Initial credentials via gadget snap

ezio · September 8, 2023, 9:34am

Dear all,

following the reference canonical guides

https://ubuntu.com/core/docs/board-enablement

and

https://ubuntu.com/core/docs/custom-images

I have compiled a custom ubuntu core image with the following command:

sudo ubuntu-image snap -c stable --snap ./pi_22-2_armhf.snap ubuntu-core-22-pi-armhf.model

the content of ubuntu-core-22-pi-armhf.model is the following

type: model
authority-id: --------------------------------------------------
series: 16
brand-id: --------------------------------------------------
model: ubuntu-core-22-pi-armhf
architecture: armhf
base: core22
grade: dangerous
snaps:
  -
    default-channel: 22/stable
    id: YbGa9O3dAXl88YLI6Y1bGG74pwBxZyKg
    name: pi
    type: gadget
  -
    default-channel: 22/stable
    id: jeIuP6tfFrvAdic8DMWqHmoaoukAPNbJ
    name: pi-kernel
    type: kernel
  -
    default-channel: latest/stable
    id: amcUKQILKXHHTlmSa7NMdnXSx02dNeeT
    name: core22
    type: base
  -
    default-channel: latest/stable
    id: PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
    name: snapd
    type: snapd
timestamp: 2023-09-07T09:40:46+00:00
sign-key-sha3-384:
--------------------------------------------------

The content of the output seed.manifest is the following

core22 868
pi x1
pi-kernel 664
snapd 20101

I think that the entry

pi x1

is due to the

--snap ./pi_22-2_armhf.snap

option I use for the ubuntu-image command.

The pi_22-2_armhf.snap is the gadget snap I got by compiling

https://github.com/snapcore/pi-gadget/tree/22-armhf

I did however a change in the sources, specifically in the gadget.yaml file

https://github.com/snapcore/pi-gadget/blob/22-armhf/gadget.yaml

I added the section

+defaults:
+  system:
+    service:
+      console-conf:
+        disable: true

I flashed a Raspberry CM4S with the pi.img output image using the rpi-imager tool

https://www.raspberrypi.com/news/raspberry-pi-imager-imaging-utility/

On the serial output, after some boot messages, I have the prompt for connecting to the CM4S:

Ubuntu Core 22 on 127.0.0.2 (ttyAMA0)

ubuntu login:

I expected such output because I disabled the notorious console-conf that requires to have an hdmi screen and a usb keyboard connected to the board

In the user-data source file of the gadget snap

https://github.com/snapcore/pi-gadget/blob/22-armhf/configs/user-data

I read the following:

# On first boot, set the (default) ubuntu user's password to "ubuntu" and
# expire user passwords
chpasswd:
  expire: true
  list:
  - ubuntu:ubuntu

so I tried to use the ubuntu:ubuntu username:password couple

but it did not work.

Anyone who can enlighten me on this issue?

I would like to use the gadget snap in order to establish a user with ssh access without recurring to console.conf.

ruhan.vanderberg · September 8, 2023, 2:20pm

Hi there.

Do you have access to a USB-flash drive? You might as well flash it, and then when it is booted up, plug in the USB flash drive with the auto-import assertion file on a FAT32 formatted USB disk.

See here: https://ubuntu.com/core/docs/reference/assertions/system-user

There’s a make-system-user snap/program that will generate a user assertion for you.

Something like this: make-system-user -b myaccountid -u username -p password -m model-assertion -k snapcraft-signing-key

ezio · September 11, 2023, 8:41am

Thanks ruhan.vanderberg, I will try.

But my need is slightly different: I need to have already established in the ubuntu image the user with ssh access.

Without subsequent procedures.

In the past I was able to do that using the --cloud-init option when generating the image.

Now it seems to me that option is no longer available and I have understood, maybe erroneously, that it is possible to do the same via a proper configuration of the gadget snap.

ogra · September 11, 2023, 9:22am

You should be able ro generate the system-user assertion in your brand store UI now and IIRC there should also be a way to include that at build time into your gadget…

ruhan.vanderberg · September 11, 2023, 9:46am

There was an post on this forum that explained on how you could add a system-user assertion to your image, before flashing Core20 to the gateway, that will be set up during bootup/install, but there’s some shortcomings on that, that the grade of the model assertion of the image must be marked “dangerous” to be working, and may not work for you.

For the life of me, I cant find that post now.

ogra · September 11, 2023, 9:57am

Same for me, I know there is new documentation for this but I can not find it

ezio · September 11, 2023, 10:40am

might it be the following?

Ubuntu-image command crashed

ruhan.vanderberg · September 11, 2023, 10:44am

Yes, that’s the one.

EDIT: I forgot how to quote the post, but yes, this is the link: Ubuntu-image command crashed?

ezio · September 12, 2023, 8:37am

dear @ogra,

I forgot to put a very important question:

from your experience and knowledge which Ubuntu Core version do you suggest me to use for the CM4S today?

I started with the latest 22-armhf but maybe also older versions, like UC20 or even UC18, could be used, am I correct?

ogra · September 12, 2023, 9:53am

I think we only started to fully support the CM4 with core20, I could misremember though…

jocado · October 27, 2023, 5:40pm

Just throwing in another option.

We manage users with a dedicated snap [ not a gadget, just an standard app snap ] that includes system-user assertions. It has some logic to add the assertions and add/update/remove users appropriately.

The benefit of this is that you can then update the assertions and users in the field too. If the snap is included in the model assertion used to build the image, it will setup the users at snap seed time.

Cheers, just