search

cloudbase / cloudbase-init

Cross-platform instance initialization
http://openstack.org
Apache License 2.0
414 stars 150 forks source link

How can I skip updating user password? #52

Closed 10fish closed 4 years ago

10fish commented 4 years ago

Hi guys,

I'm using ConfigDrive service to provide meta source, and for some actions, the user may not change their password. And when I tried to emit meta.admin_pass field in file meta_data.json, a random user password was set, thus the user(I) could not logon then after. So how can I skip updating user password for sometimes? Or is it a mandatory option for every uuid instance?

And then I modified method _set_password in file setuserpassword.py: from(docs emitted):

    def _set_password(self, service, osutils, user_name, shared_data):
        if service.can_update_password and not service.is_password_changed():
            LOG.info('Updating password is not required.')
            return None

        password, injected = self._get_password(service, shared_data)
        if not password:
            LOG.debug('Generating a random user password')
            password = osutils.generate_random_password(
                CONF.user_password_length)

        osutils.set_user_password(user_name, password)
        self._change_logon_behaviour(user_name, password_injected=injected)
        return password

to(docs emitted):

    def _set_password(self, service, osutils, user_name, shared_data):
        if service.can_update_password and not service.is_password_changed():
            LOG.info('Updating password is not required.')
            return None

        password, injected = self._get_password(service, shared_data)
        if password:
            osutils.set_user_password(user_name, password)
            self._change_logon_behaviour(user_name, password_injected=injected)
        else:
            LOG.debug('no password set, skipping setting password...')
        return password

Still with no luck. Are there anywhere else changing user password? Or is it possible to skip that operation?

Please help me! Thanks~

Version using: 1.1.1

10fish commented 4 years ago

I have found the following in BaseCreateUserPlugin:

    def execute(self, service, shared_data):
        user_name = service.get_admin_username() or CONF.username
        shared_data[constants.SHARED_DATA_USERNAME] = user_name

        osutils = osutils_factory.get_os_utils()
        password = self._get_password(osutils)

        if CONF.rename_admin_user:
            admin_user_name = [u for u in osutils.enum_users()
                               if osutils.is_builtin_admin(u)][0]

            if admin_user_name.lower() != user_name.lower():
                LOG.info('Renaming builtin admin user "%(admin_user_name)s" '
                         'to %(new_user_name)s and setting password',
                         {'admin_user_name': admin_user_name,
                          'new_user_name': user_name})
                osutils.rename_user(admin_user_name, user_name)
                osutils.set_user_password(user_name, password)
            else:
                LOG.info('"%s" is already the name of the builtin admin '
                         'user, skipping renaming', user_name)
        elif osutils.user_exists(user_name):
            # here
            LOG.info('Setting password for existing user "%s"', user_name)
            osutils.set_user_password(user_name, password)
        else:
            LOG.info('Creating user "%s" and setting password', user_name)
            self.create_user(user_name, password, osutils)
...

this plugin is changing the existing admin user password. My problem solved. So I should close this issue. Thanks all!

ader1990 commented 4 years ago

To better explain the solution for future references:

The default user (Admin) is configured by two plugins:

Both plugins can set the password depending on configuration and the metadata service information.

To skip updating user password, the plugins list should not contain the above plugins defined in the cloudbase-init configuration file.

If the plugin list is not defined, the default plugins will be run: https://cloudbase-init.readthedocs.io/en/latest/plugins.html#configuring-selected-plugins

10fish commented 4 years ago

@ader1990 Many thanks. My problem solved.