(mirror of https://github.com/vyos/vyos-cloud-init.git) https://git.amelek.net/vyos/vyos-cloud-init.git/atom?h=20.1 2020-02-19T21:01:09+00:00 2020-02-19T21:01:09+00:00 Ryan Harper ryan.harper@canonical.com 2020-02-19T21:01:09+00:00 urn:sha1:87cd040ed8fe7195cbb357ed3bbf53cd2a81436c Instead of logging the token values used log the headers and replace the actual values with the string 'REDACTED'. This allows users to examine cloud-init.log and see that the IMDSv2 token header is being used but avoids leaving the value used in the log file itself. LP: #1863943 2020-01-29T21:55:39+00:00 Daniel Watkins oddbloke@ubuntu.com 2020-01-29T21:55:39+00:00 urn:sha1:5f8f85bb38cc972d3d2c705a1ec73db3f690f323 * cloudinit: replace "import mock" with "from unittest import mock" * test-requirements.txt: drop mock Co-authored-by: Chad Smith <chad.smith@canonical.com> 2020-01-29T15:55:09+00:00 Louis Bouchard bouchard.louis@gmail.com 2020-01-29T15:55:09+00:00 urn:sha1:9e3ac98097ed1c7f49ec8975a40aec7229231aae Make sure network_config is created when self._network_config is unset. Co-authored-by: Scott Moser <smoser@brickies.net> 2020-01-21T23:02:42+00:00 Daniel Watkins oddbloke@ubuntu.com 2020-01-21T23:02:42+00:00 urn:sha1:bb71a9d08d25193836eda91c328760305285574e 2020-01-21T22:15:30+00:00 Daniel Watkins oddbloke@ubuntu.com 2020-01-21T22:15:30+00:00 urn:sha1:8c4fd886931abcf2cc8627a47463907d655b35c3 * url_helper: drop six * url_helper: sort imports * log: drop six * log: sort imports * handlers/__init__: drop six * handlers/__init__: sort imports * user_data: drop six * user_data: sort imports * sources/__init__: drop six * sources/__init__: sort imports * DataSourceOVF: drop six * DataSourceOVF: sort imports * sources/helpers/openstack: drop six * sources/helpers/openstack: sort imports * mergers/m_str: drop six This also allowed simplification of the logic, as we will never encounter a non-string text type. * type_utils: drop six * mergers/m_dict: drop six * mergers/m_list: drop six * cmd/query: drop six * mergers/__init__: drop six * net/cmdline: drop six * reporting/handlers: drop six * reporting/handlers: sort imports 2019-12-18T21:22:02+00:00 Daniel Watkins oddbloke@ubuntu.com 2019-12-18T21:22:02+00:00 urn:sha1:8116493950e7c47af0ce66fc1bb5d799ce5e477a * cc_ssh: fix capitalisation of SSH * doc: fix capitalisation of SSH * cc_keys_to_console: fix capitalisation of SSH * ssh_util: fix capitalisation of SSH * DataSourceIBMCloud: fix capitalisation of SSH * DataSourceAzure: fix capitalisation of SSH * cs_utils: fix capitalisation of SSH * distros/__init__: fix capitalisation of SSH * cc_set_passwords: fix capitalisation of SSH * cc_ssh_import_id: fix capitalisation of SSH * cc_users_groups: fix capitalisation of SSH * cc_ssh_authkey_fingerprints: fix capitalisation of SSH 2019-12-18T14:53:49+00:00 Adam Dobrawy naczelnik@jawnosc.tk 2019-12-17T16:13:00+00:00 urn:sha1:1bf41cdda3805b053f198ab94717dba247edd969 LP: #1855196 2019-12-12T21:51:42+00:00 AOhassan 37305877+AOhassan@users.noreply.github.com 2019-12-12T21:51:42+00:00 urn:sha1:129b1c4ea250619bd7caed7aaffacc796b0139f2 Azure stores the instance ID with an incorrect byte ordering for the first three hyphen delimited parts. This results in invalid is_new_instance checks forcing Azure datasource to recrawl the metadata service. When persisting instance-id from the metadata service, swap the instance-id string byte order such that it is consistent with that returned by dmi information. Check whether the instance-id string is a byte-swapped match when determining correctly whether the Azure platform instance-id has actually changed. 2019-12-02T23:24:18+00:00 Chad Smith chad.smith@canonical.com 2019-12-02T23:24:18+00:00 urn:sha1:f69d33a723b805fec3ee70c3a6127c8cadcb02d8 Headers param was accidentally omitted and no longer passed through to readurl due to a previous commit. To avoid this omission of params in the future, drop positional param definitions from read_file_or_url and pass all kwargs through to readurl when we are not operating on a file. In util:read_seeded, correct the case where invalid positional param file_retries was being passed into read_file_or_url. Also drop duplicated file:// prefix addition from read_seeded because read_file_or_url does that work anyway. LP: #1854084 2019-11-23T03:05:44+00:00 Ryan Harper ryan.harper@canonical.com 2019-11-23T03:05:44+00:00 urn:sha1:4bc399e0cd0b7e9177f948aecd49f6b8323ff30b * ec2: Add support for AWS IMDS v2 (session-oriented) AWS now supports a new version of fetching Instance Metadata[1]. Update cloud-init's ec2 utility functions and update ec2 derived datasources accordingly. For DataSourceEc2 (versus ec2-look-alikes) cloud-init will issue the PUT request to obtain an API token for the maximum lifetime and then all subsequent interactions with the IMDS will include the token in the header. If the API token endpoint is unreachable on Ec2 platform, log a warning and fallback to using IMDS v1 and which does not use session tokens when communicating with the Instance metadata service. We handle read errors, typically seen if the IMDS is beyond one etwork hop (IMDSv2 responses have a ttl=1), by setting the api token to a disabled value and then using IMDSv1 paths. To support token-based headers, ec2_utils functions were updated to support custom headers_cb and exception_cb callback functions so Ec2 could store, or refresh API tokens in the event of token becoming stale. [1] https://docs.aws.amazon.com/AWSEC2/latest/ \ UserGuide/ec2-instance-metadata.html \ #instance-metadata-v2-how-it-works