summaryrefslogtreecommitdiff
path: root/cloudinit/cmd/devel/render.py
diff options
context:
space:
mode:
authorChad Smith <chad.smith@canonical.com>2018-10-26 03:49:57 +0000
committerServer Team CI Bot <josh.powers+server-team-bot@canonical.com>2018-10-26 03:49:57 +0000
commitdc0be9c56f78537f1808934d26f5aa0868ae7842 (patch)
tree53caf37637bf79f5c93683bfe87ec85008b9bc1b /cloudinit/cmd/devel/render.py
parent532ff0f0a4f12225d5785bc98d7a4528e0c779d6 (diff)
downloadvyos-cloud-init-dc0be9c56f78537f1808934d26f5aa0868ae7842.tar.gz
vyos-cloud-init-dc0be9c56f78537f1808934d26f5aa0868ae7842.zip
instance-data: fallback to instance-data.json if sensitive is absent.
On cloud-init upgrade path from 18.3 to 18.4 cloud-init changed how instance-data is written. Cloud-init changes instance-data.json from root read-only to redacted world-readable content, and provided a separate unredacted instance-data-sensitive.json which is read-only root. Since instance-data is only rewritten from cache on reboot, the query and render tools needed fallback to use the 'old' instance-data.json if the new sensitive file isn't yet present. This avoids error messages from tools about an absebt /run/instance-data-sensitive.json file. LP: #1798189
Diffstat (limited to 'cloudinit/cmd/devel/render.py')
-rwxr-xr-xcloudinit/cmd/devel/render.py23
1 files changed, 16 insertions, 7 deletions
diff --git a/cloudinit/cmd/devel/render.py b/cloudinit/cmd/devel/render.py
index 2ba6b681..4d3ec958 100755
--- a/cloudinit/cmd/devel/render.py
+++ b/cloudinit/cmd/devel/render.py
@@ -8,11 +8,10 @@ import sys
from cloudinit.handlers.jinja_template import render_jinja_payload_from_file
from cloudinit import log
-from cloudinit.sources import INSTANCE_JSON_FILE
+from cloudinit.sources import INSTANCE_JSON_FILE, INSTANCE_JSON_SENSITIVE_FILE
from . import addLogHandlerCLI, read_cfg_paths
NAME = 'render'
-DEFAULT_INSTANCE_DATA = '/run/cloud-init/instance-data.json'
LOG = log.getLogger(NAME)
@@ -47,12 +46,22 @@ def handle_args(name, args):
@return 0 on success, 1 on failure.
"""
addLogHandlerCLI(LOG, log.DEBUG if args.debug else log.WARNING)
- if not args.instance_data:
- paths = read_cfg_paths()
- instance_data_fn = os.path.join(
- paths.run_dir, INSTANCE_JSON_FILE)
- else:
+ if args.instance_data:
instance_data_fn = args.instance_data
+ else:
+ paths = read_cfg_paths()
+ uid = os.getuid()
+ redacted_data_fn = os.path.join(paths.run_dir, INSTANCE_JSON_FILE)
+ if uid == 0:
+ instance_data_fn = os.path.join(
+ paths.run_dir, INSTANCE_JSON_SENSITIVE_FILE)
+ if not os.path.exists(instance_data_fn):
+ LOG.warning(
+ 'Missing root-readable %s. Using redacted %s instead.',
+ instance_data_fn, redacted_data_fn)
+ instance_data_fn = redacted_data_fn
+ else:
+ instance_data_fn = redacted_data_fn
if not os.path.exists(instance_data_fn):
LOG.error('Missing instance-data.json file: %s', instance_data_fn)
return 1