summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-10-30query: better error when missing read permission on instance-dataChad Smith
Emit a permissions error instead of "Missing instance-data.json" when non-root user doesn't have read-permission on /run/cloud-init/instance-data.json
2018-10-26instance-data: fallback to instance-data.json if sensitive is absent.Chad Smith
On cloud-init upgrade path from 18.3 to 18.4 cloud-init changed how instance-data is written. Cloud-init changes instance-data.json from root read-only to redacted world-readable content, and provided a separate unredacted instance-data-sensitive.json which is read-only root. Since instance-data is only rewritten from cache on reboot, the query and render tools needed fallback to use the 'old' instance-data.json if the new sensitive file isn't yet present. This avoids error messages from tools about an absebt /run/instance-data-sensitive.json file. LP: #1798189
2018-10-25docs: remove colon from network v1 config example.Tomer Cohen
The docs for network v1 config contained a errant ':'. Simply drop it.
2018-10-25Add cloud-id binary to packages for SUSEJason Zions
2018-10-24systemd: On SUSE ensure cloud-init.service runs before wickedRobert Schweikert
With db50bc0d9 the sysconfig renderer was enabled for openSUSE and SUSE Linux Enterprise. This requires that cloud-init.service starts before wicked. LP: #1799709
2018-10-22update detection of openSUSE variantsRobert Schweikert
openSUSE has changed the way the distribution is identified in os-release. Add support detecting for openSUSE Leap 42.3, Leap 15 and TumbleWeed. Reference: boo#1111427
2018-10-17azure: Add apply_network_config option to disable network from IMDSChad Smith
Azure generates network configuration from the IMDS service and removes any preexisting hotplug network scripts which exist in Azure cloud images. Add a datasource configuration option which allows for writing a default network configuration which sets up dhcp on eth0 and leave the hotplug handling to the cloud-image scripts. To disable network-config from Azure IMDS, add the following to /etc/cloud/cloud.cfg.d/99-azure-no-imds-network.cfg: datasource:   Azure:     apply_network_config: False LP: #1798424
2018-10-11Correct spelling in an error message (udevadm).Katie McLaughlin
Fix a typo in a RuntimeError path. (udevamd -> udevadm).
2018-10-10tests: meta_data key changed to meta-data in ec2 instance-data.jsonChad Smith
LP: #1797231
2018-10-10tests: fix kvm integration test to assert flexible config-disk pathChad Smith
Make integration test for flexible using regexp in case disk changes. LP: #1797199
2018-10-09tools: Add cloud-id command line utilityChad Smith
Add a quick cloud lookup utility in order to more easily determine the cloud on which an instance is running. The utility parses standardized attributes from /run/cloud-init/instance-data.json to print the canonical cloud-id for the instance. It uses known region maps if necessary to determine on which specific cloud the instance is running. Examples: aws, aws-gov, aws-china, rackspace, azure-china, lxd, openstack, unknown
2018-10-09instance-data: Add standard keys platform and subplatform. Refactor ec2.Chad Smith
Add the following instance-data.json standardized keys: * v1._beta_keys: List any v1 keys in beta development, e.g. ['subplatform']. * v1.public_ssh_keys: List of any cloud-provided ssh keys for the instance. * v1.platform: String representing the cloud platform api supporting the datasource. For example: 'ec2' for aws, aliyun and brightbox cloud names. * v1.subplatform: String with more details about the source of the metadata consumed. For example, metadata uri, config drive device path or seed directory. To support the new platform and subplatform standardized instance-data, DataSource and its subclasses grew platform and subplatform attributes. The platform attribute defaults to the lowercase string datasource name at self.dsname. This method is overridden in NoCloud, Ec2 and ConfigDrive datasources. The subplatform attribute calls a _get_subplatform method which will return a string containing a simple slug for subplatform type such as metadata, seed-dir or config-drive followed by a detailed uri, device or directory path where the datasource consumed its configuration. As part of this work, DatasourceEC2 methods _get_data and _crawl_metadata have been refactored for a few reasons: - crawl_metadata is now a read-only operation, persisting no attributes on the datasource instance and returns a dictionary of consumed metadata. - crawl_metadata now closely represents the raw stucture of the ec2 metadata consumed, so that end-users can leverage public ec2 metadata documentation where possible. - crawl_metadata adds a '_metadata_api_version' key to the crawled ds.metadata to advertise what version of EC2's api was consumed by cloud-init. - _get_data now does all the processing of crawl_metadata and saves datasource instance attributes userdata_raw, metadata etc. Additional drive-bys: * unit test rework for test_altcloud and test_azure to simplify mocks and make use of existing util and test_helpers functions.
