From ba11376328a56cb3b963c2d438b434637d4c54f4 Mon Sep 17 00:00:00 2001 From: Yolanda Robla Date: Fri, 22 Sep 2017 11:13:22 +0200 Subject: [PATCH] Create rescue user on ironic agent Create a new service, that will be launched after ironic agent has been exited. This will launch an script that will take the rescue password, and create the rescue user with that credentials. Depends-On: I7898ff22800dedba73d7fbfb3801378867abe183 Change-Id: Ic3a241e2789a122d3d966e7e2148306fd0cf6aed Partial-Bug: 1526449 --- diskimage_builder/elements/ironic-agent/element-deps | 1 + .../ironic-agent/post-install.d/80-ironic-agent | 1 + .../system/ironic-agent-create-rescue-user.path | 8 ++++++++ .../system/ironic-agent-create-rescue-user.service | 10 ++++++++++ .../bin/ironic-python-agent-create-rescue-user.sh | 12 ++++++++++++ 5 files changed, 32 insertions(+) create mode 100644 diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.path create mode 100644 diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.service create mode 100755 diskimage_builder/elements/ironic-agent/static/usr/local/bin/ironic-python-agent-create-rescue-user.sh diff --git a/diskimage_builder/elements/ironic-agent/element-deps b/diskimage_builder/elements/ironic-agent/element-deps index 39d86461..665e0da3 100644 --- a/diskimage_builder/elements/ironic-agent/element-deps +++ b/diskimage_builder/elements/ironic-agent/element-deps @@ -1,4 +1,5 @@ dhcp-all-interfaces +install-static no-final-image package-installs pip-and-virtualenv diff --git a/diskimage_builder/elements/ironic-agent/post-install.d/80-ironic-agent b/diskimage_builder/elements/ironic-agent/post-install.d/80-ironic-agent index 38dae821..bc3a15fd 100755 --- a/diskimage_builder/elements/ironic-agent/post-install.d/80-ironic-agent +++ b/diskimage_builder/elements/ironic-agent/post-install.d/80-ironic-agent @@ -24,6 +24,7 @@ case "$DIB_INIT_SYSTEM" in systemctl disable iptables.service fi systemctl enable $(svc-map ironic-python-agent).service + systemctl enable ironic-agent-create-rescue-user.path ;; sysv) update-rc.d iptables disable diff --git a/diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.path b/diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.path new file mode 100644 index 00000000..9987044e --- /dev/null +++ b/diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.path @@ -0,0 +1,8 @@ +[Unit] +Description=Ironic user rescue - notify path existence + +[Path] +PathExists=/etc/ipa-rescue-config/ipa-rescue-password + +[Install] +WantedBy=multi-user.target diff --git a/diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.service b/diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.service new file mode 100644 index 00000000..befeda66 --- /dev/null +++ b/diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.service @@ -0,0 +1,10 @@ +[Unit] +Description=Ironic agent rescue user creation + +[Service] +ExecStart=/bin/bash /usr/local/bin/ironic-python-agent-create-rescue-user.sh +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/diskimage_builder/elements/ironic-agent/static/usr/local/bin/ironic-python-agent-create-rescue-user.sh b/diskimage_builder/elements/ironic-agent/static/usr/local/bin/ironic-python-agent-create-rescue-user.sh new file mode 100755 index 00000000..aee408c0 --- /dev/null +++ b/diskimage_builder/elements/ironic-agent/static/usr/local/bin/ironic-python-agent-create-rescue-user.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +echo "Adding rescue user with root privileges..." +crypted_pass=$( /etc/sudoers.d/rescue