AgeCommit message (Collapse)Author
2017-03-03ds-identify: move default setting for Ec2/strict_id to a global.Scott Moser
Rather than having the dscheck_Ec2 just know the setting, move it up to a more formal declaration. This will make it look more clean when a distro carries a patch to change it to warn.
2017-03-03ds-identify: record not found in cloud.cfg and always add None.Scott Moser
On a 'not found' result, was not being written at all. That had the unintended effect of '--force' not working. Now, on a 'not found' result: - if reporting: write the list as found (with just 'None'). - if not reporting: only report that there was nothing found. this means that the warning cloud-init will write about ds-identify failing to find a datasource will be written, but cloud-init will still search its fully configured list.
2017-03-03Support warning if the used datasource is not in ds-identify's list.Scott Moser
If ds-identify is in report mode, and the datasource that is found is not in the list, then warn the user of this situation.
2017-03-03tools/ds-identify: make report mode write namespaced results.Scott Moser
Now, when ds-identify runs in report mode, it still writes to /run/cloud-init.cfg as search does, but it will namespace the result under the top level 'di_report' entry.
2017-03-03Move warning functionality to cloudinit/warnings.pyScott Moser
This moves the warning code that was added specifically for EC2 into a generic path at cloudinit/ It also adds support for writing warning files into the warnings directory to be shown by
2017-03-02Add profile.d script for showing warnings on login.Scott Moser can be dropped into /etc/profile.d. Warnings that are written to /var/lib/cloud/instance/warnings will be displayed to the user on stderr when they log in. install and make consistent.Scott Moser
Modify upstream packaging to install this file, which was already installed in ubuntu packaging. Also, white space changes from tabs to spaces. Very few things in cloud-init are tabs now. Lastly, remove the executable bit on this as ait is not necessary. Scripts in /etc/profile.d do not have executable bit.
2017-02-28tools/ds-identify: look at cloud.cfg when looking for ec2 strict_id.Scott Moser
In the interest of speed I had skipped the parsing of /etc/cloud/cloud.cfg for the ec2 strict_id setting. In hindsight it seems reasonable for people to put settings there.
2017-02-28tools/ds-identify: disable vmware_guest_customization by default.Scott Moser
ovf_vmware_guest_customization defaults to true in cloud-init, meaning that such customization is disabled. We just missed a return value causing ovf_vmware_guest_customization to effectively default to on. Also, when looking for setting look at /etc/cloud/cloud.cfg. This had been omitted in interest of performance, but we should be looking there.
2017-02-24tools/ds-identify: ovf identify vmware guest customization.Scott Moser
cloud-init by default sets 'disable_vmware_customization' to True. So in ds-identify, we will enable the ovf datasource if: - virt is vmware - '' exists as installed by vmware-tools or open-vm-tools. - disable_vmware_customization is configured to True
2017-02-24Identify Brightbox as an Ec2 datasource user.Scott Moser
Brightbox will identify their platform to the guest by setting the product serial to a string that ends with ''. LP: #1661693
2017-02-24DatasourceEc2: add warning message when not on AWS.Scott Moser
Based on the setting Datasource/Ec2/strict_id, the datasource will now warn once per instance.
2017-02-24ds-identify: add reading of datasource/Ec2/strict_idScott Moser
ds-identify will now read this setting, and thus allow the user to modify ds-identifies behavior via either: 1. builtin setting here cloud-init/ds-identify builtin 2. ds-identify config (/etc/cloud/ds-identify.cfg) 3. system config (/etc/cloud/cloud.cfg.d/*Ec2*.cfg) 4. kernel command line (ci.datasource.ec2.strict_id=true)
2017-02-24tools/ds-identify: add support for found or maybe contributing config.Scott Moser
A check function that returns found or maybe can also now return config that will be written to the resultant /run/cloud.cfg. They do so by setting the variable _RET_excfg.
2017-02-24tools/ds-identify: read the seed directory on Ec2Scott Moser
This just adds checking of the Ec2 seed directory.
2017-02-24tools/ds-identify: use quotes in local declarations.Scott Moser
The following can have cause issue: FOO="bar ; wark" showit() { local b=$FOO echo $b } 4: local: ;: bad variable name The answer is just to use more quotes.
2017-02-24tools/ds-identify: fix documentation of policy setting in a comment.Scott Moser
Just remove some examples that are no longer valid.
2017-02-17ds-identify: only run once per boot unless --force is given.Scott Moser
This makes ds-identify run only once. Previously it would run multiple times each boot as the generator would run more than once. This is potentially dangerous, in that running again might find more attached disks. However that is really only a "lucky" fix if it happens to result differently than the first run. Additionally, we now log the uptime that we started and ended at.
