summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-09-25cli: add cloud-init query subcommand to query instance metadataChad Smith
Cloud-init caches any cloud metadata crawled during boot in the file /run/cloud-init/instance-data.json. Cloud-init also standardizes some of that metadata across all clouds. The command 'cloud-init query' surfaces a simple CLI to query or format any cached instance metadata so that scripts or end-users do not have to write tools to crawl metadata themselves. Since 'cloud-init query' is runnable by non-root users, redact any sensitive data from instance-data.json and provide a root-readable unredacted instance-data-sensitive.json. Datasources can now define a sensitive_metadata_keys tuple which will redact any matching keys which could contain passwords or credentials from instance-data.json. Also add the following standardized 'v1' instance-data.json keys:   - user_data: The base64encoded user-data provided at instance launch   - vendor_data: Any vendor_data provided to the instance at launch   - underscore_delimited versions of existing hyphenated keys:     instance_id, local_hostname, availability_zone, cloud_name
2018-09-25tools/tox-venv: update for new features.Scott Moser
This update to tox-venv allows you to do: ./tools/tox-venv py3 - tests/unittests/test_util.py
2018-09-21pylint: ignore warning assignment-from-no-return for _write_networkChad Smith
Distro subclasses arch, freebsd and debian still have a path with an implemented _write_network method which has a return value. Can drop this pylint ignore when _write_network is dropped from arch, freebsd and debian.
2018-09-20stages: Fix bug causing datasource to have incorrect sys_cfg.Scott Moser
The Init object had a bug/odd side effect where when retrieving a distro object it would update the datasources's sys_cfg. That was probably intended to refresh the possibly stale config stored there. Unfortunately what it actually did limit the config there to the 'system_info' top level key where initially it had the whole config. LP: #1787459
2018-09-20Remove dead-code _write_network distro implementations.Scott Moser
Any distro that has a '_write_nework_config' method should no longer get their _write_network called at all. So lets drop that code and raise a RuntimeError any time we got there. Replace the one caller of 'apply_network' (legacy openstack path) with a call to apply_network_config after converting the ENI to network config.
2018-09-18net_util: ensure static configs have netmask in translate_network resultThomas Berger
If a DataSource provides a network configuration in version 2 and runs on a distro which does not have a network renderer class in use, then the conversion of V2 to eni results in static ip configurations with subnet prefix-length (192.168.23.1/24) rather than explicit netmask value. When sending such a config to net_util.translate_network the resulting dictionary is missing the 'netmask' key for static configured addresses breaking network configurations on multiple distributions. This patch detects static ip configurations using prefix-length and converts the format into the previous 'address' and 'netmask' parts to keep compatibility for these distribtuions until they move to the v2 network configuration. LP: #1792454
2018-09-17Fall back to root:root on syslog permissions if other options fail.Robert Schweikert
If the user has removed the default configuration file or does not set the syslog_fix_perms config option the user still ends up with a warning on SUSE distributions. Add root:root to the default builtin config.
2018-09-17tests: Add mock for util.get_hostname.Robert Schweikert
At present the host network settings bleed into the test environment causing the test test_handler_apt_source_v3 to fail if the host has a domain setting other then localdomain. LP: #1792799
2018-09-14ds-identify: doc string cleanup.Scott Moser
There was a typo in the doc string at the top of ds-identify (disable -> disabled). That is fixed here as well as adding some better examples on content in /etc/cloud/ds-identify.cfg.
2018-09-14OpenStack: Support setting mac address on bond.Fabian Wiesel
Fix a bug where setting of mac address on a bond device was ignored when provided in OpenStack network_config.json. LP: #1682064
2018-09-14bash_completion/cloud-init: fix shell syntax error.Scott Moser
A syntax error creeped in with commit c7555762f3a3.
