summaryrefslogtreecommitdiff
path: root/cloudinit
AgeCommit message (Collapse)Author
2017-03-31Fix bug that resulted in an attempt to rename bonds or vlans.Scott Moser
When cloud-init ran in the init stage (after networking had come up). A bug could occur where cloud-init would attempt and fail to rename network devices that had "inherited" mac addresses. The intent of apply_network_config_names was always to rename only the devices that were "physical" per the network config. (This would include veth devices in a container). The bug was in creating the dictionary of interfaces by mac address. If there were multiple interfaces with the same mac address then renames could fail. This situation was guaranteed to occur with bonds or vlans or other devices that inherit their mac. The solution is to change get_interfaces_by_mac to skip interfaces that have an inherited mac. Also drop the 'devs' argument to get_interfaces_by_mac. It was non-obvious what the result should be if a device in the input list was filtered out. ie should the following have an entry for bond0 or not. get_interfaces_by_mac(devs=['bond0']) LP: #1669860
2017-03-30net: in netplan renderer delete known image-builtin content.Scott Moser
When rendering network configuration to netplan, remove known "builtin" configurations. The specific example here is Ubuntu Core that has netplan configuration in etc/netplan/00-snapd-config.yaml. We also delete the derived files since netplan will have created these derived files in its generator that runs well before cloud-init. LP: #1675576
2017-03-30netplan: remove debugging prints, add debug loggingRyan Harper
Remove debugging print statements. Change a few to use logging.debug() where useful.
2017-03-29support resizing partition and rootfs on system booted without initramfs.Steve Langasek
When booted without an initramfs, the root device will be /dev/root, not a named device. There is partial support for this when resizing filesystems, but not for growing partitions, without which it doesn't do much good. Move the /dev/root resolution code to util.py and use it from cc_growpart.py. Also, booting without an initramfs only works with a root= argument that's either a kernel device name (which is unstable) or a partition UUID. Handle the case of root=PARTUUID=value, not just LABEL and UUID. LP: #1677376
2017-03-29apt_configure: run only when needed.Scott Moser
Do not bother configuring apt if no 'apt' config is provided and either: a.) running on snappy b.) there is no 'apt' command (possibly a different distro) If apt config is provided in either of the above situations, then config will continue. LP: #1675185
2017-03-27GCE: Search GCE in ds-identify, consider serial number in check.Scott Moser
While documentation indicates that the smbios product name should contain 'Google Compute Engine', experimentation and bug reports indicate that is not always the case. The change here is to change the check for GCE to also consider a serial number that starts with 'GoogleCompute-'. Also, ds-identify was not currently searching for GCE if no config of datasource_list was found. Most images have a datasource_list defined. So update the list to include GCE. LP: #1674861
2017-03-24Add support for setting hashed passwordsTore S. Lonoy
This change will add support for hashed passwords in cc_set_passwords. It checks if a password is a hash with by checking that it matches in fairly safe way, and also that the password does not have a ":" in it. chpasswd needs to know if the password is hashed or not, so two lists is created so chpasswd is feed with the correct one. LP: #1570325
2017-03-24Fix filesystem creation when using "partition: auto"Jonathan Ballet
Accordingly to the documentation: The ``partition`` option may also be set to ``auto``, in which this module will search for the existance of a filesystem matching the ``label``, ``type`` and ``device`` of the ``fs_setup`` entry and will skip creating the filesystem if one is found. However, using this "auto" flag always recreates the partition no matter if it has been done before or not. This commit fixes a bug in which the "partition" attribute was always set to None although in some cases it should not. LP: #1634678
2017-03-24ConfigDrive: support reading config drive data from /config-drive.Scott Moser
This is thie cloud-init part of a fix to allow nova-lxd to provide config drive data. The other part will be done in nova-lxd. The agreement here is that nova-lxd will copy the contents of the config drive to /config-drive in the container. LP: #1673411
2017-03-24test: add running of pylintJoshua Powers
Now tox will run pylint. The .pylintrc file sets pylint to only produce errors, and will ignore certain classes that are known problematic (six).
2017-03-22advertise network config v2 support (NETWORK_CONFIG_V2) in features.Scott Moser
ef18b8ac4c added support for handing network config v2 (aka netplan format). This just adds that feature to the list of supported features.
