Age | Commit message (Collapse) | Author |
|
When cloud-init ran in the init stage (after networking had come up).
A bug could occur where cloud-init would attempt and fail to rename
network devices that had "inherited" mac addresses.
The intent of apply_network_config_names was always to rename only
the devices that were "physical" per the network config. (This would
include veth devices in a container). The bug was in creating
the dictionary of interfaces by mac address. If there were multiple
interfaces with the same mac address then renames could fail.
This situation was guaranteed to occur with bonds or vlans or other
devices that inherit their mac.
The solution is to change get_interfaces_by_mac to skip interfaces
that have an inherited mac.
Also drop the 'devs' argument to get_interfaces_by_mac. It was
non-obvious what the result should be if a device in the input
list was filtered out. ie should the following have an entry for
bond0 or not. get_interfaces_by_mac(devs=['bond0'])
LP: #1669860
|
|
When rendering network configuration to netplan, remove known
"builtin" configurations. The specific example here is Ubuntu Core
that has netplan configuration in etc/netplan/00-snapd-config.yaml.
We also delete the derived files since netplan will have created
these derived files in its generator that runs well before cloud-init.
LP: #1675576
|
|
Remove debugging print statements. Change a few to use
logging.debug() where useful.
|
|
When booted without an initramfs, the root device will be /dev/root, not a
named device. There is partial support for this when resizing filesystems,
but not for growing partitions, without which it doesn't do much good. Move
the /dev/root resolution code to util.py and use it from cc_growpart.py.
Also, booting without an initramfs only works with a root= argument that's
either a kernel device name (which is unstable) or a partition UUID. Handle
the case of root=PARTUUID=value, not just LABEL and UUID.
LP: #1677376
|
|
Do not bother configuring apt if no 'apt' config is provided and either:
a.) running on snappy
b.) there is no 'apt' command (possibly a different distro)
If apt config is provided in either of the above situations, then config
will continue.
LP: #1675185
|
|
While documentation indicates that the smbios product name should
contain 'Google Compute Engine', experimentation and bug reports
indicate that is not always the case. The change here is to change
the check for GCE to also consider a serial number that starts with
'GoogleCompute-'.
Also, ds-identify was not currently searching for GCE if no config of
datasource_list was found. Most images have a datasource_list defined.
So update the list to include GCE.
LP: #1674861
|
|
This change will add support for hashed passwords in cc_set_passwords.
It checks if a password is a hash with by checking that it matches
in fairly safe way, and also that the password does not have a ":" in it.
chpasswd needs to know if the password is hashed or not, so two lists
is created so chpasswd is feed with the correct one.
LP: #1570325
|
|
Accordingly to the documentation:
The ``partition`` option may also be set to ``auto``, in which this
module will search for the existance of a filesystem matching the
``label``, ``type`` and ``device`` of the ``fs_setup`` entry and
will skip creating the filesystem if one is found.
However, using this "auto" flag always recreates the partition no matter
if it has been done before or not.
This commit fixes a bug in which the "partition" attribute was always
set to None although in some cases it should not.
LP: #1634678
|
|
This is thie cloud-init part of a fix to allow nova-lxd to provide
config drive data. The other part will be done in nova-lxd.
The agreement here is that nova-lxd will copy the contents of the
config drive to /config-drive in the container.
LP: #1673411
|
|
Now tox will run pylint. The .pylintrc file sets pylint to only produce
errors, and will ignore certain classes that are known problematic (six).
|
|
ef18b8ac4c added support for handing network config v2 (aka netplan
format). This just adds that feature to the list of supported features.
|
|
Python 2's json.loads would accept bytes, so this bug was
only exposed in python3.
|
|
When deploying on Azure and using only cloud-init, you must "bounce" the
network interface to trigger a DDNS update. This allows dhclient to
register the hostname with Azure so that DNS works correctly on their
private networks (i.e. between vm and vm).
The agent path was already doing the bounce so this creates parity
between the built-in path and the agent.
LP: #1674685
|
|
Network configuration version 2 format is implemented in a package
called netplan (nplan)[1] which allows consolidated network config
for multiple network controllers.
- Add a new netplan renderer
- Update default policy, placing eni and sysconfig first
This requires explicit policy to enable netplan over eni
on systems which have both (Yakkety, Zesty, UC16)
- Allow any network state (parsed from any format cloud-init supports) to
render to v2 if system supports netplan.
