| Age | Commit message (Collapse) | Author |
|---|
|
When cloud-init persisted instance metadata to instance-data.json
if failed to redact the sensitive value. Currently, the only sensitive
key 'security-credentials' is omitted as cloud-init does not fetch
this value from IMDS.
Fix this by properly redacting the content from the public
instance-metadata.json file while retaining the value in the root-only
instance-data-sensitive.json file.
LP: #1865947
|
|
Allow disabling cloud-init's network configuration via a plain-text kernel cmdline
Cloud-init docs indicate that users can disable cloud-init networking via kernel
command line parameter 'network-config=<YAML>'. This does not work unless
the <YAML> payload base64 encoded. Document the base64 encoding
requirement and add a plain-text value for disabling cloud-init network config:
network-config=disabled
Also:
- Log an error and ignore any plain-text network-config payloads that are
not specifically 'network-config=disabled'.
- Log a warning if network-config kernel param is invalid yaml but do not
raise an exception, allowing boot to continue and use fallback networking.
LP: #1862702
|
|
Our header redact logic was redacting both logged request headers and
the actual source request. This results in DataSourceEc2 sending the
invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which
gets an HTTP status response of 400.
Cloud-init retries this failed token request for 2 minutes before
falling back to IMDSv1.
LP: #1865882
|
|
|
|
one line doc fix
|
|
In cloud-init 19.2, we added the ability for cloud-init to detect
OpenStack platforms by checking for "OpenStack Compute" or "OpenStack
Nova" in the chassis asset tag. However, this was never reflected
in the documentation. This patch updates the datasources documentation
for OpenStack to reflect the possibility of using the chassis asset tag.
LP: #1669875
|
|
* Add physical network type: cascading to openstack helpers
* add new helpers test for checking all openstack KNOWN_PHYSICAL_TYPES get type 'physical'.
|
|
|
|
Bump the version in cloudinit/version.py to 20.1 and
update ChangeLog.
LP: #1863954
|
|
* tools/read-version: don't enforce version parity in release branch CI
We have a bootstrapping problem with new releases, currently. To take
the example of 20.1: the branch that bumps the version fails CI because
there is no 20.1 tag for it to use in read-version. Previously, this
was solved by creating a tag and pushing it to the cloud-init repo
before the commit landed. However, we have GitHub branch protection
enabled, so the commit that needs to be tagged is not created until the
pull request lands in master.
This works around this problem by introducing a very specific check: if
we are performing CI for an upstream release branch, we skip the
read-version checking that we know will fail.
* tools/make-tarball: add --version parameter
When using make-tarball as part of a CI build of a new upstream release,
the version it determines is inconsistent with the version that other
tools determine. Instead of encoding the logic here (as well as in
Python elsewhere), we add a parameter to allow us to set it from outside
the script.
* packages/bddeb: handle missing version_long in new version CI
If we're running in CI for a new upstream release, we have to use
`version` instead of `version_long` (because we don't yet have the tag
required to generate `version_long`).
|
|
Instead of logging the token values used log the headers and replace the actual
values with the string 'REDACTED'. This allows users to examine cloud-init.log
and see that the IMDSv2 token header is being used but avoids leaving the value
used in the log file itself.
LP: #1863943
|
|
As noticed by Seth Arnold, non-deterministic SystemRandom should be
used when creating security sensitive random strings.
|
|
|
|
The azurecloud platform did not always start instances
during collect runs. This was a result of two issues. First
the image class _instance method did not invoke the start()
method which then allowed collect stage to attempt to run
scripts without an endpoint. Second, azurecloud used the
image_id as both an instance handle (which is typically
vmName in azure api) as well as an image handle (for image
capture). Resolve this by adding a .vm_name property to
the AzureCloudInstance and reference this property in
AzureCloudImage.
Also in this branch
- Fix error encoding user-data when value is None
- Add additional logging in AzureCloud platform
- Update logging format to print pathname,funcName and line number
This greatly eases debugging.
LP: #1861921
|
|
|
|
|
|
bugzilla ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224361
svn rev: https://svnweb.freebsd.org/ports?view=revision&revision=457768
|
|
fixes typo at doc/examples/cloud-config-disk-setup.txt; Cavaut => Caveat
|
|
- Introduce the "flavor" configuration option for the sysconfig renderer
this is necessary to account for differences in the handling of the
BOOTPROTO setting between distributions (lp#1858808)
+ Thanks to Petr Pavlu for the idea
- Network config clean up for sysconfig renderer
+ The introduction of the "flavor" renderer configuration allows us
to only write values that are pertinent for the given distro
- Set the DHCPv6 client mode on SUSE (lp#1800854)
Co-authored-by: Chad Smith <chad.smith@canonical.com>
LP: #1800854
|
|
|
|
Fixes shellcheck warning SC2236.
|
|
It is proto 'none', not 'static' as was mistakenly implemented in
initramfs-tools/cloud-init in the past, yet was never the case in the
klibc ipconfig state file output.
LP: #1861412
|
|
* cloudinit: replace "import mock" with "from unittest import mock"
* test-requirements.txt: drop mock
Co-authored-by: Chad Smith <chad.smith@canonical.com>
|
|
|
|
Make sure network_config is created when self._network_config is unset.
Co-authored-by: Scott Moser <smoser@brickies.net>
|
|
|
|
Drop support for specifying an Python interpreter different from python3
from tools/run-container.
|
|
LP: #1860789
|
|
* packages/brpm: switch to python3
No changes needed other than changing the shebang interpreter.
