Merge ~goneri/cloud-init:freebsd_set_password into cloud-init:master

Thanks for the patch, some inline comments and questions.

Hi Ryan, I pushed a new update to address your comments.

Thanks, some inline comments.

thanks, it should be fine now.

Thanks for refactoring. I've one more request inline.

Update: set_password() was actually working fine. I've updated my patch to keep the original version.

OK, then do we need this branch at all ?

Answered inline.

Could you take a look at the last version to be sure I correctly understand what you want? I will refresh the test-suite later.

OK. If the core issue is that freebsd doesn't have a chpasswd, which takes a list of users to modify, rather than a single user (like passwd). Then I think we need a different interface.

In cc_set_password, something like:

def chpassword(plist_in, hashed=False):
    if util.which('chpasswd'):
 util.subp(['chpasswd'], plist_in)
    else:
 for u, p in plist_in.splitlines().split(":"):
     distro.set_passwd(u, p, hashed=hashed)

And then the two places in handle() which call util.subp(['chpasswd'])
will use

chpassword(plist_in)
chpassword(plist_in, hashed=True)

And the expire already uses passwd directly.

The result of the changes should pass unittest without any changes, except on the
FreeBSD path, we'd mock out the util.which('chpasswd') to False, taking us down the
path that calls distro.set_passwd() for each user:pass pair since there's no chpasswd
binary on FreeBSD.

Make sense?

It sounds like you want to jumpback to versin #1. I initially started with a tiny patch with a limited impacted. Follow-up to the iterations of the review process, we end-up with this slightly more invasive change. I personally think it's a better patch since:

- there is now only one way to set the user password
- it resolves the chpasswd issue
- it removes > 40 lines of code and several variables.

Gonéri ,

Yes. I'm sorry about the back and forth. I didn't understand the difference between chpasswd and passwd , the former operating on a list of passwords vs a single password. Thank for sticking with this work.

With that in mind; I worry about churn here; and I also don't like converting what was a single subprocess call to chpasswd to multiple calls to passwd. Obviously in the case where chpasswd is not available, we must use multiple calls to passwd.

So yes, I think something closer to your version 1, but I think we can abstract it in cc_set_password itself.

Something like this:

http://paste.ubuntu.com/p/xh5DmKvWy5/

Thank for your feedback. There is another chpasswd binary on FreeBSD (https://www.freshports.org/www/chpasswd/) that is supposed to be compatible with the one Linux. But it's not maintained anymore and so, may not be as reliable as the official version. I've afraid the use of 'which' may create some lack of consitency in the plugins. Since it's pretty hard to troubleshoot Cloud-Init, I prefer to have something absolutely deterministic.

Also, depending on the format of the metadata, two different functions are used to set the password. This lack of consistency increases the complexity of the software (two functions for the same result) and result of subtile bugs. For instance, in the case of FreeBSD, one of the two strategy was working fine, the other was broken.

I understand you feel nervous with the change, but I'm convinced it will improve the quality of the code base. I suggest we try test it more intensivly instead. If you are willing to go in this direction, I will be happy to design some functional tests to validate the result on different operating system image. For instance, I already use Ansible locally to valide cloud-init behaviour.

Wow
This Fix all mode cc_set_passwords (chpasswd:), hash, plain text, random generated.

I'm submit update in port FreeBSD
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240372

done

This looks good to me Gonéri, the only thing we 'lose' in terms of behavior:
 - visibility to log message distinguishing whether we are hashed or not
 - bailing on first set_passwd error instead of trying to set all and raising errors at the end

The second point I'd like to fix.

Shouldn't we fix both? My biggest objection here was that
this path is rather critical and I hesitate to make changes.

The least we can do is ensure we have the same path on !FreeBSD
w.r.t behavior and message logs.

PASSED: Continuous integration, rev:f653072bbbb21aac0330206982e84a171a78ab53
https://jenkins.ubuntu.com/server/job/cloud-init-ci/1122/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/1122//rebuild

PASSED: Continuous integration, rev:9e18f6780cc4999cc31332e13ad2d22a4d27e8da
https://jenkins.ubuntu.com/server/job/cloud-init-ci/1136/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/1136//rebuild

Logs in FreeBSD https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240372#c4

For non-FreeBSD, I don't understand why we would trade a single exec of chpasswd reading stdin list of users for an exec per-user.

IIUC, the previous patch I proposed:

http://paste.ubuntu.com/p/xh5DmKvWy5/

The objection was that util.which could find a chpasswd on freebsd which could be problematic.

If that were changed to use:

if not util.is_FreeBSD():
   # chpasswd path
else:
   distro.set_password()

Which would ensure that on the FreeBSD path it wouldn't use chpasswd even if present in the image. And for non-FreeBSD we keep the same code path we've had.

> For non-FreeBSD, I don't understand why we would trade a single exec of chpasswd
> reading stdin list of users for an exec per-user.

cloud-init has two different way to set a password, this without any concrete benefit.
It's a lot of duplicated code and this creates case like this one where only one of the
two is broken. So, instead of adding an extra if/else block to deal with the current situation,
it sounds reasonable to me to just reduce this complexity.

Gonéri. Thanks for the continued discussion here.

Per your discussion points:

<Gonéri> cloud-init has two different way to set a password, this without any concrete benefit.
<chad> the concrete benefit is a single bulk operation vs single operations which involve the overhead of spinning up subprocess for each call.

<Gonéri> It's a lot of duplicated code and this creates case like this one where only one of the
two is broken. So, instead of adding an extra if/else block to deal with the current situation,
it sounds reasonable to me to just reduce this complexity.

<chad> yes, bulk operations is broken for freeBSD; but not on centos, sles, opensuse, rhel, ubuntu, debian, gentoo or arch. I'm hesitant to move all distribution behavior out of an optimal feature path because one distro doesn't have supported tooling. If we followed that policy in general, we could only have cloudinit perform only as good as the worst case scenario on any distro or cloud for any feature.

cloud-init would like distributions and individual clouds to be able to differentiate each other with various features and perform relatively better based on feature sets that each platform/distro has. So with that comes a bit of complexity. If there is a better way to do things on one cloud or distro, we want cloud-init to have the best experience there (at the cost of developer complexity).

As such, I've taken both Ryan's and your suggestions and tried to merge them so that bulk-chpasswd OSes can perform one operation and bsd can perform unique chpasswd calls per user.

Here is the attached diff, hopefully it tries to meet the intent of your branch:

https://paste.ubuntu.com/p/YP9yW864zT/

If we can agree on something close to this, I think we can merge it and resolve the bug.

Thanks Chad! the patch works great.

could we add ~chad.smith's change and get this merged?

> could we add ~chad.smith's change and get this merged?

I would prefer if Chad just merge his patch directly. He owns the patch and it will be easier this way.

Supersede by: https://github.com/canonical/cloud-init/pull/46