vyos-cloud-init.git/cloudinit/sources, branch sagitta

sources/azure: report ready in local phase (#1265)

2022-02-15T17:19:19+00:00

Pre-provisioned instances report ready early in the local phase and again in the non-local phase, during setup(). Non-PPS only reports ready during non-local phase. Update the process to report ready during the local phase for all cases. Only attempt to do so if networking is up to prevent stalling boot. We've already waited at least 20 minutes for DHCP if we're provisioning, or 5 minutes for DHCP on normal boot requesting updated network configuration. - Extend _report_ready() with pubkey_info and raise exception on error to consolidate reporting done in _negotiate() and _report_ready(). - Remove setup(), moving relevant logic into crawl_metadata(). - Move remaining _negotiate() logic into _cleanup_markers() and _determine_wireserver_pubkey_info(). These changes effectively fix two issues that were present: (1) _negotiated is incorrectly set to True When failing to report ready. _negotiate() squashed the exception and the return value was not checked. This was probably masked due to the forced removal of obj.pkl on Ubuntu instances, but would be preferable once we start persisting it to prevent unnecessary re-negotiation. (2) provisioning media is not ejected for non-PPS _negotiate() did not pass iso_dev parameter when reporting ready. The host will ensure this operation takes place, but it is preferable to eject /dev/sr0 from within the guest when we're done with it. Lastly, this removes any need for lease file parsing as the wireserver addressed is tracked for ephemeral DHCP. A follow-up PR will remove this now-unused logic. Signed-off-by: Chris Patterson

sources/azure: validate IMDS network configuration metadata (#1257)

2022-02-14T19:53:36+00:00

Due to race conditions and caching, IMDS may return stale or incomplete metadata. Add some validation to detect these scenarios and report appropriate telemetry. Introduce normalize_mac_address() to allow for comparison of mac addresses, replacing that found inline in: _generate_network_config_from_imds_metadata() Add validation of final fetch of IMDS metadata. Signed-off-by: Chris Patterson

Fix extra ipv6 issues, code reduction and simplification (#1243)

2022-02-14T17:00:12+00:00

Eliminated the duplicate code and now run the entire configuration routine against both public and private interfaces. Also addressed an inconsistency from our metadata api for ipv6 address configuration.

sources/azure: address mypy/pyright typing complaints (#1245)

2022-02-12T04:40:45+00:00

Raise runtime errors for unhandled cases which would cause other exceptions. Ignore types for a few cases where a non-trivial refactor would be required to prevent the warning. Signed-off-by: Chris Patterson

cloud-id: publish /run/cloud-init/cloud-id- files (#1244)

2022-02-10T20:18:00+00:00

Once a valid datasource is detected, publish the following artifacts to expedite cloud-identification without having to invoke cloud-id from shell scripts or sheling out from python. These files can also be relied on in systemd ConditionPathExists directives to limit execution of services and units to specific clouds. /run/cloud-init/cloud-id: - A symlink with content that is the canonical cloud-id of the datasource detected. This content is the same lower-case value as the output of /usr/bin/cloud-id. /run/cloud-init/cloud-id-: - A single file which will contain the canonical cloud-id encoded in the filename

sources/azure: refactor ssh key handling (#1248)

2022-02-10T20:03:10+00:00

Split _get_public_ssh_keys_and_source() into _get_public_keys_from_imds() and _get_public_keys_from_ovf(). Set _get_public_keys_from_imds() to take a parameter of the IMDS metadata rather than assuming it is already set in self.metadata. This will allow us to move negotation into local phase where self.metadata may not be set yet. Update this method to raise KeyError if IMDS metadata is missing/malformed, and ValueError if SSH key format is not supported. Update get_public_ssh_keys() to catch these errors and fall back to the OVF/Wireserver keys as needed. To improve clarity, update register_with_azure_and_fetch_data() to return the list of SSH keys, rather than bundling them into a dictionary for updating against the metadata dictionary. There should be no change in behavior with this refactor. Signed-off-by: Chris Patterson

sources/hetzner: Use EphemeralDHCPv4 instead of static configuration (#1251)

2022-02-09T22:16:02+00:00

When the datasource was originally submitted, EphemeralDHCPv4 was not yet available. Also avoid race conditions by skipping network configuration if metadata service can be reached. Signed-off-by: Markus Schade

Fix IPv6 netmask format for sysconfig (#1215)

2022-02-08T14:49:00+00:00

This change converts the IPv6 netmask from the network_data.json[1] format to the CIDR style, /. Using an IPv6 address like ffff:ffff:ffff:ffff:: does not work with NetworkManager, nor networkscripts. NetworkManager will ignore the route, logging: ifcfg-rh: ignoring invalid route at \ "::/:: via fd00:fd00:fd00:2::fffe dev $DEV" \ (/etc/sysconfig/network-scripts/route6-$DEV:3): \ Argument for "::/::" is not ADDR/PREFIX format Similarly if using networkscripts, ip route fail with error: Error: inet6 prefix is expected rather than \ "fd00:fd00:fd00::/ffff:ffff:ffff:ffff::". Also a bit of refactoring ... cloudinit.net.sysconfig.Route.to_string: * Move a couple of lines around to reduce repeated code. * if "ADDRESS" not in key -> continute, so that the code block following it can be de-indented. cloudinit.net.network_state: * Refactors the ipv4_mask_to_net_prefix, ipv6_mask_to_net_prefix removes mask_to_net_prefix methods. Utilize ipaddress library to do some of the heavy lifting. LP: #1959148

sources/azure: drop debug print (#1249)

2022-02-07T16:17:38+00:00

Remove debug print that snuck in on a previous fixup. Signed-off-by: Chris Patterson

sources/azure: consolidate ephemeral DHCP configuration (#1229)

2022-02-04T20:16:21+00:00

Introduce: - _setup_ephemeral_networking() to bring up networking. If no iface is specified, it will use net.find_fallback_nic() which is consistent with the previous usage of fallback_interface. This method now tracks the encoded address of the wireserver with a new property `_wireserver_endpoint`. Introduce a timeout parameter to allow for retrying for a specified amount of time. - _teardown_ephemeral_networking() to bring down networking. - _is_ephemeral_networking_up() to check status. Ephemeral networking is now: - Brought up prior to checking IMDS. - Torn down following metadata crawl. - For Savable PPS, torn down prior to waiting for NIC detach. The link must be torn down in advance or we will see errors from cleaning up network after the interface is unplugged. - For Running PPS, torn down after waiting for media switch. The link must be up for media switch to be detected. - For all PPS, after network switch is complete, networking is brought back up to poll for reprovision data and report ready. It will be torn down after metadata crawl is complete like non-PPS paths. Additionally: - Remove EphemeralDHCPv4WithReporting variant in favor of directly using EphemeralDHCPv4. The reporting was only for __enter__ usage which is no longer a used path. Continue to use dhcp_log_cb callback. Signed-off-by: Chris Patterson