tests/ignition: check file ownership for system users

[HuijingHei]

Based on #774

[HuijingHei]

Check the test is passed without ignition-ostree-sysusers.service in #774, still not quite sure where the fix is.

$ kola run -E fedora-coreos-config --qemu-image rhcos-414.92.202310100209-0-qemu.x86_64.qcow2 ext.fedora-coreos-config.ignition.sysusers
=== RUN   ext.fedora-coreos-config.ignition.sysusers
--- PASS: ext.fedora-coreos-config.ignition.sysusers (41.09s)
PASS, output in _kola_temp/qemu-2023-10-12-1412-79

$ kola run -E fedora-coreos-config --qemu-image fedora-coreos-38.20231009.20.0-qemu.x86_64.qcow2 ext.fedora-coreos-config.ignition.sysusers
=== RUN   ext.fedora-coreos-config.ignition.sysusers
--- PASS: ext.fedora-coreos-config.ignition.sysusers (40.49s)
PASS, output in _kola_temp/qemu-2023-10-12-1420-138

[jmarrero]

lgtm

[travier]

Some context for #774:

The use case where we need to run sysusers in the initramfs (#774) is when you want to declare a system user in a sysusers config file (written by Ignition to the real root) and also include a file in the Ignition config that is owned by that new system user. As the users will not be created in the real root when ignition-files runs, it would fail.

So we need something like #774 to pre-create the users so that Ignition can set the ownership of the files it writes to the real root.

---

This test looks fine to me but I'm not sure how much we already have testing that in kola.

[HuijingHei]

Thanks @jmarrero @travier for the review, update the test script, might need re-review, thanks!

[travier]

Here is an example config that should fail:

variant: fcos
version: 1.5.0
storage:
  files:
    - path: /etc/foo
      user:
        name: "foo"
      contents:
        inline: |
          # Dummy placeholder
    - path: /etc/sysusers.d/foo.conf
      contents:
        inline: |
          u foo - "Foo user" - -

See: https://www.freedesktop.org/software/systemd/man/sysusers.d.html

[HuijingHei]

Here is an example config that should fail:

variant: fcos
version: 1.5.0
storage:
  files:
    - path: /etc/foo
      user:
        name: "foo"
      contents:
        inline: |
          # Dummy placeholder
    - path: /etc/sysusers.d/foo.conf
      contents:
        inline: |
          u foo - "Foo user" - -

See: https://www.freedesktop.org/software/systemd/man/sysusers.d.html

This should fail with ignition-ostree-sysusers.service refer to #774 (comment)

[jlebon]

So the issue here is that the sysusers.d dropin gets written by the files stage, so it's not yet present when the new ignition-ostree-sysusers.service unit in #2679 runs.

I commented in coreos/fedora-coreos-tracker#155 (comment) to try to keep design discussions there.

[HuijingHei]

Thanks @jlebon @travier for the reply.

Does this script make sense?
Can I understand that we support that the entries in Ignition configuration can reference the existed system users (see doc)?