Configure CoreOS with Butane/Ignition fails to configure kube user

Ask Fedora
,
1

Hi everyone
I’m trying to spin up the dumbest setup, I’ve read the docs, several example and can’t find what I’m missing.

The initial aim was to setup a simple K3S cluster through Butane config of CoreOS VMs. Figured out I was probably rushing after hitting a few errors, so I decided to strip it down to simply creating a new user and add an ssh key to it.

But I’m facing an error from Ignition telling me it can’t add the key to this new user because the dirs are read-only. The user seems to be created though from what I see in the init logs

[    9.677373] localhost ignition[1080]: files: ensureUsers: op(1): [finished] creating or modifying user "core"
[    9.678668] localhost ignition[1080]: files: ensureUsers: op(2): [started]  creating or modifying user "kube"
[    9.678675] localhost ignition[1080]: files: ensureUsers: op(2): executing: "usermod" "--root" "/sysroot" "--groups" "wheel,sudo" "kube"
[    9.859504] localhost ignition[1080]: files: ensureUsers: op(2): [finished] creating or modifying user "kube"
[    9.863161] localhost ignition[1080]: files failed

[    9.860894] localhost ignition[1080]: files: ensureUsers: op(3): [started]  adding ssh keys to user "kube"
[    9.864259] localhost systemd[1]: ignition-files.service: Main process exited, code=exited, status=1/FAILURE
[    9.861218] localhost ignition[1080]: files: ensureUsers: op(3): [failed]   adding ssh keys to user "kube": failed to set SSH key: creating parent dirs for "/sysroot/.ssh/authorized_keys.d/ignition": read-only file system
[    9.864379] localhost systemd[1]: ignition-files.service: Failed with result 'exit-code'.
[    9.861299] localhost ignition[1080]: Ignition failed: failed to create users/groups: failed to configure users: failed to add keys to user "kube": failed to set SSH key: creating parent dirs for "/sysroot/.ssh/authorized_keys.d/ignition": read-only file system
[    9.864549] localhost systemd[1]: Failed to start ignition-files.service - Ignition (files).
....

Comparing the command with the core user, I can see the --create-home flag is not given for my user.

Does anybody have an idea please ? I’m really failing to see what’s wrong, it’s probably trivial but can’t figure it out…

Env is following :
QEMU emulator version 8.2.2
Image : fedora-coreos-42.20251012.3.0-qemu.x86_64.qcow2
Butane : Quay

Below is the current butane configuration used

variant: fcos
version: 1.6.0
passwd:
  users:
    - name: kube
      groups:
       - wheel
       - sudo
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC....

I’ve seen several examples where home_dir is provided and no_create_home too.

Result is different but outcome still is a failure, this time though it because it tries to modify the kube user instead of creating it. I don’t understand.

thanks for your help!

2

Hey @imateapot. The problem here is that the kube user is already reserved on the system and is configured without a home directory and also for nologin.

I’m not 100% sure of the history of this, the user/group config has been in our configuration since the beginning of time. Either way, using a different username (one that isn’t in our passwd file) should work.

1 Like
3

Holy…
I’m crying but I don’t know if it’s the relief of not being that stupid or because I didn’t bother checking this because “nah that would be too obvious, why would there be “kube” user in the first place”…

Anyway that was it, thanks a lot !