2018-10-09net: ignore nics that have "zero" mac address.Scott Moser
Previously we explicitly excluded mac address '00:00:00:00:00:00'. But then some nics (tunl0 and sit0) ended up having a mac address like '00:00:00:00'. The change here just ignores all 00[:00[:00...]]. LP: #1796917
2018-10-07tests: fix apt_configure_primary to be more flexibleChad Smith
Commit d3e803ad316e6796e5d83e7e8f8f4f7224b92df9 added deb-src comments to the cloud-init apt templates. This doubled the number of matching entries seen in /etc/apt/sources.list in apt_configure_primary integration test. This test was really asserting that GaTech urls were present in /etc//apt/sources.list instead of archive.ubuntu.com. Fix the test to be a bit more flexible in case cloud-init changes its bas apt template again.
2018-10-04Ubuntu: update sources.list to comment out deb-src entries.Scott Moser
Other installation modes began to comment out the deb-src lines in /etc/apt/sources.list sometime in 16.04 time frame. This makes the cloud-init rendered sources.list the same as that currently present in the lxd images. The changes here are: a.) comment out all 'deb-src' lines. b.) move security to the bottom of the file. c.) trim trailing white space from 3 comment lines. LP: #74747
2018-10-02release 18.4Scott Moser
Bump the version in cloudinit/version.py to be 18.4 and update ChangeLog. LP: #1795741
2018-10-01tests: allow skipping an entire cloud_test without running.Scott Moser
Individual skipTest or setUp SkipTest will still launch the instance. This allows us to stop the running of the instance so we don't waste cycles or boot systems that are known to fail. Also replace remaining unittest usage in tests/cloud_tests/ with unittest2.
2018-09-28tests: disable lxd tests on cosmicScott Moser
Skip lxd tests on cosmic for two reasons: a.) bug 1795036 - 'lxd init' fails on cosmic kernel. b.) apt install lxd installs via snap which can be slow     as that will download core snap and lxd.
2018-09-27cii-tests: use unittest2.SkipTest in ntp_chrony due to new depsChad Smith
Git commitish fc4b966ba928b30b1c586407e752e0b51b1031e8 changed integration test dependencies from unittest to unittest2. Use unittest2.SkipTest in test_chrony to avoid causing tracebacks.
2018-09-26lxd: adjust to snap installed lxd.Scott Moser
Relax expectation on path to lxc and lxd. The deb path still does install them in /usr/bin/ but that is overly pedantic. Add a 'lxd waitready' (present since lxd 0.5) to wait until lxd is ready before operating on it.
2018-09-26docs: surface experimental doc in instance-data.jsonChad Smith
2018-09-26tests: fix ec2 integration tests. process meta_data instead of meta-dataChad Smith
Commitish c7555762f3a30190ce7726b4d013bc3e83c7e4b6 changed the variable names in instance-data.json from hyphenated to underscore delimited. In the shuffle, meta-data -> meta_data was missed.
2018-09-26Add support for Infiniband network interfaces (IPoIB).Mark Goddard
OpenStack ironic references Infiniband interfaces via a 6 byte 'MAC address' formed from bytes 13-15 and 18-20 of interface's hardware address. This address is used as the ethernet_mac_address of Infiniband links in network_data.json in configdrives generated by OpenStack nova. We can use this address to map links in network_data.json to their corresponding interface names. When generating interface configuration files, we need to use the interface's full hardware address as the HWADDR, rather than the 6 byte MAC address provided by network_data.json. This change allows IB interfaces to be referenced in this dual mode - by MAC address and hardware address, depending on the context. Support TYPE=InfiniBand for sysconfig configuration of IB interfaces.
2018-09-25cli: add cloud-init query subcommand to query instance metadataChad Smith
Cloud-init caches any cloud metadata crawled during boot in the file /run/cloud-init/instance-data.json. Cloud-init also standardizes some of that metadata across all clouds. The command 'cloud-init query' surfaces a simple CLI to query or format any cached instance metadata so that scripts or end-users do not have to write tools to crawl metadata themselves. Since 'cloud-init query' is runnable by non-root users, redact any sensitive data from instance-data.json and provide a root-readable unredacted instance-data-sensitive.json. Datasources can now define a sensitive_metadata_keys tuple which will redact any matching keys which could contain passwords or credentials from instance-data.json. Also add the following standardized 'v1' instance-data.json keys:   - user_data: The base64encoded user-data provided at instance launch   - vendor_data: Any vendor_data provided to the instance at launch   - underscore_delimited versions of existing hyphenated keys:     instance_id, local_hostname, availability_zone, cloud_name
2018-09-25tools/tox-venv: update for new features.Scott Moser
This update to tox-venv allows you to do: ./tools/tox-venv py3 - tests/unittests/test_util.py
2018-09-21pylint: ignore warning assignment-from-no-return for _write_networkChad Smith
Distro subclasses arch, freebsd and debian still have a path with an implemented _write_network method which has a return value. Can drop this pylint ignore when _write_network is dropped from arch, freebsd and debian.
