** Description changed: === Being SRU Template === [Impact] Users of cloud-init can change passwords on a system by providing input to chpasswd as a string: - #cloud-config - chpasswd: - list: | - user1:password1 + #cloud-config + chpasswd: + list: | + user1:password1 Confusingly, the 'list' is actually not a list, but a multi-line string. The change made in this bug supports either. - + [Test Case] - # this launches 2 containers, one with list input and one with str - # then at the end, the user should ssh in and verify they can log in - # with the provided user and password. - $ rel=zesty - $ cat > chpass-str.yaml <<"EOF" - #cloud-config - ssh_pwauth: True - users: - - default - - name: "user1" - - name: "user2" - chpasswd: - expire: False - list: | - user1:password1 - user2:password2 - EOF + There is an integration test in cloud-init that runs though this code. + To run that: - $ cat > chpass-list.yaml <<"EOF" - #cloud-config - ssh_pwauth: True - users: - - default - - name: "user1" - - name: "user2" - chpasswd: - expire: False - list: - - user1:password1 - - user2:password2 - EOF + $ git clone https://git.launchpad.net/cloud-init + $ cd cloud-init - $ ud_str="$(cat chpass-str.yaml)" - $ ud_list="$(cat chpass-list.yaml)" - $ pname=$(petname || echo foo-$rel) - $ lxc launch ubuntu-daily:$rel $pname-str "--config=user.user-data=$ud_str" - $ lxc launch ubuntu-daily:$rel $pname-list "--config=user.user-data=$ud_list" + # download the appropriate deb for cloud-init from -proposed + $ rel=xenial + $ pver=$(rmadison --url=ubuntu --suite=$rel-proposed cloud-init | awk '{print $3}') + $ fname="cloud-init_${pver}_all.deb" + $ wget "http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/$fname"; + $ ln -sf $fname cloud-init_all.$rel.deb + $ tox -e citest -- run -v -n $rel --deb=cloud-init_all.$rel.deb \ + -t tests/cloud_tests/testcases/modules/set_password_list_string.py \ + -t tests/cloud_tests/testcases/modules/set_password_list.py - $ for name in $pname-str $pname-list; do - lxc exec $name -- sh -c ' - while ! [ -e /run/cloud-init/result.json ]; do - echo -n .; sleep 1; done; echo;'; done + That will install the new cloud-init into a container and run + with user data to excercise this new feature. - $ lxc list "$pname.*" - $ echo "Now ssh into $pname-str and $pname-list as user1 and user2." [Regression Potential] Very low regression potential. The test case shown provides both the previously supported path (a string) and the new path (a list). [Other Info] + Upstream commit: + https://git.launchpad.net/cloud-init/commit/?id=7f2b51054a5defe + === End SRU Template === + If cloud-config contains list of user:password pairs as in example below chpasswd: list: - user1:pwd001 - user2:pwd002 cc_set_passwords module fails to change passwords with error: Feb 17 15:52:48 si-man [CLOUDINIT] stages.py[DEBUG]: Running module set-passwords (<module 'cloudinit.config.cc_set_passwords' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py'>) with frequency once-per-instance Feb 17 15:52:48 si-man [CLOUDINIT] handlers.py[DEBUG]: start: modules-config/config-set-passwords: running config-set-passwords with frequency once-per-instance Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Writing to /var/lib/cloud/instances/6d822e81-98a1-4b43-bed2-db8d0cf045bb/sem/config_set_passwords - wb: [420] 25 bytes Feb 17 15:52:48 si-man [CLOUDINIT] helpers.py[DEBUG]: Running config-set-passwords using lock (<FileLock using file '/var/lib/cloud/instances/6d822e81-98a1-4b43-bed2-db8d0cf045bb/sem/config_set_passwords'>) Feb 17 15:52:48 si-man [CLOUDINIT] cc_set_passwords.py[DEBUG]: Changing password for ["['user1"]: Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Running command ['chpasswd'] with allowed return codes [0] (shell=False, capture=True) Feb 17 15:52:48 si-man [CLOUDINIT] util.py[WARNING]: Failed to set passwords with chpasswd for ["['user1"] Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Failed to set passwords with chpasswd for ["['user1"]#012Traceback (most recent call last):#012 File "/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py", line 121, in handle#012 util.subp(['chpasswd'], ch_in)#012 File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1836, in subp#012 cmd=args)#012cloudinit.util.ProcessExecutionError: Unexpected error while running command.#012Command: ['chpasswd']#012Exit code: 1#012Reason: -#012Stdout: ''#012Stderr: "chpasswd: (user ['user1) pam_chauthtok() failed, error:\nAuthentication token manipulation error\nchpasswd: (line 1, user ['user1) password not changed\n" Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Running command ['passwd', '--expire', "['user1"] with allowed return codes [0] (shell=False, capture=True) Feb 17 15:52:48 si-man [CLOUDINIT] util.py[WARNING]: Failed to set 'expire' for ['user1 Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Failed to set 'expire' for ['user1#012Traceback (most recent call last):#012 File "/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py", line 136, in handle#012 util.subp(['passwd', '--expire', u])#012 File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1836, in subp#012 cmd=args)#012cloudinit.util.ProcessExecutionError: Unexpected error while running command.#012Command: ['passwd', '--expire', "['user1"]#012Exit code: 1#012Reason: -#012Stdout: ''#012Stderr: "passwd: user '['user1' does not exist\n" Feb 17 15:52:48 si-man [CLOUDINIT] cc_set_passwords.py[DEBUG]: 2 errors occured, re-raising the last one The issue affects cloud-init installed in xenial-server-cloudimg-amd64-disk1.img # apt-cache policy cloud-init cloud-init: Installed: 0.7.8-49-g9e904bb-0ubuntu1~16.04.4 Candidate: 0.7.8-49-g9e904bb-0ubuntu1~16.04.4 Version table: *** 0.7.8-49-g9e904bb-0ubuntu1~16.04.4 500 500 http://zone-1.clouds.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 100 /var/lib/dpkg/status 0.7.7~bzr1212-0ubuntu1 500 500 http://zone-1.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages cc_set_passwords converts list of user:password lists to str and as result user names get corrupted.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1665694 Title: cc_set_passwords fails to change passwords specified as chpasswd['list'] in cloud-config To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1665694/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
