cloud-init destroys the password of existing 'ubuntu' account
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[Env]
Ubuntu 22.04.4 LTS
cloud-init 23.3.3-
[Issue scenario]
When we generate an Ubuntu image by (ubuntu-image v3.2+snap3 rev#731) tool, the tool supports putting cloud-init configurations (Ex. network-config) under /var/lib/
It also supports adding users to the rootfs of image.
The add-user logic is like the below flow: (https:/
$ useradd <name> ...
$ echo "<name>:<password>" | chpasswd
$ passwd -e <name>
Interesting results like the below:
1 Add cloud-init network-config (no user-data) + add-user (ubuntu:ubuntu), we can't log into the system by ubuntu:ubuntu
2. Add cloud-init network-config (no user-data) + add-user (xxx:xxx), we can log into the system by xxx:xxx
3. Don't put any cloud-init configurations + add-user (ubuntu:ubuntu), we can log into the system by ubuntu:ubuntu
The results provide a clear scenario about cloud-init touching something "only" for the user (ubuntu:ubuntu), even though there is no user-data configuration under seed/nocloud directory.
If there are no cloud-init configurations from seed/nocloud, then cloud-init didn't touch the user (ubuntu:ubuntu)
Maybe this is not a bug, more like a design, could the cloud-init team help to clarify? Tks.
summary: |
- cloud-init destroy the password of exist 'ubuntu' account + cloud-init destroys the password of existing 'ubuntu' account |
I believe that cloud-init is working as intended here. I'm unfamiliar with the Ubuntu Image tool, but it looks like there is overlap between the user-creation from that tool and cloud-init.
When cloud-init runs, it will by default create a distro-default user with no password and password login disabled. On Ubuntu, this user is 'ubuntu'. This behavior can be overridden using user data alongside the network-config. /cloudinit. readthedocs. io/en/latest/ reference/ datasources/ nocloud. html#file- formats
The user data file is described here:
https:/
Whereas the user data for creating users is described here: /cloudinit. readthedocs. io/en/latest/ reference/ modules. html#users- and-groups
https:/
It describes how the default user can be overridden.
Based on this, I think I can explain your 3 scenarios:
1. Cloud-init created user ubuntu with no password which somehow superseded the Ubuntu image user creation.
2. 1 happened, but since you also specified another user, that user got created and so works as expected.
3. With no NoCloud seed data, cloud-init didn't run and didn't attempt to create any default user.
Does that help?