summaryrefslogtreecommitdiff
path: root/cloudinit
AgeCommit message (Collapse)Author
2024-02-06cc_vyos: T6007: Run config migrations before Cloud-initzsdc
Configuration in `vyos_config_commands` is expected to use a syntax from the target VyOS version. But, if Cloud-init applies configuration commands to a default file, all the migrations (from the 0 version to the latest) will still be executed on top of it. This process can break proper config, for example, if the current syntax variant partially repeats one of the older ones, which will trigger a migration without need.
2023-12-29cc_vyos: T5862: Fixed network configurationzsdc
- added extra check for maximum supported MTU to avoid exceeding it during configuration - remove udev rules created by cloud-init after initialization - fixed logic for config file selection
2023-12-15vyos_install: T5220: Fixed unbound variableszsdc
Fixed logic in `grub_configure()` to avoid unbound variables.
2023-10-27vyos_install: T5220: Added `cmdline_extra` optionzsdc
In some platforms, the kernel may need extra options in cmdline to boot properly. The new option allows adding extra parameters to the cmdline: ``` vyos_install: boot_params: cmdline_extra: nosmt mitigations=off # extra parameters for kernel cmdline ```
2023-10-11vyos_install: T5220: Removed excessive codezsdc
Removed an excessive call to `find_disk()`.
2023-10-11vyos_install: T5220: Fixed GRUB templatezsdc
Without at least one space at the beginning of the line with `linux`, it cannot be parsed by the `show system image` command.
2023-10-11vyos_install: T5220: Copy the whole config folder during installationzsdc
In case a user needs to add more material to the configuration (keys, scripts, etc.) we need to be sure that this material will be copied to a persistent storage during installation. This commit replaces copying of only a `config.boot` file to copying the whole `config` folder, which should satisfy all types of configurations.
2023-08-17Merge pull request #65 from zdc/T5220-equuleuszdc
installer: T5220: Added unattended installer
2023-06-23installer: T5220: Added unattended installerzsdc
Added a new Cloud-init module, which recognizes a `vyos_install` configuration section and can install the system during a first boot to permanent storage. Check the `config/cloud.cfg.d/20_vyos_install.cfg` for configuration details.
2023-06-23cc_vyos: T2117: Backported changes from sagittazsdc
The `cc_vyos` module is backported from `sagitta`.
2023-02-16network: T5012: Added a new option for network-config controlzsdc
A new option for Cloud-Init was added: ``` vyos_config_options: network_config: <disabled/enabled> ``` Possible values: * by default - equal to the `network['config']` from the active Cloud-Init configuration * `enabled` - configure networking, even if global `network['config']` is set to `disabled` * `disabled` - do not configure networking, regardless of global `network['config']` value
2023-01-27network-config: T4954: Fixed DNS settingszsdc
This commit fixes setting DNS configuration if it was presented as a string instead array of strings.
2023-01-03user-data: T4895: Fixed tag nodes processingzsdc
This commit fixes the problem with overwritting tag nodes by neighbors, when there are more than one tag node on the same level.
2022-05-03T4407: Applied workaround for network-config v2zsdc
Network-config v2 is broken is upstream. See the bug report for details: https://bugs.launchpad.net/cloud-init/+bug/1906187 This workaround allows us to use it again in our module.
2022-03-25T2117: Cloud-init updated to 22.1zsdc
Merged with 22.1 tag from the upstream Cloud-init repository. Our modules were slightly modified for compatibility with the new version.
2022-03-11interfaces: T4296: Deconfigure network config applied by Cloud-Initzsdc
This commit adds the ability to deconfigure all the interfaces that Cloud-init configured during deployment and remove the configuration file `/etc/network/interfaces.d/50-cloud-init`. This should protect from conflicts between CLI config and actual interfaces states.
