Ubuntu
cloud-init package

cloud-init destroys the password of existing 'ubuntu' account

Bug #2054785 reported by Laider Lai
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

[Env]
Ubuntu 22.04.4 LTS
cloud-init 23.3.3-0ubuntu0~22.04.1

[Issue scenario]
When we generate an Ubuntu image by (ubuntu-image v3.2+snap3 rev#731) tool, the tool supports putting cloud-init configurations (Ex. network-config) under /var/lib/cloud/seed/nocloud/.

It also supports adding users to the rootfs of image.
The add-user logic is like the below flow: (https://github.com/canonical/ubuntu-image/blob/main/internal/statemachine/helper.go#L925)
$ useradd <name> ...
$ echo "<name>:<password>" | chpasswd
$ passwd -e <name>

Interesting results like the below:
1 Add cloud-init network-config (no user-data) + add-user (ubuntu:ubuntu), we can't log into the system by ubuntu:ubuntu
2. Add cloud-init network-config (no user-data) + add-user (xxx:xxx), we can log into the system by xxx:xxx
3. Don't put any cloud-init configurations + add-user (ubuntu:ubuntu), we can log into the system by ubuntu:ubuntu

The results provide a clear scenario about cloud-init touching something "only" for the user (ubuntu:ubuntu), even though there is no user-data configuration under seed/nocloud directory.
If there are no cloud-init configurations from seed/nocloud, then cloud-init didn't touch the user (ubuntu:ubuntu)

Maybe this is not a bug, more like a design, could the cloud-init team help to clarify? Tks.

Laider Lai (laiderlai)
summary: - cloud-init destroy the password of exist 'ubuntu' account
+ cloud-init destroys the password of existing 'ubuntu' account
Revision history for this message
James Falcon (falcojr) wrote :

I believe that cloud-init is working as intended here. I'm unfamiliar with the Ubuntu Image tool, but it looks like there is overlap between the user-creation from that tool and cloud-init.

When cloud-init runs, it will by default create a distro-default user with no password and password login disabled. On Ubuntu, this user is 'ubuntu'. This behavior can be overridden using user data alongside the network-config.
The user data file is described here:
https://cloudinit.readthedocs.io/en/latest/reference/datasources/nocloud.html#file-formats

Whereas the user data for creating users is described here:
https://cloudinit.readthedocs.io/en/latest/reference/modules.html#users-and-groups

It describes how the default user can be overridden.

Based on this, I think I can explain your 3 scenarios:
1. Cloud-init created user ubuntu with no password which somehow superseded the Ubuntu image user creation.
2. 1 happened, but since you also specified another user, that user got created and so works as expected.
3. With no NoCloud seed data, cloud-init didn't run and didn't attempt to create any default user.

Does that help?

Changed in cloud-init (Ubuntu):
status: New → Incomplete
Revision history for this message
Laider Lai (laiderlai) wrote :

Hi James,

Thanks for your information. It's clear to me.

The cloud-init creates a distro-default user by default despite no user-data configurations.
Only if no seed data exists, then cloud-init didn't run anything.

Move this case to invalid. Tks.

Changed in cloud-init (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.