7 files changed, 367 insertions, 0 deletions

diff --git a/debian/patches/azure-apply-network-config-false.patch b/debian/patches/azure-apply-network-config-false.patch
new file mode 100644
index 00000000..281c19c6
--- /dev/null
+++ b/debian/patches/azure-apply-network-config-false.patch
@@ -0,0 +1,23 @@
+Description: Azure apply_network_config default to False
+ Azure cloud-images on Xenial already contain hotplug network scripts so
+ default behavior for should remain to only generate fallback network
+ configuration which is to dhcp on eth0 and let image hotplug scripts add
+ network configuration for any additional nics that show up.
+Author: Chad Smith <chad.smith@canonical.com>
+Origin: backport
+Bug: https://bugs.launchpad.net/cloud-init/+bug/1798424
+Forwarded: not-needed
+Last-Update: 2018-10-17
+Index: cloud-init/cloudinit/sources/DataSourceAzure.py
+===================================================================
+--- cloud-init.orig/cloudinit/sources/DataSourceAzure.py
++++ cloud-init/cloudinit/sources/DataSourceAzure.py
+@@ -207,7 +207,7 @@ BUILTIN_DS_CONFIG = {
+     },
+     'disk_aliases': {'ephemeral0': RESOURCE_DISK_PATH},
+     'dhclient_lease_file': LEASE_FILE,
+-    'apply_network_config': True,  # Use IMDS published network configuration
++    'apply_network_config': False,  # Use fallback network config not IMDS
+ }
+ # RELEASE_BLOCKER: Xenial and earlier apply_network_config default is False
+ 
diff --git a/debian/patches/azure-use-walinux-agent.patch b/debian/patches/azure-use-walinux-agent.patch
new file mode 100644
index 00000000..3c858824
--- /dev/null
+++ b/debian/patches/azure-use-walinux-agent.patch
@@ -0,0 +1,17 @@
+Description: Use walinux-agent rather than builtin fabric support
+ Upstream now uses the built-in support for instance initialization on Azure.
+ On a stable release, we want to continue to use the walinux-agent integration.
+ Upstream made this change under bug 1538522.
+Forwarded: not-needed
+Author: Scott Moser <smoser@ubuntu.com>
+--- a/cloudinit/sources/DataSourceAzure.py
++++ b/cloudinit/sources/DataSourceAzure.py
+@@ -196,7 +196,7 @@ if util.is_FreeBSD():
+         LOG.debug("resource disk is None")
+ 
+ BUILTIN_DS_CONFIG = {
+-    'agent_command': AGENT_START_BUILTIN,
++    'agent_command': AGENT_START,
+     'data_dir': AGENT_SEED_DIR,
+     'set_hostname': True,
+     'hostname_bounce': {
diff --git a/debian/patches/cpick-1d5e9aef-azure-Add-apply_network_config-option-to-disable b/debian/patches/cpick-1d5e9aef-azure-Add-apply_network_config-option-to-disable
new file mode 100644
index 00000000..67f9f0e6
--- /dev/null
+++ b/debian/patches/cpick-1d5e9aef-azure-Add-apply_network_config-option-to-disable
@@ -0,0 +1,228 @@
+From 1d5e9aefdab06a2574d78e644deed6c6fa1da171 Mon Sep 17 00:00:00 2001
+From: Chad Smith <chad.smith@canonical.com>
+Date: Wed, 17 Oct 2018 18:47:35 +0000
+Subject: [PATCH] azure: Add apply_network_config option to disable network
+ from IMDS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Azure generates network configuration from the IMDS service and removes
+any preexisting hotplug network scripts which exist in Azure cloud images.
+Add a datasource configuration option which allows for writing a default
+network configuration which sets up dhcp on eth0 and leave the hotplug
+handling to the cloud-image scripts.
