Age | Commit message (Collapse) | Author |
|
LP: #810044
|
|
the new 'include-once' type will include a URL only once, and cache its
results. This way you can use expiring URLs or one-time use urls to
pass sensitive data to the instance. The instance will cache the result
in a local root only file for subsequent boots.
Additionally, add support for specifying public and private keys for
mcollective via cloud-config.
Both these features come via Marc Cluet.
|
|
base64 encode will grow with the size of the url, possibly resulting
in silly-long filenames. md5sum will keep it to a constant length.
|
|
at this point, the following user-data file in
/var/lib/cloud/seed/nocloud-net/user-data will do what you would expect:
$ cat > /var/lib/cloud/seed/nocloud-net/user-data <<EOF
#include-once
http://169.254.169.254/2011-01-01/user-data
EOF
$ python -c \
'import boto.utils, pprint; pprint.pprint(boto.utils.get_instance_metadata())' |
sudo tee /var/lib/cloud/seed/nocloud-net/meta-data
Then,
$ sudo sh -c 'for i in /var/lib/cloud/*; do [ ${i##*/} = "seed" ] &&
continue; rm -Rf "$i"; done'
$ sudo reboot
You will then find a file in /var/lib/cloud/instance/data/urlcache/
that has the contents of user-data from the metadata service.
It will not be downloaded again as long as that file is present.
|
|
|
|
Marc's implementation would only ever process the include-once urls a single
time. This changes that to process them every time, with the second time
coming from a file on disk rather than the url.
You can then do expiring or one time use URLs in the include-once and
have all function of if the content was there every time.
The cached file is readable by root-only.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
t1.micro do not have a ephemeral0 disk, but the metadata service will have
an entry there.
i386 t1.micro:
'block-device-mapping': {'ami': '/dev/sda1',
'ephemeral0': '/dev/sda2',
'root': '/dev/sda1'},
amd64 t1.micro:
'block-device-mapping': {'ami': '/dev/sda1',
'ephemeral0': '/dev/sdb',
'root': '/dev/sda1'},
LP: #744019
|
|
In the case where a seedfrom value was given on the command line or in the
config file, we were timing out in 2 seconds on the connection. That timeout
was put in place to support "probing" for sources, but seedfrom is explictly
given.
So, in that case, do a urllib.open without a timeout value. Looking at source
code, default timeout is 'socket._GLOBAL_DEFAULT_TIMEOUT', but rather than
importing that and using it, I will call without a timeout value.
LP: #812646
|
|
Thanks to Adam Gandalman and Marc Cluet for this fix.
LP: #812539
|
|
it is expected / understood that mknod would fail inside an lxc container.
So, if thats the case, just log a debug message saying so.
LP: #800856
|
|
|
|
LP: #802637
|
|
- Added new functionality to sanitise /etc/hosts
|
|
LP: #800824
|
|
LP: #785542
|
|
The primary motivation for this is so that 'nobootwait' is not hard
coded to appear in the fs_opts field.
LP: #785542
|
|
Previously, when cloud-config was ready, cloud-init would emit an
upstart event with:
initctl emit cloud-config
Now, that command is configurable via the 'cc_ready_cmd' value in
cloud.cfg or user data. The default behavior is not changed.
LP: #785551
|
|
|
|
This makes the prefix for entries added to root's authorized keys
configurable. Previously, the value was:
command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".\';echo;sleep 10\""
Now, at is configurable in cloud.cfg or user data by setting
'root_disabled_opts'.
Additionally, the default has been changed to include
'no-port-forwarding,no-agent-forwarding,no-X11-forwarding'
See LP: #798505 for more information on that.
Note, that 'no-pty' was *not* added to this list as adding it means the
user who simply does 'ssh root@host' gets a "cannot allocate pty" message
rather than seeing warning about using root.
LP: #798505
|
|
|
|
ssh starts (LP: #781101)
LP: #781101
|
|
LP: #797336
|
|
Now, if a Eucalyptus install is in STATIC or SYSTEM mode,
the metadata service can still be used. In order to do that,
the user must configure their DNS so that 'instance-data' will
resolve to the cloud controller.
Thanks to Kieran Evans.
LP: #761847
|
|
just to avoid unnecessary changes (and confusion in 'annotate')
|
|
|
|
removed extra args from string format
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
both http://169.254.169.254 and http://instance-data:8773 for meta data service.
LP: #761847
|
|
both http://169.254.169.254 and http://instance-data:8773 for meta data service.
LP: #761847
|
|
|
|
|
|
|
|
|
|
|
|
|
|
With newer ubuntu kernels the xen block devices are named xvd[a-z][0-9]
Ie, instead of /dev/sda1 the root device is /dev/xvda1.
LP: #752361
|