Cloud images are expected to come with:
The problem is Anaconda's user.py is a mandatory step.
A suggested hack is to set a root password, then unset it in %post.
dgilmore, did you see the conclusion of yesterday's thread? is setting a root pw in kickstart then locking good enough? walters: its really not dgilmore, ok, we need to figure this out; i'm interested as I need to be producing cloud images via anaconda as well should take this to a bug or something pardon me for being behind, but what's the problem? you want root locked but anaconda doesn't allow that? dlehman: anaconda doesnt allow it without creatinga user dlehman, i think the typing to catch you up is best done in a bug fair enough dlehman: need to be able to say the root account can be locked if a package that will configure the system on first boot is installed dgilmore: and the rationale is that we can't know for sure if there will be compulsory user-account creation, so we can't lock root, right? walters: but yeah a bug is probably best https://fedorahosted.org/cloud/ ? dlehman: well we can deal with it all in %post, but that is easy to get wrong i can wordsmith this the only way anaconda could let this slide, I think, is if those initial-setup packages provide something that says "I take full responsibility for compulsory user account configuration" then we can just reassign the bugs to those packages when they inevitably come dlehman: right so I think those various packages should have Provides: user-account-setup https://fedorahosted.org/cloud/ticket/53 dlehman: i am okay with that initial-setup cloud-init etc can all provide that and that means if they get installed it's their responsibility to see to it that the accounts are created it doesn't matter what else is installed, doesn't matter what the user does, &c &c we'd need a way to ensure that the service or whatever is actually enabled on boot. that's all over the place right now are you saying anaconda would come with code to check the rpm transaction for something with the requisite provides? it certainly sounds better than maintaining a list of packages that may or may not handle it I'm not volunteering, but if you want something better than what we have now this seems like the way to go. we can log prominently "WARNING: not enforcing user account creation because package foo will handle it on the reboot" though come to think of it, this isn't going to work for me at least not easily since min-metadata-service will likely be in the default tree, just not enabled as davidshea says maybe in the future i'd have a variant tree for cloud, also with stuff like the physical kernel drivers stripped out * walters keeps coming back to the idea of a kickstart verb for this
Closing this ticket as part of trac clean up process. If you want to reopen, please reopen it after we move to pagure.io as atomic-wg.
Log in to comment on this ticket.