| Age | Commit message (Collapse) | Author |
|---|
|
cc_vyos: T6007: Run config migrations before Cloud-init
|
|
Configuration in `vyos_config_commands` is expected to use a syntax from the
target VyOS version. But, if Cloud-init applies configuration commands to a
default file, all the migrations (from the 0 version to the latest) will still
be executed on top of it.
This process can break proper config, for example, if the current syntax variant
partially repeats one of the older ones, which will trigger a migration without
need.
|
|
- added extra check for maximum supported MTU to avoid exceeding it during
configuration
- remove udev rules created by cloud-init after initialization
- fixed logic for config file selection
|
|
vyos_install: T5220: Fixed unbound variables
|
|
Fixed logic in `grub_configure()` to avoid unbound variables.
|
|
vyos_install: T5220: Fixes for unattended installation
|
|
In some platforms, the kernel may need extra options in cmdline to boot
properly. The new option allows adding extra parameters to the cmdline:
```
vyos_install:
boot_params:
cmdline_extra: nosmt mitigations=off # extra parameters for kernel cmdline
```
|
|
Removed an excessive call to `find_disk()`.
|
|
Without at least one space at the beginning of the line with `linux`, it cannot
be parsed by the `show system image` command.
|
|
In case a user needs to add more material to the configuration (keys, scripts,
etc.) we need to be sure that this material will be copied to a persistent
storage during installation.
This commit replaces copying of only a `config.boot` file to copying the whole
`config` folder, which should satisfy all types of configurations.
|
|
installer: T5220: Added unattended installer
|
|
cc_vyos: T2117: Backported changes from sagitta
|
|
Added a new Cloud-init module, which recognizes a `vyos_install` configuration
section and can install the system during a first boot to permanent storage.
Check the `config/cloud.cfg.d/20_vyos_install.cfg` for configuration details.
|
|
The `cc_vyos` module is backported from `sagitta`.
|
|
network: T5012: Added a new option for network-config control
|
|
A new option for Cloud-Init was added:
```
vyos_config_options:
network_config: <disabled/enabled>
```
Possible values:
* by default - equal to the `network['config']` from the active Cloud-Init
configuration
* `enabled` - configure networking, even if global `network['config']` is set
to `disabled`
* `disabled` - do not configure networking, regardless of global
`network['config']` value
|
|
network-config: T4954: Fixed DNS settings
|
|
This commit fixes setting DNS configuration if it was presented as a string
instead array of strings.
|
|
user-data: T4895: Fixed tag nodes processing
|
|
This commit fixes the problem with overwritting tag nodes by neighbors, when
there are more than one tag node on the same level.
|
|
T4407: Applied workaround for network-config v2
|
|
Network-config v2 is broken is upstream. See the bug report for
details: https://bugs.launchpad.net/cloud-init/+bug/1906187
This workaround allows us to use it again in our module.
|
|
T2117: Backport Cloud-init 22.1 with our changes to VyOS 1.3
|
|
T2117: Cloud-init updated to 22.1
|
|
Merged with 22.1 tag from the upstream Cloud-init repository.
Our modules were slightly modified for compatibility with the new
version.
|
|
interfaces: T4296: Deconfigure network config applied by Cloud-Init
|
|
This commit adds the ability to deconfigure all the interfaces that
Cloud-init configured during deployment and remove the configuration
file `/etc/network/interfaces.d/50-cloud-init`. This should protect from
conflicts between CLI config and actual interfaces states.
|
|
interfaces: T4296: Deconfigure network config applied by Cloud-Init
|
|
This commit adds the ability to deconfigure all the interfaces that
Cloud-init configured during deployment and remove the configuration
file `/etc/network/interfaces.d/50-cloud-init`. This should protect from
conflicts between CLI config and actual interfaces states.
|
|
Bump the version in cloudinit/version.py to 22.1 and
update ChangeLog.
LP: #1960939
|
|
Pre-provisioned instances report ready early in the local phase and
again in the non-local phase, during setup(). Non-PPS only reports
ready during non-local phase.
Update the process to report ready during the local phase for all
cases. Only attempt to do so if networking is up to prevent stalling
boot. We've already waited at least 20 minutes for DHCP if we're
provisioning, or 5 minutes for DHCP on normal boot requesting updated
network configuration.
- Extend _report_ready() with pubkey_info and raise exception
on error to consolidate reporting done in _negotiate() and
_report_ready().
- Remove setup(), moving relevant logic into crawl_metadata().
- Move remaining _negotiate() logic into _cleanup_markers() and
_determine_wireserver_pubkey_info().
