUP}']
shell: /bin/bash
sudo: ALL=(ALL) ALL
ssh-authorized-keys:
- ${KEY}
chpasswd:
list: |
root:\$6\$some-hash
myuser:\$6\$some-hash
expire: false
- The hash password can be stored encrypted with
openssland decrypted interactively before runningkvm-install-vm.
Note
Because the hashes are within a heredoc format $-sign has to be escaped by a backslash and not single quotes.
I agree, @eayin2 ... the hard-coding of cloud-config is a deal breaker for me ... discourages me from using this most useful effort. OTOH, one can just add the bits required in the hardcoded cloud-config and still run with it.
I agree, @eayin2 ... the hard-coding of cloud-config is a deal breaker for me ... discourages me from using this most useful effort. OTOH, one can just add the bits required in the hardcoded cloud-config and still run with it.
If I recall correctly, a non hard coded version with an optional python dependency was made in the pull request https://github.com/giovtorres/kvm-install-vm/pull/56#issuecomment-646123986
@eayin2, thanks for the update ... and yes, I agree with the maintainer on adding python as a dependency, that can throw up a whole pile of complications (with modules, python versions, and whatnot) ...
If I was to try and address this, I would prefer that people create their ISO cloud-config files, and then supply it as a parameter ... yeah, not smooth, but easier to accommodate in the existing eco-system ... just an optional flag/param to avoid generating ISO and read it from a given path.