2022-02-15Release 22.1 (#1267)22.1Brett Holman
Bump the version in cloudinit/version.py to 22.1 and update ChangeLog. LP: #1960939
2022-02-15sources/azure: report ready in local phase (#1265)Chris Patterson
Pre-provisioned instances report ready early in the local phase and again in the non-local phase, during setup(). Non-PPS only reports ready during non-local phase. Update the process to report ready during the local phase for all cases. Only attempt to do so if networking is up to prevent stalling boot. We've already waited at least 20 minutes for DHCP if we're provisioning, or 5 minutes for DHCP on normal boot requesting updated network configuration. - Extend _report_ready() with pubkey_info and raise exception on error to consolidate reporting done in _negotiate() and _report_ready(). - Remove setup(), moving relevant logic into crawl_metadata(). - Move remaining _negotiate() logic into _cleanup_markers() and _determine_wireserver_pubkey_info(). These changes effectively fix two issues that were present: (1) _negotiated is incorrectly set to True When failing to report ready. _negotiate() squashed the exception and the return value was not checked. This was probably masked due to the forced removal of obj.pkl on Ubuntu instances, but would be preferable once we start persisting it to prevent unnecessary re-negotiation. (2) provisioning media is not ejected for non-PPS _negotiate() did not pass iso_dev parameter when reporting ready. The host will ensure this operation takes place, but it is preferable to eject /dev/sr0 from within the guest when we're done with it. Lastly, this removes any need for lease file parsing as the wireserver addressed is tracked for ephemeral DHCP. A follow-up PR will remove this now-unused logic. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-14sources/azure: validate IMDS network configuration metadata (#1257)Chris Patterson
Due to race conditions and caching, IMDS may return stale or incomplete metadata. Add some validation to detect these scenarios and report appropriate telemetry. Introduce normalize_mac_address() to allow for comparison of mac addresses, replacing that found inline in: _generate_network_config_from_imds_metadata() Add validation of final fetch of IMDS metadata. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-14docs: Add more details to runcmd docs (#1266)James Falcon
2022-02-14use PEP 589 syntax for TypeDict (#1253)Brett Holman
Use PEP 589 syntax for TypeDict annotation. Also fixes previously broken typing MetaSchema typing implementation.
2022-02-14Fix extra ipv6 issues, code reduction and simplification (#1243)eb3095
Eliminated the duplicate code and now run the entire configuration routine against both public and private interfaces. Also addressed an inconsistency from our metadata api for ipv6 address configuration.
2022-02-11sources/azure: address mypy/pyright typing complaints (#1245)Chris Patterson
Raise runtime errors for unhandled cases which would cause other exceptions. Ignore types for a few cases where a non-trivial refactor would be required to prevent the warning. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-10mounts: fix mount opts string for ephemeral disk (#1250)Chris Patterson
Fixes the spaces introduced in #1213 Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-10Shell script handlers by freq (#1166)Chris Lalos
Handlers for per-boot/per-instance/per-once multipart MIME Add handlers for adding scripts to userdata that can be run at various frequencies. Scripts of type x-shellscript-per-boot, x-shellscript-per-instance, or x-shellscript-per-once can be added to a multipart MIME userdata message as part of instance userdata. These scripts will then be added to the appropriate per-boot, per-instance, or per-once directory in /var/lib/cloud/scripts/ during processing of userdata.
2022-02-10cloud-id: publish /run/cloud-init/cloud-id-<cloud-type> files (#1244)Chad Smith
Once a valid datasource is detected, publish the following artifacts to expedite cloud-identification without having to invoke cloud-id from shell scripts or sheling out from python. These files can also be relied on in systemd ConditionPathExists directives to limit execution of services and units to specific clouds. /run/cloud-init/cloud-id: - A symlink with content that is the canonical cloud-id of the datasource detected. This content is the same lower-case value as the output of /usr/bin/cloud-id. /run/cloud-init/cloud-id-<canonical-cloud-id>: - A single file which will contain the canonical cloud-id encoded in the filename
2022-02-10sources/azure: refactor ssh key handling (#1248)Chris Patterson
Split _get_public_ssh_keys_and_source() into _get_public_keys_from_imds() and _get_public_keys_from_ovf(). Set _get_public_keys_from_imds() to take a parameter of the IMDS metadata rather than assuming it is already set in self.metadata. This will allow us to move negotation into local phase where self.metadata may not be set yet. Update this method to raise KeyError if IMDS metadata is missing/malformed, and ValueError if SSH key format is not supported. Update get_public_ssh_keys() to catch these errors and fall back to the OVF/Wireserver keys as needed. To improve clarity, update register_with_azure_and_fetch_data() to return the list of SSH keys, rather than bundling them into a dictionary for updating against the metadata dictionary. There should be no change in behavior with this refactor. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-09sources/hetzner: Use EphemeralDHCPv4 instead of static configuration (#1251)Markus Schade
