Ubuntu Server 20.04 cloud-config adding user does nothing
I am trying to create a VirtualBox .box image of Ubuntu Server 20.04 with packer. The box is to be later used by Vagrant. I want to have a single user (vagrant) with root privileges who logs through SSH with public/private key pair.
The configuration files are as follows:
ubuntu2004.pkr.hcl:
source "virtualbox-iso" "autogenerated_1" {
boot_command = ["<enter><wait2><enter><wait><f6><esc><wait>", "autoinstall<wait2> ds=nocloud;", "<wait><enter>"]
boot_wait = "2s"
cd_files = ["./http/user-data", "./http/meta-data"]
cd_label = "cidata"
disk_size = 8192
guest_additions_path = "VBoxGuestAdditions_{{ .Version }}.iso"
guest_os_type = "Ubuntu_64"
headless = false
http_directory = "http"
iso_checksum = "sha256:f8e3086f3cea0fb3fefb29937ab5ed9d19e767079633960ccb50e76153effc98"
iso_urls = ["https://releases.ubuntu.com/focal/ubuntu-20.04.3-live-server-amd64.iso"]
shutdown_command = "echo 'ubuntu'|sudo -S shutdown -P now"
ssh_handshake_attempts = "200"
ssh_password = "ubuntu"
ssh_port = 22
ssh_username = "ubuntu"
ssh_wait_timeout = "10000s"
vboxmanage = [["modifyvm", "{{ .Name }}", "--memory", "1024"], ["modifyvm", "{{ .Name }}", "--cpus", "1"]]
virtualbox_version_file = ".vbox_version"
vm_name = "packer-ubuntu-20.04-amd64"
}
build {
sources = ["source.virtualbox-iso.autogenerated_1"]
provisioner "file" {
destination = "/home/vagrant/authorized_keys"
source = "/home/user/.ssh/virtual_id_ed25519"
}
provisioner "file" {
destination = "/home/vagrant/.ssh/authorized_keys"
source = "/home/user/.ssh/virtual_id_ed25519"
}
provisioner "shell" {
scripts = ["scripts/init.sh", "scripts/cleanup.sh"]
}
post-processor "vagrant" {
compression_level = "8"
output = "ubuntu-20.04-<no value>.box"
}
}
The cloud-config yaml is as follows:
./http/user-data:
#cloud-config
autoinstall:
version: 1
locale: en_US
keyboard:
layout: en
variant: us
network:
network:
version: 2
ethernets:
enp0s3:
dhcp4: true
storage:
layout:
name: lvm
identity:
hostname: ubuntu-server
username: ubuntu
password: "$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0"
ssh:
install-server: yes
groups:
- ubuntu: [root, sys]
- cloud-users
users:
- default
- name: vagrant
ssh_authorized_keys:
- ssh-ed25519 <<my-public-key>>
sudo: ALL=(ALL) NOPASSWD:ALL
groups: sudo, users, admin
lock_passwd: true
shell: /bin/bash
user-data:
disable_root: false
packages:
- openssh-server
- build-essential
late-commands:
- echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/ubuntu
I am explicitly uploading the public key to the image with the two file provisioners. Is this necessary?
The configuration in user-data should follow the documentation.
When Vagrant starts the machine, it can't log in with SSH. If I manually log into the server directly (with the ubuntu user), I can see that there is no user vagrant, i.e. getent passwd | grep vagrant returns nothing.
So,
- How should I set up the cloud-config so that after the box is created I can log in with the user
vagrantand with SSH keys (no passwords)? - Do I need the user
ubuntu? If not, how can I remove it? - What is the
identitypart inuser-datadoing? Can I remove the password from there, use SSH keys and not bother with creating explicitly a new user with SSH keys?
I hope that these things can be done inside the configuration files and not via shell scripts.
Solution 1:
If you have an identity section then the users section does not get used. It is not documented this way, so it is likely a bug.
Examples
An autoinstall configuration like this will only create the ruttiger user with a password.
#cloud-config
autoinstall:
identity:
hostname: focallive-template
password: $6$.c38i4RIqZeF4RtR$hRu2RFep/.6DziHLnRqGOEImb15JT2i.K/F9ojBkK/79zqY30Ll2/xx6QClQfdelLe.ZjpeVYfE8xBBcyLspa/
username: ruttiger
user-data:
users:
- name: vagrant
ssh_authorized_keys:
- ssh-rsa REDACTED
lock_passwd: true
shell: /bin/bash
groups: [adm,sudo]
sudo: ALL=(ALL) NOPASSWD:ALL
An autoinstall configuration like this will create the vagrant user with SSH key authentication. (There will not be any ubuntu user created. It is not required.)
#cloud-config
autoinstall:
user-data:
users:
- name: vagrant
ssh_authorized_keys:
- ssh-rsa REDACTED
lock_passwd: true
shell: /bin/bash
groups: [adm,sudo]
sudo: ALL=(ALL) NOPASSWD:ALL
How does it work
The installer creates the file /target/etc/cloud/cloud.cfg.d/99-installer.cfg. This file contains the user configuration (and some other). When the installed system boots for the first time, cloud-init will include the configuration from this file and create the user(s).
Notes
I tested using Ubuntu 20.04.3 (subiquity 21.08.2).
This line in the source appears to be where the users configuration gets replaced by the configuration provided in the identity section.