| Age | Commit message (Collapse) | Author |
|---|
|
T2117: Cloud-init updated to 22.1
|
|
Merged with 22.1 tag from the upstream Cloud-init repository.
Our modules were slightly modified for compatibility with the new
version.
|
|
interfaces: T4296: Deconfigure network config applied by Cloud-Init
|
|
This commit adds the ability to deconfigure all the interfaces that
Cloud-init configured during deployment and remove the configuration
file `/etc/network/interfaces.d/50-cloud-init`. This should protect from
conflicts between CLI config and actual interfaces states.
|
|
Bump the version in cloudinit/version.py to 22.1 and
update ChangeLog.
LP: #1960939
|
|
Pre-provisioned instances report ready early in the local phase and
again in the non-local phase, during setup(). Non-PPS only reports
ready during non-local phase.
Update the process to report ready during the local phase for all
cases. Only attempt to do so if networking is up to prevent stalling
boot. We've already waited at least 20 minutes for DHCP if we're
provisioning, or 5 minutes for DHCP on normal boot requesting updated
network configuration.
- Extend _report_ready() with pubkey_info and raise exception
on error to consolidate reporting done in _negotiate() and
_report_ready().
- Remove setup(), moving relevant logic into crawl_metadata().
- Move remaining _negotiate() logic into _cleanup_markers() and
_determine_wireserver_pubkey_info().
These changes effectively fix two issues that were present:
(1) _negotiated is incorrectly set to True
When failing to report ready. _negotiate() squashed the exception and
the return value was not checked. This was probably masked due to the
forced removal of obj.pkl on Ubuntu instances, but would be preferable
once we start persisting it to prevent unnecessary re-negotiation.
(2) provisioning media is not ejected for non-PPS
_negotiate() did not pass iso_dev parameter when reporting ready. The
host will ensure this operation takes place, but it is preferable to
eject /dev/sr0 from within the guest when we're done with it.
Lastly, this removes any need for lease file parsing as the wireserver
addressed is tracked for ephemeral DHCP. A follow-up PR will remove
this now-unused logic.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
Due to race conditions and caching, IMDS may return stale or incomplete
metadata. Add some validation to detect these scenarios and report
appropriate telemetry.
Introduce normalize_mac_address() to allow for comparison of mac
addresses, replacing that found inline in:
_generate_network_config_from_imds_metadata()
Add validation of final fetch of IMDS metadata.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
|
|
Use PEP 589 syntax for TypeDict annotation.
Also fixes previously broken typing MetaSchema typing implementation.
|
|
All currently failing modules are excluded from reporting
errors using follow-imports=silent and an exclusion list.
Future work can whittle down this failing list. This change will
start enforcing new modules and those currently passing.
Includes some minor alphabetical reordering in tox.ini.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
Eliminated the duplicate code and now run the entire configuration
routine against both public and private interfaces.
Also addressed an inconsistency from our metadata api for ipv6
address configuration.
|
|
There are inconsistencies for cryptographic libraries across
major distribution releases.
From a bionic host, which doesn't support yescrypt hashing scheme,
attempting run run crypt.crypt locally using a yescrypt hash
from a Jammmy /etc/shadow file will result in failure to produce an
encrypted password. For "unsupported" hash schemes, crypt.crypt
returns None.
To avoid inconsistencies of python cryptographic libs across Linux
releases, perform the password encryption on the system under test.
|
|
Raise runtime errors for unhandled cases which would cause other
exceptions. Ignore types for a few cases where a non-trivial
refactor would be required to prevent the warning.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
|
|
Delivered in /etc/cloud/cloud.cfg.d/90-azure.cfg
|
|
Ubuntu Jammy output from lsblk --json now contains
'mountpoints': [...] instead of 'mountpoint' for children devs.
Let our integration test handle either case.
|
|
Fixes the spaces introduced in #1213
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
Handlers for per-boot/per-instance/per-once multipart MIME
Add handlers for adding scripts to userdata that can be run at various
frequencies. Scripts of type x-shellscript-per-boot,
x-shellscript-per-instance, or x-shellscript-per-once can be added
to a multipart MIME userdata message as part of instance userdata.
These scripts will then be added to the appropriate per-boot,
per-instance, or per-once directory in /var/lib/cloud/scripts/
during processing of userdata.
|
|
* Primarily improved grammar for clarity.
* A few Sphinx/RST syntax fixes.
* Set text width to 79 characters per footer documentation
where needed.
* Changed "yaml" to "YAML" when used in sentences.
|
|
Once a valid datasource is detected, publish the following artifacts
to expedite cloud-identification without having to invoke cloud-id from
shell scripts or sheling out from python.
