| Age | Commit message (Collapse) | Author |
|---|
|
Add DataSourceLXD which knows how to talk to the dev-lxd socket to
obtain all instance metadata API:
https://linuxcontainers.org/lxd/docs/master/dev-lxd.
This first branch is to deliver feature parity with the existing
NoCloud datasource which is currently used to intialize LXC instances
on first boot.
Introduce a SocketConnectionPool and LXDSocketAdapter to support
performing HTTP GETs on the following routes which are surfaced by the
LXD host to all containers:
http://unix.socket/1.0/meta-data
http://unix.socket/1.0/config/user.user-data
http://unix.socket/1.0/config/user.network-config
http://unix.socket/1.0/config/user.vendor-data
These 4 routes minimally replace the static content provided in the
following nocloud-net seed files:
/var/lib/cloud/nocloud-net/{meta-data,vendor-data,user-data,network-config}
The intent of this commit is to set a foundation for LXD socket
communication that will allow us to build network hot-plug features
by eventually consuming LXD's websocket upgrade route 1.0/events to
react to network, meta-data and user-data config changes over time.
In the event that no custom network-config is provided, default to the
same network-config definition provided by LXD to the NoCloud
network-config seed file.
Supplemental features above NoCloud datasource:
surface all custom instance data config keys via cloud-init query ds
which aids in discoverability of features/tags/labels as well as
conditional #cloud-config jinja templates operations based on custom
config options.
TBD: better cloud-init query support for dot-delimited keys
|
|
Don't throw an exception when mirror arch is unspecified.
|
|
When we added the install hotplug module, we forgot to update the
redhet/cloud-init.spec.in file and allow for execution on /usr/libexec.
This PR adds that functionality.
|
|
|
|
Also, add the "signed by" option to source definitions. This enables
users to limit the scope of trust for individual keys.
LP: #1836336
|
|
This was fixed in 1bbc4908ff7a2be19483811b3b6fee6ebc916235
|
|
When ssh host keys are generated during initial boot the full output of
ssh-keygen, including the randomart for the key, is displayed on the
console for each of the generated key types, which takes up a large
amount of screen output (17 lines per key type).
With this change ssh-keygen output is still displayed by default.
Setting ssh_quiet_keygen to True will prevent ssh-keygen output from
appearing. If only the fingerprints of the host keys should be
displayed then this can be achieved using the existing
emit_keys_to_console and/or ssh_fp_console_blacklist settings.
|
|
This commit removes automatically installing udev rules for hotplug
and adds a module to install them instead.
Automatically including the udev rules and checking if hotplug was
enabled consumed too many resources in certain circumstances. Moving the
rules to a module ensures we don't spend extra extra cycles on hotplug
if hotplug functionality isn't desired.
LP: #1946003
|
|
The Alpine /etc/hosts template results in a file where the long form of
names (including localhost) come before the short form. This means that
when running tools like 'netstat' and 'ss' which convert IP address to
names that their output will show 'localhost.localdomain' rather than
'localhost.' This patch swaps the order of the short and long form names
so such utils will show the short form name.
It also removes several unnecessary IPv6-specific entries.
|
|
Also update travis to use python version for docs that readthedocs uses
|
|
Change DMI warning to a debug message to prevent it appearing on
console during boot of machines, such as Raspberry Pi, that do
not support DMI.
|
|
disable-sshd-keygen-if-cloud-init-active.conf (#1075)
Running 'systemd-analyze verify cloud-init-local.service'
triggers the following warning:
disable-sshhd-keygen-if-cloud-init-active.conf:8: Missing '=', ignoring line.
The string "EOF" is probably a typo, so remove it.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
|
The main idea is to introduce a second module that takes care of
writing files, but in the 'final' stage.
While the introduction of a second module would allow for choosing
the appropriate place withing the order of modules (and stages),
there is no addition top-level directive being added to the cloud
configuration schema. Instead, 'write-files' schema is being extended
to include a 'defer' attribute used only by the 'write-deffered-files'
modules.
The new module 'write-deferred-files' reuses as much as
possible of the 'write-files' functionality.
|
|
|
|
In jsonschema 4, hostname validation was changed to have an optional
dependency on the fqdn package. Since we don't have this dependency
in cloud-init, attempting this validation will no longer fail for
a string that isn't a valid hostname.
|
|
In some of the cases, the system-product-name is just google.
This is useful incase of nocloud where we use the disk to load the datasource
|
|
|
|
Various modules restart services and they all have logic to try and
detect if they are running on a system that needs 'systemctl' or
'service', and then have code to decide which order the arguments
need to be etc. On top of that, not all modules do this in the same way.
The duplication and different approaches are not ideal but this also
makes it hard to add support for a new distribution that does not use
either 'systemctl' or 'service'.
This change adds a new manage_service() method to the distro class
and updates several modules to use it.
|
|
|
|
When self.failed_desired_api_version was added to DataSourceAzure, the
attribute was never added to the _unpickle method using the upgrade
framework. This commit adds the attribute.
LP: #1946644
|
|
When default host keys are created by sshd-keygen (/etc/ssh/ssh_host_*_key)
in RHEL/CentOS/Fedora, openssh it performs the following:
# create new keys
if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
exit 1
fi
# sanitize permissions
/usr/bin/chgrp ssh_keys $KEY
/usr/bin/chmod 640 $KEY
/usr/bin/chmod 644 $KEY.pub
Note that the group ssh_keys exists only in RHEL/CentOS/Fedora.