2018-09-13EphemeralIPv4Network: Be more explicit when adding default route.Scott Moser
On OpenStack based OVH public cloud, we got DHCP response with   fixed-address 54.36.113.86;   option subnet-mask 255.255.255.255;   option routers 54.36.112.1; The router clearly is not on the subnet. So 'ip' would fail when we tried to add the default route. The solution here is to add an explicit route on that interface to the router and then add the default route. Also add 'bgpovs' to the list of 'physical' types for OpenStack network configuration. That type is used on OVH public cloud. LP: #1792415
2018-09-13OpenStack: support reading of newer versions of metdata.Scott Moser
Mark as supported for reading some newer versions of openstack metadata: 2016-06-30 : Newton one 2016-10-06 : Newton two 2017-02-22 : Ocata 2018-08-27 : Rocky
2018-09-12OpenStack: fix bug causing 'latest' version to be used from network.Scott Moser
Cloud-init was reading a list of versions from the OpenStack metadata service (http://169.254.169.254/openstack/) and attempt to select the newest known supported version. The problem was that the list of versions was not being decoded, so we were comparing a list of bytes (found versions) to a list of strings (known versions). LP: #1792157
2018-09-11user-data: jinja template to render instance-data.json in cloud-configChad Smith
Allow users to provide '## template: jinja' as the first line or their #cloud-config or custom script user-data parts. When this header exists, the cloud-config or script will be rendered as a jinja template. All instance metadata keys and values present in /run/cloud-init/instance-data.json will be available as jinja variables for the template. This means any cloud-config module or script can reference any standardized instance data in templates and scripts. Additionally, any standardized instance-data.json keys scoped below a '<v#>' key will be promoted as a top-level key for ease of reference in templates. This means that '{{ local_hostname }}' is the same as using the latest '{{ v#.local_hostname }}'. Since instance-data is written to /run/cloud-init/instance-data.json, make sure it is persisted across reboots when the cached datasource opject is reloaded. LP: #1791781
2018-09-08config: disable ssh access to a configured user accountChad Smith
Cloud config can now disable ssh access to non-root users. When defining the 'users' list in cloud-configuration a boolean 'ssh_redirect_user: true' can be provided to disable ssh logins for that user. Any ssh 'public-keys' defined in cloud meta-data will be added and disabled in .ssh/authorized_keys. Any attempts to ssh as this user using acceptable ssh keys will be presented with a message like the following: Please login as the user "ubuntu" rather than the user "youruser".
2018-09-05tests: print failed testname instead of docstring upon failureChad Smith
2018-09-05tests: Disallow use of util.subp except for where needed.Scott Moser
In many cases, cloud-init uses 'util.subp' to run a subprocess. This is not really desirable in our unit tests as it makes the tests dependent upon existance of those utilities. The change here is to modify the base test case class (CiTestCase) to raise exception any time subp is called. Then, fix all callers. For cases where subp is necessary or actually desired, we can use it via   a.) context hander CiTestCase.allow_subp(value)   b.) class level self.allowed_subp = value Both cases the value is a list of acceptable executable names that will be called (essentially argv[0]). Some cleanups in AltCloud were done as the code was being updated.
2018-09-05sysconfig: refactor sysconfig to accept distro specific templates pathsRyan Harper
Multiple distros use sysconfig format but have different content and paths to certain files. Update distros to specify these template paths in their renderer_configs dictionary.
2018-09-01Add unit tests for config/cc_ssh.pyFrancis Ginther
These tests focus on the apply_credentials method and the ssh setup for root and a distro default user.
2018-08-31Fix the built-in cloudinit/tests/helpers:skipIfScott Moser
this version uses unittest2 skipIf which is present in our python 2.6 environment.
2018-08-31read-version: enhance error messageJoshua Powers
The error message when read-vesion is not very useful and does not help the end-user know how to overcome the issue. This adds a short message explaining that the user does not have the latest upstream tags and how to get those tags.