These files can also be relied on in systemd ConditionPathExists
directives to limit execution of services and units to specific
clouds.
/run/cloud-init/cloud-id:
- A symlink with content that is the canonical cloud-id of the
datasource detected. This content is the same lower-case value
as the output of /usr/bin/cloud-id.
/run/cloud-init/cloud-id-<canonical-cloud-id>:
- A single file which will contain the canonical cloud-id encoded
in the filename
|
|
|
|
Split _get_public_ssh_keys_and_source() into
_get_public_keys_from_imds() and _get_public_keys_from_ovf().
Set _get_public_keys_from_imds() to take a parameter of the
IMDS metadata rather than assuming it is already set in
self.metadata. This will allow us to move negotation into
local phase where self.metadata may not be set yet. Update this
method to raise KeyError if IMDS metadata is missing/malformed,
and ValueError if SSH key format is not supported. Update
get_public_ssh_keys() to catch these errors and fall back to the
OVF/Wireserver keys as needed.
To improve clarity, update register_with_azure_and_fetch_data()
to return the list of SSH keys, rather than bundling them into
a dictionary for updating against the metadata dictionary.
There should be no change in behavior with this refactor.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
|
|
When the datasource was originally submitted, EphemeralDHCPv4 was not
yet available. Also avoid race conditions by skipping network
configuration if metadata service can be reached.
Signed-off-by: Markus Schade <markus.schade@hetzner.com>
|
|
|
|
This change converts the IPv6 netmask from the network_data.json[1]
format to the CIDR style, <IPv6_addr>/<prefix>.
Using an IPv6 address like ffff:ffff:ffff:ffff:: does not work with
NetworkManager, nor networkscripts.
NetworkManager will ignore the route, logging:
ifcfg-rh: ignoring invalid route at \
"::/:: via fd00:fd00:fd00:2::fffe dev $DEV" \
(/etc/sysconfig/network-scripts/route6-$DEV:3): \
Argument for "::/::" is not ADDR/PREFIX format
Similarly if using networkscripts, ip route fail with error:
Error: inet6 prefix is expected rather than \
"fd00:fd00:fd00::/ffff:ffff:ffff:ffff::".
Also a bit of refactoring ...
cloudinit.net.sysconfig.Route.to_string:
* Move a couple of lines around to reduce repeated code.
* if "ADDRESS" not in key -> continute, so that the
code block following it can be de-indented.
cloudinit.net.network_state:
* Refactors the ipv4_mask_to_net_prefix, ipv6_mask_to_net_prefix
removes mask_to_net_prefix methods. Utilize ipaddress library to
do some of the heavy lifting.
LP: #1959148
|
|
Remove debug print that snuck in on a previous fixup.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
Test pycloudlib's BaseInstance.pull_file doesn't return a Result
object. So we can't call ok() on the response in integration tests.
Leave the try/except handling as pull_file will raise an
IOError if there is an error connecting via paramiko's sftp.get.
|
|
Introduce:
- _setup_ephemeral_networking() to bring up networking.
If no iface is specified, it will use net.find_fallback_nic()
which is consistent with the previous usage of fallback_interface.
This method now tracks the encoded address of the wireserver
with a new property `_wireserver_endpoint`. Introduce a
timeout parameter to allow for retrying for a specified amount
of time.
- _teardown_ephemeral_networking() to bring down networking.
- _is_ephemeral_networking_up() to check status.
Ephemeral networking is now:
- Brought up prior to checking IMDS.
- Torn down following metadata crawl.
- For Savable PPS, torn down prior to waiting for NIC detach.
The link must be torn down in advance or we will see errors
from cleaning up network after the interface is unplugged.
- For Running PPS, torn down after waiting for media switch.
The link must be up for media switch to be detected.
- For all PPS, after network switch is complete, networking is
brought back up to poll for reprovision data and report ready.
It will be torn down after metadata crawl is complete like
non-PPS paths.
Additionally:
- Remove EphemeralDHCPv4WithReporting variant in favor of directly
using EphemeralDHCPv4. The reporting was only for __enter__ usage
which is no longer a used path. Continue to use dhcp_log_cb
callback.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
This fixes a bug that prevents the salt module from enabling the salt minion in rc.conf.
For more details:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254339
|
|
Currently _check_if_nic_is_primary() checks for imds_md is None,
but imds_md is returned as an empty dictionary on error fetching
metdata.
Fix this check and the tests that are incorrectly vetting IMDS
polling code.
