| Age | Commit message (Collapse) | Author |
|---|
|
Prior to this commit, when a user specified configuration which would
generate random passwords for users, cloud-init would cause those
passwords to be written to the serial console by emitting them on
stderr. In the default configuration, any stdout or stderr emitted by
cloud-init is also written to `/var/log/cloud-init-output.log`. This
file is world-readable, meaning that those randomly-generated passwords
were available to be read by any user with access to the system. This
presents an obvious security issue.
This commit responds to this issue in two ways:
* We address the direct issue by moving from writing the passwords to
sys.stderr to writing them directly to /dev/console (via
util.multi_log); this means that the passwords will never end up in
cloud-init-output.log
* To avoid future issues like this, we also modify the logging code so
that any files created in a log sink subprocess will only be
owner/group readable and, if it exists, will be owned by the adm
group. This results in `/var/log/cloud-init-output.log` no longer
being world-readable, meaning that if there are other parts of the
codebase that are emitting sensitive data intended for the serial
console, that data is no longer available to all users of the system.
LP: #1918303
|
|
PR #811 added a new config key, emit_keys_to_console, but didn't update the
documentation for mention it.
|
|
It is distro dependent whether hostname or fqdn is used
|
|
Specifically:
ssh:
emit_keys_to_console: false
We also port the cc_keys_to_console cloud tests to the new integration
testing framework, and add a test for this new option.
LP: #1915460
|
|
The company name has two distinct words.
Signed-off-by: Dan Kenigsberg <danken@redhat.com>
|
|
The documentation did not mention that the given data may not be the
exact string written: the cloud's random data may be added to it.
Additionally, the documentation of the command key was incorrect.
test_seed_random_data was updated to check that the given data is a
prefix of the written data, to match cloud-init's expected (and, now,
documented) behaviour.
LP: #1911227
|
|
This refactors cc_ca_certs to support non-ca-certificates distros, and
adds RHEL support.
|
|
|
|
Existing config writes keys to /etc/ssh after deleting files matching
a glob that includes certificate files. Since sshd looks for
certificates in the same directory as the keys, a host certificate
must be placed in this directory. This update enables the certificate's
contents to be specified along with the keys.
Co-authored-by: jonathan lung <lungj@heresjono.com>
Co-authored-by: jonathan lung <jlung@kepler.space>
|
|
On FreeBSD, if a UFS has trim: (-t) or MAC multilabel: (-l) flag, resize
FS fail, because the _can_skip_ufs_resize check gets tripped up by the
missing options.
This was reported at FreeBSD Bugzilla:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250496 and as
LP: #1901958
Rather than fixing the parser as in the patches proposed there (and
attempted in #636) this pull-request rips out all of it, and simplifies
the code. We now use `growfs -N` and check if that returns an error. If
it returns the correct kind of error, we can skip the resize, because we
either are at the correct size, or the filesystem in question is broken
or not UFS. If it returns the wrong kind of error, we just re-raise it.
LP: #1901958
|
|
Allow root user to validate the userdata provided to the launched
machine using `cloud-init devel schema --system`
|
|
* Fix awkward English in sentence
* Add the missing word "the"
* Fix misspelling
* Add @jsf9k as a contributor
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
a reboot after `gpart resize` hasn't been necessary since ca FreeBSD 9.2
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
For cc_users_groups the user setting "expiredate" must be quoted in
order for the relevant flag and value to be then passed to the useradd
command. It its vaiue is not quoted then it is treated as Python type
datetime.date and in `cloudinit/distros/__init__.py` the below "is it a
string" condition fails and so no "--expiredate" parameter is passed to
useradd and therefore it has no effect:
```
if key in useradd_opts and val and isinstance(val, str):
useradd_cmd.extend([useradd_opts[key], val])
```
For cc_users_groups, the user setting "inactive" does not actually
disable accounts, the useradd "--inactive" option actually defines the
number of days after password expiry that users can still login. So I
have changed the docs to show it taking a quoted value of days (which
works with the current code) rather than a boolean value. The quotes
are necessary, like expiredate above, so that the value is also passed
to the useradd command.
