GitHub user hanisirfan closed a discussion: Rocky Linux 9 and Ubuntu 24.04 template with cloud-init doesn't reset password on next subsequent boots
<!-- Verify first that your issue/request is not already reported on GitHub. Also test if the latest release and main branch are affected too. Always add information AFTER of these HTML comments, but no need to delete the comments. --> ##### ISSUE TYPE <!-- Pick one below and delete the rest --> * Other ##### COMPONENT NAME <!-- Categorize the issue, e.g. API, VR, VPN, UI, etc. --> ~~~ UI, cloud-init integration ~~~ ##### CLOUDSTACK VERSION <!-- New line separated list of affected versions, commit ID for issues on main branch. --> ~~~ CloudStack 4.19.1.1 ~~~ ##### OS / ENVIRONMENT `cloud-init.noarch 23.4-7.el9_4.5.0.1` on Rocky Linux 9.4 and Ubuntu 24.04 <!-- Information about the environment if relevant, N/A otherwise --> ##### SUMMARY <!-- Explain the problem/feature briefly --> ##### STEPS TO REPRODUCE <!-- For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate. For new features, show how the feature would be used. --> <!-- Paste example playbooks or commands between quotes below --> The steps below are for Rocky Linux but somewhat identical for Ubuntu. ~~~ Basically I ran the commands below to prepare a working Rocky Linux 9.4 template with password management/reset. I'm just following the CloudStack documentation on cloud-init integration. Install the necessary packages ```bash # Verify the hostname is set to localhost hostnamectl # Update the system first dnf -y upgrade && reboot now # Enable EPEL repo dnf config-manager --set-enabled crb dnf -y install epel-release crb enable # Install common packages dnf -y install curl wget nano tmux vim telnet acpid fastfetch # Install guest agents ## QEMU agent: https://pve.proxmox.com/wiki/Qemu-guest-agent dnf -y install qemu-guest-agent systemctl enable --now qemu-guest-agent ## VMware agent: https://docs.vmware.com/en/VMware-Tools/12.4.0/com.vmware.vsphere.vmwaretools.doc/GUID-C48E1F14-240D-4DD1-8D4C-25B6EBE4BB0F.html dnf -y install open-vm-tools # Install cloud-init package dnf -y install cloud-init # Configure cloud-init to detect Cloudstack data source during runtime. nano /etc/cloud/cloud.cfg.d/99_cloudstack.cfg -------------------------------------------------------------------------------------------------------------- #cloud-config datasource_list: [ ConfigDrive, CloudStack, None ] datasource: CloudStack: {} None: {} -------------------------------------------------------------------------------------------------------------- # Enable cloud-init without any aid from ds-identify echo "policy: enabled" > /etc/cloud/ds-identify.cfg # Enable set_passwords module on every boot sed -i s/" - set[_|-]passwords"/" - [set_passwords, always]"/g /etc/cloud/cloud.cfg # Configures root password with cloud-init ## lock_passwd: false = Allow password login. ## disable_root: false = Allow root to remotely SSH ## ssh_pwauth: true = Accept password when logging into SSH nano /etc/cloud/cloud.cfg.d/80_user.cfg -------------------------------------------------------------------------------------------------------------- #cloud-config system_info: default_user: name: root lock_passwd: false disable_root: false ssh_pwauth: true -------------------------------------------------------------------------------------------------------------- # Enable Cloudstack reset SSH keys feature configure cloud-init ssh module to run on every boot. sed -i s/" - ssh$"/" - [ssh, always]"/g /etc/cloud/cloud.cfg # Disable cloud-init regenerating host certificates on boot. echo "ssh_deletekeys: false" > /etc/cloud/cloud.cfg.d/49_hostkeys.cfg # Partition management ## Install Growpart module dnf -y install cloud-utils-growpart ## Locate the root partition. lvs vgs pvs ## Every boot growpart will check and extend <PHYSICAL_VOLUME_PARTITION e.g. /dev/vda2> if there is change in size nano /etc/cloud/cloud.cfg.d/50_growpartion.cfg -------------------------------------------------------------------------------------------------------------- #cloud-config growpart: mode: auto devices: ['/dev/vda2'] ignore_growroot_disabled: false -------------------------------------------------------------------------------------------------------------- ## Extend volume group and root LV (runcmd is used) (this is for XFS filesystem) nano /etc/cloud/cloud.cfg.d/51_extend_volume.cfg -------------------------------------------------------------------------------------------------------------- #cloud-config runcmd: - [ cloud-init-per, always, grow_VG, pvresize, /dev/vda2 ] - [ cloud-init-per, always, grow_LV, lvresize, -l, '+100%FREE', /dev/rocky/root ] - [ cloud-init-per, always, grow_FS, xfs_growfs, /dev/rocky/root ] -------------------------------------------------------------------------------------------------------------- ## Enable autoresize on every boot sed -i s/" - runcmd"/" - [runcmd, always]"/g /etc/cloud/cloud.cfg sed -i s/" - scripts_user"/" - [scripts_user, always]"/g /etc/cloud/cloud.cfg ## Network configuration with ConfigDrive echo -e "\nnetwork: {}" >> /etc/cloud/cloud.cfg # Configures cloud-init final message #cloud-config nano /etc/cloud/cloud.cfg.d/100_extend_volume.cfg -------------------------------------------------------------------------------------------------------------- #cloud-config final_message: | Welcome to Rocky Linux 9 running on Nebula Cloud! -------------------------------------------------------------------------------------------------------------- # cloud-init clean up cloud-init clean --machine-id rm -rf /etc/sudoers.d/* # Template clean up ## Remove the udev persistent device rules and DHCP leases rm -f /etc/udev/rules.d/70* rm -f /var/lib/dhclient/* rm -f /var/lib/NetworkManager/*.lease ## Remove SSH Keys to ensure template instances doesn't have the same SSH keys. rm -f /etc/ssh/*key* ## Cleaning log files cat /dev/null > /var/log/audit/audit.log 2>/dev/null cat /dev/null > /var/log/wtmp 2>/dev/null logrotate -f /etc/logrotate.conf 2>/dev/null rm -f /var/log/*-* /var/log/*.gz 2>/dev/null ## Set User password to expire passwd --expire root ## Clearing User History history -c unset HISTFILE ## Shutdown the Instance halt -p ~~~ <!-- You can also paste gist.github.com links for larger files --> ##### EXPECTED RESULTS <!-- What did you expect to happen when running the steps above? --> ~~~ When the template has "Password enabled" turned on, I'm expecting these results: 1. The instance uses the randomly generated password on the first boot. 2. The instance uses a new randomly generated password after shutting it down and using the "Reset password" icon in the UI. ~~~ ##### ACTUAL RESULTS <!-- What actually happened? --> <!-- Paste verbatim command output between quotes below --> ~~~ 1. This works. 2. The newly generated password is not being applied by cloud-init. But, on the same instance, I ran clean-init clean --logs and rebooted the instance. The new password is applied after that. My initial thought after looking at the logs is that, the cc_set_passwords module did ran with always frequency as configured. But, it's using a cached password from CloudStack datastore. ~~~ This is my first time trying to create template especially with cloud-init being integrated. My previous tests with CloudStack is jus using the default CentOS 5 template. Tried following the issue #8767 , which resulted in the config I pasted on STEPS TO REPRODUCE section. I have additional question, say a user change the CIDR of their guest network, will cloud-init still able to detect the metadata hosted on the VR with the other CIDR than default? Sorry if I'm not supposed to post on GitHub and should use the mailing list instead. GitHub link: https://github.com/apache/cloudstack/discussions/9690 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
