Skip to content

Commit

Permalink
Get username either by IMDS or from a local OVF file
Browse files Browse the repository at this point in the history 
Username can be obtained either via fetching instance metadata from IMDS
or mounting a local device for OVF environment file. It should not fail
immediately in a single failure, instead it should fall back to the other
mechanism. So it is not a good idea to use `?` for query() or
get_environment().
  • Loading branch information
@dongsupark
dongsupark committed Jul 4, 2024
1 parent 773f4cf commit 2d2a9df
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 19 deletions.
2 changes: 2 additions & 0 deletions libazureinit/src/error.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ pub enum Error {
Nix(#[from] nix::Error),
#[error("The user {user} does not exist")]
UserMissing { user: String },
#[error("failed to get username from IMDS or local OVF files")]
UsernameFailure,
#[error("Provisioning a user with a non-empty password is not supported")]
NonEmptyPassword,
#[error("Unable to get list of block devices")]
Expand Down
71 changes: 52 additions & 19 deletions src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,25 +34,35 @@ fn get_environment() -> Result<Environment, anyhow::Error> {
}

fn get_username(
instance_metadata: &InstanceMetadata,
environment: &Environment,
instance_metadata: Option<&InstanceMetadata>,
environment: Option<&Environment>,
) -> Result<String, anyhow::Error> {
if instance_metadata
.compute
.os_profile
.disable_password_authentication
{
// password authentication is disabled
Ok(instance_metadata.compute.os_profile.admin_username.clone())
} else {
// password authentication is enabled

Ok(environment
if let Some(metadata) = instance_metadata {
if metadata.compute.os_profile.disable_password_authentication {
// password authentication is disabled
return Ok(metadata.compute.os_profile.admin_username.clone());
} else {
// password authentication is enabled

if let Some(env) = environment {
return Ok(env
.clone()
.provisioning_section
.linux_prov_conf_set
.username);
}
}
}

if let Some(env) = environment {
return Ok(env
.clone()
.provisioning_section
.linux_prov_conf_set
.username)
.username);
}

Err(libazureinit::error::Error::UsernameFailure.into())
}

#[tokio::main]
Expand Down Expand Up @@ -86,8 +96,23 @@ async fn provision() -> Result<(), anyhow::Error> {
.default_headers(default_headers)
.build()?;

let instance_metadata = imds::query(&client).await?;
let username = get_username(&instance_metadata, &get_environment()?)?;
// Username can be obtained either via fetching instance metadata from IMDS
// or mounting a local device for OVF environment file. It should not fail
// immediately in a single failure, instead it should fall back to the other
// mechanism. So it is not a good idea to use `?` for query() or
// get_environment().
let instance_metadata = match imds::query(&client).await {
Ok(m) => Some(m),
Err(_) => None,
};

let environment = match get_environment() {
Ok(env) => Some(env),
Err(_) => None,
};

let username =
get_username(instance_metadata.as_ref(), environment.as_ref())?;

let mut file_path = "/home/".to_string();
file_path.push_str(username.as_str());
Expand All @@ -99,11 +124,19 @@ async fn provision() -> Result<(), anyhow::Error> {
|| format!("Unabled to set an empty password for user '{username}'"),
)?;

user::set_ssh_keys(instance_metadata.compute.public_keys, &username)
.with_context(|| "Failed to write ssh public keys.")?;
user::set_ssh_keys(
instance_metadata.clone().unwrap().compute.public_keys,
&username,
)
.with_context(|| "Failed to write ssh public keys.")?;

distro::set_hostname_with_hostnamectl(
instance_metadata.compute.os_profile.computer_name.as_str(),
instance_metadata
.unwrap()
.compute
.os_profile
.computer_name
.as_str(),
)
.with_context(|| "Failed to set hostname.")?;

Expand Down

0 comments on commit 2d2a9df

Please sign in to comment.