summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-03-11tox.ini: avoid substition syntax that causes a traceback on xenial (#245)Daniel Watkins
See the added comment for details.
2020-03-11Add pub_key_ed25519 to cc_phone_home (#237)Daniel Hensby
2020-03-11Introduce and use of a list of GitHub usernames that have signed CLA (#244)Daniel Watkins
The list so far is partial.
2020-03-10workflows/cla.yml: use correct username for CLA check (#243)Daniel Watkins
Instead of using the username that triggered the action (which, in the case of a committer merging master into a PR branch will be the committer), always use the username of the submitter of the pull request.
2020-03-10tox.ini: use xenial version of jsonpatch in CI (#242)Daniel Watkins
Now that we can distinguish between CI xenial dependencies and needed-to-run-on-dev-machine xenial depedencies, we can return to testing with the correct jsonpatch version.
2020-03-10workflows: CLA validation altered to fail status on pull_request (#164)Chad Smith
Github api doesn't allow read-write access to labels or comments when running from a pull_request fork during CI. This restriction results in an API error message: "Resource not accessible by integration" If we want to run this action per pull_request, we need to convert the action to fail the PR status check and emit the required steps to sign the CLA to the console on the PR's failed status tab.
2020-03-10tox.ini: bump pyflakes version to 2.1.1 (#239)Daniel Watkins
pyflakes versions older than 2.1.0 are incompatible with Python 3.8 (which is the Python version in the current Ubuntu development release). See https://github.com/PyCQA/pyflakes/issues/367 for details. 2.1.1 is the latest version ATM, so bump to that.
2020-03-10cloudinit: move to pytest for running tests (#211)Daniel Watkins
As the nose docs[0] themselves note, it has been in maintenance mode for the past several years. pytest is an actively developed, featureful and popular alternative that the nose docs themselves recommend. See [1] for more details about the thinking here. (This PR also removes stale tox definitions, instead of modifying them.) [0] https://nose.readthedocs.io/en/latest/ [1] https://lists.launchpad.net/cloud-init/msg00245.html
2020-03-10instance-data: add cloud-init merged_cfg and sys_info keys to json (#214)Chad Smith
Cloud-config userdata provided as jinja templates are now distro, platform and merged cloud config aware. The cloud-init query command will also surface this config data. Now users can selectively render portions of cloud-config based on: * distro name, version, release * python version * merged cloud config values * machine platform * kernel To support template handling of this config, add new top-level keys to /run/cloud-init/instance-data.json. The new 'merged_cfg' key represents merged cloud config from /etc/cloud/cloud.cfg and /etc/cloud/cloud.cfg.d/*. The new 'sys_info' key which captures distro and platform info from cloudinit.util.system_info. Cloud config userdata templates can render conditional content based on these additional environmental checks such as the following simple example: ``` ## template: jinja #cloud-config runcmd: {% if distro == 'opensuse' %} - sh /custom-setup-sles {% elif distro == 'centos' %} - sh /custom-setup-centos {% elif distro == 'debian' %} - sh /custom-setup-debian {% endif %} ``` To see all values: sudo cloud-init query --all Any keys added to the standardized v1 keys are guaranteed to not change or drop on future released of cloud-init. 'v1' keys will be retained for backward-compatibility even if a new standardized 'v2' set of keys are introduced The following standardized v1 keys are added: * distro, distro_release, distro_version, kernel_version, machine, python_version, system_platform, variant LP: #1865969
2020-03-05ec2: Do not fallback to IMDSv1 on EC2 (#216)Chad Smith
The EC2 Data Source needs to handle 3 states of the Instance Metadata Service configured for a given instance: 1. HttpTokens : optional & HttpEndpoint : enabled Either IMDSv2 or IMDSv1 can be used. 2. HttpTokens : required & HttpEndpoint : enabled Calls to IMDS without a valid token (IMDSv1 or IMDSv2 with expired token) will return a 401 error. 3. HttpEndpoint : disabled The IMDS http endpoint will return a 403 error. Previous work to support IMDSv2 in cloud-init handled case 1 and case 2. This commit handles case 3 by bypassing the retry block when IMDS returns HTTP status code >= 400 on official AWS cloud platform. It shaves 2 minutes when rebooting an instance that has its IMDS http token endpoint disabled but creates some inconsistencies. An instance that doesn't set "manual_cache_clean" to "True" will have its /var/lib/cloud/instance symlink removed altogether after it has failed to find a datasource.
