Skip to content

Commit 8910179

Browse files
sriramandevsriramandev
committed
fix: πŸ› builder user remenants should not be present in node images
Currently the builder user is not deleted, just locked, which could pose security risks for qemu, raw, nutanix and maas. So based on the suggestions, cleaning up the user just like in the case of ova.
1 parent b08cf47 commit 8910179

File tree

4 files changed

+4
-4
lines changed

4 files changed

+4
-4
lines changed

β€Žimages/capi/packer/maas/packer.json.tmplβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
"net_device": "virtio-net",
3030
"output_directory": "{{user `output_directory`}}",
3131
"qemu_binary": "{{user `qemu_binary`}}",
32-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'usermod -L {{user `ssh_username`}} && {{user `shutdown_command`}}'",
32+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
3333
"ssh_password": "{{user `ssh_password`}}",
3434
"ssh_timeout": "2h",
3535
"ssh_username": "{{user `ssh_username`}}",

β€Žimages/capi/packer/nutanix/packer.json.tmplβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
"nutanix_port": "{{user `nutanix_port`}}",
1717
"nutanix_username": "{{user `nutanix_username`}}",
1818
"os_type": "{{user `guest_os_type`}}",
19-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'usermod -L {{user `ssh_username`}} && {{user `shutdown_command`}}'",
19+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
2020
"ssh_handshake_attempts": "100",
2121
"ssh_password": "{{user `ssh_password`}}",
2222
"ssh_timeout": "20m",

β€Žimages/capi/packer/qemu/packer.json.tmplβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
"net_device": "virtio-net",
3030
"output_directory": "{{user `output_directory`}}",
3131
"qemu_binary": "{{user `qemu_binary`}}",
32-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'usermod -L {{user `ssh_username`}} && {{user `shutdown_command`}}'",
32+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
3333
"ssh_password": "{{user `ssh_password`}}",
3434
"ssh_timeout": "2h",
3535
"ssh_username": "{{user `ssh_username`}}",

β€Žimages/capi/packer/raw/packer.json.tmplβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
"virtio"
3131
]
3232
],
33-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'usermod -L {{user `ssh_username`}} && {{user `shutdown_command`}}'",
33+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
3434
"ssh_handshake_attempts": "100",
3535
"ssh_password": "{{user `ssh_password`}}",
3636
"ssh_timeout": "2h",

0 commit comments

Comments
Β (0)