Please support user-data on OpenStack / console password output broken

[vondrt4]

Hi!
I have a use-case where I would like to use Turnkey Linux on OpenStack without setting SSH keys.

Looking at https://www.turnkeylinux.org/docs/inithooks, the image should output a random password in the console log, yet the log only contains kernel output.

Secondly, it says that I can configure the root password with a config file in /etc/inithooks.conf. Injecting the file as per http://docs.openstack.org/openstack-ops/content/instances.html (see the end) did not work on my OpenStack. I see an empty file when I log in (I had the key just in case).

The image does read the OpenStack metadata service to get the key. Why not have it read the user data and dump it to the inithooks.conf file?

Or support full cloud-init in the image. For bare OS images, we use scripts such as (see below) to set the password. It also handles resizing the image to match flavor size, which you currently do not have.

#cloud-config
ssh_pwauth: True
users:
  - name: user
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    shell: /bin/bash
    lock-passwd: false
    passwd: password

[vondrt4]

Update:
I've found the file /usr/lib/inithooks/firstboot.d/25ec2-userdata

.
.
 if userdata and userdata.startswith("#!"):
        fh = TempFile(prefix="ec2userdata")
        fh.writelines(userdata)
        fh.close()

        os.chmod(fh.path, 0750)
        executil.system(fh.path)
        print "# executed ec2 user-data script"
.
.

So this is more of a documentation issue. https://www.turnkeylinux.org/docs/inithooks should document that the script must have #!/bin/bash on the first line. I also propose that it should have /sbin/resize2fs /dev/vda on the last one. Works.

The issue with the wrong console setting persists.

[JedMeister]

Thanks tons for the feedback. WRT to documentation improvements, if you have suggestions please feel free to provide a PR. I don't actually have write access to inithooks so if your PR is not merged (or at least commented on) by Alon or Liraz, then please give me a ping and I'll follow up with them.

Our OpenStack images really need some love. But unfortunately I don't have an OpenStack environment handy so when I updated it for v14.0 (Debian Jessie based) I was working in the dark. I put the word out hoping to get some feedback (and testing) from OpenStqack users but none was forthcoming...

The code that builds the OpenStack images is here in buildtasks (it pulls apart an ISO then adjusts it as need be and repackages for OpenStack). Obviously more generic changes need to go in different places (e.g. inithooks).

WRT to your initial issue/comments, the root password being in the logs definitely works on AWS and without access to an OpenStack setup I have no way of troubleshooting (let alone fixing) why that isn't working with OpenStack. Perhaps you could investiage and help us out?

Inclusion of cloud-init is a planned feature (see #172) but we aren't there yet as it currently clashes with inithooks. As there are a number of hosting providers (including our own TurnKey Hub) already using inithooks we need to keep it fully functional but include cloud-init functionality too...

Regardless, any contribution and/or feedback and/or ideas etc that you are willing to provide is/are warmly welcome! 😄

[vondrt4]

The console output was more of an OpenStack issue. Bug filled. It can be worked around when uploading the image, such as:
glance image-create ... --prop os_command_line="root=/dev/vda console=tty0 console=ttyS0"
But it will go away when I change the image format, along with all theses "prop"s. So I think this can be closed.

[JedMeister]

Thanks for the update. I will close this one for now then.

Also, I have been contacted by another guy who is interested in helping out with the OpenStack builds. He doesn't have a massive amount of experience with OpenStack but might be able to assist with testing etc. If you'd like to email me (jeremy AT turnkeylinux.org) I can pass his details on to you and perhaps you can collaborate?.