From a1f11f943d83b1c458767d17f44f4e800bc9fad5 Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Fri, 28 Sep 2018 14:28:10 -0700 Subject: [PATCH] Use rootpw for setting the root password instead of user Ends up you cannot use the kickstart user command on root, since it already exists, so we have to translate that into a rootpw command. So [[customizations.user]] with name = "root" only support key, which will set the ssh key, and password which will use rootpw to set the password. plain text or encrypted are supported. Related: rhbz#1626122 --- src/pylorax/api/compose.py | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/src/pylorax/api/compose.py b/src/pylorax/api/compose.py index 0faff6a4..3fde1650 100644 --- a/src/pylorax/api/compose.py +++ b/src/pylorax/api/compose.py @@ -115,6 +115,32 @@ def repo_to_ks(r, url="url"): return cmd +def write_ks_root(f, user): + """ Write kickstart root password and sshkey entry + + :param f: kickstart file object + :type f: open file object + :param user: A blueprint user dictionary + :type user: dict + + If the entry contains a ssh key, use sshkey to write it + If it contains password, use rootpw to set it + + root cannot be used with the user command. So only key and password are supported + for root. + """ + # ssh key uses the sshkey kickstart command + if "key" in user: + f.write('sshkey --user %s "%s"\n' % (user["name"], user["key"])) + + if "password" in user: + if any(user["password"].startswith(prefix) for prefix in ["$2b$", "$6$", "$5$"]): + log.debug("Detected pre-crypted password") + f.write('rootpw --iscrypted "%s"\n' % user["password"]) + else: + log.debug("Detected plaintext password") + f.write('rootpw --plaintext "%s"\n' % user["password"]) + def write_ks_user(f, user): """ Write kickstart user and sshkey entry @@ -127,9 +153,6 @@ def write_ks_user(f, user): All of the user fields are optional, except name, write out a kickstart user entry with whatever options are relevant. """ - if "name" not in user: - raise RuntimeError("user entry requires a name") - # ssh key uses the sshkey kickstart command if "key" in user: f.write('sshkey --user %s "%s"\n' % (user["name"], user["key"])) @@ -218,6 +241,14 @@ def add_customizations(f, recipe): if "user" in customizations: # only name is required, everything else is optional for user in customizations["user"]: + if "name" not in user: + raise RuntimeError("user entry requires a name") + + # root is special, cannot use normal user command for it + if user["name"] == "root": + write_ks_root(f, user) + continue + write_ks_user(f, user) user_groups.append(user["name"])