| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Adds a udev script which will invoke a hotplug hook script on all net
add events. The script will write some udev arguments to a systemd FIFO
socket (to ensure we have only instance of cloud-init running at a
time), which is then read by a new service that calls a new 'cloud-init
devel hotplug-hook' command to handle the new event.
This hotplug-hook command will:
- Fetch the pickled datsource
- Verify that the hotplug event is supported/enabled
- Update the metadata for the datasource
- Ensure the hotplugged device exists within the datasource
- Apply the config change on the datasource metadata
- Bring up the new interface (or apply global network configuration)
- Save the updated metadata back to the pickle cache
Also scattered in some unrelated typing where helpful
|
|
Python 3.6 added a new `policy` attribute to `MIMEMultipart`.
MIMEMultipart may be part of the cached object pickle of a datasource.
Upgrading from an old version of python to 3.6+ will cause the
datasource to be invalid after pickle load.
This commit uses the upgrade framework to attempt to access the mime
message and fail early (thus discarding the cache) if we cannot.
Commit 78e89b03 should fix this issue more generally.
|
|
The EPEL repo file used to have download.fedoraproject.org as its
baseurl. That has now been replaced by `download.example`, which we need
to replace with dl.fedoraproject.org, the actual mirror we want to
download from.
We can't use download.fedoraproject.org or the mirrorlist (which is the
default way for finding mirrors) because of our internal proxy rules.
This change only applies if http_proxy is set, otherwise the mirrors are
reached in the default way.
|
|
|
|
defined in AuthorizedKeysFile (#937)
This patch aims to fix LP1911680, by analyzing the files provided
in sshd_config and merge all keys into an user-specific file. Also
introduces additional tests to cover this specific case.
The file is picked by analyzing the path given in AuthorizedKeysFile.
If it points inside the current user folder (path is /home/user/*), it
means it is an user-specific file, so we can copy all user-keys there.
If it contains a %u or %h, it means that there will be a specific
authorized_keys file for each user, so we can copy all user-keys there.
If no path points to an user-specific file, for example when only
/etc/ssh/authorized_keys is given, default to ~/.ssh/authorized_keys.
Note that if there are more than a single user-specific file, the last
one will be picked.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Co-authored-by: James Falcon <therealfalcon@gmail.com>
LP: #1911680
RHBZ:1862967
|
|
Add a new switch allow_raw_data to control raw data feature, update
the documentation. Fix bugs about max_wait.
|
|
|
|
|
|
test_upgrade.py was outputting a ton of stuff that had to be manually
collected and verified. This commit adds more assertions to the test
and outputs directly to the logs rather than separate files.
|
|
We read the MTU from the subnet entries. With the v1 format, the MTU can
be set at the root level of the interface entry in the `config` section.
Limitation, we won't set the MTU if the interface use DHCP. This
would require a bit of refactoring.
Also simplify/clarify how we pass the target variable in `cloudinit.net.bsd`.
See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256309
Reported-by: Andrey Fesenko
|
|
Currently _bring_up_interfaces() is a no-op for any distro using
renderers. We need to be able to support bringing up a single
interfaces, a list of interfaces, and all interfaces. This should be
independent of the renderers, as the network config is often
generated independent of the mechanism used to apply it.
Additionally, I included a refactor to remove
"_supported_write_network_config". We had a confusing call chain of
apply_network_config->_write_network_config->_supported_write_network_config.
The last two have been combined.
|
|
summary: Clear cache when a Python version change is detected
When a distribution gets updated it is possible that the Python version
changes. Python makes no guarantee that pickle is consistent across
versions as such we need to purge the cache and start over.
Co-authored-by: James Falcon <therealfalcon@gmail.com>
|
|
Commit f5a2449 introduced Impish but left the release name set to
'hirsute'.
|
|
Minor fixes in networkd renderer & fixed corresponding tests
Removed datasource_list for Photon from cloud.cfg.tmpl & added a comment
in cloud.cfg.tmpl about not to use multiline array for datasource_list.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
Also added a new (currently experimental) systemd-networkd renderer,
and includes a small refactor to cc_resolv_conf.py to support the
resolved.conf used by systemd-resolved.
|
|
|
|
Update doc references to 'main' default branch due to rename.
Also some links have eroded:
- for doc links directly to a line num link to a
blob/<commit>/file/path#L10 instead of blob/<branch_name>.
- pytest.param link to a specific version doc as latest has dropped
the link
|
|
v1 network config currently has no concept of interface-specific DNS,
which is required for certain renderers. To fix this, added an
optional 'interface' key on the v1 nameserver definition. If
specified, it makes the DNS settings specific to the interface.