For cc_power_state_change.py the "delay" setting value needs to have
quotes around it as otherwise its leading plus sign will be stripped
off.
|
|
Reliable Scalable Cluster Technology (RSCT) is a set of software
components that together provide a comprehensive clustering
environment(RAS features) for IBM PowerVM based virtual machines. RSCT
includes the Resource Monitoring and Control (RMC) subsystem. RMC is a
generalized framework used for managing, monitoring, and manipulating
resources. RMC runs as a daemon process on individual machines and needs
creation of unique node id and restarts during VM boot.
LP: #1895979
Co-authored-by: Scott Moser <smoser@brickies.net>
|
|
`create_swap()` was previously catching and not re-raising the
ProcessExecutionError that indicated swap creation failure; this meant
that the fallback logic could never be triggered.
This commit adds the required re-raise (as well as removing a duplicated
log message).
LP: #1897099
|
|
The service installed by the CentOS and RHEL 'ntp' package is
ntpd.service
not
ntp.service
Fix that for those two distros.
Also fix chrony service from 'chrony' to 'chronyd'.
LP: #1897915
|
|
|
|
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
|
|
Under FreeBSD, we want to use "shutdown -p" for poweroff.
Alpine Linux also has some specificities.
We choose to define a method that returns the shutdown command line to
use, rather than a method that actually does the shutdown. This makes it
easier to have the tests in test_handler_power_state do their
verifications.
Two tests are added for the special behaviours that are known so far.
|
|
* LXD: detach network from profile before deleting it
When cleaning up the bridge network created by default by LXD as part
of the `lxd init` process detach the network its profile before deleting
it. LXD will otherwise refuse to delete it with error:
Error: The network is currently in use.
Discussion with LXD upstream: https://github.com/lxc/lxd/issues/7804.
LP: #1776958
* LXD bridge deletion: fail if bridge exists but can't be deleted
* LXD bridge deletion: remove useless failure logging
|
|
Changes:
tox: bump the pylint version to 2.6.0 in the default run
Fix pylint 2.6.0 W0707 warnings (raise-missing-from)
|
|
Update ssh_util.py with latest list of keys (from openssh-8.3p1/sshkey.c),
Added keys:
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
ssh-xmss-cert-v01@openssh.com
ssh-xmss@openssh.com
LP: #1877869
|
|
Add new module cc_apk_configure for creating Alpine /etc/apk/repositories file.
Modify cc_ca_certs, cc_ntp, cc_power_state_change, and cc_resolv_conf for Alpine.
Add Alpine template files for Chrony and Busybox NTP support.
Add Alpine template file for /etc/hosts.
|
|
According to man page `man 8 swapon', "Preallocated swap files are
supported on XFS since Linux 4.18". This patch checks for kernel version
before attepting to create swapfile, using dd for XFS only on kernel
versions <= 4.18 or btrfs.
Add new func util.kernel_version which returns a tuple of ints (major, minor)
Signed-off-by: Eduardo Otubo otubo@redhat.com
|
|
Few of the 'User and Groups' configurations in cloud-config have no effect on
already existing users. This was not documented earlier.
This change set adds that information to documentation.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
* Fix a typo in apt pipelining module
Changed `whcih` to `which`.
* Update .github-cla-signers
I have signed the CLA on Canonical's site, adding my username to list of CLA signers.
* Update .github-cla-signers
I need to sort the list alphabetically.
|
|
(#483)
Problem: When cc_ca_certs configuration has both "remove-defaults: true"
and also specifies one, or more, new trusted CAs to add then the resultant
/etc/ca-certificates.conf file's 1st line is blank. As noted in comments
in the existing cc_ca_certs.py code blank lines in this file cause problems.
Fix: Before adding the cloud-init CA filename to this file first check the
size of the file - if is is empty (as all existing CAs have been deleted)
then write only the cloud-init CA filename to the file rather than appending
it to the file.
|
|
* cloudinit: remove global disable of pylint W0107 and fix errors
This includes removing a test class which contained no tests but wasn't
detected as empty because of an errant pass statement.