+
+To disable network-config from Azure IMDS, add the following to
+/etc/cloud/cloud.cfg.d/99-azure-no-imds-network.cfg:
+datasource:
+  Azure:
+    apply_network_config: False
+
+LP: #1798424
+---
+ cloudinit/sources/DataSourceAzure.py          | 11 +++-
+ doc/rtd/topics/datasources/azure.rst          | 46 +++++++++++++++
+ tests/unittests/test_datasource/test_azure.py | 56 +++++++++++++++++--
+ 3 files changed, 107 insertions(+), 6 deletions(-)
+
+--- a/cloudinit/sources/DataSourceAzure.py
++++ b/cloudinit/sources/DataSourceAzure.py
+@@ -207,7 +207,9 @@ BUILTIN_DS_CONFIG = {
+     },
+     'disk_aliases': {'ephemeral0': RESOURCE_DISK_PATH},
+     'dhclient_lease_file': LEASE_FILE,
++    'apply_network_config': True,  # Use IMDS published network configuration
+ }
++# RELEASE_BLOCKER: Xenial and earlier apply_network_config default is False
+ 
+ BUILTIN_CLOUD_CONFIG = {
+     'disk_setup': {
+@@ -450,7 +452,8 @@ class DataSourceAzure(sources.DataSource
+         except sources.InvalidMetaDataException as e:
+             LOG.warning('Could not crawl Azure metadata: %s', e)
+             return False
+-        if self.distro and self.distro.name == 'ubuntu':
++        if (self.distro and self.distro.name == 'ubuntu' and
++                self.ds_cfg.get('apply_network_config')):
+             maybe_remove_ubuntu_network_config_scripts()
+ 
+         # Process crawled data and augment with various config defaults
+@@ -611,7 +614,11 @@ class DataSourceAzure(sources.DataSource
+               the blacklisted devices.
+         """
+         if not self._network_config:
+-            self._network_config = parse_network_config(self._metadata_imds)
++            if self.ds_cfg.get('apply_network_config'):
++                nc_src = self._metadata_imds
++            else:
++                nc_src = None
++            self._network_config = parse_network_config(nc_src)
+         return self._network_config
+ 
+ 
+--- a/doc/rtd/topics/datasources/azure.rst
++++ b/doc/rtd/topics/datasources/azure.rst
+@@ -57,6 +57,52 @@ in order to use waagent.conf with cloud-
+    ResourceDisk.MountPoint=/mnt
+ 
+ 
++Configuration
++-------------
++The following configuration can be set for the datasource in system
++configuration (in `/etc/cloud/cloud.cfg` or `/etc/cloud/cloud.cfg.d/`).
++
++The settings that may be configured are:
++
++ * **agent_command**: Either __builtin__ (default) or a command to run to getcw
++   metadata. If __builtin__, get metadata from walinuxagent. Otherwise run the
++   provided command to obtain metadata.
++ * **apply_network_config**: Boolean set to True to use network configuration
++   described by Azure's IMDS endpoint instead of fallback network config of
++   dhcp on eth0. Default is True. For Ubuntu 16.04 or earlier, default is False.
++ * **data_dir**: Path used to read metadata files and write crawled data.
++ * **dhclient_lease_file**: The fallback lease file to source when looking for
++   custom DHCP option 245 from Azure fabric.
++ * **disk_aliases**: A dictionary defining which device paths should be
++   interpreted as ephemeral images. See cc_disk_setup module for more info.
++ * **hostname_bounce**: A dictionary Azure hostname bounce behavior to react to
++   metadata changes.
++ * **hostname_bounce**: A dictionary Azure hostname bounce behavior to react to
++   metadata changes. Azure will throttle ifup/down in some cases after metadata
++   has been updated to inform dhcp server about updated hostnames.
++ * **set_hostname**: Boolean set to True when we want Azure to set the hostname
++   based on metadata.