- Move eni's _subnet_is_ipv6 to common code for use by other renderers
- Make sysconfig renderer always emit /etc/syconfig/network configuration
- Update cloud-init.service systemd unit to also wait on
systemd-networkd-wait-online.service
1. https://lists.ubuntu.com/archives/ubuntu-devel/2016-July/039464.html
|
|
Previous commit introduced a regression by calling os.path.is_file, a
non-existent function. This changes that call to use os.path.isfile.
LP: #1674317
|
|
Previously, the distro had hard coded which network renderer it would
use. This adds support for just picking the right renderer based
on what is available.
Now, that can be set via a priority in system_info, but should
generally work. That config looks like:
system_info:
network:
renderers: ["eni", "sysconfig"]
When no renderers are found, a specific RendererNotFoundError is raised.
stages.py is modified to catch that and log it at error level. This
path should not really be exercised, but could occur if for example an
Ubuntu system did not have ifupdown, or a rhel system did not have
sysconfig. In such a system previously we would have quietly rendered
ENI configuration but that would have been ignored. This is one step
better in that we at least log the error.
|
|
This adds an integration test for setting passwords when given
as a list rather than a string. This also updates the docs and
tests so that Random is now RANDOM as is correct.
|
|
render_network_state should default to rendering on /.
The changes here just make it so render_network_state does not
require a target, but defaults to None, and uses target_path
to handle that.
|
|
As reported in bug 1671927, sysconfig had an issue with rendering
a loopback device. The problem was that some as yet unknown issue was
causing the openstack config drive to parse the provided ENI file rather
than reading the network_data.json. Parsing an ENI file would add a
a 'lo' device of type 'physical', and sysconfig was failing to render
that.
The change here is:
a.) add a 'loopback' type rather than 'physical' for network config.
{'name': 'lo', 'type': 'loopback', 'subnets': ['type': 'loopback']}
b.) support skipping that type in the eni and sysconfig renderers.
c.) make network_state just piggy back on 'physical' renderer for
loopback (this was what was happening before).
Tests are added for eni and sysconfig renderer.
|
|
Omnibus installation of chef was broken under python3.
LP: #1583837
|
|
This exposes a mechanism for users of cloud-init to determine if
a version has a specific feature, and adds documentation to that affect.
We list an existing feature NETWORK_CONFIG_V1 as an example.
Also add a 'features' subcommand for listing these to stdout.
|
|
The adjusted change did not support
#cloud-config
password: passw0rd
This correctly fixes that regression.
|
|
This regression was caused by my rework of Sergio's branch.
The change now still works when there is no chpasswd/list provided.
|
|
cc_set_passwords previously supported 'list' as a multiline string:
chpasswd:
list: |
user:pass1
user015:R
This patch adds support for user/pairs as a list:
chpasswd:
list:
- user:pass1
- user015:R
LP: #1665694
|
|
The documentation indicated chpasswd/list should be a list when
the code only accepts a string.
LP: #1665773
|
|
Previously, cloud-init would throw an exception if an interface had
both ipv4 and ipv6 addresses and a default gateway for each address
family. This change allows cloud-init to correctly configure
interfaces in this situation.
LP: #1669504
|
|
log a warning rather than raising ValueError if we see more than three
nameserver addresses.
LP: #1670052
|
|
If ds-identify is in report mode, and the datasource that is found
is not in the list, then warn the user of this situation.
|
|
This moves the warning code that was added specifically for
EC2 into a generic path at cloudinit/warnings.py.
It also adds support for writing warning files into the
warnings directory to be shown by Z99-cloudinit-warnings.sh.
|
|
Brightbox will identify their platform to the guest by setting the
product serial to a string that ends with 'brightbox.com'.
LP: #1661693
|
|
Based on the setting Datasource/Ec2/strict_id, the datasource
will now warn once per instance.
|
|
|
|
There were some logic errors in sysconfig.py that appear to be the
result of accidentally typing "iface" where it should have been
"iface_cfg". This patch corrects those problems so that the module
can run successfully.
LP: #1665441
Resolves: rhbz#1389530
|
|
the MetadataLeafDecoder would return a bytes value b'' instead of
an empty string if the value of a key was empty. In all other cases
the value would be a string.
This was discovered when trying to json.dumps(get_instance_metadata())
on a recent OpenStack, where the value of 'public-ipv4' was empty.
