← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #62973

[Bug 1665694] Re: cc_set_passwords fails to change passwords specified as chpasswd['list'] in cloud-config

  Thread PreviousDate PreviousThread Next 
** Also affects: cloud-init (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: cloud-init (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: cloud-init (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Also affects: cloud-init (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Changed in: cloud-init (Ubuntu Xenial)
       Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Yakkety)
       Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Zesty)
       Status: New => Fix Released

** Changed in: cloud-init (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Yakkety)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Zesty)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1665694

Title:
  cc_set_passwords fails to change passwords specified as
  chpasswd['list'] in cloud-config

Status in cloud-init:
  Fix Committed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Confirmed
Status in cloud-init source package in Yakkety:
  Confirmed
Status in cloud-init source package in Zesty:
  Fix Released

Bug description:
  === Being SRU Template ===
  [Impact]
  Users of cloud-init can change passwords on a system by providing input
  to chpasswd as a string:
    #cloud-config
    chpasswd:
      list: |
        user1:password1

  Confusingly, the 'list' is actually not a list, but a multi-line string.
  The change made in this bug supports either.
        
  [Test Case]
  # this launches 2 containers, one with list input and one with str
  # then at the end, the user should ssh in and verify they can log in
  # with the provided user and password.
  $ rel=zesty
  $ cat > chpass-str.yaml <<"EOF"
  #cloud-config
  ssh_pwauth: True
  users:
   - default
   - name: "user1"
   - name: "user2"
  chpasswd:
    expire: False
    list: |
       user1:password1
       user2:password2
  EOF

  $ cat > chpass-list.yaml <<"EOF"
  #cloud-config
  ssh_pwauth: True
  users:
   - default
   - name: "user1"
   - name: "user2"
  chpasswd:
    expire: False
    list:
     - user1:password1
     - user2:password2
  EOF

  $ ud_str="$(cat chpass-str.yaml)"
  $ ud_list="$(cat chpass-list.yaml)"
  $ pname=$(petname || echo foo-$rel)
  $ lxc launch ubuntu-daily:$rel $pname-str "--config=user.user-data=$ud_str"
  $ lxc launch ubuntu-daily:$rel $pname-list "--config=user.user-data=$ud_list"

  $ for name in $pname-str $pname-list; do
     lxc exec $name -- sh -c '
     while ! [ -e /run/cloud-init/result.json ]; do
        echo -n .; sleep 1; done; echo;'; done

  $ lxc list "$pname.*"
  $ echo "Now ssh into $pname-str and $pname-list as user1 and user2."

  [Regression Potential]
  Very low regression potential.  The test case shown provides both
  the previously supported path (a string) and the new path (a list).

  [Other Info]
  === End SRU Template ===
  If cloud-config contains list of user:password pairs as in example below

  chpasswd:
    list:
      - user1:pwd001
      - user2:pwd002

  cc_set_passwords module fails to change passwords with error:
  Feb 17 15:52:48 si-man [CLOUDINIT] stages.py[DEBUG]: Running module set-passwords (<module 'cloudinit.config.cc_set_passwords' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py'>) with frequency once-per-instance
  Feb 17 15:52:48 si-man [CLOUDINIT] handlers.py[DEBUG]: start: modules-config/config-set-passwords: running config-set-passwords with frequency once-per-instance
  Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Writing to /var/lib/cloud/instances/6d822e81-98a1-4b43-bed2-db8d0cf045bb/sem/config_set_passwords - wb: [420] 25 bytes
  Feb 17 15:52:48 si-man [CLOUDINIT] helpers.py[DEBUG]: Running config-set-passwords using lock (<FileLock using file '/var/lib/cloud/instances/6d822e81-98a1-4b43-bed2-db8d0cf045bb/sem/config_set_passwords'>)
  Feb 17 15:52:48 si-man [CLOUDINIT] cc_set_passwords.py[DEBUG]: Changing password for ["['user1"]:
  Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Running command ['chpasswd'] with allowed return codes [0] (shell=False, capture=True)
  Feb 17 15:52:48 si-man [CLOUDINIT] util.py[WARNING]: Failed to set passwords with chpasswd for ["['user1"]
  Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Failed to set passwords with chpasswd for ["['user1"]#012Traceback (most recent call last):#012  File "/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py", line 121, in handle#012    util.subp(['chpasswd'], ch_in)#012  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1836, in subp#012    cmd=args)#012cloudinit.util.ProcessExecutionError: Unexpected error while running command.#012Command: ['chpasswd']#012Exit code: 1#012Reason: -#012Stdout: ''#012Stderr: "chpasswd: (user ['user1) pam_chauthtok() failed, error:\nAuthentication token manipulation error\nchpasswd: (line 1, user ['user1) password not changed\n"
  Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Running command ['passwd', '--expire', "['user1"] with allowed return codes [0] (shell=False, capture=True)
  Feb 17 15:52:48 si-man [CLOUDINIT] util.py[WARNING]: Failed to set 'expire' for ['user1
  Feb 17 15:52:48 si-man [CLOUDINIT] util.py[DEBUG]: Failed to set 'expire' for ['user1#012Traceback (most recent call last):#012  File "/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py", line 136, in handle#012    util.subp(['passwd', '--expire', u])#012  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1836, in subp#012    cmd=args)#012cloudinit.util.ProcessExecutionError: Unexpected error while running command.#012Command: ['passwd', '--expire', "['user1"]#012Exit code: 1#012Reason: -#012Stdout: ''#012Stderr: "passwd: user '['user1' does not exist\n"
  Feb 17 15:52:48 si-man [CLOUDINIT] cc_set_passwords.py[DEBUG]: 2 errors occured, re-raising the last one

  The issue affects cloud-init installed in xenial-server-cloudimg-amd64-disk1.img
  # apt-cache policy cloud-init
  cloud-init:
    Installed: 0.7.8-49-g9e904bb-0ubuntu1~16.04.4
    Candidate: 0.7.8-49-g9e904bb-0ubuntu1~16.04.4
    Version table:
   *** 0.7.8-49-g9e904bb-0ubuntu1~16.04.4 500
          500 http://zone-1.clouds.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       0.7.7~bzr1212-0ubuntu1 500
          500 http://zone-1.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  cc_set_passwords converts list of user:password lists to str and as
  result user names get corrupted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1665694/+subscriptions

References

  Thread PreviousDate PreviousThread Next