Otherwise, it will be defined as global DNS as it always has.
Additionally, DNS for v2 wasn't being recognized correctly. For DNS
defined on a particular interface, these settings now also go into the
global DNS settings as they were intended.
|
|
Also new jenkins tox definition
|
|
The name "DigitalOcean" doesn't have a space in it; it's a single
compound word written in Pascal case (upper camel case).
|
|
- small document update for ReportEventStack explaining post_files
parameter
- small unit test for test_reporting demonstrating the close of an
event with optional post_files list
|
|
LP: #1932048
|
|
|
|
- Mostly based on FreeBSD, the main exception is that
`find_devs_with_on_freebsd` does not work.
- Since we cannot get the CDROM or the partition labels,
`find_devs_with_on_dragonflybsd()` has a more naive approach and
returns all the block devices.
|
|
instance-data.json redacts sensitive data for non-root users. Since user
data is consumed as root, we should be consuming the non-redacted data
instead.
LP: #1931392
|
|
LP: #1931577
|
|
Reuse the FreeBSD logic to be able to switch between Python3 versions
easily.
|
|
Security scanners are often simple minded and complain on arbitrary
settings such as file permissions. For /var/log/* having world read is
one of these cases.
|
|
dhclient output that contains brackets for pxe variables will break
the dhclient parsing regex line. This fix retains the current
functionality while fixing this particular issue.
|
|
|
|
Ensure we've got a clean environment before we restart the network.
In some cases, the `sh /etc/netstart` is not enough to restart the
network. A previous default route remains in the route table and
as a result the network is broken.
Also `sh /netstart` does not kill `dhclient`.
The problen happens for instance with OVH OpenStack SBG3.
|
|
Rocky Linux is a RHEL-compatible distribution so all changes that have
been made should be trivial.
|
|
|
|
Ensure no Traceback when 'chef_license' is set
|
|
Presently, mirror keys cannot be associated with primary/security
mirrors. Unfortunately, this prevents use of Landscape-managed
package mirrors as the mirror key for the Landscape-hosted repository
cannot be provided.
This patch allows the same key-related fields usable on "sources"
entries to be used on the "primary" and "security" entries as well.
LP: #1925395
|
|
Changed year 2012 into 2032
|
|
In the case of a static network, we now set the MTU according to the
meta-data.
|
|
In #856 we added the ability to use partprobe instead of blockdev for
reading partitions. Test that partprobe succeeds where blockdev fails.
Also add a mechanism to our integration tests to allow a callable to be
called between `lxc init` and `lxc start`
|
|
httpretty now logs all requests by default which gets mixed up with our
logging tests. Also we were incorrectly setting a logging level to
'None', which now also causes issues with the new httpretty version.
See https://github.com/gabrielfalcao/HTTPretty/pull/419
|
|
Control is currently limited to boot events, though this should
allow us to more easily incorporate HOTPLUG support. Disabling
'instance-first-boot' is not supported as we apply networking config
too early in boot to have processed userdata (along with the fact
that this would be a pretty big foot-gun).
The concept of update events on datasource has been split into
supported update events and default update events. Defaults will be
used if there is no user-defined update events, but user-defined
events won't be supplied if they aren't supported.
When applying the networking config, we now check to see if the event
is supported by the datasource as well as if it is enabled.
Configuration looks like:
updates:
network:
when: ['boot']
|
|
In newer versions of python, when using urllib.parse, lines containing
newline or tab characters now get sanitized. This caused a unit test to
fail.
See https://bugs.python.org/issue43882
|
|
UDEVADM_CMD is defined but not actually used in cc_disk_setup.py
so remove it.
Also modify the comment at top of read_parttbl function to remove the
reference to udevadm which implies it is used to scan the partition table.
|
|
AlmaLinux OS is RHEL-compatible so all the changes needed are trivial.
|
|
Bump the version in cloudinit/version.py to 21.2 and update ChangeLog.
LP: #1927254
|
|
See https://bugs.launchpad.net/cloud-init/+bug/1910835
|
|
This reverts commit 74fa008bfcd3263eb691cc0b3f7a055b17569f8b.
During pre-release testing, we discovered two issues with this commit.
Firstly, there's a typo in the udevadm command that causes a TypeError
for _all_ growpart executions. Secondly, the LVM resizing does not
appear to successfully resize everything up to the LV, though some
things do get resized.
We certainly want this change, so we'll be happy to review and land it
alongside an integration test which confirms that it is working as
expected.
LP: #1922742
|
|
|
|
|
|
This allows us to use it when validating packages from -proposed (and
PPAs etc.).
|
