Support disable_root-esque behaviour for other users
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cloud-init |
Fix Released
|
Wishlist
|
Dan Watkins | ||
| cloud-init (Ubuntu) |
Fix Released
|
Undecided
|
Chad Smith | ||
| Xenial |
Triaged
|
Undecided
|
Unassigned | ||
| Bionic |
Triaged
|
Undecided
|
Unassigned | ||
| Cosmic |
Fix Released
|
Undecided
|
Chad Smith | ||
Bug Description
When building Ubuntu cloud images, we prefer to name the default user "ubuntu" where possible, to maintain a consistent user experience between substrates. Some clouds, however, like to have a consistent user name across all of their various image offerings. This is an inherent conflict. One way in which we have agreed to resolve this is to use the messaging that the disable_root behaviour currently provides on the cloud-specific user, to point to the ubuntu user. This means, at least, that users are given some direction (rather than being left wondering if their instance has provisioned correctly, or if their SSH keys are invalid, or &c.)
I propose a new cloud.cfg key named "ssh_disable_users" which defines a list of users. For each of these users, cloud-init will ensure they exist, and configure the system so that users SSH'ing to that user will be redirected to the default user (a la disable_root behaviour currently).
(`disable_root: True` would translate as `ssh_disable_users: ["root"]`.)
Related branches
- Scott Moser: Approve
- Server Team CI bot: Approve (continuous-integration)
-
Diff: 577 lines (+337/-23)9 files modifiedcloudinit/config/cc_ssh.py (+2/-5)
cloudinit/config/cc_users_groups.py (+39/-2)
cloudinit/config/tests/test_ssh.py (+13/-9)
cloudinit/config/tests/test_users_groups.py (+144/-0)
cloudinit/distros/__init__.py (+19/-2)
cloudinit/ssh_util.py (+6/-0)
doc/examples/cloud-config-user-groups.txt (+9/-0)
doc/examples/cloud-config.txt (+16/-3)
tests/unittests/test_distros/test_create_users.py (+89/-2)
| Scott Moser (smoser) wrote | #1 |
| Changed in cloud-init: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| Changed in cloud-init: | |
| assignee: | nobody → Dan Watkins (daniel-thewatkins) |
| tags: | added: id-5ad63efb9e110201665a1dac |
| Changed in cloud-init: | |
| status: | Triaged → Fix Released |
| Changed in cloud-init (Ubuntu Cosmic): | |
| status: | New → Fix Released |
| assignee: | nobody → Chad Smith (chad.smith) |
| Changed in cloud-init (Ubuntu Bionic): | |
| status: | New → Triaged |
| Changed in cloud-init (Ubuntu Xenial): | |
| status: | New → Triaged |
| James Falcon (falcojr) wrote | #2 |
that seems like a sane plan.