Merge "Create rescue user on ironic agent"

diskimage_builder/elements/ironic-agent/element-deps

@@ -1,4 +1,5 @@
 dhcp-all-interfaces
+install-static
 no-final-image
 package-installs
 pip-and-virtualenv

diskimage_builder/elements/ironic-agent/post-install.d/80-ironic-agent

@@ -24,6 +24,7 @@ case "$DIB_INIT_SYSTEM" in
             systemctl disable iptables.service
         fi
         systemctl enable $(svc-map ironic-python-agent).service
+        systemctl enable ironic-agent-create-rescue-user.path
         ;;
     sysv)
         update-rc.d iptables disable

diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.path

@@ -0,0 +1,8 @@
+[Unit]
+Description=Ironic user rescue - notify path existence
+
+[Path]
+PathExists=/etc/ipa-rescue-config/ipa-rescue-password
+
+[Install]
+WantedBy=multi-user.target

diskimage_builder/elements/ironic-agent/static/etc/systemd/system/ironic-agent-create-rescue-user.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Ironic agent rescue user creation
+
+[Service]
+ExecStart=/bin/bash /usr/local/bin/ironic-python-agent-create-rescue-user.sh
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

diskimage_builder/elements/ironic-agent/static/usr/local/bin/ironic-python-agent-create-rescue-user.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+echo "Adding rescue user with root privileges..."
+crypted_pass=$(</etc/ipa-rescue-config/ipa-rescue-password)
+useradd -m rescue -G wheel -p $crypted_pass
+echo "rescue ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/rescue