2018-08-31hyperv_reporting_handler: simplify threaded publisherRyan Harper
Switch the implementation to a daemon thread which uses a blocking get from the Queue. No additional locking or flag checking is needed since the Queue itself handles acquiring the lock as needed. cloud-init only has a single producer (the main thread calling publish) and the consumer will read all events in the queue and write them out. Using the daemon mode of the thread handles flushing the queue on main exit in python3; in python2.7 we handle the EOFError that results when the publish thread calls to get() fails indicating the main thread has exited. The result is that the handler is no longer spawing a thread on each publish event but rather creates a single thread when we start up the reporter and we remove any additional use of separate locks and flags as we only have a single Queue object and we're only calling queue.put() from main thread and queue.get() from consuming thread.
2018-08-28VMWare: Fix a network config bug in vm with static IPv4 and no gateway.Pengpeng Sun
The issue is when customize a VM with static IPv4 and without gateway, it will still extend route list and will loop a gateways list which is None. This fix is to make sure when no gateway is here, it will not extend route list. LP: #1766538
2018-08-24logging: Add logging config type hyperv for reporting via Azure KVPAndy Liu
Linux guests can provide information to Hyper-V hosts via KVP. KVP allows the guests to provide any string key-value-pairs back to the host's registry. On linux, kvp communication pools are presented as pool files in /var/lib/hyperv/.kvp_pool_#. The following reporting configuration can enable this kvp reporting in addition to default logging if the pool files exist: reporting:     logging:         type: log     telemetry:         type: hyperv
2018-08-23tests: disable other snap test as wellJoshua Powers
The snap test requires access to a proxy and currently the integration tests do not handle this scenario. I am disabling the test until I can loop back around and fix this.
2018-08-20tests: disable snap, fix write_files binaryJoshua Powers
The snap test requires access to a proxy and currently the integration tests do not handle this scenario. I am disabling the test untill I can loop back around and fix this. The write_files test, specifically, the binary test is failing on cosmic because the "binary" file we were writting was not a complete elf executable, but we expected 'file' to identify it as such. The change here is to simply use some 24 bytes of random, non-utf data and check that file was written correctly via expected checksum.
2018-08-17Add datasource Oracle Compute Infrastructure (OCI).Scott Moser
This adds a Oracle specific datasource that functions with OCI. It is a simplified version of the OpenStack metadata server with support for vendor-data. It does not support the OCI-C (classic) platform. Also here is a move of BrokenMetadata to common 'sources' as this was the third occurrence of that class.
2018-08-17azure: allow azure to generate network configuration from IMDS per boot.Chad Smith
Azure datasource now queries IMDS metadata service for network configuration at link local address http://169.254.169.254/metadata/instance?api-version=2017-12-01. The azure metadata service presents a list of macs and allocated ip addresses associated with this instance. Azure will now also regenerate network configuration on every boot because it subscribes to EventType.BOOT maintenance events as well as the 'first boot' EventType.BOOT_NEW_INSTANCE. For testing add azure-imds --kind to cloud-init devel net_convert tool for debugging IMDS metadata. Also refactor _get_data into 3 discrete methods:   - is_platform_viable: check quickly whether the datasource is     potentially compatible with the platform on which is is running   - crawl_metadata: walk all potential metadata candidates, returning a     structured dict of all metadata and userdata. Raise InvalidMetaData on     error.   - _get_data: call crawl_metadata and process results or error. Cache     instance data on class attributes: metadata, userdata_raw etc.
2018-08-17Scaleway: Add network configuration to the DataSourceLouis Bouchard
DEP_NETWORK is removed since the network_config must run at each boot. New EventType.BOOT event is used for that. Network is brought up early to fetch the metadata which is required to configure the network (ipv4 and/or v6). Adds unittests for the following and fixes test_common for LOCAL and NETWORK sets.
2018-08-07docs: Fix example cloud-init analyze command to match output.Wesley Gao
Fix a typo in in documentation that showed 'analyze blame' but intended to show 'analyze dump'.
