| Age | Commit message (Collapse) | Author |
|---|
|
This adds an empty publish_host_keys() method to the default datasource
that is called by cc_ssh.py. This feature can be controlled by the
'ssh_publish_hostkeys' config option. It is enabled by default but can
be disabled by setting 'enabled' to false. Also, a blacklist of key
types is supported.
In addition, this change implements ssh_publish_hostkeys() for the GCE
datasource, attempting to write the hostkeys to the instance's guest
attributes. Using these hostkeys for ssh connections is currently
supported by the alpha version of Google's 'gcloud' command-line tool.
(On Google Compute Engine, this feature will be enabled by setting the
'enable-guest-attributes' metadata key to 'true' for the
project/instance that you would like to use this feature for. When
connecting to the instance for the first time using 'gcloud compute ssh'
the hostkeys will be read from the guest attributes for the instance and
written to the user's local known_hosts file for Google Compute Engine
instances.)
|
|
DataSource.get_hostname call signature changed to allow for metadata_only
parameter. The metadata_only=True parameter is passed to get_hostname
during init-local stage in order to set the system hostname if present in
metadata prior to initial network bring up.
Fix subclasses of DataSource which have overridden get_hostname to allow
for metadata_only param.
LP: #1757176
|
|
Last set of changes to GCE datasource broke reading of user-data
unless the user had base64 encoded their user-data and also set
user-data-encoding to 'base64'.
This fixes the issue.
LP: #1752711
|
|
The behavior changes and improvements include:
- Only import keys into the default user that contain the name of the
default user ('ubuntu', or 'centos') or that contain 'cloudinit'.
- Use instance or project level keys based on GCE convention.
- Respect expiration time when keys are set.
Do not import expired keys.
- Support ssh-keys in project level metadata (the GCE default).
As part of this change, we also update the request header when talking
to the metadata server based on the documentation:
https://cloud.google.com/compute/docs/storing-retrieving-metadata#querying
LP: #1670456, #1707033, #1707037, #1707039
|
|
Each DataSource subclass must define its own get_data method. This branch
formalizes our DataSource class to require that subclasses define an
explicit dsname for sourcing cloud-config datasource configuration.
Subclasses must also override the _get_data method or a
NotImplementedError is raised.
The branch also writes /run/cloud-init/instance-data.json. This file
contains all meta-data, user-data and vendor-data and a standardized set
of metadata keys in a json blob which other utilities with root-access
could make use of. Because some meta-data or user-data is potentially
sensitive the file is only readable by root.
Generally most metadata content types should be json serializable. If
specific keys or values are not serializable, those specific values will
be base64encoded and the key path will be listed under the top-level key
'base64-encoded-keys' in instance-data.json. If json writing fails due to
other TypeErrors or UnicodeDecodeErrors, a warning log will be emitted to
/var/log/cloud-init.log and no instance-data.json will be created.
|
|
This regressed in the rework of GCE datasource to have a main.
The fix really just stores the user-data that was read in
self.userdata_raw, rather than self.userdata. That is consistent
with other datasources and ulitimately how it was before the refactor.
The main is updated to address the fact that user-data is binary data
and may not be able to be printed.
LP: #1717598
|
|
This just adds a main to the GCE datasource so that it is easily
callable: python3 -m cloudinit.sources.DataSourceGCE
It also adds a log of the time it took to crawl.
|
|
Per the documentation at
https://cloud.google.com/compute/docs/storing-retrieving-metadata
The instance-level SSH key was named 'sshKeys' and now is 'ssh-keys'.
The project-level SSH key attribute has not changed so is intentionally
not changed here.
LP: #1693582
|
|
This will change all instances of LOG.warn to LOG.warning as warn
is now a deprecated method. It will also make sure any logging
uses lazy logging by passing string format arguments as function
parameters.
|
|
While documentation indicates that the smbios product name should
contain 'Google Compute Engine', experimentation and bug reports
indicate that is not always the case. The change here is to change
the check for GCE to also consider a serial number that starts with
'GoogleCompute-'.
Also, ds-identify was not currently searching for GCE if no config of
datasource_list was found. Most images have a datasource_list defined.
So update the list to include GCE.
LP: #1674861
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
pycodestyle 2.1.0 is in Ubuntu zesty, and complained about the
changes made here. Simple style changes. This makes 'make pep8'
pass again when built in a zesty build system with proposed enabled.
|
|
Only use strings in headers, as newer requests
actually do stricter validation of this, so ensure
that we comply by only having string objects in
header dicts.
|
|
This commit includes the content of that commit, plus a fix for the tests
(provided by Phil).
|
|
This change broke tox tests.
|
|
A bug was reported (lp:1581200) where if there is no DNS server configured
or it is not running then the metadata lookup on GCE will fail as it contains a
trailing dot 'metadata.google.internal.'. As there is no DNS configured or
running it will use the /etc/hosts file but the hosts file does not contain
an entry with the trailing dot.
One solution is to add an entry to the /etc/hosts file with the trailing dot
but according to the manpage, /etc/hosts entries must end with an alphanumeric
character and cannot end with a dot.
The trailing dot was added to avoid MIM by dns search but we should probably
assume the instance being started has no DNS and as such when querying
metadata should use a URL that will resolve using /etc/hosts.
LP: #1581200
|
|
|
|
Also implement DataSource.region for EC2 and GCE data sources.
|
|
|
|
|
|
|
|
|
|
|
|
UrlResponse: biggest change... make readurl return bytes, making user
know what to do with it.
util: add load_tfile_or_url for loading text file or url
as read_file_or_url now returns bytes
ec2_utils: all meta-data is text, remove non-obvious string translations
DigitalOcean: adjust for ec2_utils
DataSourceGCE, DataSourceMAAS: user-data is binary other fields are text.
openstack.py: read paths without decoding to text. This is ok as paths
other than user-data are json, and load_json will handle
load_file still returns text, and that is what most things use.
|
|
The sources.DataSource class has method defined as:
def get_hostname(self, fqdn=False, resolve_ip=False)
Make the parameter list for this method in DataSourceDigitalOcean
and DataSourceGCE consistent with superclass sources.DataSource.
|
|
|
|
|
|
|
|
|
|
|
|
this changes url_map to a list and adds 'required' information.
* If we've not already found an entry, and this is required,
then debug log (ie, this is just not GCE).
* if we already found an entry and this is required: warn
split the keys fixing out of the loop.
|
|
|
|
|
|
This just adds user-data in 'instance/attributes/user-data'.
Also turns retries to 0 on all other things.
|
|
this allows the metadata url to be
configured by setting:
datasource:
GCE:
metadata_url: <value>
Then also, if its not resolvable, we just deactivate the datasource quickly.
|
|
|
|
Got removed somehow
|
|
|
|
|
