diff options
author | Sam Eiderman <sameid@google.com> | 2019-10-29 23:00:36 +0000 |
---|---|---|
committer | Server Team CI Bot <josh.powers+server-team-bot@canonical.com> | 2019-10-29 23:00:36 +0000 |
commit | e1b4b8c903fed3b69e57ec08c17ce94097d55901 (patch) | |
tree | 9bc11d884f1e9d4ccacf95705dc7d29651c2b886 /cloudinit | |
parent | f1c788e2bb7c86069d43a015267facfb8aefcdf0 (diff) | |
download | vyos-cloud-init-e1b4b8c903fed3b69e57ec08c17ce94097d55901.tar.gz vyos-cloud-init-e1b4b8c903fed3b69e57ec08c17ce94097d55901.zip |
azure: Do not lock user on instance id change
After initial boot ovf-env.xml is copied to agent dir
(/var/lib/waagent/) with REDACTED password.
On subsequent boots DataSourceAzure loads with a configuration where the
user specified in /var/lib/waagent/ovf-env.xml is locked.
If instance id changes, cc_users_groups action will lock the user.
Fix this behavior by not locking the user if its password is REDACTED.
LP: #1849677
Diffstat (limited to 'cloudinit')
-rwxr-xr-x | cloudinit/sources/DataSourceAzure.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py index 4984fa84..cdf49d36 100755 --- a/cloudinit/sources/DataSourceAzure.py +++ b/cloudinit/sources/DataSourceAzure.py @@ -1193,9 +1193,10 @@ def read_azure_ovf(contents): defuser = {} if username: defuser['name'] = username - if password and DEF_PASSWD_REDACTION != password: - defuser['passwd'] = encrypt_pass(password) + if password: defuser['lock_passwd'] = False + if DEF_PASSWD_REDACTION != password: + defuser['passwd'] = encrypt_pass(password) if defuser: cfg['system_info'] = {'default_user': defuser} |