From c85d2b02b109bc4d7205c2eb136dce697311cf98 Mon Sep 17 00:00:00 2001 From: Stephen Lowrie Date: Thu, 31 Jan 2019 15:51:39 -0600 Subject: [PATCH] HACK: work around issue with core user creation in FCOS There is currently a bug where if the core user is created via Ignition it is not added to the correct set of groups. This completely blocks kola from running as the core user is not directly added to the sudoers file with NOPASSWD but rather inherits it from the sudo group. Temporarily work around it until a fix lands. Upstream tracking ticket: https://github.com/coreos/fedora-coreos-config/issues/41 --- kola/tests/ignition/passwd.go | 4 +- kola/tests/misc/selinux.go | 6 +- platform/conf/conf.go | 114 +++++++++++++++++++++++++ platform/machine/unprivqemu/cluster.go | 1 + 4 files changed, 120 insertions(+), 5 deletions(-) diff --git a/kola/tests/ignition/passwd.go b/kola/tests/ignition/passwd.go index cb0723284..8b44b1348 100644 --- a/kola/tests/ignition/passwd.go +++ b/kola/tests/ignition/passwd.go @@ -175,7 +175,7 @@ func init() { ] } }`), - Distros: []string{"rhcos", "fcos"}, + Distros: []string{"rhcos"}, }) register.Register(®ister.Test{ Name: "rhcos.ignition.v2.users", @@ -203,7 +203,7 @@ func init() { ] } }`), - Distros: []string{"rhcos", "fcos"}, + Distros: []string{"rhcos"}, }) } diff --git a/kola/tests/misc/selinux.go b/kola/tests/misc/selinux.go index 4cade841b..ca15da2e8 100644 --- a/kola/tests/misc/selinux.go +++ b/kola/tests/misc/selinux.go @@ -33,19 +33,19 @@ func init() { Run: SelinuxBoolean, ClusterSize: 1, Name: "coreos.selinux.boolean", - Distros: []string{"cl", "rhcos", "fcos"}, + Distros: []string{"cl", "rhcos"}, }) register.Register(®ister.Test{ Run: SelinuxBooleanPersist, ClusterSize: 1, Name: "rhcos.selinux.boolean.persist", - Distros: []string{"rhcos", "fcos"}, + Distros: []string{"rhcos"}, }) register.Register(®ister.Test{ Run: SelinuxManage, ClusterSize: 1, Name: "rhcos.selinux.manage", - Distros: []string{"rhcos", "fcos"}, + Distros: []string{"rhcos"}, }) } diff --git a/platform/conf/conf.go b/platform/conf/conf.go index f13d8c10c..b2f9b238f 100644 --- a/platform/conf/conf.go +++ b/platform/conf/conf.go @@ -616,6 +616,120 @@ func (c *Conf) CopyKeys(keys []*agent.Key) { } } +// HACK: Adds list of groups to core user +func (c *Conf) AddGroups(groups []string) { + if c.ignitionV1 != nil { + c.addGroupsIgnitionV1(groups) + } else if c.ignitionV2 != nil { + c.addGroupsIgnitionV2(groups) + } else if c.ignitionV21 != nil { + c.addGroupsIgnitionV21(groups) + } else if c.ignitionV22 != nil { + c.addGroupsIgnitionV22(groups) + } else if c.ignitionV23 != nil { + c.addGroupsIgnitionV23(groups) + } +} + +func (c *Conf) addGroupsIgnitionV1(groups []string) { + for i := range c.ignitionV1.Passwd.Users { + user := &c.ignitionV1.Passwd.Users[i] + if user.Name == "core" { + if user.Create != nil { + user.Create.Groups = append(user.Create.Groups, groups...) + return + } else { + user.Create = &v1types.UserCreate{ + Groups: groups, + } + } + } + } + c.ignitionV1.Passwd.Users = append(c.ignitionV1.Passwd.Users, v1types.User{ + Name: "core", + Create: &v1types.UserCreate{ + Groups: groups, + }, + }) +} + +func (c *Conf) addGroupsIgnitionV2(groups []string) { + for i := range c.ignitionV2.Passwd.Users { + user := &c.ignitionV2.Passwd.Users[i] + if user.Name == "core" { + if user.Create != nil { + user.Create.Groups = append(user.Create.Groups, groups...) + return + } else { + user.Create = &v2types.UserCreate{ + Groups: groups, + } + return + } + } + } + c.ignitionV2.Passwd.Users = append(c.ignitionV2.Passwd.Users, v2types.User{ + Name: "core", + Create: &v2types.UserCreate{ + Groups: groups, + }, + }) +} + +func (c *Conf) addGroupsIgnitionV21(groups []string) { + var groupObjs []v21types.PasswdUserGroup + for _, group := range groups { + groupObjs = append(groupObjs, v21types.PasswdUserGroup(group)) + } + for i := range c.ignitionV21.Passwd.Users { + user := &c.ignitionV21.Passwd.Users[i] + if user.Name == "core" { + user.Groups = append(user.Groups, groupObjs...) + return + } + } + c.ignitionV21.Passwd.Users = append(c.ignitionV21.Passwd.Users, v21types.PasswdUser{ + Name: "core", + Groups: groupObjs, + }) +} + +func (c *Conf) addGroupsIgnitionV22(groups []string) { + var groupObjs []v22types.Group + for _, group := range groups { + groupObjs = append(groupObjs, v22types.Group(group)) + } + for i := range c.ignitionV22.Passwd.Users { + user := &c.ignitionV22.Passwd.Users[i] + if user.Name == "core" { + user.Groups = append(user.Groups, groupObjs...) + return + } + } + c.ignitionV22.Passwd.Users = append(c.ignitionV22.Passwd.Users, v22types.PasswdUser{ + Name: "core", + Groups: groupObjs, + }) +} + +func (c *Conf) addGroupsIgnitionV23(groups []string) { + var groupObjs []v23types.Group + for _, group := range groups { + groupObjs = append(groupObjs, v23types.Group(group)) + } + for i := range c.ignitionV23.Passwd.Users { + user := &c.ignitionV23.Passwd.Users[i] + if user.Name == "core" { + user.Groups = append(user.Groups, groupObjs...) + return + } + } + c.ignitionV23.Passwd.Users = append(c.ignitionV23.Passwd.Users, v23types.PasswdUser{ + Name: "core", + Groups: groupObjs, + }) +} + func keysToStrings(keys []*agent.Key) (keyStrs []string) { for _, key := range keys { keyStrs = append(keyStrs, key.String()) diff --git a/platform/machine/unprivqemu/cluster.go b/platform/machine/unprivqemu/cluster.go index 2d7b3b423..8156995a3 100644 --- a/platform/machine/unprivqemu/cluster.go +++ b/platform/machine/unprivqemu/cluster.go @@ -72,6 +72,7 @@ func (qc *Cluster) NewMachineWithOptions(userdata *conf.UserData, options Machin } qc.mu.Unlock() + conf.AddGroups([]string{"wheel", "sudo", "adm", "systemd-journal"}) var confPath string if conf.IsIgnition() { confPath = filepath.Join(dir, "ignition.json")