2020-03-04instance-data: write redacted cfg to instance-data.json (#233)Chad Smith
When cloud-init persisted instance metadata to instance-data.json if failed to redact the sensitive value. Currently, the only sensitive key 'security-credentials' is omitted as cloud-init does not fetch this value from IMDS. Fix this by properly redacting the content from the public instance-metadata.json file while retaining the value in the root-only instance-data-sensitive.json file. LP: #1865947
2020-03-04net: support network-config:disabled on the kernel commandline (#232)Chad Smith
Allow disabling cloud-init's network configuration via a plain-text kernel cmdline Cloud-init docs indicate that users can disable cloud-init networking via kernel command line parameter 'network-config=<YAML>'. This does not work unless the <YAML> payload base64 encoded. Document the base64 encoding requirement and add a plain-text value for disabling cloud-init network config: network-config=disabled Also: - Log an error and ignore any plain-text network-config payloads that are not specifically 'network-config=disabled'. - Log a warning if network-config kernel param is invalid yaml but do not raise an exception, allowing boot to continue and use fallback networking. LP: #1862702
2020-03-03ec2: only redact token request headers in logs, avoid altering request (#230)Chad Smith
Our header redact logic was redacting both logged request headers and the actual source request. This results in DataSourceEc2 sending the invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which gets an HTTP status response of 400. Cloud-init retries this failed token request for 2 minutes before falling back to IMDSv1. LP: #1865882
2020-02-27docs: typo fixed: dta → dataAlexey Vazhnov
2020-02-27Fixes typo on Amazon Web Services (#217)Nick Wales
one line doc fix
2020-02-27Fix docs for OpenStack DMI Asset Tag (#228)Mark T. Voelker
In cloud-init 19.2, we added the ability for cloud-init to detect OpenStack platforms by checking for "OpenStack Compute" or "OpenStack Nova" in the chassis asset tag. However, this was never reflected in the documentation. This patch updates the datasources documentation for OpenStack to reflect the possibility of using the chassis asset tag. LP: #1669875
2020-02-25Add physical network type: cascading to openstack helpers (#200)sab-systems
* Add physical network type: cascading to openstack helpers * add new helpers test for checking all openstack KNOWN_PHYSICAL_TYPES get type 'physical'.
2020-02-25tests: add focal integration tests for ubuntu (#225)Chad Smith
2020-02-20Release 20.1 (#222)20.1Daniel Watkins
Bump the version in cloudinit/version.py to 20.1 and update ChangeLog. LP: #1863954
2020-02-20Update tooling for GitHub-based new releases (#223)Daniel Watkins
* tools/read-version: don't enforce version parity in release branch CI We have a bootstrapping problem with new releases, currently. To take the example of 20.1: the branch that bumps the version fails CI because there is no 20.1 tag for it to use in read-version. Previously, this was solved by creating a tag and pushing it to the cloud-init repo before the commit landed. However, we have GitHub branch protection enabled, so the commit that needs to be tagged is not created until the pull request lands in master. This works around this problem by introducing a very specific check: if we are performing CI for an upstream release branch, we skip the read-version checking that we know will fail. * tools/make-tarball: add --version parameter When using make-tarball as part of a CI build of a new upstream release, the version it determines is inconsistent with the version that other tools determine. Instead of encoding the logic here (as well as in Python elsewhere), we add a parameter to allow us to set it from outside the script. * packages/bddeb: handle missing version_long in new version CI If we're running in CI for a new upstream release, we have to use `version` instead of `version_long` (because we don't yet have the tag required to generate `version_long`).
2020-02-19ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)Ryan Harper
Instead of logging the token values used log the headers and replace the actual values with the string 'REDACTED'. This allows users to examine cloud-init.log and see that the IMDSv2 token header is being used but avoids leaving the value used in the log file itself. LP: #1863943
2020-02-18utils: use SystemRandom when generating random password. (#204)Dimitri John Ledkov
As noticed by Seth Arnold, non-deterministic SystemRandom should be used when creating security sensitive random strings.
2020-02-13docs: mount_default_files is a list of 6 items, not 7 (#212)Chad Smith
2020-02-13azurecloud: fix issues with instances not starting (#205)Ryan Harper
The azurecloud platform did not always start instances during collect runs. This was a result of two issues. First the image class _instance method did not invoke the start() method which then allowed collect stage to attempt to run scripts without an endpoint. Second, azurecloud used the image_id as both an instance handle (which is typically vmName in azure api) as well as an image handle (for image capture). Resolve this by adding a .vm_name property to the AzureCloudInstance and reference this property in AzureCloudImage. Also in this branch - Fix error encoding user-data when value is None - Add additional logging in AzureCloud platform - Update logging format to print pathname,funcName and line number This greatly eases debugging. LP: #1861921
2020-02-10unittest: fix stderr leak in cc_set_password random unittest output. (#208)Ryan Harper
2020-02-07cc_disk_setup: add swap filesystem force flag (#207)Ryan Harper
2020-02-07import sysvinit patches from freebsd-ports tree (#161)Igor Galić
bugzilla ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224361 svn rev: https://svnweb.freebsd.org/ports?view=revision&revision=457768
2020-02-07docs: fix typo (#195)Edwin Kofler
fixes typo at doc/examples/cloud-config-disk-setup.txt; Cavaut => Caveat
2020-02-03sysconfig: distro-specific config rendering for BOOTPROTO option (#162)Robert Schweikert
- Introduce the "flavor" configuration option for the sysconfig renderer this is necessary to account for differences in the handling of the BOOTPROTO setting between distributions (lp#1858808) + Thanks to Petr Pavlu for the idea - Network config clean up for sysconfig renderer + The introduction of the "flavor" renderer configuration allows us to only write values that are pertinent for the given distro - Set the DHCPv6 client mode on SUSE (lp#1800854) Co-authored-by: Chad Smith <chad.smith@canonical.com> LP: #1800854
2020-01-31cloudinit: replace "from six import X" imports (except in util.py) (#183)Daniel Watkins
2020-01-30run-container: use 'test -n' instead of 'test ! -z' (#202)Paride Legovini
Fixes shellcheck warning SC2236.