++
++An example configuration with the default values is provided below:
++
++.. sourcecode:: yaml
++
++  datasource:
++   Azure:
++    agent_command: __builtin__
++    apply_network_config: true
++    data_dir: /var/lib/waagent
++    dhclient_lease_file: /var/lib/dhcp/dhclient.eth0.leases
++    disk_aliases:
++        ephemeral0: /dev/disk/cloud/azure_resource
++    hostname_bounce:
++        interface: eth0
++        command: builtin
++        policy: true
++        hostname_command: hostname
++    set_hostname: true
++
++
+ Userdata
+ --------
+ Userdata is provided to cloud-init inside the ovf-env.xml file. Cloud-init
+--- a/tests/unittests/test_datasource/test_azure.py
++++ b/tests/unittests/test_datasource/test_azure.py
+@@ -254,7 +254,8 @@ scbus-1 on xpt0 bus 0
+         ])
+         return dsaz
+ 
+-    def _get_ds(self, data, agent_command=None, distro=None):
++    def _get_ds(self, data, agent_command=None, distro=None,
++                apply_network=None):
+ 
+         def dsdevs():
+             return data.get('dsdevs', [])
+@@ -310,6 +311,8 @@ scbus-1 on xpt0 bus 0
+             data.get('sys_cfg', {}), distro=distro, paths=self.paths)
+         if agent_command is not None:
+             dsrc.ds_cfg['agent_command'] = agent_command
++        if apply_network is not None:
++            dsrc.ds_cfg['apply_network_config'] = apply_network
+ 
+         return dsrc
+ 
+@@ -414,14 +417,26 @@ fdescfs            /dev/fd          fdes
+ 
+     def test_get_data_on_ubuntu_will_remove_network_scripts(self):
+         """get_data will remove ubuntu net scripts on Ubuntu distro."""
++        sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
+         odata = {'HostName': "myhost", 'UserName': "myuser"}
+         data = {'ovfcontent': construct_valid_ovf_env(data=odata),
+-                'sys_cfg': {}}
++                'sys_cfg': sys_cfg}
+ 
+         dsrc = self._get_ds(data, distro='ubuntu')
+         dsrc.get_data()
+         self.m_remove_ubuntu_network_scripts.assert_called_once_with()
+ 
++    def test_get_data_on_ubuntu_will_not_remove_network_scripts_disabled(self):
++        """When apply_network_config false, do not remove scripts on Ubuntu."""
++        sys_cfg = {'datasource': {'Azure': {'apply_network_config': False}}}
++        odata = {'HostName': "myhost", 'UserName': "myuser"}
++        data = {'ovfcontent': construct_valid_ovf_env(data=odata),
++                'sys_cfg': sys_cfg}
++
++        dsrc = self._get_ds(data, distro='ubuntu')
++        dsrc.get_data()
++        self.m_remove_ubuntu_network_scripts.assert_not_called()
++
+     def test_crawl_metadata_returns_structured_data_and_caches_nothing(self):
+         """Return all structured metadata and cache no class attributes."""
+         yaml_cfg = "{agent_command: my_command}\n"
+@@ -503,8 +518,10 @@ fdescfs            /dev/fd          fdes
+ 
+     def test_network_config_set_from_imds(self):
+         """Datasource.network_config returns IMDS network data."""
++        sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
+         odata = {}
+-        data = {'ovfcontent': construct_valid_ovf_env(data=odata)}
++        data = {'ovfcontent': construct_valid_ovf_env(data=odata),
++                'sys_cfg': sys_cfg}
+         expected_network_config = {
+             'ethernets': {
+                 'eth0': {'set-name': 'eth0',
+@@ -783,9 +800,10 @@ fdescfs            /dev/fd          fdes
+     @mock.patch('cloudinit.net.generate_fallback_config')
+     def test_imds_network_config(self, mock_fallback):
+         """Network config is generated from IMDS network data when present."""