When the datasource was originally submitted, EphemeralDHCPv4 was not yet available. Also avoid race conditions by skipping network configuration if metadata service can be reached. Signed-off-by: Markus Schade <markus.schade@hetzner.com>
2022-02-08Fix IPv6 netmask format for sysconfig (#1215)Harald
This change converts the IPv6 netmask from the network_data.json[1] format to the CIDR style, <IPv6_addr>/<prefix>. Using an IPv6 address like ffff:ffff:ffff:ffff:: does not work with NetworkManager, nor networkscripts. NetworkManager will ignore the route, logging: ifcfg-rh: ignoring invalid route at \ "::/:: via fd00:fd00:fd00:2::fffe dev $DEV" \ (/etc/sysconfig/network-scripts/route6-$DEV:3): \ Argument for "::/::" is not ADDR/PREFIX format Similarly if using networkscripts, ip route fail with error: Error: inet6 prefix is expected rather than \ "fd00:fd00:fd00::/ffff:ffff:ffff:ffff::". Also a bit of refactoring ... cloudinit.net.sysconfig.Route.to_string: * Move a couple of lines around to reduce repeated code. * if "ADDRESS" not in key -> continute, so that the code block following it can be de-indented. cloudinit.net.network_state: * Refactors the ipv4_mask_to_net_prefix, ipv6_mask_to_net_prefix removes mask_to_net_prefix methods. Utilize ipaddress library to do some of the heavy lifting. LP: #1959148
2022-02-07sources/azure: drop debug print (#1249)Chris Patterson
Remove debug print that snuck in on a previous fixup. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-04sources/azure: consolidate ephemeral DHCP configuration (#1229)Chris Patterson
Introduce: - _setup_ephemeral_networking() to bring up networking. If no iface is specified, it will use net.find_fallback_nic() which is consistent with the previous usage of fallback_interface. This method now tracks the encoded address of the wireserver with a new property `_wireserver_endpoint`. Introduce a timeout parameter to allow for retrying for a specified amount of time. - _teardown_ephemeral_networking() to bring down networking. - _is_ephemeral_networking_up() to check status. Ephemeral networking is now: - Brought up prior to checking IMDS. - Torn down following metadata crawl. - For Savable PPS, torn down prior to waiting for NIC detach. The link must be torn down in advance or we will see errors from cleaning up network after the interface is unplugged. - For Running PPS, torn down after waiting for media switch. The link must be up for media switch to be detected. - For all PPS, after network switch is complete, networking is brought back up to poll for reprovision data and report ready. It will be torn down after metadata crawl is complete like non-PPS paths. Additionally: - Remove EphemeralDHCPv4WithReporting variant in favor of directly using EphemeralDHCPv4. The reporting was only for __enter__ usage which is no longer a used path. Continue to use dhcp_log_cb callback. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-04cc_salt_minion freebsd fix for rc.conf (#1236)Brett Holman
This fixes a bug that prevents the salt module from enabling the salt minion in rc.conf. For more details: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254339
2022-02-04sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232)Chris Patterson
Currently _check_if_nic_is_primary() checks for imds_md is None, but imds_md is returned as an empty dictionary on error fetching metdata. Fix this check and the tests that are incorrectly vetting IMDS polling code. Additionally, use response.contents instead of str(response) when loding the JSON data returned from readurl. This helps simplify the mocking and avoids an unncessary conversion. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-02-04Add _netdev option to mount Azure ephemeral disk (#1213)Eduardo Otubo
The ephemeral disk depends on a functional network to be mounted. Even though it depends on cloud-init.service, sometimes an ordering cycle is noticed on the instance. If the option "_netdev" is added the problem is gone. rhbz: #1998445 Signed-off-by: Eduardo Otubo otubo@redhat.com
2022-02-03Fix Gentoo Locales (#1205)Brett Holman
2022-02-02vultr: Return metadata immediately when found (#1233)eb3095
2022-01-31Schema a d (#1211)Chad Smith
Migrate from legacy schema or define new schema in cloud-init-schema.json, adding extensive schema tests for: - cc_apt_configure - cc_bootcmd - cc_byobu - cc_ca_certs - cc_chef - cc_debug - cc_disable_ec2_metadata - cc_disk_setup Deprecate config hyphenated schema keys in favor of underscores: - ca_certs and ca_certs.remove_defaults instead of ca-certs and ca-certs.remove-defaults - Continue to honor deprecated config keys but emit DEPRECATION warnings in logs for continued use of the deprecated keys: - apt_sources key - any apt v1 or v2 keys - use or ca-certs or ca_certs.remove-defaults - Extend apt_configure schema - Define more strict schema below object opaque keys using patternProperties - create common $def apt_configure.mirror for reuse in 'primary' and 'security' schema definitions within cc_apt_configure Co-Authored-by: James Falcon <james.falcon@canonical.com>
2022-01-31sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222)Chris Patterson