2020-01-30net/cmdline: correctly handle static ip= config (#201)Dimitri John Ledkov
It is proto 'none', not 'static' as was mistakenly implemented in initramfs-tools/cloud-init in the past, yet was never the case in the klibc ipconfig state file output. LP: #1861412
2020-01-29Replace mock library with unittest.mock (#186)Daniel Watkins
* cloudinit: replace "import mock" with "from unittest import mock" * test-requirements.txt: drop mock Co-authored-by: Chad Smith <chad.smith@canonical.com>
2020-01-29HACKING.rst: update CLA link (#199)Daniel Watkins
2020-01-29Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)Louis Bouchard
Make sure network_config is created when self._network_config is unset. Co-authored-by: Scott Moser <smoser@brickies.net>
2020-01-28cloudinit/cmd/devel/net_convert.py: add missing space (#191)Daniel Watkins
2020-01-28tools/run-container: drop support for python2 (#192)Paride Legovini
Drop support for specifying an Python interpreter different from python3 from tools/run-container.
2020-01-27Print ssh key fingerprints using sha256 hash (#188)Ryan Harper
LP: #1860789
2020-01-24Make the RPM build use Python 3 (#190)Paride Legovini
* packages/brpm: switch to python3 No changes needed other than changing the shebang interpreter. * pkg-deps.json: bump the redhat build dependencies to python36 CentOS 7 (our standard target for the COPR test builds) uses python3.6 as its default python3 interpreter, so let's bump the build dependencies accordingly.
2020-01-24cc_set_password: increase random pwlength from 9 to 20 (#189)Ryan Harper
Increasing the bits of security from 52 to 115. LP: #1860795
2020-01-23.travis.yml: use correct Python version for xenial tests (#185)Daniel Watkins
2020-01-23cloudinit: remove ImportError handling for mock imports (#182)Daniel Watkins
We only run on Python 3 now, so we can unambiguously expect unittest.mock to exist.
2020-01-23Do not use fallocate in swap file creation on xfs. (#70)Eduardo Otubo
When creating a swap file on an xfs filesystem, fallocate cannot be used. Doing so results in failure of swapon and a message like: swapon: swapfile has holes The solution here is to maintain a list (currently containing only XFS) of filesystems where fallocate cannot be used. The, on those fileystems use the slower but functional 'dd' method. Signed-off-by: Eduardo Otubo <otubo@redhat.com> Co-authored-by: Adam Dobrawy <naczelnik@jawnosc.tk> Co-authored-by: Scott Moser <smoser@brickies.net> Co-authored-by: Daniel Watkins <daniel@daniel-watkins.co.uk> LP: #1781781
2020-01-22.readthedocs.yaml: install cloud-init when building docs (#181)Daniel Watkins
This should ensure that all its dependencies are installed during doc generation. LP: #1860450
2020-01-22Introduce an RTD config file, and pin the Sphinx version to the RTD default ↵Daniel Watkins
(#180) doc-requirements.txt: pin Sphinx at version used by RTD Introduce a configuration file containing our existing web-based configuration.
2020-01-21Drop most of the remaining use of six (#179)Daniel Watkins
2020-01-21Start removing dependency on six (#178)Daniel Watkins
* url_helper: drop six * url_helper: sort imports * log: drop six * log: sort imports * handlers/__init__: drop six * handlers/__init__: sort imports * user_data: drop six * user_data: sort imports * sources/__init__: drop six * sources/__init__: sort imports * DataSourceOVF: drop six * DataSourceOVF: sort imports * sources/helpers/openstack: drop six * sources/helpers/openstack: sort imports * mergers/m_str: drop six This also allowed simplification of the logic, as we will never encounter a non-string text type. * type_utils: drop six * mergers/m_dict: drop six * mergers/m_list: drop six * cmd/query: drop six * mergers/__init__: drop six * net/cmdline: drop six * reporting/handlers: drop six * reporting/handlers: sort imports
2020-01-20Add Rootbox & HyperOne to list of cloud in README (#176)Adam Dobrawy
2020-01-16docs: add proposed SRU testing procedure (#167)Chad Smith
Co-Authored-By: Daniel Watkins <daniel@daniel-watkins.co.uk>
2020-01-16util: rename get_architecture to get_dpkg_architecture (#173)Daniel Watkins
This makes it clearer that we should only use this in code paths that will definitely have dpkg available to them. - Rename get_architecture -> get_dpkg_architecture - Add docstring to get_dpkg_architecture