Add sudo commands to init script through user data

Posted December 19, 2018 3.3k views
Getting StartedDigitalOceanDockerInitial Server SetupUbuntu 18.04Automated Setups

Hello Geeks
I’m trying to create an init script for my droplet creation. So I’m setting Droplet meta data using User Data feature. I successfully install git and added new non root sudo user to the system. But when I try to install docker it’s not getting installed. My guess is because it’s a sudo command. Below is my script.

set -euo pipefail




useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}"
usermod -aG sudo "${USERNAME}"

encrypted_root_pw="$(grep root /etc/shadow | cut --delimiter=: --fields=2)"

if [ "${encrypted_root_pw}" != "*" ]; then
    echo "${USERNAME}:${encrypted_root_pw}" | chpasswd --encrypted
    passwd --lock root
    passwd --delete "${USERNAME}"

chage --lastday 0 "${USERNAME}"

home_directory="$(eval echo ~${USERNAME})"
mkdir --parents "${home_directory}/.ssh"

if [ "${COPY_AUTHORIZED_KEYS_FROM_ROOT}" = true ]; then
    cp /root/.ssh/authorized_keys "${home_directory}/.ssh"

for pub_key in "${OTHER_PUBLIC_KEYS_TO_ADD[@]}"; do
    echo "${pub_key}" >> "${home_directory}/.ssh/authorized_keys"

chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"

sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
if sshd -t -q; then
    systemctl restart sshd

apt-get install -y git
curl -fsSL | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install -y docker-ce
sudo curl -L`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
usermod -aG docker "${USERNAME}"

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hey friend,

I don’t think the sudo would throw it off, this should all be run at a level that doesn’t require it so it should just be excess at most. I have a couple of thoughts:

  1. Does the script run fine on a new droplet if you run it manually?
  2. What if you dropped a “sleep 30” at the top and downloaded/executed the script via user-data instead of running it directly in it? Here’s a good resource for building a user-data script: