summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-03-19.travis.yml: drop stale comment (#255)Daniel Watkins
Co-authored-by: Chad Smith <chad.smith@canonical.com>
2020-03-18.gitignore: add more common directories (#258)Daniel Watkins
2020-03-18ec2: render network on all NICs and add secondary IPs as static (#114)Chad Smith
Add support for rendering secondary static IPv4/IPv6 addresses on any NIC attached to the machine. In order to see secondary IP addresses in Ec2 IMDS network config, cloud-init now reads metadata version 2018-09-24. Metadata services which do not support the Ec2 API version will not get secondary IP addresses configured. In order to discover secondary IP address config, cloud-init now relies on metadata API Parse local-ipv4s, ipv6s, subnet-ipv4-cidr-block and subnet-ipv6-cidr-block metadata keys to determine additional IPs and appropriate subnet prefix to set for a nic. Also add the datasource config option apply_full_imds_netork_config which defaults to true to allow cloud-init to automatically configure secondary IP addresses. Setting this option to false will tell cloud-init to avoid setting up secondary IP addresses. Also in this branch: - Shift Ec2 datasource to emit network config v2 instead of v1. LP: #1866930
2020-03-18ec2 json validation: fix the reference to the 'merged_cfg' key (#256)Paride Legovini
The 'merged_cfg' key introduced in 71af48d was incorrectly referenced to as 'ci_cfg' in the json validation test for ec2.
2020-03-18releases.yaml: quote the Ubuntu version numbers (#254)Paride Legovini
Quote the Ubuntu version numbers in releases.yaml to make sure they're treated as strings and not as floats.
2020-03-17cloudinit: remove six from packaging/tooling (#253)Daniel Watkins
2020-03-14util/netbsd: drop six usage (#252)Daniel Watkins
Drop remaining python six usage
2020-03-13workflows: introduce stale pull request workflow (#125)Daniel Watkins
This workflow will label pull requests with "stale-pr" if they haven't seen activity for 14 days. It will then close them out after a further 7 days of inactivity.
2020-03-13cc_resolv_conf: introduce tests and stabilise output across Python versions ↵Daniel Watkins
(#251) This is a follow-up to #144 which fixed the rendering behaviour. While writing the tests, CI failed due to dict iteration differences across Python versions, so this also sorts output so that we will produce the same output across Python versions.
2020-03-12fix minor issue with resolv_conf template (#144)andreaf74
2020-03-12doc: CloudInit also support NetBSD (#250)Gonéri Le Bouder
Since 94838def772349387e16cc642b3642020e22deda, CloudInit supports NetBSD too.
2020-03-12Add Netbsd support (#62)Gonéri Le Bouder
Add support for the NetBSD Operating System. Features in this branch: * Add BSD distro parent class from which NetBSD and FreeBSD can specialize * Add *bsd util functions to cloudinit.net and cloudinit.net.bsd_utils * subclass cloudinit.distro.freebsd.Distro from bsd.Distro * Add new cloudinit.distro.netbsd and cloudinit.net.renderer for netbsd * Add lru_cached util.is_NetBSD functions * Add NetBSD detection for ConfigDrive and NoCloud datasources This branch has been tested with: - NoCloud and OpenStack (with and without config-drive) - NetBSD 8.1. and 9.0 - FreeBSD 11.2 and 12.1 - Python 3.7 only, because of the dependency oncrypt.METHOD_BLOWFISH. This version is available in NetBSD 7, 8 and 9 anyway
2020-03-11tox.ini: avoid substition syntax that causes a traceback on xenial (#245)Daniel Watkins
See the added comment for details.
2020-03-11Add pub_key_ed25519 to cc_phone_home (#237)Daniel Hensby
2020-03-11Introduce and use of a list of GitHub usernames that have signed CLA (#244)Daniel Watkins
The list so far is partial.
2020-03-10workflows/cla.yml: use correct username for CLA check (#243)Daniel Watkins
Instead of using the username that triggered the action (which, in the case of a committer merging master into a PR branch will be the committer), always use the username of the submitter of the pull request.
2020-03-10tox.ini: use xenial version of jsonpatch in CI (#242)Daniel Watkins
Now that we can distinguish between CI xenial dependencies and needed-to-run-on-dev-machine xenial depedencies, we can return to testing with the correct jsonpatch version.
2020-03-10workflows: CLA validation altered to fail status on pull_request (#164)Chad Smith
Github api doesn't allow read-write access to labels or comments when running from a pull_request fork during CI. This restriction results in an API error message: "Resource not accessible by integration" If we want to run this action per pull_request, we need to convert the action to fail the PR status check and emit the required steps to sign the CLA to the console on the PR's failed status tab.
2020-03-10tox.ini: bump pyflakes version to 2.1.1 (#239)Daniel Watkins
pyflakes versions older than 2.1.0 are incompatible with Python 3.8 (which is the Python version in the current Ubuntu development release). See https://github.com/PyCQA/pyflakes/issues/367 for details. 2.1.1 is the latest version ATM, so bump to that.
