How to create user and add into sudoers on BOSH instance
search cancel

How to create user and add into sudoers on BOSH instance

book

Article ID: 298436

calendar_today

Updated On: 01-14-2025

Products

VMware Tanzu Application Service for VMs

Issue/Introduction

By default BOSH will create a user called vcap when it deploys a instance from Stemcell. However, it's probably required to add some other user to the instance upon creation. And the new user might also need to be a sudoer. 
The user_add job of os-conf release is designed for that purpose. When using with runtime config together the user can be added automatically during creation of the BOSH instance. 

This article gives an example to show how to setup user_add job of os-conf release to create new user and add it to sudoers.

Environment

Product Version: Other

Resolution

1) Upload os-conf release to BOSH

$ bosh upload-release --sha1 daf3........ \
  "https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=22.2.1"
 
$ bosh rs | grep os-conf
os-conf                       22.2.1*     a2154d6


2) Create BOSH runtime config to add user_add job to BOSH instance upon creation. New user properties can be specified here. 

  • User name
  • Public key of a key pair. The private key will be use to ssh into the instance 
  • If the user is a sudoer 

Refer to BOSH document for more details of user_add job properties.
In the following example the user_add job will only applies to instances in testvm deployment. Refer to BOSH document for more details of BOSH runtime config

$ cat os-conf-runtime-config.yml
addons:
- name: os-configuration
  jobs:
  - name: user_add
    release: os-conf
    properties:
      persistent_homes: false
      users:
      - name: testuser1
        public_key: ssh-rsa AAAA......
        sudo: true
  include:
    deployments: [testvm]
 
releases:
- name: os-conf
  version: 22.2.1
 
$ bosh urc --name user-add os-conf-runtime-config.yml
Using environment 'x.x.x.x' as client 'ops_manager'
 
+ releases:
+ - name: os-conf
+   version: 22.2.1
 
Continue? [yN]: y
 
Succeeded
 
$ bosh rc --name user-add
Using environment 'x.x.x.x' as client 'ops_manager'
 
---
addons:
- include:
    deployments:
    - testvm
  jobs:
  - name: user_add
    properties:
      persistent_homes: false
      users:
      - name: testuser1
        public_key: ssh-rsa AAAA......
    release: os-conf
  name: os-configuration
releases:
- name: os-conf
  version: 22.2.1
 
Succeeded

3) Deploy testvm deployment to create a BOSH instance

$ cat testvm-jammy.yml
---
name: testvm
stemcells:
- alias: jammy
  os: ubuntu-jammy
  version: 1.351
releases: []
update:
  canaries: 1
  max_in_flight: 1
  canary_watch_time: 5000-60000
  update_watch_time: 5000-60000
instance_groups:
- name: testvm
  azs:
  - az1
  instances: 1
  jobs: []
  vm_type: micro
  stemcell: jammy
  networks:
  - name: infra
 
$ bosh -d testvm deploy testvm-jammy.yml
Using environment 'x.x.x.x' as client 'ops_manager'
 
Using deployment 'testvm'
 
Continue? [yN]: y
 
Task 880
 
Task 880 | 06:30:03 | Preparing deployment: Preparing deployment (00:00:03)
Task 880 | 06:30:06 | Preparing deployment: Rendering templates (00:00:00)
Task 880 | 06:30:06 | Preparing package compilation: Finding packages to compile (00:00:00)
Task 880 | 06:30:06 | Creating missing vms: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (00:01:05)
Task 880 | 06:31:12 | Updating instance testvm: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:14 | L executing pre-stop: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:14 | L executing drain: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:15 | L stopping jobs: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:16 | L executing post-stop: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:24 | L installing packages: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:26 | L configuring jobs: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:26 | L executing pre-start: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:27 | L starting jobs: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary)
Task 880 | 06:31:33 | L executing post-start: testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx (0) (canary) (00:00:22)
 
Task 880 Started  Tue Feb  6 06:30:03 UTC 2024
Task 880 Finished Tue Feb  6 06:31:34 UTC 2024
Task 880 Duration 00:01:31
Task 880 done
 
Succeeded
 
$ bosh -d testvm vms
Using environment 'x.x.x.x' as client 'ops_manager'
 
Task 890. Done
 
Deployment 'testvm'
 
Instance                                     Process State  AZ   IPs            VM CID                                   VM Type  Active  Stemcell
testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx  running        az1  y.y.y.y  vm-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx  micro    true    bosh-vsphere-esxi-ubuntu-jammy-go_agent/1.351
 
1 vms
 
Succeeded

4) ssh onto the BOSH instance to verify sudoer user is created successfully. Use the private key of the key pair to setup ssh connection. 

$ ssh -i user1-ssh-key testuser1@y.y.y.y
Unauthorized use is strictly prohibited. All access and activity
is subject to logging and monitoring.
Enter passphrase for key 'user1-ssh-key':
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 6.5.0-15-generic x86_64)
 
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro
Last login: Tue Feb  6 07:09:13 UTC 2024 from x.x.x.x on pts/0
Last login: Tue Feb  6 07:17:22 2024 from x.x.x.x

testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx:~$ id
uid=1001(testuser1) gid=1003(testuser1) groups=1003(testuser1),997(admin),1000(vcap),1001(bosh_sshers),1002(bosh_sudoers)

testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx:~$ sudo -i
testvm/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx:~#