diff options
author | zsdc <taras@vyos.io> | 2020-10-28 17:26:01 +0200 |
---|---|---|
committer | zsdc <taras@vyos.io> | 2020-10-28 22:14:39 +0200 |
commit | 8afa99156e62541d697a00364348c6e417fb03df (patch) | |
tree | ca7bee89dc5c25860b2a083dd5238c0a7ff6c045 /cloudinit/config/cc_vyos.py | |
parent | f40f1b59a4e1fc316edd6da5c89f7b0f8d904d4e (diff) | |
download | vyos-cloud-init-8afa99156e62541d697a00364348c6e417fb03df.tar.gz vyos-cloud-init-8afa99156e62541d697a00364348c6e417fb03df.zip |
cc_vyos: T3028: Added creating of fallback user
To provide connectivity to the CLI in cases when there were no credentials in metadata added a fallback user `vyos/vyos`.
Diffstat (limited to 'cloudinit/config/cc_vyos.py')
-rw-r--r-- | cloudinit/config/cc_vyos.py | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/cloudinit/config/cc_vyos.py b/cloudinit/config/cc_vyos.py index bd85db12..e472a1cd 100644 --- a/cloudinit/config/cc_vyos.py +++ b/cloudinit/config/cc_vyos.py @@ -62,6 +62,9 @@ def set_pass_login(config, user, password): config.set_tag(['system', 'login', 'user']) + # Return True if credentials added + return True + # configure user account with ssh key def set_ssh_login(config, user, key_string): @@ -71,11 +74,11 @@ def set_ssh_login(config, user, key_string): if key_parsed.keytype not in ['ssh-dss', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ssh-ed25519', 'ecdsa-sha2-nistp521']: logger.error("Key type {} not supported.".format(key_parsed.keytype)) - return + return False if not key_parsed.base64: logger.error("Key base64 not defined, wrong ssh key format.") - return + return False if not key_parsed.comment: key_parsed.comment = "cloud-init-{}".format(uuid4()) @@ -88,6 +91,9 @@ def set_ssh_login(config, user, key_string): config.set_tag(['system', 'login', 'user', user, 'authentication', 'public-keys']) logger.debug("Configured SSH public key for user: {}".format(user)) + # Return True if credentials added + return True + # filter hostname to be sure that it can be applied # NOTE: here we cannot attempt to deny anything prohibited, as it is too late. @@ -481,6 +487,9 @@ def handle(name, cfg, cloud, log, _args): config = ConfigTree(config_file) # Initialization of variables + DEFAULT_VYOS_USER = 'vyos' + DEFAULT_VYOS_PASSWORD = 'vyos' + logins_configured = False network_configured = False # configure system logins @@ -492,22 +501,31 @@ def handle(name, cfg, cloud, log, _args): if default_user: # key-based for ssh_key in ssh_keys: - set_ssh_login(config, default_user, ssh_key) + if set_ssh_login(config, default_user, ssh_key): + logins_configured = True # password-based password = cfg.get('password') if password: - set_pass_login(config, default_user, password) + if set_pass_login(config, default_user, password): + logins_configured = True # Configure all users accounts for user, user_cfg in users.items(): # Configure password-based authentication password = user_cfg.get('passwd') if password and password != '': - set_pass_login(config, user, password) + if set_pass_login(config, user, password): + logins_configured = True # Configure key-based authentication for ssh_key in user_cfg.get('ssh_authorized_keys', []): - set_ssh_login(config, user, ssh_key) + if set_ssh_login(config, user, ssh_key): + logins_configured = True + + # Create a fallback user if there was no others + if not logins_configured: + logger.debug("Adding fallback user: {}".format(DEFAULT_VYOS_USER)) + set_pass_login(config, DEFAULT_VYOS_USER, DEFAULT_VYOS_PASSWORD) # apply settings from OVF template if 'OVF' in dsname: |