2017-03-21Bigstep: fix bug when executing in python3.root
Python 2's json.loads would accept bytes, so this bug was only exposed in python3.
2017-03-21Bounce network interface for Azure when using the built-in path.Brent Baude
When deploying on Azure and using only cloud-init, you must "bounce" the network interface to trigger a DDNS update. This allows dhclient to register the hostname with Azure so that DNS works correctly on their private networks (i.e. between vm and vm). The agent path was already doing the bounce so this creates parity between the built-in path and the agent. LP: #1674685
2017-03-20cloudinit.net: add network config v2 parsing and renderingRyan Harper
Network configuration version 2 format is implemented in a package called netplan (nplan)[1] which allows consolidated network config for multiple network controllers. - Add a new netplan renderer - Update default policy, placing eni and sysconfig first This requires explicit policy to enable netplan over eni on systems which have both (Yakkety, Zesty, UC16) - Allow any network state (parsed from any format cloud-init supports) to render to v2 if system supports netplan. - Move eni's _subnet_is_ipv6 to common code for use by other renderers - Make sysconfig renderer always emit /etc/syconfig/network configuration - Update cloud-init.service systemd unit to also wait on systemd-networkd-wait-online.service 1. https://lists.ubuntu.com/archives/ubuntu-devel/2016-July/039464.html
2017-03-20net: Fix incorrect call to isfileJoshua Powers
Previous commit introduced a regression by calling os.path.is_file, a non-existent function. This changes that call to use os.path.isfile. LP: #1674317
2017-03-17net: add renderers for automatically selecting the renderer.Scott Moser
Previously, the distro had hard coded which network renderer it would use. This adds support for just picking the right renderer based on what is available. Now, that can be set via a priority in system_info, but should generally work. That config looks like: system_info: network: renderers: ["eni", "sysconfig"] When no renderers are found, a specific RendererNotFoundError is raised. stages.py is modified to catch that and log it at error level. This path should not really be exercised, but could occur if for example an Ubuntu system did not have ifupdown, or a rhel system did not have sysconfig. In such a system previously we would have quietly rendered ENI configuration but that would have been ignored. This is one step better in that we at least log the error.
2017-03-17test: Adding integratiron test for password as listJoshua Powers
This adds an integration test for setting passwords when given as a list rather than a string. This also updates the docs and tests so that Random is now RANDOM as is correct.
2017-03-17render_network_state: switch arguments around, do not require targetScott Moser
render_network_state should default to rendering on /. The changes here just make it so render_network_state does not require a target, but defaults to None, and uses target_path to handle that.
2017-03-17support 'loopback' as a device type.Scott Moser
As reported in bug 1671927, sysconfig had an issue with rendering a loopback device. The problem was that some as yet unknown issue was causing the openstack config drive to parse the provided ENI file rather than reading the network_data.json. Parsing an ENI file would add a a 'lo' device of type 'physical', and sysconfig was failing to render that. The change here is: a.) add a 'loopback' type rather than 'physical' for network config. {'name': 'lo', 'type': 'loopback', 'subnets': ['type': 'loopback']} b.) support skipping that type in the eni and sysconfig renderers. c.) make network_state just piggy back on 'physical' renderer for loopback (this was what was happening before). Tests are added for eni and sysconfig renderer.
2017-03-13Fix chef config module in omnibus install.Jeremy Melvin
Omnibus installation of chef was broken under python3. LP: #1583837
2017-03-10Add feature flags to cloudinit.version.Wesley Wiedenmeier
This exposes a mechanism for users of cloud-init to determine if a version has a specific feature, and adds documentation to that affect. We list an existing feature NETWORK_CONFIG_V1 as an example. Also add a 'features' subcommand for listing these to stdout.
2017-03-10Further fix regression to support 'password' for default user.Scott Moser
The adjusted change did not support #cloud-config password: passw0rd This correctly fixes that regression.
2017-03-10fix regression when no chpasswd/list was provided.Scott Moser
This regression was caused by my rework of Sergio's branch. The change now still works when there is no chpasswd/list provided.