++        sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
+         odata = {'HostName': "myhost", 'UserName': "myuser"}
+         data = {'ovfcontent': construct_valid_ovf_env(data=odata),
+-                'sys_cfg': {}}
++                'sys_cfg': sys_cfg}
+ 
+         dsrc = self._get_ds(data)
+         ret = dsrc.get_data()
+@@ -803,6 +821,36 @@ fdescfs            /dev/fd          fdes
+ 
+     @mock.patch('cloudinit.net.get_interface_mac')
+     @mock.patch('cloudinit.net.get_devicelist')
++    @mock.patch('cloudinit.net.device_driver')
++    @mock.patch('cloudinit.net.generate_fallback_config')
++    def test_imds_network_ignored_when_apply_network_config_false(
++            self, mock_fallback, mock_dd, mock_devlist, mock_get_mac):
++        """When apply_network_config is False, use fallback instead of IMDS."""
++        sys_cfg = {'datasource': {'Azure': {'apply_network_config': False}}}
++        odata = {'HostName': "myhost", 'UserName': "myuser"}
++        data = {'ovfcontent': construct_valid_ovf_env(data=odata),
++                'sys_cfg': sys_cfg}
++        fallback_config = {
++            'version': 1,
++            'config': [{
++                'type': 'physical', 'name': 'eth0',
++                'mac_address': '00:11:22:33:44:55',
++                'params': {'driver': 'hv_netsvc'},
++                'subnets': [{'type': 'dhcp'}],
++            }]
++        }
++        mock_fallback.return_value = fallback_config
++
++        mock_devlist.return_value = ['eth0']
++        mock_dd.return_value = ['hv_netsvc']
++        mock_get_mac.return_value = '00:11:22:33:44:55'
++
++        dsrc = self._get_ds(data)
++        self.assertTrue(dsrc.get_data())
++        self.assertEqual(dsrc.network_config, fallback_config)
++
++    @mock.patch('cloudinit.net.get_interface_mac')
++    @mock.patch('cloudinit.net.get_devicelist')
+     @mock.patch('cloudinit.net.device_driver')
+     @mock.patch('cloudinit.net.generate_fallback_config')
+     def test_fallback_network_config(self, mock_fallback, mock_dd,
diff --git a/debian/patches/ds-identify-behavior-xenial.patch b/debian/patches/ds-identify-behavior-xenial.patch
new file mode 100644
index 00000000..ba7639ab
--- /dev/null
+++ b/debian/patches/ds-identify-behavior-xenial.patch
@@ -0,0 +1,32 @@
+Description: Adjust behavior of ds-identify for SRU
+ To make this acceptable as a SRU we have changed ds-identify to
+ act in 'report only' mode, and to only 'warn' when it cloud-init
+ finds itself to be using a Ec2 Datasource on an unknown and
+ non AWS platform.
+Forwarded: not-needed
+Author: Scott Moser <smoser@ubuntu.com>
+Bug-ubuntu: http://bugs.launchpad.net/bugs/1669675
+Bug-ubuntu: http://bugs.launchpad.net/bugs/1660385
+
+--- a/tools/ds-identify
++++ b/tools/ds-identify
+@@ -93,8 +93,8 @@ _DI_LOGGED=""
+ DI_MAIN=${DI_MAIN:-main}
+ 
+ DI_BLKID_OUTPUT=""
+-DI_DEFAULT_POLICY="search,found=all,maybe=all,notfound=${DI_DISABLED}"
+-DI_DEFAULT_POLICY_NO_DMI="search,found=all,maybe=all,notfound=${DI_ENABLED}"
++DI_DEFAULT_POLICY="report,found=all,maybe=all,notfound=${DI_ENABLED}"
++DI_DEFAULT_POLICY_NO_DMI="report,found=all,maybe=all,notfound=${DI_ENABLED}"
+ DI_DMI_CHASSIS_ASSET_TAG=""
+ DI_DMI_PRODUCT_NAME=""
+ DI_DMI_SYS_VENDOR=""
+@@ -131,7 +131,7 @@ DI_ON_FOUND=""
+ DI_ON_MAYBE=""
+ DI_ON_NOTFOUND=""
+ 
+-DI_EC2_STRICT_ID_DEFAULT="true"
++DI_EC2_STRICT_ID_DEFAULT="warn"
+ 
+ _IS_IBM_CLOUD=""
+ 
diff --git a/debian/patches/openstack-no-network-config.patch b/debian/patches/openstack-no-network-config.patch
new file mode 100644
index 00000000..88449d1d
--- /dev/null
+++ b/debian/patches/openstack-no-network-config.patch
@@ -0,0 +1,40 @@
+Description: Fallback network config instead of network_data.json for OpenStack
+ To make this acceptable as a SRU we keep the same behavior as is
+ in the stable release which is to generate network for fallback nic
+ only.
