`simp config` should have a way to generate a privileged user to login to the system

Description

Currently, `simp config` fails at the end of a successful run because it has deemed the system unsafe and might prevent the user from logging in after bootstrap. In addition to a quick start install mode (see linked ticket) there should be a way to have `simp config` create a user and create some basic sudo rules and PAM rules to allow them to login (perhaps a user called simp). While this may not be desired in a production setting, it would be tremendously helpful for users just getting started who might not be familiar enough with SIMP/Puppet to properly digest the information in the bootstrap lock file.

Acceptance Criteria

None

Activity

Show:
Trevor Vaughan
September 3, 2019, 4:20 PM

This has actually been tossed around several times but there we couldn't determine a method that wouldn't potentially make a mess that would have to be cleaned up or leave the system in a potentially insecure state without enough knowledge from the user.

If you could walk through your preferred scenario, this might help get us somewhere that is actionable.

Kendall Moore
September 4, 2019, 8:52 PM

I believe the scenario should be pretty simple. Really what I’m asking for is the manifest that exists in the bootstrap lock file to just be applied if a certain flag is passed to simp config. Perhaps something like simp config --create-login-user. I’m not married to a specific name, just the functionality.

I imagine that if the flag is passed, it could do something like a puppet apply local_simp_user.pp where said manifest might look like:

This is pretty bare bones, and I wouldn’t think the expectation is that this would persist into a proper production environment. This would just be used to help new SIMP users getting started in a lab environment. This would also give them a manifest as an artifact that they could use later as a template to do something similar for other users (such as a real production user later on down the line).

Labels

Epic Link

None

Story Points

None

Components

Affects versions

Priority

Medium
Configure