* .pylintrc: update disable comment to match arguments
|
|
This includes a fix to a test that had a string concatenation issue, and
so was only testing a prefix of what was intended.
|
|
|
|
Do not fail if /etc/fstab is not present. Some images, like container
rootfs may not include this file by default.
LP: #1886531
|
|
test using it (#461)
caplog is only available in pytest itself from 3.0 onwards. In xenial, we only have pytest 2.8.7. However, in xenial we do have pytest-catchlog available (as python3-pytest-catchlog), so we use that where appropriate.
|
|
Create a schema object for the chef module and validate this schema in the handle function of the module.
Some of the config keys description, so I tried looking at the code and chef documentation to provide an information to the user. However, I don't know if I have the best description for all fields. For example, for the key show_time I could not find an accurate description of what it did, so I used what was in our code base to infer what it should do.
LP: #1858888
|
|
If the instance symlink doesn't exist, then we shouldn't create a
directory in its place, because that breaks future boots.
LP: #1883903
|
|
This was brought up in review of #416.
Makes sense to remove the local copy of "is this executable file".
|
|
runparts (run a directory of scripts) seems to fit well in subp
module. The request to move it there was raised in #416.
Replace use of logexc with LOG.debug as logexc comes from util.
|
|
This was painful, but it finishes a TODO from cloudinit/subp.py.
It moves the following from util to subp:
ProcessExecutionError
subp
which
target_path
I moved subp_blob_in_tempfile into cc_chef, which is its only caller.
That saved us from having to deal with it using write_file
and temp_utils from subp (which does not import any cloudinit things now).
It is arguable that 'target_path' could be moved to a 'path_utils' or
something, but in order to use it from subp and also from utils,
we had to get it out of utils.
|
|
Remove extra spaces after a ','
|
|
Replace the hardcoded list of devices with a more robust way of determining
the device which grub is installed to.
We use grub-probe to fetch the underlying disk the /boot directory is
located on, and attempt to match the disk with its /dev/disk/by-id value.
If no such /dev/disk/by-id/ value exists, we fallback to the plain disk
name.
The changes are robust to unstable kernel device names and ordering, and use
/dev/disk/by-id values to populate grub-pc/install_devices where possible.
LP: #1877491
|
|
Co-authored-by: Daniel Watkins <oddbloke@ubuntu.com>
|
|
And add an example of providing a list of assertions.
|
|
|
|
Specifically, ensure that given values are either strings, or arrays of strings.
|
|
We recently discovered that pylint is failing to report some errors when
invoked across our entire codebase (see
https://github.com/PyCQA/pylint/issues/3611). I've run pylint across
every Python file under cloudinit/[0], and this commit fixes the issues
so-discovered.
[0] find cloudinit/ -name "*.py" | xargs -n 1 -t .tox/pylint/bin/python -m pylint
|
|
We live in the future now.
|
|
Create a schema object for the `apt_configure` module and
validate this schema in the `handle` function of the module.
There are some considerations regarding this PR:
* The `primary` and `security` keys have the exact same properties. I
tried to eliminate this redundancy by moving their properties to a
common place and then just referencing it for both security and
primary. Similar to what is documented here:
https://json-schema.org/understanding-json-schema/structuring.html
under the `Reuse` paragraph. However, this approach does not work,
because the `#` pointer goes to the beginning of the file, which is
a python module instead of a json file, not allowing the pointer to
find the correct definition. What I did was to create a separate dict
for the mirror config and reuse it for primary and security, but
maybe there are better approaches to do that.
* There was no documentation for the config `debconf_selections`. I
tried to infer what it supposed to do by looking at the code and the
`debconf-set-selections` manpage, but my description may not be
accurate or complete.
* Add a _parse_description function to schema.py to render multi-line
preformatted content instead of squashing all whitespace
LP: #1858884
|
|
Add a unit test to validate if the examples provided in the config
modules are conforming to the concatenated schema of all config
modules. The rationale behind that is not only to verify if the
examples are correctly written but to assert that no config schema
is interfering with each other.
Failures in validate_cloudconfig_schema raise the
SchemaValidationError by using strict=True, so I have
only called the function passing the right schema examples to
validate.
This branch also fixes an invalid schema example in cc_snap.
LP: #1876412
|
|
|