The attempt to dump that with json would raise
TypeError: b'' is not JSON serializable
|
|
When the ds-identify code landed, it started writing /run/cloud.cfg
but at the moment, nothing was reading that. The result is that
ds-identify only worked to disable cloud-init entirely.
|
|
When manual_cache_clean is enabled, write a file to
/var/lib/cloud/instance/manual-clean. That file can then be read by
ds-identify or another tool to indicate that manual cleaning is in place.
|
|
ds-identify is run here from the generator. If ds-identify does
not see any datasources, it can completely disable cloud-init.
The big value in this is that if there is no datasource, no python
will ever be loaded, and cloud-init will be disabled.o
The default policy being added here is:
search,found=all,maybe=all,notfound=disabled
That means:
- enable (in 'datasource_list') all sources that are found.
- if none are found, enable all 'maybe'.
- if no maybe are found, then disable cloud-init.
On platforms without DMI (everything except for aarch64 and x86),
the default 'notfound' setting is 'enabled'. This is because many of
the detection mechanisms rely on dmi data, which is present only on
x86 and aarch64.
|
|
The iface:alias syntax for eni rendering is brittle with ipv6.
Replace it with using multiple iface stanzas with the same iface
name which is supported. Side-effect is that one can no longer
do 'ifup $iface:$alias' but requires instead use of ip address
{add|delete} instead.
LP: #1657940
|
|
cloud-init adds ssh_authorized_keys to the default user and to
root but for root it disables the keys with a prefix command.
However, if the public_key key is of type ecdsa-sha2-nistp521,
it is not parsed correctly, and the prefix command is not prepended.
Resolves: rhbz#1151824
LP: #1658174
|
|
On EC2, instance metadata can include credentials that remain valid for as
much as 6 hours. Reading these and allowing them to be pickled represents
a potential vulnerability if a snapshot of the disk is taken and shared as
part of an AMI.
This skips security-credentials when walking the meta-data tree.
LP: #1638312
Reviewed-by: Ian Weller <iweller@amazon.com>
Reviewed-by: Ben Cressey <bcressey@amazon.com>
Reported-by: Kyle Barnes <barnesky@amazon.com>
|
|
This modifies get_data in DataSourceOpenStack.py to get the timeout
and retries values from the data source configuration, rather than
from keyword arguments. This permits get_data to use the same timeout
as other methods, and allows an operator to increase the timeout in
environments where the metadata service takes longer than five seconds
to respond.
LP: #1657130
Resolves: rhbz#1408589
|
|
- staticIPV4 property can be either None or a valid Array. Need to
check for None before accessing the ip address.
- Modified few misc. log messages.
- Added a new log message while waiting for the customization config file.
- Added support to configure the maximum amount of time to wait for the
customization config file.
- VMware Customization Support is provided only for DataSourceOVF class and
not for any other child classes. Implemented a new variable
vmware_customization_supported to check whether the 'VMware Customization'
support is available for a specific datasource or not.
- Changed the function get_vmware_cust_settings to get_max_wait_from_cfg.
- Removed the code that does 'ifdown and iup' in NIC configurator.
|
|
|
|
Recent fedora releases use "dnf" instead of "yum" for package
management. While there is a compatible "yum" cli available, there's
no guarantee that it will be available.
With this patch, cloud-init will check for /usr/bin/dnf and use that
if it exists instead of yum.
rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1194451
LP: #1647118
|
|
Failures to load the kernel command line's url (cloud-config-url=)
would previously get swallowed. This should make it much more
obvious when that happens. With logging going to expected places
at sane levels (WARN will go to stderr by default).
|
|
Bump the version in cloudinit/version.py to be 0.7.9.
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
The correct order of precedence when reading the base config:
builtin config
system config
kernel command line provided config.
This reverts commit 63501f44, which actually broke the behavior it
reported to fix. It also adds some unit tests to ensure this behavior
is not broken again.
LP: #1582323
|
|
|
|
Update ssh_util.py with latest list of keys (from openssh-7.3p1/sshkeys.c),
and remove extinct keys ending with "-v00@openssh.com"
Added keys:
rsa-sha2-256,
rsa-sha2-512,
ed25519,
ssh-ed25519,
ssh-ed25519-cert-v01@openssh.com
Removed both of the double entries for the keys:
ssh-dss-cert-v00@openssh.com
ssh-rsa-cert-v00@openssh.com
|