2017-02-17flake8: fix flake8 complaints in previous commit.Scott Moser
2017-02-17net: correct errors in cloudinit/net/sysconfig.pyLars Kellogg-Stedman
There were some logic errors in that appear to be the result of accidentally typing "iface" where it should have been "iface_cfg". This patch corrects those problems so that the module can run successfully. LP: #1665441 Resolves: rhbz#1389530
2017-02-16ec2_utils: fix MetadataLeafDecoder that returned bytes on emptyScott Moser
the MetadataLeafDecoder would return a bytes value b'' instead of an empty string if the value of a key was empty. In all other cases the value would be a string. This was discovered when trying to json.dumps(get_instance_metadata()) on a recent OpenStack, where the value of 'public-ipv4' was empty. The attempt to dump that with json would raise TypeError: b'' is not JSON serializable
2017-02-14apply the runtime configuration written by ds-identify.Scott Moser
When the ds-identify code landed, it started writing /run/cloud.cfg but at the moment, nothing was reading that. The result is that ds-identify only worked to disable cloud-init entirely.
2017-02-10ds-identify: fix checking for filesystem labelScott Moser
has_fs_with_label regressed when refactoring to not have leading and trailing , in DI_FS_LABELS. LP: #1663735
2017-02-10ds-identify: read ds=nocloud properlyScott Moser
The nocloud datasource specifically would look for ds=nocloud or ds=nocloud-net (often augmented with 'seedfrom') on the kernel command line. Fix to return DS_FOUND in that case. LP: #1663723
2017-02-09support nova-lxd by reading platform from environment of pid 1.Scott Moser
Nova lxd will now put the environment variable 'platform' into pid 1's environment to the value 'OpenStack Nova', which is the same as you would find in kvm guests. LP: #1661797
2017-02-09ds-identify: change aarch64 to use the default for non-dmi systems.Scott Moser
aarch64 does support dmi, but OpenStack does not populate guests with this information, and there are currently bugs in qemu preventing it from working correctly see bug #1663304 for more information. So, for the time being, pretend as if there is no dmi data on aarch64, which will make it enable cloud-init even when no datasources are found.
2017-02-06Remove style checking during build and add latest style checks to toxJoshua Powers
- make check will no longer run the style checks, that way package builds wont fail on a style difference in versions of the style tools in that distro. - created style-check make file target to continue to run pep8 and pyflakes - added tox envs 'tip-pycodestyle' and 'tip-pyflakes' to run latest style checking. These are not enabled by default run of tox. LP: #1652329
2017-02-05code-style: make master pass pycodestyle (2.3.1) cleanly, currently:Joshua Powers
$ pycodestyle cloudinit/ tests/ tools/ tools/ E722 do not use bare except' tools/ E722 do not use bare except' For tools/ E722 do not use bare except' the use case is when someone runs ./ --attach commis instead of ./ --attach commissaire.txt:x-commissaire-host The split can cause a ValueError potentially if there is no: For tools/ E722 do not use bare except' the use case is a dictionary look up occurs potentially when an unknown key is given: key_name = key_ids[key_id] Do note that version 2.3.0 falsely reported a dozen or so E302 and E306 errors.
2017-02-03manual_cache_clean: When manually cleaning touch a file in instance dir.Scott Moser
When manual_cache_clean is enabled, write a file to /var/lib/cloud/instance/manual-clean. That file can then be read by ds-identify or another tool to indicate that manual cleaning is in place.
2017-02-03Add tools/ds-identify to identify datasources available.Scott Moser
ds-identify is run here from the generator. If ds-identify does not see any datasources, it can completely disable cloud-init. The big value in this is that if there is no datasource, no python will ever be loaded, and cloud-init will be disabled.o The default policy being added here is: search,found=all,maybe=all,notfound=disabled That means: - enable (in 'datasource_list') all sources that are found. - if none are found, enable all 'maybe'. - if no maybe are found, then disable cloud-init. On platforms without DMI (everything except for aarch64 and x86), the default 'notfound' setting is 'enabled'. This is because many of the detection mechanisms rely on dmi data, which is present only on x86 and aarch64.
2017-01-26Fix small typo and change iso-filename for consistencyRobin Naundorf
* Fix small typo * Fix ISO-Filename for consistency
2017-01-25Fix eni rendering of multiple IPs per interfaceRyan Harper
The iface:alias syntax for eni rendering is brittle with ipv6. Replace it with using multiple iface stanzas with the same iface name which is supported. Side-effect is that one can no longer do 'ifup $iface:$alias' but requires instead use of ip address {add|delete} instead. LP: #1657940
2017-01-25tools/mock-meta: support python2 or python3 and ipv6 in both.Scott Moser
Fix mock-meta to work with python2 or python3. Additionally, it will now listen to ipv6 connections, where previously it would only work with ipv4.