Additionally, use response.contents instead of str(response) when
loding the JSON data returned from readurl. This helps simplify the
mocking and avoids an unncessary conversion.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
The ephemeral disk depends on a functional network to be mounted. Even
though it depends on cloud-init.service, sometimes an ordering cycle is
noticed on the instance. If the option "_netdev" is added the problem is
gone.
rhbz: #1998445
Signed-off-by: Eduardo Otubo otubo@redhat.com
|
|
As part of IN_PLACE testing, /etc/cloud/cloud.cfg.d get overwritten by
what's in the source tree. This can cause problems when the directory is
mounted in, because tests need the ability to modify files in
/etc/cloud. Attempting to 'lxc file push' instead will fail on LXD VMs
because the LXD agent isn't available yet.
If such functionality is desired, one can temporarily use the
'lxd_setup' mark while writing a test and push the files manually.
|
|
* Wrap the log fetching code in a try/except in case file is missing
* Stop checking NoCloud seed dir when testing datasource detection
|
|
|
|
|
|
Since lxc bind mounts will be read-only as nobody:nogroup
we don't want to bind mount /etc/cloud/cloud.cfg.d into the
instance because some tests add artifacts to /etc/cloud/cloud.cfg.d.
Also make LXD push_file pull_file methods assert that the
file transfer was a success, otherwise we miss the root-cause
for test failures.
This resulted in failed Jenkins runs in test_lxd_discovery with a
symptom of NoCloud being detected instead of LXD datasource.
The root-case was that instance.file_push failed due to permission
errors for root on the bind mounted /etc/cloud/cloud.cfg.d.
Also bump pycloudlib commitish to get Azure Jammy image support.
|
|
* Include CI and Fixtures sections in integration test docs
* Incorporate additional variable annotations
* Remove unnecessary IntegrationInstance subclasses
* Move setup_image teardown into its fixture
|
|
|
|
Fix spelling errors
- Add Makefile target that checks for spelling errors
- Add Makefile target that fixes spelling errors
- Add spelling check to travis doc tests
- Fix various spelling errors in the docs
|
|
|
|
Migrate from legacy schema or define new schema in
cloud-init-schema.json, adding extensive schema tests for:
- cc_apt_configure
- cc_bootcmd
- cc_byobu
- cc_ca_certs
- cc_chef
- cc_debug
- cc_disable_ec2_metadata
- cc_disk_setup
Deprecate config hyphenated schema keys in favor of underscores:
- ca_certs and ca_certs.remove_defaults instead of
ca-certs and ca-certs.remove-defaults
- Continue to honor deprecated config keys but emit DEPRECATION
warnings in logs for continued use of the deprecated keys:
- apt_sources key
- any apt v1 or v2 keys
- use or ca-certs or ca_certs.remove-defaults
- Extend apt_configure schema
- Define more strict schema below object opaque keys using
patternProperties
- create common $def apt_configure.mirror for reuse in 'primary'
and 'security' schema definitions within cc_apt_configure
Co-Authored-by: James Falcon <james.falcon@canonical.com>
|
|
LP: #1959118
|
|
|
|
Refactor _report_ready_if_needed() to work for both Savable PPS
and Runnable PPS:
* rename _report_ready_if_needed() to _report_ready_for_pps()
* return interface name from lease to support _poll_imds() behavior
without changing it.
* fixes an issue where reporting ready return value was silently
ignored for Savable PPS.
* add explicit handling for failure to obtain DHCP lease to
result in sources.InvalidMetaDataException.
Refactor _poll_imds():
* use _report_ready_for_pps() for reporting ready, removing this logic
to simplify loop logic.
* move netlink and vnetswitch out of while loop to simplify loop logic,
leaving only reprovision polling in loop.
* add explicit handling for failure to obtain DHCP lease and
retry in the next iteration.
Signed-off-by: Chris Patterson cpatterson@microsoft.com
|
|
The partner archive is now obsolete.
LP: #1959343
|
|
|
|
Consolidate _should_reprovision_after_nic_attach() with
_should_reprovision() into the following:
_write_reprovision_marker() to write provisioning marker for
reboot-during-provisioning case.
PPSType enum and _determine_pps_type() for determining which to
provisioning mode, if any, we're running under.
PPSType.UNKNOWN is when the reprovisioning marker is found and we
do not have the context to know what the original mode was. In this
scenario, we must resort to polling for reprovision data.
Tests:
Introduce a simple data source fixture to for fine-grain
control of mocking with pytest without unittest.
Migrate relevant _should_reprovision() tests into a combination of
TestDeterminePPSTypeScenarios cases.
Signed-off-by: Chris Patterson cpatterson@microsoft.com
|
|
|
|
|