2018-09-20stages: Fix bug causing datasource to have incorrect sys_cfg.Scott Moser
The Init object had a bug/odd side effect where when retrieving a distro object it would update the datasources's sys_cfg. That was probably intended to refresh the possibly stale config stored there. Unfortunately what it actually did limit the config there to the 'system_info' top level key where initially it had the whole config. LP: #1787459
2018-09-20Remove dead-code _write_network distro implementations.Scott Moser
Any distro that has a '_write_nework_config' method should no longer get their _write_network called at all. So lets drop that code and raise a RuntimeError any time we got there. Replace the one caller of 'apply_network' (legacy openstack path) with a call to apply_network_config after converting the ENI to network config.
2018-09-18net_util: ensure static configs have netmask in translate_network resultThomas Berger
If a DataSource provides a network configuration in version 2 and runs on a distro which does not have a network renderer class in use, then the conversion of V2 to eni results in static ip configurations with subnet prefix-length (192.168.23.1/24) rather than explicit netmask value. When sending such a config to net_util.translate_network the resulting dictionary is missing the 'netmask' key for static configured addresses breaking network configurations on multiple distributions. This patch detects static ip configurations using prefix-length and converts the format into the previous 'address' and 'netmask' parts to keep compatibility for these distribtuions until they move to the v2 network configuration. LP: #1792454
2018-09-17Fall back to root:root on syslog permissions if other options fail.Robert Schweikert
If the user has removed the default configuration file or does not set the syslog_fix_perms config option the user still ends up with a warning on SUSE distributions. Add root:root to the default builtin config.
2018-09-17tests: Add mock for util.get_hostname.Robert Schweikert
At present the host network settings bleed into the test environment causing the test test_handler_apt_source_v3 to fail if the host has a domain setting other then localdomain. LP: #1792799
2018-09-14ds-identify: doc string cleanup.Scott Moser
There was a typo in the doc string at the top of ds-identify (disable -> disabled). That is fixed here as well as adding some better examples on content in /etc/cloud/ds-identify.cfg.
2018-09-14OpenStack: Support setting mac address on bond.Fabian Wiesel
Fix a bug where setting of mac address on a bond device was ignored when provided in OpenStack network_config.json. LP: #1682064
2018-09-14bash_completion/cloud-init: fix shell syntax error.Scott Moser
A syntax error creeped in with commit c7555762f3a3.
2018-09-13EphemeralIPv4Network: Be more explicit when adding default route.Scott Moser
On OpenStack based OVH public cloud, we got DHCP response with   fixed-address 54.36.113.86;   option subnet-mask 255.255.255.255;   option routers 54.36.112.1; The router clearly is not on the subnet. So 'ip' would fail when we tried to add the default route. The solution here is to add an explicit route on that interface to the router and then add the default route. Also add 'bgpovs' to the list of 'physical' types for OpenStack network configuration. That type is used on OVH public cloud. LP: #1792415
2018-09-13OpenStack: support reading of newer versions of metdata.Scott Moser
Mark as supported for reading some newer versions of openstack metadata: 2016-06-30 : Newton one 2016-10-06 : Newton two 2017-02-22 : Ocata 2018-08-27 : Rocky
2018-09-12OpenStack: fix bug causing 'latest' version to be used from network.Scott Moser
Cloud-init was reading a list of versions from the OpenStack metadata service (http://169.254.169.254/openstack/) and attempt to select the newest known supported version. The problem was that the list of versions was not being decoded, so we were comparing a list of bytes (found versions) to a list of strings (known versions). LP: #1792157
2018-09-11user-data: jinja template to render instance-data.json in cloud-configChad Smith
Allow users to provide '## template: jinja' as the first line or their #cloud-config or custom script user-data parts. When this header exists, the cloud-config or script will be rendered as a jinja template. All instance metadata keys and values present in /run/cloud-init/instance-data.json will be available as jinja variables for the template. This means any cloud-config module or script can reference any standardized instance data in templates and scripts. Additionally, any standardized instance-data.json keys scoped below a '<v#>' key will be promoted as a top-level key for ease of reference in templates. This means that '{{ local_hostname }}' is the same as using the latest '{{ v#.local_hostname }}'. Since instance-data is written to /run/cloud-init/instance-data.json, make sure it is persisted across reboots when the cached datasource opject is reloaded. LP: #1791781
2018-09-08config: disable ssh access to a configured user accountChad Smith
Cloud config can now disable ssh access to non-root users. When defining the 'users' list in cloud-configuration a boolean 'ssh_redirect_user: true' can be provided to disable ssh logins for that user. Any ssh 'public-keys' defined in cloud meta-data will be added and disabled in .ssh/authorized_keys. Any attempts to ssh as this user using acceptable ssh keys will be presented with a message like the following: Please login as the user "ubuntu" rather than the user "youruser".