+ .
+ In this series, OpenStack datasource can optionally generate
+ network_config from network_data.json if the datasource is configured
+ with a file like /etc/cloud.cfg.d/openstack-net.cfg:
+ .
+ datasource:
+   OpenStack:
+     apply_network_config: true
+Forwarded: not-needed
+Author: Chad Smith <chad.smith@canonical.com>
+
+--- a/cloudinit/sources/DataSourceOpenStack.py
++++ b/cloudinit/sources/DataSourceOpenStack.py
+@@ -98,10 +98,9 @@ class DataSourceOpenStack(openstack.Sour
+         if self._network_config != sources.UNSET:
+             return self._network_config
+ 
+-        # RELEASE_BLOCKER: SRU to Xenial and Artful SRU should not provide
++        # Xenial, Artful and Bionic will not provide
+         # network_config by default unless configured in /etc/cloud/cloud.cfg*.
+-        # Patch Xenial and Artful before release to default to False.
+-        if util.is_false(self.ds_cfg.get('apply_network_config', True)):
++        if util.is_false(self.ds_cfg.get('apply_network_config', False)):
+             self._network_config = None
+             return self._network_config
+         if self.network_json == sources.UNSET:
+--- a/tests/unittests/test_datasource/test_openstack.py
++++ b/tests/unittests/test_datasource/test_openstack.py
+@@ -345,6 +345,7 @@ class TestOpenStackDataSource(test_helpe
+             settings.CFG_BUILTIN, None, helpers.Paths({'run_dir': self.tmp}))
+         sample_json = {'links': [{'ethernet_mac_address': 'mymac'}],
+                        'networks': [], 'services': []}
++        ds_os.ds_cfg = {'apply_network_config': True}  # Default is False
+         ds_os.network_json = sample_json
+         with test_helpers.mock.patch(mock_path) as m_convert_json:
+             m_convert_json.return_value = example_cfg
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 00000000..0e264119
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,6 @@
+azure-use-walinux-agent.patch
+ds-identify-behavior-xenial.patch
+stable-release-no-jsonschema-dep.patch
+openstack-no-network-config.patch
+cpick-1d5e9aef-azure-Add-apply_network_config-option-to-disable
+azure-apply-network-config-false.patch
diff --git a/debian/patches/stable-release-no-jsonschema-dep.patch b/debian/patches/stable-release-no-jsonschema-dep.patch
new file mode 100644
index 00000000..41cbe98d
--- /dev/null
+++ b/debian/patches/stable-release-no-jsonschema-dep.patch
@@ -0,0 +1,21 @@
+Description: Remove the optional dependency on jsonschema for stable release.
+ To make this acceptable as a SRU we keep the same dependencies as are
+ in the stable release.
+ .
+ The '${python3:Depends}' in debian/control would automatically add the
+ dependency if it is seen in requirements.txt.
+Forwarded: not-needed
+Author: Scott Moser <smoser@ubuntu.com>
+
+--- a/requirements.txt
++++ b/requirements.txt
+@@ -31,7 +31,8 @@ requests
+ jsonpatch
+ 
+ # For validating cloud-config sections per schema definitions
+-jsonschema
++## Do not add dependencies to a stable release (SRU).
++#jsonschema
+ 
+ # For Python 2/3 compatibility
+ six