2020-03-10cloudinit: move to pytest for running tests (#211)Daniel Watkins
As the nose docs[0] themselves note, it has been in maintenance mode for the past several years. pytest is an actively developed, featureful and popular alternative that the nose docs themselves recommend. See [1] for more details about the thinking here. (This PR also removes stale tox definitions, instead of modifying them.) [0] https://nose.readthedocs.io/en/latest/ [1] https://lists.launchpad.net/cloud-init/msg00245.html
2020-03-10instance-data: add cloud-init merged_cfg and sys_info keys to json (#214)Chad Smith
Cloud-config userdata provided as jinja templates are now distro, platform and merged cloud config aware. The cloud-init query command will also surface this config data. Now users can selectively render portions of cloud-config based on: * distro name, version, release * python version * merged cloud config values * machine platform * kernel To support template handling of this config, add new top-level keys to /run/cloud-init/instance-data.json. The new 'merged_cfg' key represents merged cloud config from /etc/cloud/cloud.cfg and /etc/cloud/cloud.cfg.d/*. The new 'sys_info' key which captures distro and platform info from cloudinit.util.system_info. Cloud config userdata templates can render conditional content based on these additional environmental checks such as the following simple example: ``` ## template: jinja #cloud-config runcmd: {% if distro == 'opensuse' %} - sh /custom-setup-sles {% elif distro == 'centos' %} - sh /custom-setup-centos {% elif distro == 'debian' %} - sh /custom-setup-debian {% endif %} ``` To see all values: sudo cloud-init query --all Any keys added to the standardized v1 keys are guaranteed to not change or drop on future released of cloud-init. 'v1' keys will be retained for backward-compatibility even if a new standardized 'v2' set of keys are introduced The following standardized v1 keys are added: * distro, distro_release, distro_version, kernel_version, machine, python_version, system_platform, variant LP: #1865969
2020-03-05ec2: Do not fallback to IMDSv1 on EC2 (#216)Chad Smith
The EC2 Data Source needs to handle 3 states of the Instance Metadata Service configured for a given instance: 1. HttpTokens : optional & HttpEndpoint : enabled Either IMDSv2 or IMDSv1 can be used. 2. HttpTokens : required & HttpEndpoint : enabled Calls to IMDS without a valid token (IMDSv1 or IMDSv2 with expired token) will return a 401 error. 3. HttpEndpoint : disabled The IMDS http endpoint will return a 403 error. Previous work to support IMDSv2 in cloud-init handled case 1 and case 2. This commit handles case 3 by bypassing the retry block when IMDS returns HTTP status code >= 400 on official AWS cloud platform. It shaves 2 minutes when rebooting an instance that has its IMDS http token endpoint disabled but creates some inconsistencies. An instance that doesn't set "manual_cache_clean" to "True" will have its /var/lib/cloud/instance symlink removed altogether after it has failed to find a datasource.
2020-03-04instance-data: write redacted cfg to instance-data.json (#233)Chad Smith
When cloud-init persisted instance metadata to instance-data.json if failed to redact the sensitive value. Currently, the only sensitive key 'security-credentials' is omitted as cloud-init does not fetch this value from IMDS. Fix this by properly redacting the content from the public instance-metadata.json file while retaining the value in the root-only instance-data-sensitive.json file. LP: #1865947
2020-03-04net: support network-config:disabled on the kernel commandline (#232)Chad Smith
Allow disabling cloud-init's network configuration via a plain-text kernel cmdline Cloud-init docs indicate that users can disable cloud-init networking via kernel command line parameter 'network-config=<YAML>'. This does not work unless the <YAML> payload base64 encoded. Document the base64 encoding requirement and add a plain-text value for disabling cloud-init network config: network-config=disabled Also: - Log an error and ignore any plain-text network-config payloads that are not specifically 'network-config=disabled'. - Log a warning if network-config kernel param is invalid yaml but do not raise an exception, allowing boot to continue and use fallback networking. LP: #1862702
2020-03-03ec2: only redact token request headers in logs, avoid altering request (#230)Chad Smith
Our header redact logic was redacting both logged request headers and the actual source request. This results in DataSourceEc2 sending the invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which gets an HTTP status response of 400. Cloud-init retries this failed token request for 2 minutes before falling back to IMDSv1. LP: #1865882
2020-02-27docs: typo fixed: dta → dataAlexey Vazhnov
2020-02-27Fixes typo on Amazon Web Services (#217)Nick Wales
one line doc fix
2020-02-27Fix docs for OpenStack DMI Asset Tag (#228)Mark T. Voelker
In cloud-init 19.2, we added the ability for cloud-init to detect OpenStack platforms by checking for "OpenStack Compute" or "OpenStack Nova" in the chassis asset tag. However, this was never reflected in the documentation. This patch updates the datasources documentation for OpenStack to reflect the possibility of using the chassis asset tag. LP: #1669875
2020-02-25Add physical network type: cascading to openstack helpers (#200)sab-systems
* Add physical network type: cascading to openstack helpers * add new helpers test for checking all openstack KNOWN_PHYSICAL_TYPES get type 'physical'.
