[CAPK] Users defined via cloud-init are locked

Summary

All user accounts defined via cloud-init in env vars are locked. Impossible to locally and remotely connect on these accounts.

related references

Details

This bug affects all flavors deployed by CAPK, ubuntu and opensuse.

Any user account defined via cloud-init like below is defined locked on the system:

  kubeadm:
    users:
      - name: node-admin
        passwd: '$1$pdWEicWs$9ZWQf5.CWyXccmP8Chuu01'
        groups: users
        sudo: ALL=(ALL) NOPASSWD:ALL
        shell: /bin/bash
        sshAuthorizedKeys:
          - ssh-rsa AA....

In the file /etc/shadow the account is defined with the related password prefixed with the character ! which means the account is locked. Moreover it prevents to remotely connect on this account.

I tried parameters inactive and lock_passwd but it does not have any impact on the way the account is generated by cloud-init.