Create rescue user on ironic agent

Create a new service, that will be launched after ironic
agent has been exited. This will launch an script that will
take the rescue password, and create the rescue user with
that credentials.

Depends-On: I7898ff22800dedba73d7fbfb3801378867abe183
Change-Id: Ic3a241e2789a122d3d966e7e2148306fd0cf6aed
Partial-Bug: 1526449
This commit is contained in:
Yolanda Robla 2017-09-22 11:13:22 +02:00 committed by yolanda.robla
parent a0045985f2
commit ba11376328
5 changed files with 32 additions and 0 deletions

View file

@ -1,4 +1,5 @@
dhcp-all-interfaces dhcp-all-interfaces
install-static
no-final-image no-final-image
package-installs package-installs
pip-and-virtualenv pip-and-virtualenv

View file

@ -24,6 +24,7 @@ case "$DIB_INIT_SYSTEM" in
systemctl disable iptables.service systemctl disable iptables.service
fi fi
systemctl enable $(svc-map ironic-python-agent).service systemctl enable $(svc-map ironic-python-agent).service
systemctl enable ironic-agent-create-rescue-user.path
;; ;;
sysv) sysv)
update-rc.d iptables disable update-rc.d iptables disable

View file

@ -0,0 +1,8 @@
[Unit]
Description=Ironic user rescue - notify path existence
[Path]
PathExists=/etc/ipa-rescue-config/ipa-rescue-password
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,10 @@
[Unit]
Description=Ironic agent rescue user creation
[Service]
ExecStart=/bin/bash /usr/local/bin/ironic-python-agent-create-rescue-user.sh
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,12 @@
#!/bin/bash
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
echo "Adding rescue user with root privileges..."
crypted_pass=$(</etc/ipa-rescue-config/ipa-rescue-password)
useradd -m rescue -G wheel -p $crypted_pass
echo "rescue ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/rescue