2020-02-25tests: add focal integration tests for ubuntu (#225)Chad Smith
2020-02-20Release 20.1 (#222)20.1Daniel Watkins
Bump the version in cloudinit/version.py to 20.1 and update ChangeLog. LP: #1863954
2020-02-20Update tooling for GitHub-based new releases (#223)Daniel Watkins
* tools/read-version: don't enforce version parity in release branch CI We have a bootstrapping problem with new releases, currently. To take the example of 20.1: the branch that bumps the version fails CI because there is no 20.1 tag for it to use in read-version. Previously, this was solved by creating a tag and pushing it to the cloud-init repo before the commit landed. However, we have GitHub branch protection enabled, so the commit that needs to be tagged is not created until the pull request lands in master. This works around this problem by introducing a very specific check: if we are performing CI for an upstream release branch, we skip the read-version checking that we know will fail. * tools/make-tarball: add --version parameter When using make-tarball as part of a CI build of a new upstream release, the version it determines is inconsistent with the version that other tools determine. Instead of encoding the logic here (as well as in Python elsewhere), we add a parameter to allow us to set it from outside the script. * packages/bddeb: handle missing version_long in new version CI If we're running in CI for a new upstream release, we have to use `version` instead of `version_long` (because we don't yet have the tag required to generate `version_long`).
2020-02-19ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)Ryan Harper
Instead of logging the token values used log the headers and replace the actual values with the string 'REDACTED'. This allows users to examine cloud-init.log and see that the IMDSv2 token header is being used but avoids leaving the value used in the log file itself. LP: #1863943
2020-02-18utils: use SystemRandom when generating random password. (#204)Dimitri John Ledkov
As noticed by Seth Arnold, non-deterministic SystemRandom should be used when creating security sensitive random strings.
2020-02-13docs: mount_default_files is a list of 6 items, not 7 (#212)Chad Smith
2020-02-13azurecloud: fix issues with instances not starting (#205)Ryan Harper
The azurecloud platform did not always start instances during collect runs. This was a result of two issues. First the image class _instance method did not invoke the start() method which then allowed collect stage to attempt to run scripts without an endpoint. Second, azurecloud used the image_id as both an instance handle (which is typically vmName in azure api) as well as an image handle (for image capture). Resolve this by adding a .vm_name property to the AzureCloudInstance and reference this property in AzureCloudImage. Also in this branch - Fix error encoding user-data when value is None - Add additional logging in AzureCloud platform - Update logging format to print pathname,funcName and line number This greatly eases debugging. LP: #1861921
2020-02-10unittest: fix stderr leak in cc_set_password random unittest output. (#208)Ryan Harper
2020-02-07cc_disk_setup: add swap filesystem force flag (#207)Ryan Harper
2020-02-07import sysvinit patches from freebsd-ports tree (#161)Igor Galić
bugzilla ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224361 svn rev: https://svnweb.freebsd.org/ports?view=revision&revision=457768
2020-02-07docs: fix typo (#195)Edwin Kofler
fixes typo at doc/examples/cloud-config-disk-setup.txt; Cavaut => Caveat
2020-02-03sysconfig: distro-specific config rendering for BOOTPROTO option (#162)Robert Schweikert
- Introduce the "flavor" configuration option for the sysconfig renderer this is necessary to account for differences in the handling of the BOOTPROTO setting between distributions (lp#1858808) + Thanks to Petr Pavlu for the idea - Network config clean up for sysconfig renderer + The introduction of the "flavor" renderer configuration allows us to only write values that are pertinent for the given distro - Set the DHCPv6 client mode on SUSE (lp#1800854) Co-authored-by: Chad Smith <chad.smith@canonical.com> LP: #1800854
2020-01-31cloudinit: replace "from six import X" imports (except in util.py) (#183)Daniel Watkins
2020-01-30run-container: use 'test -n' instead of 'test ! -z' (#202)Paride Legovini
Fixes shellcheck warning SC2236.
2020-01-30net/cmdline: correctly handle static ip= config (#201)Dimitri John Ledkov
It is proto 'none', not 'static' as was mistakenly implemented in initramfs-tools/cloud-init in the past, yet was never the case in the klibc ipconfig state file output. LP: #1861412
2020-01-29Replace mock library with unittest.mock (#186)Daniel Watkins
* cloudinit: replace "import mock" with "from unittest import mock" * test-requirements.txt: drop mock Co-authored-by: Chad Smith <chad.smith@canonical.com>
2020-01-29HACKING.rst: update CLA link (#199)Daniel Watkins
2020-01-29Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)Louis Bouchard
Make sure network_config is created when self._network_config is unset. Co-authored-by: Scott Moser <smoser@brickies.net>
2020-01-28cloudinit/cmd/devel/net_convert.py: add missing space (#191)Daniel Watkins
2020-01-28tools/run-container: drop support for python2 (#192)Paride Legovini
Drop support for specifying an Python interpreter different from python3 from tools/run-container.
2020-01-27Print ssh key fingerprints using sha256 hash (#188)Ryan Harper
LP: #1860789