Page MenuHomeVyOS Platform

Create a default user when metadata is not available (for Cloud-init builds)
Closed, ResolvedPublicFEATURE REQUEST

Description

In builds for virtual environments and clouds, we do not have the vyos user by default, and in case if for some reason metadata with proper credentials is not available during the first system's boot, there will be no users with configured authentication at all. This leads to potential situations when a newly created system becomes completely unmanaged.
To avoid such a problem, we may add the fallback action - creating the default vyos/vyos user if all attempts to get credentials was failed. This allows reaching the system even in case of problems with metadata availability.

Potentially, this may cause a security issue with a weak password. But:

  • the default user vyos/vyos may be created only on fresh installations, so there will be no access to other data on a router;
  • this should never happen if everything works well in an environment. And, most likely, will be used only for testing deployments without complete metadata or in case of known troubles.

Thus, this should not decrease production deployments security level.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

zsdc changed the task status from Open to In progress.Oct 28 2020, 2:08 PM
zsdc claimed this task.
zsdc created this task.
zsdc changed the task status from In progress to Needs testing.Oct 28 2020, 10:40 PM