2018-08-06netplan: Correctly render macaddress on a bonds and bridges when provided.Scott Moser
When converting network config v1 to netplan, we were not correctly rendering the 'macaddress' key on a bond. Not that the difference in spelling between v1 'mac_address' and v2 'macaddress' is intentional. Also fixed here is rendering of the macaddress for bridges. LP: #1784699
2018-08-06tools: Add 'net-convert' subcommand command to 'cloud-init devel'.Scott Moser
Move the tools/net-convert.py to be exposed as part of 'cloud-init devel' subcommands. It can now be called like: $ cloud-init devel net-convert Or, if you just have checked out source (and no cli executable):   $ python3 -m cloudinit.cmd.devel.net_convert or   $ python3 -m cloudinit.cmd.main devel net-convert
2018-08-06redhat: remove ssh keys on new instance.Scott Moser
This changes redhat's default behavior to remove the ssh keys on new instance (ssh_deletekeys will now be at its default true value). On redhat systems, cloud-init.service has both: Wants=sshd-keygen.service Before=sshd-keygen.serviceh Which is why 'ssh_genkeytypes' is set to None (yaml '~' == yaml null == python none). I've changed that to be null as it seems more clear and we do not use the tilda anywhere else in configs. LP: #1781094 rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1598832
2018-08-03Use typeset or local in profile.d scripts.Scott Moser
Bash and most other "bourne-like" shells allow declaring function local variables via 'local'. ksh does not. Instead of using 'local' always, use 'typeset' when the KSH_VERSION variable is present in environment. LP: #1784713
2018-08-03OpenNebula: Fix null gateway6Akihiko Ota
The OpenNebula data source generates an invalid netplan yaml file if the IPv6 gateway is not defined in context.sh. LP: #1768547
2018-07-31oracle: fix detect_openstack to report True on OracleCloud.com DMI dataChad Smith
The OpenStack datasource in 18.3 changed to detect data in the init-local stage instead of init-network and attempted to redetect OpenStackLocal datasource on Oracle across reboots. The function detect_openstack was added to quickly detect whether a platform is OpenStack based on dmi product_name or chassis_asset_tag and it was a bit too strict for Oracle in checking for 'OpenStack Nova'/'Compute' DMI product_name. Oracle's DMI product_name reports 'SAtandard PC (i440FX + PIIX, 1996)' and DMI chassis_asset_tag is 'OracleCloud.com'. detect_openstack function now adds 'OracleCloud.com' as a supported value 'OracleCloud.com' to valid chassis-asset-tags for the OpenStack datasource. LP: #1784685
2018-07-27tests: improve LXDInstance trying to workaround or catch bug.Scott Moser
Described in bug 1783198 we have seen some transient failures when using pylxd -> lxd api. This does: * adds a str() representation of LXDInstance * checks the value of the pylxd_container object on instantion * sets pylxd_container object to None on deletion. * adds retry logic to shutdown()
2018-07-26update_metadata re-config on every boot comments and tests not quite rightMike Gerdts
The comment in update_metadata() that explains how a datasource should enable network reconfig on every boot presumes that EventType.BOOT_NEW_INSTANCE is a subset of EventType.BOOT. That's not the case, and as such a datasource that needs to configure networking when it is a new instance and every boot needs to include both event types. To make the situation above easier to debug, update_metadata() now logs when it returns false. To make it so that datasources do not need to test before appending to the update_events['network'], it is changed from a list to a set. test_update_metadata_only_acts_on_supported_update_events is updated to allow datasources to support EventType.BOOT. Author: Mike Gerdts <mike.gerdts@joyent.com>
2018-07-23tests: Collect build_info from system if available.Scott Moser
This adds a script to always get the /etc/cloud/build.info file if it exists, and a hook when preparing the image to log the information if it is available. INFO - setting up ubuntu-cosmic (build_name=server serial=20180718) This is just useful for debug and reproduce.
