Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User creation errors, with the new alpine-image template #2362

Open
afbjorklund opened this issue May 25, 2024 · 4 comments · May be fixed by #2364
Open

User creation errors, with the new alpine-image template #2362

afbjorklund opened this issue May 25, 2024 · 4 comments · May be fixed by #2364

Comments

@afbjorklund
Copy link
Contributor

afbjorklund commented May 25, 2024
edited
Loading

Description

Getting errors from cloud-config, when trying to create the initial user:

2024-05-25 08:10:21,390 - schema.py[WARNING]: Invalid cloud-config provided: Please run 'sudo cloud-init schema --system' to see the schema errors.
2024-05-25 08:10:23,288 - util.py[WARNING]: Running module ca_certs (<module 'cloudinit.config.cc_ca_certs' from '/usr/lib/python3.11/site-packages/cloudinit/config/cc_ca_certs.py'>) failed
2024-05-25 08:10:23,300 - util.py[WARNING]: Failed to create user anders
2024-05-25 08:10:23,302 - util.py[WARNING]: Running module users_groups (<module 'cloudinit.config.cc_users_groups' from '/usr/lib/python3.11/site-packages/cloudinit/config/cc_users_groups.py'>) failed

Will try to access the image (no login through serial), to find the log file...

Welcome to Alpine Linux 3.19
Kernel 6.6.14-0-virt on an x86_64 (/dev/ttyS0)

lima-alpine-image login: alpine
alpine
Password: 
alpine
Login incorrect

https://www.alpinelinux.org/cloud/

NoCloud, ... images are considered beta quality
@afbjorklund
Copy link
Contributor Author

afbjorklund commented May 25, 2024
edited
Loading

Seems like we might need some more packages, beyond "sudo":

Stderr: useradd: Warning: missing or non-executable shell '/bin/bash'
        useradd: UID 1000 is not unique

The default user in the image is using the ash shell, and not bash.

Or that might be fixed later, and it is the UID conflict that breaks it:

alpine:x:1000:1000:Linux User,,,:/home/alpine:/bin/sh

The other error was from missing update-ca-certificates

2024-05-25 08:10:23,288 - util.py[DEBUG]: Running module ca_certs (<module 'cloudinit.config.cc_ca_certs' from '/usr/lib/python3.11/site-packages/cloudinit/config/cc_ca_certs.py'>) failed
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/cloudinit/subp.py", line 280, in subp
    sp = subprocess.Popen(
         ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 1026, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/usr/lib/python3.11/subprocess.py", line 1950, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: b'update-ca-certificates'

@afbjorklund
Copy link
Contributor Author

afbjorklund commented May 25, 2024
edited
Loading

/etc/cloud/cloud.cfg

# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
  # This will affect which distro class gets used
  distro: alpine
  # Default user name + that default users groups (if added/used)
  default_user:
    name: alpine
    lock_passwd: False
    gecos: alpine Cloud User
    groups: [adm, wheel]
    doas:
      - permit nopass alpine
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    shell: /bin/ash
  network:
    renderers: ['eni']
  # Other config here will be given to the distro class and/or path classes
  paths:
    cloud_dir: /var/lib/cloud/
    templates_dir: /etc/cloud/templates/
  ssh_svcname: sshd

https://gitlab.alpinelinux.org/alpine/cloud/alpine-cloud-images/-/blob/main/scripts/setup

It's a bug in alpine cloud, the default user is already added (with a different shell and groups)

commit 274d883acb82d900abee9c451e1503777f7d02b7

@@ -174,6 +195,7 @@ configure_system() {
     fi
 
     # explicitly lock the root account
+    chroot "$TARGET" /bin/sh -c "/bin/echo 'root:*' | /usr/sbin/chpasswd -e"
     chroot "$TARGET" /usr/bin/passwd -l root
 
     # set up image user
@@ -181,7 +203,7 @@ configure_system() {
     chroot "$TARGET" /usr/sbin/addgroup "$user"
     chroot "$TARGET" /usr/sbin/adduser -h "/home/$user" -s /bin/sh -G "$user" -D "$user"
     chroot "$TARGET" /usr/sbin/addgroup "$user" wheel
-    chroot "$TARGET" /usr/bin/passwd -u "$user"
+    chroot "$TARGET" /bin/sh -c "echo '$user:*' | /usr/sbin/chpasswd -e"
 
     # modify PS1s in /etc/profile to add user
     sed -Ei \

@afbjorklund
Copy link
Contributor Author

There is another hack in the cloud-images, that works around the lock password issue:

# cloud-init locks our user by default which means alpine can't login from
# SSH. This seems like a bug in cloud-init that should be fixed but we can
# hack around it for now here.
if [ -f "$TARGET"/etc/cloud/cloud.cfg ]; then
    sed -i '/lock_passwd:/s/True/False/' "$TARGET"/etc/cloud/cloud.cfg
fi

https://gitlab.alpinelinux.org/alpine/cloud/alpine-cloud-images/-/blob/main/scripts/setup-cloudinit

@afbjorklund afbjorklund linked a pull request May 25, 2024 that will close this issue
Open
@afbjorklund
Copy link
Contributor Author

Removing the default user is just a hack, it should not be there (in the "cloud-init" variant)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove the embedded default user in alpine cloud afbjorklund/lima
1 participant
@afbjorklund