Age | Commit message (Collapse) | Author |
|
|
|
support in a cloud-archive format as well as a cloud-config
format and explain how this will affect the final userdata
available to an instance.
|
|
2. Add a set of tests+data that ensure the launch index filtering
works as expected in the various modes including raw yaml
and via mime/email message formats.
|
|
its original content type said it is, make sure we set
the new value, also unsure if the old top level message
should have the same header (which will flip-flop).
|
|
indexes (since they will be handled beforehand) and fix
the types being checked on the root of the archive format
to be a tuple instead of a list (which oddly causes complaints).
|
|
EC2 and openstack provide 'launch_index' in their metadata. This allows
the user to specify cloud-config or multipart mime data that includes the
'Launch-Index' header.
If launch index is available in the metadata service, then:
* any part that contains a launch index other than the current launch-index
of this instance will be ignored.
* any part that does not contain a launch index will be considered as
for this instance.
If there is no such header, or launch_index is not available in the metadata
service, then no such filtering will be done.
LP: #1023177
|
|
- Converted user list to user dict to allow exclusion of the default user
on Ubuntu systems via cloud-config (LP: #1041384).
- Fixed bug with user creation on Ubuntu where the default user groups are
not set properly (LP: #1044044).
- Fixed documentation for user creation (LP: #1044508).
LP: #1041384, #1044044, #1044508
|
|
|
|
|
|
on Ubuntu systems via cloud-config (LP: #1041384).
- Fixed bug with user creation on Ubuntu where the default user groups are
not set properly (LP: #1044044).
- Fixed documentation for user creation (LP: #1044508).
|
|
The systemd unit files are somewhat out of date. Fixes here include telling
systemd to send stdout to a tty so it shows up in console output, updating the
ways they call cloud-init, and disabling timeouts so cloud-config work doesn't
get timed out after 90 seconds.
|
|
ensure that we recreate all child messages correctly
if they also contain submessages, ensuring that
we don't flatten the message list when we previously
used walk.
|
|
|
|
|
|
can contain filters that serve this purpose only and add in
the initial launch-index filter and replace the code in
the datasource class that previously did this.
|
|
move the section on user and group adds into
doc/examples/cloud-config-user-groups.txt
|
|
If a user hadn't been created in the image, when the public_key was to
be injected by cc_ssh into the user's account, it didn't exist yet.
This moves the population of the authorized_keys from the metadata service
into user_groups, and puts that before cc_ssh runs. moving before cc_ssh
means that when ssh comes up, the users will be ready.
ssh-import-id then handles any ssh-import-id users after networking is up.
LP: #1042459
|
|
|
|
configurations were applied. The result of this bug was that cloud-config
supplied SSH public keys would fail to apply since the configured user
may or may not exist. (LP: #1042459).
cloudinit/config/cc_ssh_import_id.py:
ssh_import_id.py now handles all user SSH import IDs.
cloudinit/distros/ubuntu.py:
Removed create_user class override as cruft, since ssh_import_id
now handles all users.
config/cloud.cfg:
Moved users_groups to run under cloud_init_modules.
doc/examples/cloud-config.txt:
Added missing documentation on user and group creation.
|
|
In searching for the metadata service, require 'instance-data' to be at the top
level domain. Previously any misconfigured 'search' in /etc/resolv.conf could
result in unintended use of a metadata server.
LP: #1040200
|
|
variable has a little more meaning and by default look in
metadata for 'launch-index' and have ec2 instead look for
a different variable (thus allowing more datasources to just work).
|
|
'launch-index' key that we copy that key over to the right
header (which will then be used later when assigning the
'real' header when the message is attached)
|
|
before we look into the payload as well as make the skip
test a function that the datasource module can also use.
|
|
|
|
userdata based on a launch-index (or leave userdata
alone if none is provided by the datasource). This
works by doing the following.
1. Adjusting the userdata processor to attempt to
inject a "Launch-Index" header into the messages
headers (by either taking a header that already exists
or by looking into the payload to see if it exists
there).
2. Adjust the get_userdata ds function to apply a filter
on the returned userdata (defaulting to false) that
will now use the datasources get_launch_index value
to restrict the 'final' message used in consuming
user data (the same behavior if not existent).
