[2.5.3] Unable to add new users using curtin in CentOS


#1

Hi. I am currently building a MaaS POC, and the goal is to be able to provision both Ubuntu and CentOS.

I have tried to add new users by modifying /etc/maas/preseed/curtin_userdata_centos:

late_commands:
  maas: [wget, '--no-proxy', '{{node_disable_pxe_url}}', '--post-data', '{{node_disable_pxe_data}}', '-0', '/dev/null']
  10_adduser: ["curtin", "in-target", "--", "sh", "-c", "adduser maas"]
  20_addpwd: ["curtin", "in-target", "--", "sh", "-c", "echo 'maas:maas'| chpasswd"]
  30_addsudo: ["curtin", "in-target", "--", "sh", "-c", "usermod -aG wheel maas"]

It managed to get centos installed and reboot it, but it won’t get into the login screen. It has the error along the lines of:
avc denied open for path /etc/passwd sda

The MaaS version I’m using is 2.5 and I was using the centos image that is provided, no changes at all.

I have done the same curtin commands to ubuntu, and it seems to work fine on ubuntu.

Let me know if there’s any more details that I need to provide. Thanks in advance,

Regards,
De Lin


#2

Hi hoodl,

i thing you don’t need to create user/users. By default MaaS create user “ubuntu” for ubuntu machines and user “centos” for CentOS deployment. You can login with ssh-key used from user which is deploy this machines.


#3

Hi !

@tension183 it can actually be usefull if your installation does not work as wished, SSH is not working and you want to access the server to check what’s wrong via IPMI console for example :slight_smile:

@hoodl
For Ubuntu I’m using :

  61_create_user_installer: ["curtin", "in-target", "--", "sh", "-c", "sudo useradd installer -g 0"]
  62_set_installer_password: ["curtin", "in-target", "--", "sh", "-c", "echo 'installer:badpassword' | sudo chpasswd"]
  63_set_installer_as_admin: ["curtin", "in-target", "--", "sh", "-c", "sudo usermod -g admin installer"]

Ludwig


#4

Yes, the reason for an account with password is to be used for IPMI console. For some reason, it only works on ubuntu. And it does not have any errors on curtin as well. I suspect that it might be a centos selinux issue.


Because this is the error I saw when the server boots. If I add a user, I can’t even ssh using the centos account, it will just have permission denied


#5

I’ve figured out a workaround on this, I used cloud-init user_data to add users during deployment when I was deploying centos. However, I still hope that there’s still a way to incorporate this in curtin, so that I can keep user_data logic as thin as possible


#6

Hi hoodl,

this error came from Selinux i workaround this like this: Settings > General > Global Kernel Parameters = Selinux=0


#7

You should look at doing this like it’s described here if you wanna leverage curtin:


#8

I don’t think it’s necessarily a good idea to attempt to implement your own useradd functionality. Curtin will do it for you quite nicely.

I’ve attached our entire custom config to which I appended the users which we have in /etc/maas/preseeds/curtin_userdata_custom template (because we only wanted to affect our custom images).

# cloud-config
---
debconf_selections:
 maas: |
  {{for line in str(curtin_preseed).splitlines()}}
  {{line}}
  {{endfor}}

late_commands:
 maas: [wget, '--no-proxy', '{{node_disable_pxe_url}}', '--post-data', '{{node_disable_pxe_data}}', '-O', '/dev/null']

write_files:
 userconfig:
  path: /etc/cloud/cloud.cfg.d/00-users.cfg
  content: |
    groups:
      - docker
    users:
      - default
      - name: myuser
        gecos: Service Operator
        primary_group: myuser
        groups: [docker,sudo]
        lock_passwd: false
        passwd: <REDACTED> # note that the value for this field is NOT the plain text password
        ssh_authorized_keys:
          - <REDACT$ED>

A couple things to note that are very important!! The documentation here states you can set the shell for the default user only!! It’s not very explicit. So in other words, you cannot set the shell (afaict) for additional users. When I tried to do it, my test run failed miserably. When I removed the shell line, my test run succeeded. I ended up having to fix the default shell problem in my custom image that I build.

Finally, if you remove the default user in the users object under write_files, then the system user that gets added automatically will not get put on the system.


#9

Thanks for all of the suggestions. I have used the write_files directive on both ubuntu and centos and it worked perfectly