2017-01-24tests: remove executable bit on test_net, so it runs, and fix it.Scott Moser
The test_user_data_normalize and test_net files had gotten the executable bit set, and thus are skipped by nose by default. We could set run with the --exe flag, but they should not have gotten this way. Other changes here: * replace TempDirTestCase with CiTestCase, which has some nice tmp_dir() and tmp_path() functions. Going forward the intent is to have CiTestCase be the base test case for tests. * test_net: switch to CiTestCase and fix usage that was silently broken, because of exe bit. * populate_dir: return the list of files that it writes rather than having no return value. * CiTestCase: * support tmp_path("foo") that returns a full path to 'foo' under a tmpdir. * add tmp_dir() to get a temp dir and clean up.
2017-01-24tests: No longer monkey patch httpretty for python 3.4.2Scott Moser
No shipping ubuntu has a python 3.4 that is less than 3.4.2. Remove this workaround to avoid unnecessary complexity. This reverts 04a60cf949.
2017-01-24Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardizedLars Kellogg-Stedman
cloud-init adds ssh_authorized_keys to the default user and to root but for root it disables the keys with a prefix command. However, if the public_key key is of type ecdsa-sha2-nistp521, it is not parsed correctly, and the prefix command is not prepended. Resolves: rhbz#1151824 LP: #1658174
2017-01-24reset httppretty for each testLars Kellogg-Stedman
this ensures that we call httpretty.reset() before calling httppretty.register_uri(...), which ensures that we get a fresh callback with the expected version of the metadata. LP: #1658200
2017-01-23build: fix running Make on a branch with tags other than masterScott Moser
running 'make' on a git branch other than master would fail with complaint that the tools/read-version reported a different version than the code. Change to only consider tags starting with 0-9 in read-version.
2017-01-20EC2: Do not cache security credentials on diskAndrew Jorgensen
On EC2, instance metadata can include credentials that remain valid for as much as 6 hours. Reading these and allowing them to be pickled represents a potential vulnerability if a snapshot of the disk is taken and shared as part of an AMI. This skips security-credentials when walking the meta-data tree. LP: #1638312 Reviewed-by: Ian Weller <> Reviewed-by: Ben Cressey <> Reported-by: Kyle Barnes <>
2017-01-17doc: Fix typos and clarify some aspects of the part-handlerErik M. Bray
The existing documentation referred to a handle_type method when it really should be handle_part. It also referred to 'methods' when it really should say 'functions' to be clear (while it's true the built-in handlers are classes with methods of these names, in this context we mean module-level functions). Also clarified that a part-handler should come before the parts that it handles, and can override built-in handlers.
2017-01-17doc: add some documentation on OpenStack datasource.Scott Moser
This just fills out some of the documentation on the OpenStack datasource.
2017-01-17OpenStack: Use timeout and retries from config in get_data.Lars Kellogg-Stedman
This modifies get_data in to get the timeout and retries values from the data source configuration, rather than from keyword arguments. This permits get_data to use the same timeout as other methods, and allows an operator to increase the timeout in environments where the metadata service takes longer than five seconds to respond. LP: #1657130 Resolves: rhbz#1408589
2017-01-17Fixed Misc issues related to VMware customization.Sankar Tanguturi
- staticIPV4 property can be either None or a valid Array. Need to check for None before accessing the ip address. - Modified few misc. log messages. - Added a new log message while waiting for the customization config file. - Added support to configure the maximum amount of time to wait for the customization config file. - VMware Customization Support is provided only for DataSourceOVF class and not for any other child classes. Implemented a new variable vmware_customization_supported to check whether the 'VMware Customization' support is available for a specific datasource or not. - Changed the function get_vmware_cust_settings to get_max_wait_from_cfg. - Removed the code that does 'ifdown and iup' in NIC configurator.
2017-01-12Fix minor docs typo: perserve > preserveJeremy Bicha
2017-01-12Use dnf instead of yum when availableLars Kellogg-Stedman
Recent fedora releases use "dnf" instead of "yum" for package management. While there is a compatible "yum" cli available, there's no guarantee that it will be available. With this patch, cloud-init will check for /usr/bin/dnf and use that if it exists instead of yum. rhbz: LP: #1647118
2017-01-11validate-yaml: use python rather than explicitly python3Scott Moser
The change here is to use '/usr/bin/env python' in as all other tools/*.py do. Additionally, change the Makefile to invoke with the python that it has selected for other things (PYVER).
2017-01-11Get early logging logged, including failures of cmdline url.Scott Moser
Failures to load the kernel command line's url (cloud-config-url=) would previously get swallowed. This should make it much more obvious when that happens. With logging going to expected places at sane levels (WARN will go to stderr by default).
2016-12-23release 0.7.9Scott Moser
Bump the version in cloudinit/ to be 0.7.9.
2016-12-23doc: adjust headers in tests documentation for consistency.Scott Moser
This just makes headers in doc/rtd/topics/tests.rst consistent with other rst files, as the comment in doc/rtd/index.rst suggests.
2016-12-23pep8: fix issue found in zesty build with pycodestyle.Scott Moser
pycodestyle has better checking for 2 lines blank lines. This failed to build on zesty as a result. Patching this here, and filed bug 1652329 to fix it more permenantly.