3. Further down the line processes that use the 'resultant'
userdata now will only see the ones for there own launch
index (ie cloud-config will be restricted automatically
and so on) and are unaffected (although they can now
ask the cloud object or the datasource for its launch index
via the above new ds method.
|
|
config-drive-v2 was implemented in openstack at
https://review.openstack.org/#/c/11184/ . This adds support to
cloud-init for reading that.
LP: #1037567
|
|
|
|
|
|
If 'latest' is found, but '2012-08-10' is not, we will log a warning
but attempt to use it.
|
|
at the point where we are getting the previous instance id, there
cloud-init hasn't performed the move yet. Therefore, the "previous"
is the one that /var/lib/cloud/data/ says is the current.
|
|
openstack metadata uses 'uuid' as an instances 'instance-id'.
just copy that to the metadata['instance-id']
|
|
|
|
|
|
|
|
|
|
Added "userless" mode to cloud-init for handling the creation of the users
and the default user on Ubuntu. The end goal of this is to remove the need
for the 'ubuntu' user in the cloud images and to allow individuals to
choose the default user name.
LP: #1028503
|
|
cc_ssh.py was getting user of None, which ended up with a root user
not getting ssh keys updated. That was bad. So, I duplicated the
"get user zero" code that appeared other places here.
Then, we disable the root user even if there is not a user. In that
case we just use the string "NONE" in the disable message.
|
|
Previously we were only logging that the user existed
and then still trying to run the command (which would raise error)
As a result, none of the rest of the things would be done (sshimport id and
such)
|
|
|
|
Fix bug here:
adduser_cmd = ['useradd', name]
x_adduser_cmd = adduser_cmd
is different than
x_adduser_cmd = ['useradd', name]
The problem was they referenced the same list, and we were doubly appending.
|
|
|
|
|
|
In an effort to pylint errors about NonImlementedError and
add_default_user, I moved this method to distro and genericized it.
Now, assuming a sane 'create_user' for the distro, this should work.
Also:
* removed the unused set_configured_user method
|
|
|
|
|
|
password control code
|
|
Fix the userdata being populated to a dict (incorrect)
and let it instead be populated by the userdata processor
with the raw userdata (either empty or datasource config
provided).
|
|
If an upgrade or package installation forced a reboot (such as a kernel
upgrade), then we can optionally reboot at that point.
This allows the user to not be into the newest available kernel without
needing a reboot on their own.
LP: #1038108
|
|
There are several changes here.
* Datasource now has a 'availability_zone' getter.
* get_package_mirror_info
* Datasource convenience 'get_package_mirror_info' that calls
the configured distro, and passes it the availability-zone
* distro has a get_package_mirror_info method
* get_package_mirror_info returns a dict that of name:mirror
this is to facilitate use of 'security' and 'primary' archive.
* this supports searching based on templates. Any template
that references undefined values is skipped. These templates
can contain 'availability_zone' (LP: #1037727)
* distro's mirrors can be arch specific (LP: #1028501)
* 'ec2_region' substitution variable is present only if this
appears (by availability-zone naming convention) to be in EC2.
* rename_apt_lists supports the "mirror_info" rather than single mirror
* generate_sources_list supports mirror_info, and as a result, the
ubuntu mirrors reference '$security' rather than security (LP: #1006963)
* remove the DataSourceEc2 specific mirror selection, but instead
rely on the above filtering, and the fact that 'ec2_region' is only
defined if the availability_zone looks like a ec2 az.
* package_mirrors is now required in the system_info config, a dict like:
package_mirrors:
- arches: [i386, amd64]
failsafe:
primary: http://archive.ubuntu.com/ubuntu
security: http://security.ubuntu.com/ubuntu
search:
primary:
- http://%(ec2_region)s.ec2.archive.ubuntu.com/ubuntu/
- http://%(availability_zone)s.clouds.archive.ubuntu.com/ubuntu/
security: []
- arches: [armhf, armel, default]
failsafe:
primary: http://ports.ubuntu.com/ubuntu
security: http://ports.ubuntu.com/ubuntu
LP: #1006963, #1028501, #1037727
|
|
instead of substituting and then checking for presense of a unlikely to
occur string, this only adds to the search list if there is no KeyError
raised.
|