These changes effectively fix two issues that were present:
(1) _negotiated is incorrectly set to True
When failing to report ready. _negotiate() squashed the exception and
the return value was not checked. This was probably masked due to the
forced removal of obj.pkl on Ubuntu instances, but would be preferable
once we start persisting it to prevent unnecessary re-negotiation.
(2) provisioning media is not ejected for non-PPS
_negotiate() did not pass iso_dev parameter when reporting ready. The
host will ensure this operation takes place, but it is preferable to
eject /dev/sr0 from within the guest when we're done with it.
Lastly, this removes any need for lease file parsing as the wireserver
addressed is tracked for ephemeral DHCP. A follow-up PR will remove
this now-unused logic.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
Due to race conditions and caching, IMDS may return stale or incomplete
metadata. Add some validation to detect these scenarios and report
appropriate telemetry.
Introduce normalize_mac_address() to allow for comparison of mac
addresses, replacing that found inline in:
_generate_network_config_from_imds_metadata()
Add validation of final fetch of IMDS metadata.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
|
|
Use PEP 589 syntax for TypeDict annotation.
Also fixes previously broken typing MetaSchema typing implementation.
|
|
All currently failing modules are excluded from reporting
errors using follow-imports=silent and an exclusion list.
Future work can whittle down this failing list. This change will
start enforcing new modules and those currently passing.
Includes some minor alphabetical reordering in tox.ini.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
Eliminated the duplicate code and now run the entire configuration
routine against both public and private interfaces.
Also addressed an inconsistency from our metadata api for ipv6
address configuration.
|
|
There are inconsistencies for cryptographic libraries across
major distribution releases.
From a bionic host, which doesn't support yescrypt hashing scheme,
attempting run run crypt.crypt locally using a yescrypt hash
from a Jammmy /etc/shadow file will result in failure to produce an
encrypted password. For "unsupported" hash schemes, crypt.crypt
returns None.
To avoid inconsistencies of python cryptographic libs across Linux
releases, perform the password encryption on the system under test.
|
|
Raise runtime errors for unhandled cases which would cause other
exceptions. Ignore types for a few cases where a non-trivial
refactor would be required to prevent the warning.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
|
|
Delivered in /etc/cloud/cloud.cfg.d/90-azure.cfg
|
|
Ubuntu Jammy output from lsblk --json now contains
'mountpoints': [...] instead of 'mountpoint' for children devs.
Let our integration test handle either case.
|
|
Fixes the spaces introduced in #1213
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
Handlers for per-boot/per-instance/per-once multipart MIME
Add handlers for adding scripts to userdata that can be run at various
frequencies. Scripts of type x-shellscript-per-boot,
x-shellscript-per-instance, or x-shellscript-per-once can be added
to a multipart MIME userdata message as part of instance userdata.
These scripts will then be added to the appropriate per-boot,
per-instance, or per-once directory in /var/lib/cloud/scripts/
during processing of userdata.
|
|
* Primarily improved grammar for clarity.
* A few Sphinx/RST syntax fixes.
* Set text width to 79 characters per footer documentation
where needed.
* Changed "yaml" to "YAML" when used in sentences.
|
|
Once a valid datasource is detected, publish the following artifacts
to expedite cloud-identification without having to invoke cloud-id from
shell scripts or sheling out from python.
These files can also be relied on in systemd ConditionPathExists
directives to limit execution of services and units to specific
clouds.
/run/cloud-init/cloud-id:
- A symlink with content that is the canonical cloud-id of the
datasource detected. This content is the same lower-case value
as the output of /usr/bin/cloud-id.
/run/cloud-init/cloud-id-<canonical-cloud-id>:
- A single file which will contain the canonical cloud-id encoded
in the filename
|
|
|
|
Split _get_public_ssh_keys_and_source() into
_get_public_keys_from_imds() and _get_public_keys_from_ovf().
Set _get_public_keys_from_imds() to take a parameter of the
IMDS metadata rather than assuming it is already set in
self.metadata. This will allow us to move negotation into
local phase where self.metadata may not be set yet. Update this
method to raise KeyError if IMDS metadata is missing/malformed,
and ValueError if SSH key format is not supported. Update
get_public_ssh_keys() to catch these errors and fall back to the
OVF/Wireserver keys as needed.
To improve clarity, update register_with_azure_and_fetch_data()
to return the list of SSH keys, rather than bundling them into
a dictionary for updating against the metadata dictionary.
There should be no change in behavior with this refactor.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
|
|
When the datasource was originally submitted, EphemeralDHCPv4 was not
yet available. Also avoid race conditions by skipping network
configuration if metadata service can be reached.
Signed-off-by: Markus Schade <markus.schade@hetzner.com>
|
|
|
