Create etcd user in cloud-init master.yaml rather than in configure-helper.sh

An etcd unix user is currently created in configure-helper.sh if it does not exist
on the master.

cloud-init is the only supported mechanism to add users on COS VMs. If an attempt
is made to add a key using OS Login or the instance metadata mechanism the
google_accounts_daemon will race with useradd and potentially attempt to use
the same UID. This will lock out any attempt to SSH into the VM. We therefore
migrate to using cloud-init to create this user and prevent this issue from occurring.
This commit is contained in:
yaseenhamdulay 2020-03-05 16:12:47 +00:00 committed by Yaseen Hamdulay
parent 21d4d13d98
commit 5de3c64ad0
2 changed files with 5 additions and 3 deletions

View File

@ -445,9 +445,6 @@ function mount-master-pd {
mkdir -p "${mount_point}/srv/sshproxy"
ln -s -f "${mount_point}/srv/sshproxy" /etc/srv/sshproxy
if ! id etcd &>/dev/null; then
useradd -s /sbin/nologin -d /var/etcd etcd
fi
chown -R etcd "${mount_point}/var/etcd"
chgrp -R etcd "${mount_point}/var/etcd"
}

View File

@ -1,5 +1,10 @@
#cloud-config
users:
- name: etcd
homedir: /var/etcd
lock_passwd: true
write_files:
- path: /etc/systemd/system/kube-master-installation.service
permissions: 0644