Age | Commit message (Collapse) | Author |
|
* docs: Add security.md to readthedocs
This enables the ability to show the security policy on both GitHub and
on the readthedocs site. To do this, enable the ability to import
Markdown based files and translate them to rst.
* Add doc-requirements.txt and update tox to use
Also removes the extra, uncessary extension addition of .md
|
|
Currently cloud-init does not know how to handle multiple file
configuration on section AuthorizedKeysFile of ssh configuration.
cloud-init will mess up the home user directory by creating bogus
folders inside it.
This patch provides a fix for this erroneous behavior. It gathers all
keys from all the files listed on the section AuthorizedKeysFile of ssh
configuration and merge all of them inside home user
~/.ssh/authorized_keys of the vm deployed.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
|
Mapped from bitfehler
|
|
Revert "travis: only run CI on pull requests"
|
|
Until we have a clear issue with CI throughput, let's make sure that
we're testing master.
This reverts commit 21967a2dedc781e05cf62c80fb730d0ed5973c8b.
|
|
|
|
Mapped from ahosmanmsft
|
|
|
|
|
|
Parse /etc/system-release-cpe to detect Amazon Linux and set the proper value.
|
|
Mapped from fredlefebvre
|
|
|
|
|
|
Headers param was accidentally omitted and no longer passed through to
readurl due to a previous commit.
To avoid this omission of params in the future, drop positional param
definitions from read_file_or_url and pass all kwargs through to readurl
when we are not operating on a file.
In util:read_seeded, correct the case where invalid positional param
file_retries was being passed into read_file_or_url.
Also drop duplicated file:// prefix addition from read_seeded because
read_file_or_url does that work anyway.
LP: #1854084
|
|
Mapped from eric-lafontaine1
|
|
Mapped from xiaofengw
|
|
This makes for a slightly prettier and less confusing log.
|
|
Added Azure to cloud tests supporting upstream integration testing.
Implement the inherited platform classes, Azure configurations
to release/platform, and docs on how to run Azure CI.
|
|
Allow setting of user passwords on FreeBSD
The www/chpasswd utility which we depended on for FreeBSD installations
does *not* do the same thing as the equally named Linux utility.
For FreeBSD, we now use the pw(8) utility (which can only process one
user at a time)
Additionally, we abstract expire passwd into a function, and override it
in the FreeBSD distro class.
Co-Authored-By: Chad Smith <chad.smith@canonical.com>
|
|
To run: ./tools/migrate-lp-user-to-github LAUCHPAD_USERNAME GITHUB_USERNAME
|
|
LP: #1853543
|
|
Since `is_FreeBSD()` is used a lot, which uses `system_info()`, which uses `get_linux_distro()` we add caching, by decorating the following functions with `@lru_cache`:
- get_architecture()
- _lsb_release()
- is_FreeBSD
- get_linux_distro
- system_info()
- _get_cmdline()
Since [functools](https://docs.python.org/3/library/functools.html) only exists in Python 3, only python 3 will benefit from this improvement. For python 2, our shim is just a pass-thru. Too bad, but, also… https://pythonclock.org/
The main motivation here was, at first, to cache more, following the style of _lsb_release.
That is now consolidated under this very same roof.
LP: #1815030
|
|
Mapped from d-info-e
|
|
* ec2: Add support for AWS IMDS v2 (session-oriented)
AWS now supports a new version of fetching Instance Metadata[1].
Update cloud-init's ec2 utility functions and update ec2 derived
datasources accordingly. For DataSourceEc2 (versus ec2-look-alikes)
cloud-init will issue the PUT request to obtain an API token for
the maximum lifetime and then all subsequent interactions with the
IMDS will include the token in the header.
If the API token endpoint is unreachable on Ec2 platform, log a
warning and fallback to using IMDS v1 and which does not use
session tokens when communicating with the Instance metadata
service.
We handle read errors, typically seen if the IMDS is beyond one
etwork hop (IMDSv2 responses have a ttl=1), by setting the api token
to a disabled value and then using IMDSv1 paths.
To support token-based headers, ec2_utils functions were updated
to support custom headers_cb and exception_cb callback functions
so Ec2 could store, or refresh API tokens in the event of token
becoming stale.
[1] https://docs.aws.amazon.com/AWSEC2/latest/ \
UserGuide/ec2-instance-metadata.html \
#instance-metadata-v2-how-it-works
|
|
The cloudsigma tests had few test cases that were not getting
all the "mocks" set up correctly. Specifically is_running_in_cloudsigma
was not getting replaced and calls would leak through to
util.read_dmi_data.
|
|
Router advertisements are required for the default route
to be set up, thus accept_ra should be enabled for
dhcpv6-stateful.
sysconf: IPV6_FORCE_ACCEPT_RA controls accept_ra sysctl.
eni: mode static and mode dhcp 'accept_ra' controls sysctl.
Add 'accept-ra: true|false' parameter to config v1 and
v2. When True: accept_ra is set to '1'. When False:
accept_ra is set to '0'. When not defined in config the
value is left to the operating system default.
This change also extend the IPv6 support to distinguish
between slaac and dhcpv6-stateless. SLAAC is autoconfig
without any options from DHCP, while stateless auto-configures
the address and the uses DHCP for other options.
LP: #1806014
LP: #1808647
|
|
Update ConfigDrive datasource documentation to point to the most recent
OpenStack documentation for ConfigDrive.
LP: #1852461
|
|
Mapped from pengpengs
|
|
Mapped from trstringer
|
|
Mapped from harald-jensas
|
|
On FreeBSD our helpers live in /usr/local/lib/cloud-init/
LP: #1852491
|
|
Azure's Instance Metadata Service (IMDS) reports multiple IPv6
addresses, via the http://169.254.169.254/metadata/instance/network
route. Any additional values after the first in 'ipAddresses' under the
'ipv6' interface key are extracted and configured as static IPs on
the interface.
|
|
Fix traceback when running with a config drive containing a metadata file which has
local-hostname set to null. Cloud-init ignores absent local-hostname or None values.
LP: #1852100
|
|
travis: only run CI on pull requests
|
|
|
|
Mapped from i.galic
|
|
|
|
|
|
Mapped from tribaal
|
|
Mapped from larsks
|
|
pycodestyle: remove unused local variable
|
|
|
|
The KVPs currently being emitted to the .kvp_pool file can have
duplicate keys which is wrong since these keys should be unique.
The situation can occur if for example one azure function
called twice or more and this function is reporting telemetry
through the use of KVPs. Any KVP consumer can get confused by
the duplicate keys and a race condition can and have occurred.
|
|
Mapped from legovini
|
|
Mapped from powersj
|
|
Mapped from chad.smith
|
|
Mapped from raharper
|
|
- rtd/index.rst: update sentence to read:
cloud-init will also parse and process any optional user data
- rtd/topics/datasources/rbxcloud.rst: fix rst link names to build
docs
- README.md:
- update travis badge url to project home: github/canonical/cloud-init
- update page title to:
Cloud-init official project upstream as of 11/2019
|
|
|
|
Also fix commit message lint
|