2018-09-05tests: print failed testname instead of docstring upon failureChad Smith
2018-09-05tests: Disallow use of util.subp except for where needed.Scott Moser
In many cases, cloud-init uses 'util.subp' to run a subprocess. This is not really desirable in our unit tests as it makes the tests dependent upon existance of those utilities. The change here is to modify the base test case class (CiTestCase) to raise exception any time subp is called. Then, fix all callers. For cases where subp is necessary or actually desired, we can use it via   a.) context hander CiTestCase.allow_subp(value)   b.) class level self.allowed_subp = value Both cases the value is a list of acceptable executable names that will be called (essentially argv[0]). Some cleanups in AltCloud were done as the code was being updated.
2018-09-05sysconfig: refactor sysconfig to accept distro specific templates pathsRyan Harper
Multiple distros use sysconfig format but have different content and paths to certain files. Update distros to specify these template paths in their renderer_configs dictionary.
2018-09-01Add unit tests for config/cc_ssh.pyFrancis Ginther
These tests focus on the apply_credentials method and the ssh setup for root and a distro default user.
2018-08-31Fix the built-in cloudinit/tests/helpers:skipIfScott Moser
this version uses unittest2 skipIf which is present in our python 2.6 environment.
2018-08-31read-version: enhance error messageJoshua Powers
The error message when read-vesion is not very useful and does not help the end-user know how to overcome the issue. This adds a short message explaining that the user does not have the latest upstream tags and how to get those tags.
2018-08-31hyperv_reporting_handler: simplify threaded publisherRyan Harper
Switch the implementation to a daemon thread which uses a blocking get from the Queue. No additional locking or flag checking is needed since the Queue itself handles acquiring the lock as needed. cloud-init only has a single producer (the main thread calling publish) and the consumer will read all events in the queue and write them out. Using the daemon mode of the thread handles flushing the queue on main exit in python3; in python2.7 we handle the EOFError that results when the publish thread calls to get() fails indicating the main thread has exited. The result is that the handler is no longer spawing a thread on each publish event but rather creates a single thread when we start up the reporter and we remove any additional use of separate locks and flags as we only have a single Queue object and we're only calling queue.put() from main thread and queue.get() from consuming thread.
2018-08-28VMWare: Fix a network config bug in vm with static IPv4 and no gateway.Pengpeng Sun
The issue is when customize a VM with static IPv4 and without gateway, it will still extend route list and will loop a gateways list which is None. This fix is to make sure when no gateway is here, it will not extend route list. LP: #1766538
2018-08-24logging: Add logging config type hyperv for reporting via Azure KVPAndy Liu
Linux guests can provide information to Hyper-V hosts via KVP. KVP allows the guests to provide any string key-value-pairs back to the host's registry. On linux, kvp communication pools are presented as pool files in /var/lib/hyperv/.kvp_pool_#. The following reporting configuration can enable this kvp reporting in addition to default logging if the pool files exist: reporting:     logging:         type: log     telemetry:         type: hyperv
2018-08-23tests: disable other snap test as wellJoshua Powers
The snap test requires access to a proxy and currently the integration tests do not handle this scenario. I am disabling the test until I can loop back around and fix this.
2018-08-20tests: disable snap, fix write_files binaryJoshua Powers
The snap test requires access to a proxy and currently the integration tests do not handle this scenario. I am disabling the test untill I can loop back around and fix this. The write_files test, specifically, the binary test is failing on cosmic because the "binary" file we were writting was not a complete elf executable, but we expected 'file' to identify it as such. The change here is to simply use some 24 bytes of random, non-utf data and check that file was written correctly via expected checksum.