2018-07-21pylint: Fix pylint warnings reported in pylint 2.0.0.Scott Moser
Pylint 2.0.0 was recently released and complains more about logging-not-lazy than it used to. I've fixed those warnings, here. The changes in rh_subscription are more extensive. pylint may be complaining incorrectly there, but the tests were not correctly un-doing all of their mock/patching. This cleans those up and makes pylint happy.
2018-07-20get_linux_distro: add support for rhel via redhat-release.Scott Moser
Add examples and tests for RHEL values of redhat-release and os-release. These examples were collected from IBMCloud images. on rhel systems 'platform.dist()' returns 'redhat' rather than 'rhel' so we have adjusted the response to align there.
2018-07-20get_linux_distro: add support for centos6 and rawhide flavors of redhatChad Smith
An empty /etc/os-release exists on some redhat images, most notably the COPR build images of centos6 and rawhide. On platforms missing /etc/os-release or having an empty /etc/os-release file, use _parse_redhat_release on rhel-based images to obtain distribution and release codename information. LP: #1781229
2018-07-17tools: add '--debug' to tools/net-convert.pyScott Moser
In order to see some of the WARNING messages added by bug 1774666 I wanted logging output of tools/net-convert. This does: a.) add '--debug' and make it print the network state and read yaml only if --debug is provided. b.) set up basic logging so warnings goes to console by default and debug goes to console if --debug is provided.
2018-07-16tests: bump the version of paramiko to 2.4.1.Scott Moser
Paramiko version 2.4.0 had a CVE (CVE-2018-7750) against it. It is not likely particularly worrisome for our integration tests, but we might as well bump it.
2018-07-09docs: note in rtd about avoiding /tmp when writing filesChad Smith
LP: #1727876
2018-07-09ubuntu,centos,debian: get_linux_distro to align with platform.distChad Smith
A recent commit added get_linux_distro to replace the deprecated python platform.dist module behavior before it is dropped from python. It added behavior that was compliant on OpenSuSE and SLES, by returning (<distro_name>, <distro_version>, <cpu-arch>). Fix get_linux_distro to behave more like the specific distribution's platform.dist on ubuntu, centos and debian, which will return the distribution release codename as the third element instead of <cpu-arch>. SLES and OpenSUSE will retain their current behavior. Examples follow: ('sles', '15', 'x86_64') ('opensuse', '42.3', 'x86_64') ('debian', '9', 'stretch') ('ubuntu', '16.04', 'xenial') ('centos', '7', 'Core') LP: #1780481
2018-07-03Fix boothook docs on environment variable name (INSTANCE_I -> INSTANCE_ID)Marc Tamsky
2018-07-01update_metadata: a datasource can support network re-config every bootChad Smith
Very basic type definitions are now defined to distinguish 'boot' events from 'new instance (first boot)'. Event types will now be handed to a datasource.update_metadata method which can determine whether to refresh its metadata and re-render configuration based on that source event. A datasource can 'subscribe' to an event by setting up the update_events attribute on the datasource class which describe what config scope is updated by a list of matching events. By default datasources will have the following update_events: {'network': [EventType.BOOT_NEW_INSTANCE]} This setting says the datasource will re-write network configuration only on first boot of a new instance or when the instance id changes. New methods are now present on the datasource: - clear_cached_attrs: Resets cached datasource attributes to values listed in datasource.cached_attr_defaults. This is performed prior to processing a fresh metadata process to avoid keeping old/invalid cached data around. - update_metadata: accepts source_event_types to determine if the metadata should be crawled again and processed
2018-06-28tests: drop salt-minion integration testScott Moser
The salt minion integration test as we had it did not do a whole lot more than the unit tests on that module did. Additionally, it caused some transient failures at least in Ubuntu 18.04. At a future date we may choose to add an integration test that installs salt-minion and salt server and configures it to be a better test. LP: #1778737