Init fails after imaging with a ec2-user set password

[tyen-brex]

An mac image was created using the following steps

1. Launch a mac image
2. Ran the steps on https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-mac-instances.html#connect-to-mac-instance to connect via "Apple Remote Desktop". Remote login is needed to solve https://github.com/actions/runner/issues/1959
3. Stopped the instance and created an image
4. Launched a new instance with the image created in the previous step

The following error is appearing in /var/log/amazon/ec2/ec2-macos-init.log, and the remaining init short circuits

Error while running module [ManageEC2User] (type: usermanagement, group: 3) with message:  and err: ec2macosinit: failed to randomize password: ec2macosinit: unable to set secure password: ec2macosinit: failed to set ec2-user's password: exit status 67

[okudajun]

Hi @tyen-brex,

I guess you also run sudo ec2-macos-init clean all or something to clear the history before creating the image. Then, you'll see the error because ec2-user got a secure token during the steps to use Apple Remote Desktop. You need the old password when you change the password of users who have secure tokens even if you try to change the passwords with the root privilege.

Could you also modify the line https://github.com/aws/ec2-macos-init/blob/9460c024ac68de3bfca4e78102a691b4b7f1a22e/configuration/init.toml#L132 to false before creating an image? It will stop ec2-macos-init's trying to randomize ec2-user's password, and ec2-macos-init will run as expected.

[tyen-brex]

Thanks!