syncuser improvements #1736
syncuser improvements #1736
Conversation
ae6b858 to
f5038d8
Compare
Signed-off-by: Jonathon Anderson <[email protected]>
- warewulf#1321 Signed-off-by: Jonathon Anderson <[email protected]>
- warewulf#1321 Signed-off-by: Jonathon Anderson <[email protected]>
- warewulf#1322 Signed-off-by: Jonathon Anderson <[email protected]>
Signed-off-by: Jonathon Anderson <[email protected]>
It can be disabled with `wwctl image syncuser --write=false`. Signed-off-by: Jonathon Anderson <[email protected]>
Signed-off-by: Jonathon Anderson <[email protected]>
d0cf3ed to
64e003d
Compare
|
@mslacken and @middelkoopt, let me know what you think. |
|
Basically I approve this idea, but handling this with templates is a good idea. |
I don't understand. What can be done with templates already is being done with templates. Some of it, like the chown and chmod of all the files in the image, must be done in the image, and the updates to /etc/passwd and /etc/group need to match. None of that is new; syncuser has been doing this since before I joined the project. But it's been built assuming you're always going to use it. But you've never had to, so this change is mostly about disabling all the warnings. The only other change is in filtering duplicate entries.
What new side-effects? Like I said: syncuser is not new. This is just about making it easier to disable, not assuming that people will use it, and (in the most different case) filtering duplicates from the file, which is one of the more common complaints we get about Warewulf.
That situation is being tested now. If you want more, I'll add more. In fact, syncuser wasn't being tested at all before, because the dependence on the host's /etc directory meant that we couldn't test it. Moving it to sysconfdir means that testenv can direct where it reads host files from, which lets me enable the tests.
My first inclination is that this is a significant enough change that, if it doesn't make v4.6.0, it'd need to go to v4.7.0. But I'd strongly prefer getting this in v4.6.0. Just tell me what you want to see tested that isn't. But, again, this isn't a new feature; it's modifications to an existing feature that was completely untested before, and is tested now (in this PR). |
5306832 to
32289e6
Compare
74e48a9 to
eb6ce7d
Compare
mslacken
left a comment
There was a problem hiding this comment.
Just merging this one before thinking more about the idea of not just having .Tags.PasswordlessRoot but Tags.AdditionalPasswdLine may add the possibility to have new warewulf managed users on the systems. Hopefully nobody reades ever this comment @anderbubble
Description of the Pull Request (PR):
This change is the overall "make syncuser emphatically optional, opt-in." Mostly I see syncuser cause confusion for people who think you have to do it, rather than people who chose to use it. So this intends to not do any syncuser by default, and then document how to use it if you need it.
This fixes or addresses the following GitHub issues:
Reviewer checklist
The reviewer checks the following items before merging the PR.
git commit --signoff) in agreement to the DCO