summaryrefslogtreecommitdiff
path: root/cloudinit
diff options
context:
space:
mode:
authorzsdc <taras@vyos.io>2020-10-28 17:26:01 +0200
committerzsdc <taras@vyos.io>2020-10-28 22:14:39 +0200
commit8afa99156e62541d697a00364348c6e417fb03df (patch)
treeca7bee89dc5c25860b2a083dd5238c0a7ff6c045 /cloudinit
parentf40f1b59a4e1fc316edd6da5c89f7b0f8d904d4e (diff)
downloadvyos-cloud-init-8afa99156e62541d697a00364348c6e417fb03df.tar.gz
vyos-cloud-init-8afa99156e62541d697a00364348c6e417fb03df.zip
cc_vyos: T3028: Added creating of fallback user
To provide connectivity to the CLI in cases when there were no credentials in metadata added a fallback user `vyos/vyos`.
Diffstat (limited to 'cloudinit')
-rw-r--r--cloudinit/config/cc_vyos.py30
1 files changed, 24 insertions, 6 deletions
diff --git a/cloudinit/config/cc_vyos.py b/cloudinit/config/cc_vyos.py
index bd85db12..e472a1cd 100644
--- a/cloudinit/config/cc_vyos.py
+++ b/cloudinit/config/cc_vyos.py
@@ -62,6 +62,9 @@ def set_pass_login(config, user, password):
config.set_tag(['system', 'login', 'user'])
+ # Return True if credentials added
+ return True
+
# configure user account with ssh key
def set_ssh_login(config, user, key_string):
@@ -71,11 +74,11 @@ def set_ssh_login(config, user, key_string):
if key_parsed.keytype not in ['ssh-dss', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ssh-ed25519', 'ecdsa-sha2-nistp521']:
logger.error("Key type {} not supported.".format(key_parsed.keytype))
- return
+ return False
if not key_parsed.base64:
logger.error("Key base64 not defined, wrong ssh key format.")
- return
+ return False
if not key_parsed.comment:
key_parsed.comment = "cloud-init-{}".format(uuid4())
@@ -88,6 +91,9 @@ def set_ssh_login(config, user, key_string):
config.set_tag(['system', 'login', 'user', user, 'authentication', 'public-keys'])
logger.debug("Configured SSH public key for user: {}".format(user))
+ # Return True if credentials added
+ return True
+
# filter hostname to be sure that it can be applied
# NOTE: here we cannot attempt to deny anything prohibited, as it is too late.
@@ -481,6 +487,9 @@ def handle(name, cfg, cloud, log, _args):
config = ConfigTree(config_file)
# Initialization of variables
+ DEFAULT_VYOS_USER = 'vyos'
+ DEFAULT_VYOS_PASSWORD = 'vyos'
+ logins_configured = False
network_configured = False
# configure system logins
@@ -492,22 +501,31 @@ def handle(name, cfg, cloud, log, _args):
if default_user:
# key-based
for ssh_key in ssh_keys:
- set_ssh_login(config, default_user, ssh_key)
+ if set_ssh_login(config, default_user, ssh_key):
+ logins_configured = True
# password-based
password = cfg.get('password')
if password:
- set_pass_login(config, default_user, password)
+ if set_pass_login(config, default_user, password):
+ logins_configured = True
# Configure all users accounts
for user, user_cfg in users.items():
# Configure password-based authentication
password = user_cfg.get('passwd')
if password and password != '':
- set_pass_login(config, user, password)
+ if set_pass_login(config, user, password):
+ logins_configured = True
# Configure key-based authentication
for ssh_key in user_cfg.get('ssh_authorized_keys', []):
- set_ssh_login(config, user, ssh_key)
+ if set_ssh_login(config, user, ssh_key):
+ logins_configured = True
+
+ # Create a fallback user if there was no others
+ if not logins_configured:
+ logger.debug("Adding fallback user: {}".format(DEFAULT_VYOS_USER))
+ set_pass_login(config, DEFAULT_VYOS_USER, DEFAULT_VYOS_PASSWORD)
# apply settings from OVF template
if 'OVF' in dsname: