[3.0][feature request] user management

Hello Ethan,

Do you know why cloud-init is taking so much time? Is this expected on a low performance CPU?

The customization section is intentionally limited in the ubuntu-image configuration because it was intended to solve simple cases and let users handle more complex cases with cloud-init or custom packages.

Implementing this feature would probably not be too complex but I fear it may confuse users by offering multiple ways to solve a single problem. @sil2100 what do you think?

In the meantime, I think you can use a manual customization (copy-file + execute) to create the user, set the password and force the reset. Be careful though, the "add-user" customization is the last customization executed, so you cannot use it to create the user and expect to do the rest in the "execute" customization.

Hi Paul,

Sorry for slow response, I didn't receive an update mail from LP.

The account and password are created by cloud-init at first boot.
There are four stages: "init-local", "init", "modules:config" and "modules:final".

1. "init": create default account and password.
2. "modules:config": force users to reset password
chpasswd:
  list: |
    ubuntu:ubuntu
  expire: True

cloud-init is taking so much time because it needs to finish tasks of "init-local" and "init" first. It's expected on a low performance CPU. But, if it can be done by ubuntu-image instead of cloud-init, the issue will be gone.

No worries.

And what do you think of my proposed solution using the manual customization?

CE team will provide the image build script to customers/downloadstream to build images. We would like to keep the script as simple as possible. It will be more easy for customers to build and customize images if all customizations can be done by ui-3.0's yaml.

Some customers complained about boot time. Disabling cloud-init is one of options to reduce boot time. We have reviewed cloud-init configs used on CE projects. Some can be done by meta packages while some like user account/password still need ubuntu-image. So, it would be better if ui 3.0 can support this feature.

I agree with you that keeping things as simple as possible for our customers is valuable.

I think I could be a useful improvement to ubuntu-image.

Let's see what Lukasz thinks about this.

Hey Ethan,

I just merged it in main. You may be able to test in from the latest/edge channel in a couple of hours. Let me know if this is working as you expected.

Hey Paul,

I test this function with ubuntu-image v3.2+snap3 rev#731 from the edge channel.
But the result failed with "login incorrect" information.
I can't log into shell via the target account/password.

The attached YAML file is what I used for building the image.
Could you help to check what I missed?

BTW, the rootfs is using the CPC version from https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64-root.tar.xz

Tks.

Another update:
I reference the template from ubuntu-images for adding the user (comment out cloud-init user-data).
https://git.launchpad.net/ubuntu-images/tree/ubuntu-server-pc-amd64.yaml
But the result still failed as same as comment#7.

The testing YAML file is attached. Tks.

Hey Laider.

There are 2 issues here:

- in your configuration, the "add-user" should be a subkey of "manual" (under "customization"). If you look at the build log, you could see that the "perform_manual_customization" is absent. Currently when parsing the YAML, we ignore keys not matching our model, so we do not detect a key is "misplaced". We could surely improve that to spot some errors.
- after fixing the YAML, I built the image. The user is created and the proper hash (based on the password) is set in /etc/shadow, but I confirm I cannot login on the machine. I am now trying to see if this is due to the forced password expiry.

I tested with another username than "ubuntu" and it works (I was able to login and change the password).

So I suspect cloud-init (or something else) is messing with this specific user even though you removed the configuration from the image definition.

So it looks like ubuntu-image is working as expected.

Hey Paul,

Sorry for my mistake. The "add-user" should be a subkey of "manual".
And You are right! cloud-init does something to impact "add-user" function, even if we only use network-config or meta-data, not user-data.

If we fully remove cloud-init from YAML, the "add-user" function can correctly add a "ubuntu" user for logging.
If we use some cloud-init configs, the "add-user" function works for other usernames (except "ubuntu").

Therefore, we confirmed the "add-user" function is working as expected. Thanks for your effort.

I created a cloud-init bug for tracing why cloud-init touch ubuntu:ubuntu user, even though there is no user-data configuration under seed/nocloud

https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/2054785