2017-03-09Support chpasswd/list being a list in addition to a string.Sergio Lystopad
cc_set_passwords previously supported 'list' as a multiline string: chpasswd: list: | user:pass1 user015:R This patch adds support for user/pairs as a list: chpasswd: list: - user:pass1 - user015:R LP: #1665694
2017-03-07doc: Fix configuration example for cc_set_passwords module.Sergio Lystopad
The documentation indicated chpasswd/list should be a list when the code only accepts a string. LP: #1665773
2017-03-07net: support both ipv4 and ipv6 gateways in sysconfig.Lars Kellogg-Stedman
Previously, cloud-init would throw an exception if an interface had both ipv4 and ipv6 addresses and a default gateway for each address family. This change allows cloud-init to correctly configure interfaces in this situation. LP: #1669504
2017-03-07net: do not raise exception for > 3 nameserversLars Kellogg-Stedman
log a warning rather than raising ValueError if we see more than three nameserver addresses. LP: #1670052
2017-03-03Support warning if the used datasource is not in ds-identify's list.Scott Moser
If ds-identify is in report mode, and the datasource that is found is not in the list, then warn the user of this situation.
2017-03-03Move warning functionality to cloudinit/warnings.pyScott Moser
This moves the warning code that was added specifically for EC2 into a generic path at cloudinit/warnings.py. It also adds support for writing warning files into the warnings directory to be shown by Z99-cloudinit-warnings.sh.
2017-02-24Identify Brightbox as an Ec2 datasource user.Scott Moser
Brightbox will identify their platform to the guest by setting the product serial to a string that ends with 'brightbox.com'. LP: #1661693
2017-02-24DatasourceEc2: add warning message when not on AWS.Scott Moser
Based on the setting Datasource/Ec2/strict_id, the datasource will now warn once per instance.
2017-02-17flake8: fix flake8 complaints in previous commit.Scott Moser
2017-02-17net: correct errors in cloudinit/net/sysconfig.pyLars Kellogg-Stedman
There were some logic errors in sysconfig.py that appear to be the result of accidentally typing "iface" where it should have been "iface_cfg". This patch corrects those problems so that the module can run successfully. LP: #1665441 Resolves: rhbz#1389530
2017-02-16ec2_utils: fix MetadataLeafDecoder that returned bytes on emptyScott Moser
the MetadataLeafDecoder would return a bytes value b'' instead of an empty string if the value of a key was empty. In all other cases the value would be a string. This was discovered when trying to json.dumps(get_instance_metadata()) on a recent OpenStack, where the value of 'public-ipv4' was empty. The attempt to dump that with json would raise TypeError: b'' is not JSON serializable
2017-02-14apply the runtime configuration written by ds-identify.Scott Moser
When the ds-identify code landed, it started writing /run/cloud.cfg but at the moment, nothing was reading that. The result is that ds-identify only worked to disable cloud-init entirely.
2017-02-03manual_cache_clean: When manually cleaning touch a file in instance dir.Scott Moser
When manual_cache_clean is enabled, write a file to /var/lib/cloud/instance/manual-clean. That file can then be read by ds-identify or another tool to indicate that manual cleaning is in place.
2017-02-03Add tools/ds-identify to identify datasources available.Scott Moser
ds-identify is run here from the generator. If ds-identify does not see any datasources, it can completely disable cloud-init. The big value in this is that if there is no datasource, no python will ever be loaded, and cloud-init will be disabled.o The default policy being added here is: search,found=all,maybe=all,notfound=disabled That means: - enable (in 'datasource_list') all sources that are found. - if none are found, enable all 'maybe'. - if no maybe are found, then disable cloud-init. On platforms without DMI (everything except for aarch64 and x86), the default 'notfound' setting is 'enabled'. This is because many of the detection mechanisms rely on dmi data, which is present only on x86 and aarch64.
