Setup default password for user `ubuntu`

maasuser1 · 29 May 2024 16:15

Hello there,

I want to use Curtin (not cloud-init) to preseed the default password of user ubuntu for all future deployment, but eventually got deployment failed:

Running command ['unshare', '--fork', '--pid', '--', 'chroot', '/tmp/tmp2krg_2o_/target', 'sh', '-c', "echo '1000:mynewpass' | chpasswd"] with allowed return codes [0] (capture=False)
chpasswd: (user 1000) pam_chauthtok() failed, error:
Authentication token manipulation error
chpasswd: (line 1, user 1000) password not changed

Is there any workarounds? Thanks

adolfo94 · 24 June 2024 12:53

At curtin execution, the user ubuntu doesn’t exist. Cloud-init creates the user on the first boot.

You can configure curtin to create files. Create a config file for cloud-init with the passwd:

#cloud-config
write_files:
  password:
    path: /etc/cloud/cloud.cfg.d/00_ubuntu_passwd.cfg
    permissions: '0644'
    content: |
      #cloud-config
      # vim: syntax=yaml
      chpasswd:
        expire: false
        list:
          - ubuntu: yourpassword
late_commands:
  maas: [wget, '--no-proxy', {{node_disable_pxe_url|escape.json}}, '--post-data', {{node_disable_pxe_data|escape.json}}, '-O', '/dev/null']

adolfo94 · 24 June 2024 13:39

I forgot to mention if you put the password in clear, it’s recommended to delete the file once the machine is deployed.

runcmd:
  - rm /etc/cloud/cloud.cfg.d/00_ubuntu_passwd.cfg

Use always hashed passwords!:

# --- Example2 ---

# Disable ssh password authentication
# Don't require users to change their passwords on next login
# Set the password for user1 to be 'password1' (OS does hashing)
# Set the password for user2 to a pre-hashed password
# Set the password for user3 to be a randomly generated password,
#   which will be written to the system console
ssh_pwauth: false
chpasswd:
  expire: false
  users:
    - name: user1
      password: password1
      type: text
    - name: user2
      password: $6$rounds=4096$5DJ8a9WMTEzIo5J4$Yms6imfeBvf3Yfu84mQBerh18l7OR1Wm1BJXZqFSpJ6BVas0AYJqIjP7czkOaAZHZi1kxQ5Y1IhgWN8K9NgxR1
    - name: user3
      type: RANDOM

maasuser1 · 24 June 2024 19:52

 Mon, 24 Jun. 2024 19:40:54	Node post-installation failure - 'cloudinit' running config-set_passwords with frequency once-per-instance
 Mon, 24 Jun. 2024 19:40:54	Node status event - 'cloudinit' running config-set_passwords with frequency once-per-instance

It says failure but I did not see detailed info in the dmesg, quite weird.

I prepend the following content to curtin_userdata_ubuntu:

#cloud-config
debconf_selections:
 maas: |
  {{for line in str(curtin_preseed).splitlines()}}
  {{line}}
  {{endfor}}

write_files:
  password:
    path: /etc/cloud/cloud.cfg.d/00_ubuntu_passwd.cfg
    permissions: '0644'
    content: |
      ssh_pwauth: true
      chpasswd:
        expire: false
        list:
          - ubuntu: mypassword

adolfo94 · 25 June 2024 06:00

Check my second reply, the example of the chpasswd module.

maasuser1 · 25 June 2024 08:43

Thank you. By applying the correct cloud-init YAML format, it is successful.

system · 27 June 2024 08:44

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.