diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 56719be4..6237cbc0 100644 --- a/PVE/QemuServer.pm +++ b/PVE/QemuServer.pm @@ -546,6 +546,17 @@ my $confdesc_cloudinit = { description => 'Specifies the cloud-init configuration format.', enum => ['configdrive2', 'nocloud'], }, + ciuser => { + optional => 1, + type => 'string', + description => "cloud-init: User name to change ssh keys and password for instead of the image's configured default user.", + }, + cipassword => { + optional => 1, + type => 'string', + description => 'cloud-init: Password to assign the user. Using this is generally not recommended. Use ssh keys instead. ' + . 'Also note that older cloud-init versions do not support hashed passwords.', + }, searchdomain => { optional => 1, type => 'string', diff --git a/PVE/QemuServer/Cloudinit.pm b/PVE/QemuServer/Cloudinit.pm index e64dfa5a..9fcb817b 100644 --- a/PVE/QemuServer/Cloudinit.pm +++ b/PVE/QemuServer/Cloudinit.pm @@ -61,16 +61,15 @@ sub cloudinit_userdata { my $fqdn = get_fqdn($conf); - my $content = <<"EOF"; -#cloud-config -manage_resolv_conf: true -EOF + my $content = "#cloud-config\n"; + $content .= "manage_resolv_conf: true\n"; - my $username = 'blub'; - my $encpw = PVE::Tools::encrypt_pw('foo'); + my $username = $conf->{ciuser}; + my $password = $conf->{cipassword}; $content .= "user: $username\n" if defined($username); - $content .= "password: $encpw\n" if defined($encpw); + $content .= "disable_root: False\n" if defined($username) && $username eq 'root'; + $content .= "password: $password\n" if defined($password); if (defined(my $keys = $conf->{sshkeys})) { $keys = URI::Escape::uri_unescape($keys); @@ -84,9 +83,10 @@ EOF $content .= "chpasswd:\n"; $content .= " expire: False\n"; - # FIXME: we probably need an option to disable this? - $content .= "users:\n"; - $content .= " - default\n"; + if (!defined($username) || $username ne 'root') { + $content .= "users:\n"; + $content .= " - default\n"; + } $content .= "package_upgrade: true\n";