Currently, `simp config` fails at the end of a successful run because it has deemed the system unsafe and might prevent the user from logging in after bootstrap. In addition to a quick start install mode (see linked ticket) there should be a way to have `simp config` create a user and create some basic sudo rules and PAM rules to allow them to login (perhaps a user called simp). While this may not be desired in a production setting, it would be tremendously helpful for users just getting started who might not be familiar enough with SIMP/Puppet to properly digest the information in the bootstrap lock file.
This has actually been tossed around several times but there we couldn't determine a method that wouldn't potentially make a mess that would have to be cleaned up or leave the system in a potentially insecure state without enough knowledge from the user.
If you could walk through your preferred scenario, this might help get us somewhere that is actionable.
I believe the scenario should be pretty simple. Really what I’m asking for is the manifest that exists in the bootstrap lock file to just be applied if a certain flag is passed to simp config. Perhaps something like simp config --create-login-user. I’m not married to a specific name, just the functionality.
I imagine that if the flag is passed, it could do something like a puppet apply local_simp_user.pp where said manifest might look like:
This is pretty bare bones, and I wouldn’t think the expectation is that this would persist into a proper production environment. This would just be used to help new SIMP users getting started in a lab environment. This would also give them a manifest as an artifact that they could use later as a template to do something similar for other users (such as a real production user later on down the line).