Refactor _report_ready_if_needed() to work for both Savable PPS and Runnable PPS: * rename _report_ready_if_needed() to _report_ready_for_pps() * return interface name from lease to support _poll_imds() behavior without changing it. * fixes an issue where reporting ready return value was silently ignored for Savable PPS. * add explicit handling for failure to obtain DHCP lease to result in sources.InvalidMetaDataException. Refactor _poll_imds(): * use _report_ready_for_pps() for reporting ready, removing this logic to simplify loop logic. * move netlink and vnetswitch out of while loop to simplify loop logic, leaving only reprovision polling in loop. * add explicit handling for failure to obtain DHCP lease and retry in the next iteration. Signed-off-by: Chris Patterson cpatterson@microsoft.com
2022-01-28Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208)eb3095
2022-01-28sources/azure: refactor _should_reprovision[_after_nic_attach]() logic (#1206)Chris Patterson
Consolidate _should_reprovision_after_nic_attach() with _should_reprovision() into the following: _write_reprovision_marker() to write provisioning marker for reboot-during-provisioning case. PPSType enum and _determine_pps_type() for determining which to provisioning mode, if any, we're running under. PPSType.UNKNOWN is when the reprovisioning marker is found and we do not have the context to know what the original mode was. In this scenario, we must resort to polling for reprovision data. Tests: Introduce a simple data source fixture to for fine-grain control of mocking with pytest without unittest. Migrate relevant _should_reprovision() tests into a combination of TestDeterminePPSTypeScenarios cases. Signed-off-by: Chris Patterson cpatterson@microsoft.com
2022-01-28update ssh logs to show ssh private key gens pub and simplify code (#1221)Steve Weber
2022-01-27Include POST format in cc_phone_home docs (#1218)James Falcon
LP: #1959149
2022-01-26Add json parsing of ip addr show (SC-723) (#1210)James Falcon
When obtaining information from "ip addr", default to using "ip --json addr" rather than using regex to parse "ip addr show" as json is machine readable as less prone to error. Deprecate but leave fallback to use "ip addr" for older iproute2 tooling which does not support --json param. Fix regex parsing of "ip addr" to support peer addresses and metrics.
2022-01-21cc_rsyslog: fix typo in docstring (#1207)Louis Sautier
Signed-off-by: Louis Sautier <sautier.louis@gmail.com>
2022-01-20sources/azure: drop unused case in _report_failure() (#1200)Chris Patterson
According to the documentation in the tests: ``` We expect 3 calls to report_failure_to_fabric, because we try 3 different methods of calling report failure. The different methods are attempted in the following order: 1. Using cached ephemeral dhcp context to report failure to Azure 2. Using new ephemeral dhcp to report failure to Azure 3. Using fallback lease to report failure to Azure ``` Case 1 and 2 make sense. If networking is established, use it. Should failure occur using current network configuration, retry with fresh DHCP. Case 3 suggests that we can fall back to a lease file and retry. Given that: 1. The wireserver address has never changed to date. 2. The wireserver address should be in the DHCP lease. 3. Parsing the lease file does not improve connectivity over the prior attempts. ...we can safely remove this case without regression. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-01-20sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199)Chris Patterson
Avoid requirement of getattr() and ensure _ephemeral_dhcp_ctx isn't persisted in the cache. Signed-off-by: Chris Patterson cpatterson@microsoft.com
2022-01-20sources/azure: unpack ret tuple in crawl_metadata() (#1194)Chris Patterson
load_azure_ds_dir() always returns a tuple. Instead of saving this tuple as ret, expand it immediately as md, userdata_raw, cfg, files. This allows for more fine-grained passing of data before getting expanded later. - Update _should_reprovision methods to use cfg instead of tuple. - Update _should_reprovision methods to remove the ovf_md guard. This should be a safe refactor as the OVF is not required, and the config is initialized to an empty dict. In practice, a mount failure would have initialized ret anyways if the OVF was not found. If a mount failure wasn't seen and ret was None, this guard could be causing other failures by ignoring the PPS state that should be available from IMDS metadata. Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
2022-01-19Seek interfaces, skip dummy interface, fix region codes (#1192)eb3095
We were seeing issues where if anything showed up before the expected first adapter, booting could fail. This switches to seeking for a working interface to handle edge cases. Also fixes region code handling.
2022-01-18cmd: status and cloud-id avoid change in behavior for 'not run' (#1197)Chad Smith
snapd currrently looks for 'not run' from cloud-init status[1]. Avoid changing this behavior and revert "not-run" value to "not run". This avoids having to get snapd to change implementation and release updates as far back as Bionic to handle a hyphenated not-run string. [1]: https://github.com/snapcore/snapd/blob/master/sysconfig/\ cloudinit.go#L802
2022-01-18sources/azure: set ovf_is_accessible when OVF is read successfully (#1193)Chris Patterson
The if-statement set ovf_is_accessible to True if the OVF is read from /dev/sr0, but not from other data sources. It defaults to True, but may get flipped to False while processing an invalid source, and never get set back to True when reading from the data directory. Instead, default ovf_is_accessible to False, and only set it to True once we've read an OVF successfully (and end the search). This fixes an error when OVF is read from data_dir and IMDS data is unavailable (failing with "No OVF or IMDS available"). Signed-off-by: Chris Patterson <cpatterson@microsoft.com>