Now that we disable sshd-keygen to allow only cloud-init to create
them, we miss the "sanitize permissions" part, where we set the group
owner as ssh_keys and the private key mode to 640.
According to https://bugzilla.redhat.com/show_bug.cgi?id=2013644#c8, failing
to set group ownership and permissions like openssh does makes the RHEL openscap
tool generate an error.
Signed-off-by: Emanuele Giuseppe Esposito eesposit@redhat.com
RHBZ: 2013644
|
|
There is no reason for the ISO missing this functionality.
As discussed in https://github.com/canonical/cloud-init/pull/947/files#r707338489
|
|
|
|
CloudStack DNS resolution should be done against
the DNS search domain (with the final dot, DNS
resolution does not work with e.g. Fedora 34)
LP: #1942232
|
|
PyYAML upgraded from 5.4.1 to 6.0.0. 6.0.0 always requires a `Loader`
arg to `yaml.load()`
|
|
Also added supporting distro/datasource classes and updated tests
that have a `get_cloud` call.
|
|
In some cloud-init enabled images the sshd-keygen@.service
may race with cloud-init and prevent ssh host keys from being
generated or generating host keys twice slowing boot and consuming
additional entropy during boot. This drop-in unit adds a condition to
the sshd-keygen@.service which prevents running if cloud-init is active.
|
|
Due to multiarch, the libdeployPkgPlugin.so is deployed into dir
/usr/lib/<multiarch name>/open-vm-tools, we need to add this path
into search_paths.
LP: #1944946
|
|
This patch addresses an issue caused when the v2 network config
directive "set-name" was used in conjunction with interface-
specific DNS settings. The patch adds a test to validate the fix.
For more information please see bug 1946493 as well as the issue
https://github.com/kubernetes-sigs/image-builder/issues/712.
LP: #1946493
|
|
Growpart uses mktemp internally to save some date. This could lead to
conflicts with tmpfile clean service during boot. This patch
explicitly make it uses a tmp file under /var/tmp
Signed-off-by: ushen <yshxxsjt715@gmail.com>
|
|
|
|
Allow comments in runcmd and report failed commands correctly
A `runcmd` script may fail to parse properly, but does not mark
`runcmd` as failed when that occurs. Additionally `shellify()` fails
to correctly parse scripts that contain a comment line.
Rectify both issues and add unit tests to verify correct behavior.
LP: #1853146
|
|
*_proxy: required for https_proxy and no_proxy
GOOGLE_* and GCP_*: see [1].
https://cloud.google.com/functions/docs/configuring/env-var#runtime_environment_variables_set_automatically
|
|
In #919 (81299de), we refactored some of the code used to bring up
networks across distros. Previously, the call to bring up network
interfaces during 'init' stage unintentionally resulted in a no-op
such that network interfaces were NEVER brought up by cloud-init, even
if new network interfaces were found after crawling the metadata.
The code was altered to bring up these discovered network interfaces.
On ubuntu, this results in a 'netplan apply' call during 'init' stage
for any ubuntu-based distro on a datasource that has a NETWORK
dependency. On GCE, this additional 'netplan apply' conflicts with the
google-guest-agent service, resulting in an instance that can no
be connected to.
This commit adds a 'disable_network_activation' option that can be
enabled in /etc/cloud.cfg to disable the activation of network
interfaces in 'init' stage.
LP: #1938299
|
|
Fixes the following pylint error:
cloudinit/net/renderer.py:12: [E0611(no-name-in-module), ]
No name 'generate_udev_rule' in module 'udev'
Likely a false positive, but we don't really need to keep the imports
relative, so let's convert them to absolute as a workaround.
|
|
OpenNebula 6.1.80 (current dev. version) is introducing new IPv6 gateway
contextualization variable ETHx_IP6_GATEWAY, which mimics existing
variable ETHx_GATEWAY6. The ETHx_GATEWAY6 used until now will
be depracated in future relase (ET spring 2022).
See:
- new variable - https://github.com/OpenNebula/one/commit/e4d2cc11b9f3c6d01b53774b831f48d9d089c1cc
- deprecation tracking issue - https://github.com/OpenNebula/one/issues/5536
Also, added support for SET_HOSTNAME context variable, which is
currently widely used variable to configure guest VM hostname. See
https://docs.opennebula.io/6.0/management_and_operations/references/template.html#context-section
|
|
|
|
Mapped from vlastimil-holer
|
|
Add MTU, accept-ra, routes, options and a direct way to provide intact
cloud configs for networking opposed to relying on configurations that
may need changed often.
|
|
On unit tests, tox is attempting to install 4.0, which fails two of
the unit tests, and fails python 3.5 as it is not compatible.
|
|
Cloud tests have been replaced with integration tests
|
|
|
|
Some modules' frequency are documented as `always` while others as
`per always`. The difference in wording can be confusing. This change
updates all such modules to use `always`.
Signed-off-by: Nicolas Bock <nicolas.bock@canonical.com>
|
|
growpart not working well for environment
using UTF-8 encoding. This patch forces
growpart command to use C locale.
Root issue likely:
https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1928167
|
|
|
|
|
|
|
|
Offload Vultr's vendordata assembly to the backend, correct vendordata
storage and parsing, allow passing critical data via the useragent,
better networking configuration for additional interfaces.
|
|
|
|
|