2017-01-25Fix eni rendering of multiple IPs per interfaceRyan Harper
The iface:alias syntax for eni rendering is brittle with ipv6. Replace it with using multiple iface stanzas with the same iface name which is supported. Side-effect is that one can no longer do 'ifup $iface:$alias' but requires instead use of ip address {add|delete} instead. LP: #1657940
2017-01-24Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardizedLars Kellogg-Stedman
cloud-init adds ssh_authorized_keys to the default user and to root but for root it disables the keys with a prefix command. However, if the public_key key is of type ecdsa-sha2-nistp521, it is not parsed correctly, and the prefix command is not prepended. Resolves: rhbz#1151824 LP: #1658174
2017-01-20EC2: Do not cache security credentials on diskAndrew Jorgensen
On EC2, instance metadata can include credentials that remain valid for as much as 6 hours. Reading these and allowing them to be pickled represents a potential vulnerability if a snapshot of the disk is taken and shared as part of an AMI. This skips security-credentials when walking the meta-data tree. LP: #1638312 Reviewed-by: Ian Weller <iweller@amazon.com> Reviewed-by: Ben Cressey <bcressey@amazon.com> Reported-by: Kyle Barnes <barnesky@amazon.com>
2017-01-17OpenStack: Use timeout and retries from config in get_data.Lars Kellogg-Stedman
This modifies get_data in DataSourceOpenStack.py to get the timeout and retries values from the data source configuration, rather than from keyword arguments. This permits get_data to use the same timeout as other methods, and allows an operator to increase the timeout in environments where the metadata service takes longer than five seconds to respond. LP: #1657130 Resolves: rhbz#1408589
2017-01-17Fixed Misc issues related to VMware customization.Sankar Tanguturi
- staticIPV4 property can be either None or a valid Array. Need to check for None before accessing the ip address. - Modified few misc. log messages. - Added a new log message while waiting for the customization config file. - Added support to configure the maximum amount of time to wait for the customization config file. - VMware Customization Support is provided only for DataSourceOVF class and not for any other child classes. Implemented a new variable vmware_customization_supported to check whether the 'VMware Customization' support is available for a specific datasource or not. - Changed the function get_vmware_cust_settings to get_max_wait_from_cfg. - Removed the code that does 'ifdown and iup' in NIC configurator.
2017-01-12Fix minor docs typo: perserve > preserveJeremy Bicha
2017-01-12Use dnf instead of yum when availableLars Kellogg-Stedman
Recent fedora releases use "dnf" instead of "yum" for package management. While there is a compatible "yum" cli available, there's no guarantee that it will be available. With this patch, cloud-init will check for /usr/bin/dnf and use that if it exists instead of yum. rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1194451 LP: #1647118
2017-01-11Get early logging logged, including failures of cmdline url.Scott Moser
Failures to load the kernel command line's url (cloud-config-url=) would previously get swallowed. This should make it much more obvious when that happens. With logging going to expected places at sane levels (WARN will go to stderr by default).
2016-12-23release 0.7.9Scott Moser
Bump the version in cloudinit/version.py to be 0.7.9.
2016-12-22LICENSE: Allow dual licensing GPL-3 or Apache 2.0Jon Grimm
This has been a recurring ask and we had initially just made the change to the cloud-init 2.0 codebase. As the current thinking is we'll just continue to enhance the current codebase, its desirable to relicense to match what we'd intended as part of the 2.0 plan here. - put a brief description of license in LICENSE file - put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0 - simplify the per-file header to reference LICENSE - tox: ignore H102 (Apache License Header check) Add license header to files that ship. Reformat headers, make sure everything has vi: at end of file. Non-shipping files do not need the copyright header, but at the moment tests/ have it.
2016-12-21Fix config order of precedence, putting kernel command line over system.Wesley Wiedenmeier
The correct order of precedence when reading the base config: builtin config system config kernel command line provided config. This reverts commit 63501f44, which actually broke the behavior it reported to fix. It also adds some unit tests to ensure this behavior is not broken again. LP: #1582323
2016-12-20pep8: whitespace fixScott Moser
2016-12-20Update the list of valid ssh keys.Michael Felt
Update ssh_util.py with latest list of keys (from openssh-7.3p1/sshkeys.c), and remove extinct keys ending with "-v00@openssh.com" Added keys: rsa-sha2-256, rsa-sha2-512, ed25519, ssh-ed25519, ssh-ed25519-cert-v01@openssh.com Removed both of the double entries for the keys: ssh-dss-cert-v00@openssh.com ssh-rsa-cert-v00@openssh.com