nuageinit: only create the default user when needed

The "default" user should only be created when:

- the `users` key is missing
- or the `default` string is present in the `users` list

Since the `public_keys` is extracted from the meta-data, this patch has
to slightly adjust the way they are loaded.
The change simplify the logic around the default user SSH key injection.
Both `ssh_authorized_keys` and `public_keys` are handled at the same time.

MFC After:	1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1952
This commit is contained in:
Gonéri Le Bouder
2026-01-06 12:18:46 -05:00
committed by Baptiste Daroussin
parent c2b407244f
commit cbc00fcc2b
+89 -63
View File
@@ -16,14 +16,28 @@ end
local ni_path = arg[1]
local citype = arg[2]
local default_user = {
name = "freebsd",
homedir = "/home/freebsd",
groups = "wheel",
gecos = "FreeBSD User",
shell = "/bin/sh",
plain_text_passwd = "freebsd"
}
local function default_user(obj, metadata)
local ssh_authorized_keys = {}
if type(metadata.public_keys) == "table" then
for _, k in pairs(metadata.public_keys) do
table.insert(ssh_authorized_keys, k)
end
end
if type(obj.ssh_authorized_keys) == "table" then
for _, k in ipairs(obj.ssh_authorized_keys) do
table.insert(ssh_authorized_keys, k)
end
end
return {
name = "freebsd",
homedir = "/home/freebsd",
groups = "wheel",
gecos = "FreeBSD User",
shell = "/bin/sh",
plain_text_passwd = "freebsd",
ssh_authorized_keys = ssh_authorized_keys
}
end
local root = os.getenv("NUAGE_FAKE_ROOTDIR")
if not root then
@@ -78,12 +92,16 @@ local function get_ifaces_by_mac()
return myifaces
end
local function sethostname(obj)
local function sethostname(obj, metadata)
-- always prefer fqdn if specified over hostname
if obj.fqdn then
nuage.sethostname(obj.fqdn)
elseif obj.hostname then
nuage.sethostname(obj.hostname)
elseif metadata["local-hostname"] then
nuage.sethostname(metadata["local-hostname"])
elseif metadata["local"] then
nuage.sethostname(metadata["hostname"])
end
end
@@ -110,20 +128,40 @@ local function groups(obj)
end
end
local function create_default_user(obj)
if not obj.users then
-- default user if none are defined
nuage.adduser(default_user)
local function create_default_user(obj, metadata)
local function need_default_user()
if not obj.users then
-- default user if "users" is undefined
return true
end
-- create default user if "default" is in the users list
for _, u in pairs(obj.users) do
if type(u) == "string" and u == "default" then
return true
end
end
return false
end
if need_default_user() then
local du = default_user(obj, metadata)
local homedir = nuage.adduser(du)
if du.ssh_authorized_keys then
for _, k in ipairs(du.ssh_authorized_keys) do
nuage.addsshkey(homedir, k)
end
end
end
end
local function users(obj)
local function users(obj, metadata)
if obj.users == nil then return end
for n, u in pairs(obj.users) do
if type(u) == "string" then
if u == "default" then
nuage.adduser(default_user)
-- already done during create_default_user
nuage.adduser(default_user(obj, metadata))
else
nuage.adduser({name = u})
end
@@ -180,14 +218,6 @@ local function ssh_keys(obj)
end
end
local function ssh_authorized_keys(obj)
if obj.ssh_authorized_keys == nil then return end
local homedir = nuage.adduser(default_user)
for _, k in ipairs(obj.ssh_authorized_keys) do
nuage.addsshkey(homedir, k)
end
end
local function nameservers(interface, obj)
local resolvconf_conf_handler = open_resolvconf_conf()
@@ -280,17 +310,17 @@ local function get_ifaces_by_driver()
local drivers = {}
local last_interface = nil
for line in proc:lines() do
local interface = line:match("^([%S]+): ")
local interface = line:match("^([%S]+): ")
if interface then
if interface then
last_interface = interface
end
end
local driver = line:match("^[%s]+drivername: ([%S]+)$")
local driver = line:match("^[%s]+drivername: ([%S]+)$")
if driver then
if driver then
drivers[driver] = last_interface
end
end
end
proc:close()
@@ -632,45 +662,42 @@ local function parse_network_config()
return netobj
end
if citype == "config-2" then
local parser = ucl.parser()
local res, err = parser:parse_file(ni_path .. "/meta_data.json")
local function load_metadata()
if citype == "config-2" then
local parser = ucl.parser()
local res, err = parser:parse_file(ni_path .. "/meta_data.json")
if not res then
nuage.err("error parsing config-2 meta_data.json: " .. err)
end
local obj = parser:get_object()
if obj.public_keys then
local homedir = nuage.adduser(default_user)
for _,v in pairs(obj.public_keys) do
nuage.addsshkey(homedir, v)
if not res then
nuage.err("error parsing config-2 meta_data.json: " .. err)
end
end
nuage.sethostname(obj["hostname"])
local obj = parser:get_object()
return obj
elseif citype == "nocloud" then
local f, err = io.open(ni_path .. "/meta-data")
if err then
nuage.err("error parsing nocloud meta-data: " .. err)
end
local obj = yaml.load(f:read("*a"))
f:close()
if not obj then
nuage.err("error parsing nocloud meta-data")
end
return obj
elseif citype ~= "postnet" then
nuage.err("Unknown cloud init type: " .. citype)
end
return {}
end
if citype == "config-2" then
-- network
config2_network(ni_path)
elseif citype == "nocloud" then
local f, err = io.open(ni_path .. "/meta-data")
if err then
nuage.err("error parsing nocloud meta-data: " .. err)
end
local obj = yaml.load(f:read("*a"))
f:close()
if not obj then
nuage.err("error parsing nocloud meta-data")
end
local hostname = obj["local-hostname"]
if not hostname then
hostname = obj["hostname"]
end
if hostname then
nuage.sethostname(hostname)
end
elseif citype ~= "postnet" then
nuage.err("Unknown cloud init type: " .. citype)
end
local metadata = load_metadata()
-- deal with user-data
local ud = nil
local f = nil
@@ -709,7 +736,6 @@ if line == "#cloud-config" then
groups,
create_default_user,
ssh_keys,
ssh_authorized_keys,
network_config,
ssh_pwauth,
runcmd,
@@ -740,7 +766,7 @@ if line == "#cloud-config" then
local netobj = parse_network_config() or obj
network_config(netobj)
else
calls_table[i](obj)
calls_table[i](obj, metadata)
end
end
elseif line:sub(1, 2) == "#!" then