* pkg-deps.json: bump the redhat build dependencies to python36
CentOS 7 (our standard target for the COPR test builds) uses python3.6
as its default python3 interpreter, so let's bump the build dependencies
accordingly.
|
|
Increasing the bits of security from 52 to 115.
LP: #1860795
|
|
|
|
We only run on Python 3 now, so we can unambiguously expect
unittest.mock to exist.
|
|
When creating a swap file on an xfs filesystem, fallocate cannot be used.
Doing so results in failure of swapon and a message like:
swapon: swapfile has holes
The solution here is to maintain a list (currently containing only XFS)
of filesystems where fallocate cannot be used. The, on those fileystems
use the slower but functional 'dd' method.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Co-authored-by: Adam Dobrawy <naczelnik@jawnosc.tk>
Co-authored-by: Scott Moser <smoser@brickies.net>
Co-authored-by: Daniel Watkins <daniel@daniel-watkins.co.uk>
LP: #1781781
|
|
This should ensure that all its dependencies are installed during doc
generation.
LP: #1860450
|
|
(#180)
doc-requirements.txt: pin Sphinx at version used by RTD
Introduce a configuration file containing our existing web-based configuration.
|
|
|
|
* url_helper: drop six
* url_helper: sort imports
* log: drop six
* log: sort imports
* handlers/__init__: drop six
* handlers/__init__: sort imports
* user_data: drop six
* user_data: sort imports
* sources/__init__: drop six
* sources/__init__: sort imports
* DataSourceOVF: drop six
* DataSourceOVF: sort imports
* sources/helpers/openstack: drop six
* sources/helpers/openstack: sort imports
* mergers/m_str: drop six
This also allowed simplification of the logic, as we will never
encounter a non-string text type.
* type_utils: drop six
* mergers/m_dict: drop six
* mergers/m_list: drop six
* cmd/query: drop six
* mergers/__init__: drop six
* net/cmdline: drop six
* reporting/handlers: drop six
* reporting/handlers: sort imports
|
|
|
|
Co-Authored-By: Daniel Watkins <daniel@daniel-watkins.co.uk>
|
|
This makes it clearer that we should only use this in code paths that
will definitely have dpkg available to them.
- Rename get_architecture -> get_dpkg_architecture
- Add docstring to get_dpkg_architecture
|
|
* Ensure util.get_architecture() runs only once
util.get_architecture() recently was wrapped using python3's lru_cache()
which will cache the result so we only invoke 'dpkg --print-architecture'
once. In practice, cloud-init.log will show multiple invocations of the
command. The source of this was that the debian Distro object implements
the get_primary_arch() with this command, but it was not calling it from
util, but issuing a util.subp() directly. This branch also updates
cc_apt_configure methods to fetch the arch value from the distro class,
and then ensure that the methods apt_configure calls pass the arch value
around.
* utils: remove lsb_release and get_architecture wrappers
The original lsb_release wrapper was used to prevent polluting the
single value we cached, however lru_cache() already handles this
case by using args, kwargs values to cache different calls to the
method.
* rename_apt_list: use all positional parameters
|
|
Currently, cloud-init will happily try to run `gpart` on Linux even
though on most distributions this a different tool [1]. Extend the
availability check to make sure the `gpart` present is really the BSD
variant, to avoid accidental execution.
Also add a pointer to the docs, so that people do not try to install
gpart on Linux in the expectation it will work with this module.
[1] https://github.com/baruch/gpart
|
|
We often map exception when is not necessary. This commit clean up
the FreeBSD distro file.
|
|
Adapt the test to the new capitalization introduced in
8116493950e7c47af0ce66fc1bb5d799ce5e477a.
|
|
Also fix bugs:
- pass binary instead of string to sysctlbyname(), and
- unpack the "return value" in a struct, rather than in single integer.
LP: #1853160
Co-Authored-By: Ryan Harper <ryan.harper@canonical.com>
|
|
Check whether the pull request submitter has signed the CLA due
to presence of github.actor in tools/.lp-to-git-user
Set 'CLA signed' if present, 'CLA not signed' label if absent
* grep for the full github username in CLA file
Co-authored-by: Daniel Watkins <daniel@daniel-watkins.co.uk>
|
|
Mapped from daniel-thewatkins
|
|
* net: fix rendering of 'static6' in network config
A V1 static6 network typo was misrendered in eni, it's not valid.
It was ignored in sysconfig and netplan. This branch fixes eni,
updates sysconfig, netplan to render it correctly and adds unittests
for all cases.
Reported-by: Raphaël Enrici
LP: #1850988
* net: add comment about static6 type in subnet_is_ipv6
Co-authored-by: Chad Smith <blackboxsw@gmail.com>
Co-authored-by: Daniel Watkins <daniel@daniel-watkins.co.uk>
|
|
Mapped from otubo
|
|
* Make DistroChecker test work with Python 3.8
In Python 3.8, `platform.linux_distribution` has been removed. This was
anticipated, and the cloud-init code uses its own
`util.get_linux_distro` instead, which works fine w/o
`platform.linux_distribution`. However, these tests still try to mock
the platform function, which fails if it doesn't exist (Python 3.8).
Instead, mock the new function here, as this is a test for code that
depends on it rather than the function itself.
* Make GetLinuxDistro tests work with Python 3.8
In Python 3.8, `platform.dist` was removed, so allow mock to create the
function by setting `create=True`.
* Make linter happy in Python 3.8
Suppress E1101(no-member) as this function was removed.
|
