HACK: work around issue with core user creation in FCOS

There is currently a bug where if the core user is created via Ignition it is not added to the correct set of groups. This completely blocks kola from running as the core user is not directly added to the sudoers file with NOPASSWD but rather inherits it from the sudo group. Temporarily work around it until a fix lands. Upstream tracking ticket: coreos/fedora-coreos-config#41
arithx · Jan 31, 2019 · c85d2b0 · c85d2b0
1 parent a08948a
commit c85d2b0
Show file tree

Hide file tree

Showing 4 changed files with 120 additions and 5 deletions.
diff --git a/kola/tests/ignition/passwd.go b/kola/tests/ignition/passwd.go
@@ -175,7 +175,7 @@ func init() {
 		               ]
 		             }
 		           }`),
-		Distros: []string{"rhcos", "fcos"},
+		Distros: []string{"rhcos"},
 	})
 	register.Register(&register.Test{
 		Name:        "rhcos.ignition.v2.users",
@@ -203,7 +203,7 @@ func init() {
 		               ]
 		             }
 		           }`),
-		Distros: []string{"rhcos", "fcos"},
+		Distros: []string{"rhcos"},
 	})
 }
 

diff --git a/kola/tests/misc/selinux.go b/kola/tests/misc/selinux.go
@@ -33,19 +33,19 @@ func init() {
 		Run:         SelinuxBoolean,
 		ClusterSize: 1,
 		Name:        "coreos.selinux.boolean",
-		Distros:     []string{"cl", "rhcos", "fcos"},
+		Distros:     []string{"cl", "rhcos"},
 	})
 	register.Register(&register.Test{
 		Run:         SelinuxBooleanPersist,
 		ClusterSize: 1,
 		Name:        "rhcos.selinux.boolean.persist",
-		Distros:     []string{"rhcos", "fcos"},
+		Distros:     []string{"rhcos"},
 	})
 	register.Register(&register.Test{
 		Run:         SelinuxManage,
 		ClusterSize: 1,
 		Name:        "rhcos.selinux.manage",
-		Distros:     []string{"rhcos", "fcos"},
+		Distros:     []string{"rhcos"},
 	})
 }
 

diff --git a/platform/conf/conf.go b/platform/conf/conf.go
@@ -616,6 +616,120 @@ func (c *Conf) CopyKeys(keys []*agent.Key) {
 	}
 }
 
+// HACK: Adds list of groups to core user
+func (c *Conf) AddGroups(groups []string) {
+	if c.ignitionV1 != nil {
+		c.addGroupsIgnitionV1(groups)
+	} else if c.ignitionV2 != nil {
+		c.addGroupsIgnitionV2(groups)
+	} else if c.ignitionV21 != nil {
+		c.addGroupsIgnitionV21(groups)
+	} else if c.ignitionV22 != nil {
+		c.addGroupsIgnitionV22(groups)
+	} else if c.ignitionV23 != nil {
+		c.addGroupsIgnitionV23(groups)
+	}
+}
+
+func (c *Conf) addGroupsIgnitionV1(groups []string) {
+	for i := range c.ignitionV1.Passwd.Users {
+		user := &c.ignitionV1.Passwd.Users[i]
+		if user.Name == "core" {
+			if user.Create != nil {
+				user.Create.Groups = append(user.Create.Groups, groups...)
+				return
+			} else {
+				user.Create = &v1types.UserCreate{
+					Groups: groups,
+				}
+			}
+		}
+	}
+	c.ignitionV1.Passwd.Users = append(c.ignitionV1.Passwd.Users, v1types.User{
+		Name: "core",
+		Create: &v1types.UserCreate{
+			Groups: groups,
+		},
+	})
+}
+
+func (c *Conf) addGroupsIgnitionV2(groups []string) {
+	for i := range c.ignitionV2.Passwd.Users {
+		user := &c.ignitionV2.Passwd.Users[i]
+		if user.Name == "core" {
+			if user.Create != nil {
+				user.Create.Groups = append(user.Create.Groups, groups...)
+				return
+			} else {
+				user.Create = &v2types.UserCreate{
+					Groups: groups,
+				}
+				return
+			}
+		}
+	}
+	c.ignitionV2.Passwd.Users = append(c.ignitionV2.Passwd.Users, v2types.User{
+		Name: "core",
+		Create: &v2types.UserCreate{
+			Groups: groups,
+		},
+	})
+}
+
+func (c *Conf) addGroupsIgnitionV21(groups []string) {
+	var groupObjs []v21types.PasswdUserGroup
+	for _, group := range groups {
+		groupObjs = append(groupObjs, v21types.PasswdUserGroup(group))
+	}
+	for i := range c.ignitionV21.Passwd.Users {
+		user := &c.ignitionV21.Passwd.Users[i]
+		if user.Name == "core" {
+			user.Groups = append(user.Groups, groupObjs...)
+			return
+		}
+	}
+	c.ignitionV21.Passwd.Users = append(c.ignitionV21.Passwd.Users, v21types.PasswdUser{
+		Name:   "core",
+		Groups: groupObjs,
+	})
+}
+
+func (c *Conf) addGroupsIgnitionV22(groups []string) {
+	var groupObjs []v22types.Group
+	for _, group := range groups {
+		groupObjs = append(groupObjs, v22types.Group(group))
+	}
+	for i := range c.ignitionV22.Passwd.Users {
+		user := &c.ignitionV22.Passwd.Users[i]
+		if user.Name == "core" {
+			user.Groups = append(user.Groups, groupObjs...)
+			return
+		}
+	}
+	c.ignitionV22.Passwd.Users = append(c.ignitionV22.Passwd.Users, v22types.PasswdUser{
+		Name:   "core",
+		Groups: groupObjs,
+	})
+}
+
+func (c *Conf) addGroupsIgnitionV23(groups []string) {
+	var groupObjs []v23types.Group
+	for _, group := range groups {
+		groupObjs = append(groupObjs, v23types.Group(group))
+	}
+	for i := range c.ignitionV23.Passwd.Users {
+		user := &c.ignitionV23.Passwd.Users[i]
+		if user.Name == "core" {
+			user.Groups = append(user.Groups, groupObjs...)
+			return
+		}
+	}
+	c.ignitionV23.Passwd.Users = append(c.ignitionV23.Passwd.Users, v23types.PasswdUser{
+		Name:   "core",
+		Groups: groupObjs,
+	})
+}
+
 func keysToStrings(keys []*agent.Key) (keyStrs []string) {
 	for _, key := range keys {
 		keyStrs = append(keyStrs, key.String())

diff --git a/platform/machine/unprivqemu/cluster.go b/platform/machine/unprivqemu/cluster.go
@@ -72,6 +72,7 @@ func (qc *Cluster) NewMachineWithOptions(userdata *conf.UserData, options Machin
 	}
 	qc.mu.Unlock()
 
+	conf.AddGroups([]string{"wheel", "sudo", "adm", "systemd-journal"})
 	var confPath string
 	if conf.IsIgnition() {
 		confPath = filepath.Join(dir, "ignition.json")