cloud init custom user-data script not picked up

[eayin2]

Platform

Hypervisor OS: Ubuntu-18.04
Guest OS: Ubuntu-18.04
kvm-install-vm: latest github version

Goal

I want to add an additional user with a specified password and without NOPASSWD in sudoers. By default kvm-install-vm uses ALL=(ALL) NOPASSWD:ALL for additional users.

Attempt

I tried to create a user-data.sh and run kvm-install-vm create -s "$HOME/user-data.sh" my-vm01, but it seems to have no effect. I can't login with ssh, nor through tty with virt-manager's graphical interface.

My guess is the config is not picked up. What might I be missing?

user-data.sh

# Users
users:
    - default
    - name: my-user
      groups: ['sudo']
      shell: /bin/bash
      sudo: ALL=(ALL) ALL
      ssh-authorized-keys:
        - ssh-ed25519 <my-pub-key>
      lock-passwd: false
      passwd: <my-salted-password-hash>

.kivrc

AUTOSTART=true
CPUS=1
MEMORY=1024
DISK_SIZE=20
IMAGEDIR="/mnt/500g01/virtualbox/image"
VMDIR="/mnt/500g01/virtualbox"
BRIDGE=br2
PUBKEY="${HOME}/.ssh/user01_ed25519.pub"
DISTRO=ubuntu1804
MACADDRESS=$(printf '%02x' $((0x$(od /dev/urandom -N1 -t x1 -An | cut -c 2-) & 0xFE | 0x02)); od /dev/urandom -N5 -t x1 -An | sed 's/ /:/g')
TIMEZONE=Berlin/Europe
VERBOSE=1

[eayin2]

Cause

The reason it's not picked is because -s user-data.sh allows to execute a shell script and not add cloud-config settings, as seen by the Content-Type: text/x-shellscript; charset="us-ascii" boundary.

Feature request

Can you allow supplying a custom cloud-config? If no cloud-config has been supplied, then the default can be used. I think the cloud config should not be hardcoded. By default kvm-install-vm uses NOPASSWD for sudo users. I prefer to provide a hashed password to cloud-init like so:

Example without sudo's NOPASSWD

users:                                                                                                                                                                                                             
    - default                                                                                                                                                                                                      
    - name: ${ADDITIONAL_USER}                                                                                                                                                                                     
      groups: ['${SUDOGROUP}']                                                                                                                                                                                     
      shell: /bin/bash                                                                                                                                                                                             
      sudo: ALL=(ALL) ALL                                                                                                                                                                                          
      ssh-authorized-keys:                                                                                                                                                                                         
        - ${KEY}        
                                                                                                                                                                                           
chpasswd:                                                                                                                                                                                                          
  list: | 
    root:\$6\$some-hash                                                                                             
    myuser:\$6\$some-hash                                                                                          
  expire: false

• The hash password can be stored encrypted with openssl and decrypted interactively before running kvm-install-vm.

Note

Because the hashes are within a heredoc format $-sign has to be escaped by a backslash and not single quotes.

[laymonk]

I agree, @eayin2 ... the hard-coding of cloud-config is a deal breaker for me ... discourages me from using this most useful effort. OTOH, one can just add the bits required in the hardcoded cloud-config and still run with it.

[eayin2]

I agree, @eayin2 ... the hard-coding of cloud-config is a deal breaker for me ... discourages me from using this most useful effort. OTOH, one can just add the bits required in the hardcoded cloud-config and still run with it.

If I recall correctly, a non hard coded version with an optional python dependency was made in the pull request #56 (comment)

[laymonk]

@eayin2, thanks for the update ... and yes, I agree with the maintainer on adding python as a dependency, that can throw up a whole pile of complications (with modules, python versions, and whatnot) ...

If I was to try and address this, I would prefer that people create their ISO cloud-config files, and then supply it as a parameter ... yeah, not smooth, but easier to accommodate in the existing eco-system ... just an optional flag/param to avoid generating ISO and read it from a given path.