| Age | Commit message (Collapse) | Author | 
|---|
|  | More clearly differentiate between the primary apt repo configuration
and any 3rd party apt configuration.
LP: #1832823 | 
|  | LP: #1846524 | 
|  | Update README to specify that only files with the '.cfg' extension are
read in this folder.
LP: #1855006 | 
|  | Azure stores the instance ID with an incorrect byte ordering for the
first three hyphen delimited parts. This results in invalid
is_new_instance checks forcing Azure datasource to recrawl the metadata
service.
When persisting instance-id from the metadata service, swap the
instance-id string byte order such that it is consistent with
that returned by dmi information. Check whether the instance-id
string is a byte-swapped match when determining correctly whether 
the Azure platform instance-id has actually changed. | 
|  | on FreeBSD, `lock_passwd` is implemented as `pw usermod <user> -h -`
This does not lock the account. It prompts for a password change on the console during cloud-init run.
To lock an account, we have to execute: `pw lock <name>`
LP: #1854594 | 
|  |  | 
|  | On non-Linux systems, `/sys` won't be available. In these cases, we can query `dmidecode(8)` directly.  This PR implements a dmi_decode function to query the same fields ds-identify
would otherwise read from /sys.  This path is taken when /sys isn't present.  In addition to
adding dmidecode support, non-Linux systems also need to map in virtualization detection
as systemd-detect-virt is not present; on FreeBSD, use sysctl kern.vm_guest and provide a
mapping[1] between BSD values and those that match with systemd-detect-virt[2].
1. https://github.com/freebsd/freebsd/blob/master/sys/kern/subr_param.c#L149-L157
2. https://www.freedesktop.org/software/systemd/man/systemd-detect-virt.html
LP: #1852442 | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Add an Amazon distro in the redhat OS family | 
|  |  | 
|  | yaml was missing as we were no longer pointing at the main
requirements.txt file | 
|  | docs: Add document on how to report bugs | 
|  | RedHat dhcp client writes out rfc3442 classless-static-routes in a different format[1]
than what is found in isc-dhcp clients.  This patch adds support for the RedHat format.
1. Background details on the format
 https://bugzilla.redhat.com/show_bug.cgi?id=516325
 https://github.com/vaijab/fedora-dhcp/blob/e83fb19c51765442d77fa60596bfdb2b3b9fbe2e/dhcp-rfc3442-classless-static-routes.patch#L252 
 https://github.com/heftig/NetworkManager/blob/f56c82d86122fc45304fc829b5f1e4766ed51589/src/dhcp-manager/nm-dhcp-client.c#L978
LP: #1850642 | 
|  |  | 
|  |  | 
|  | Sending a valid but empty v1 network config resulted in a
stacktrace during execution.  Update the network_state
parse path to specific check if the 'config' key is None
(not present) versus being present but explicitly empty.
Also add some network_state unittests.
LP: #1852496 | 
|  |  | 
|  | From original work by: Andrew Jorgensen <ajorgens@amazon.com>
Reviewed-by: Matt Nierzwicki <nierzwic@amazon.com>
Reviewed-by: Ethan Faust <efaust@amazon.com> | 
|  | removed a couple of "the"s | 
|  |  | 
|  | doc8 does not know about the ephasize-lines portion of code-block and
throws an error. As this is the only place right now I am going to
remove it untill we can find a better solution. rstcheck and
restructuredtext-lint have issues with sphinx declaritives, so
doc8 is still the best to use for now. | 
|  | * docs: Add security.md to readthedocs
This enables the ability to show the security policy on both GitHub and
on the readthedocs site. To do this, enable the ability to import
Markdown based files and translate them to rst.
* Add doc-requirements.txt and update tox to use
Also removes the extra, uncessary extension addition of .md | 
|  | Currently cloud-init does not know how to handle multiple file
configuration on section AuthorizedKeysFile of ssh configuration.
cloud-init will mess up the home user directory by creating bogus
folders inside it.
This patch provides a fix for this erroneous behavior. It gathers all
keys from all the files listed on the section AuthorizedKeysFile of ssh
configuration and merge all of them inside home user
~/.ssh/authorized_keys of the vm deployed.
Signed-off-by: Eduardo Otubo <otubo@redhat.com> | 
|  | Mapped from bitfehler | 
|  | Revert "travis: only run CI on pull requests" | 
|  | Until we have a clear issue with CI throughput, let's make sure that
we're testing master.
This reverts commit 21967a2dedc781e05cf62c80fb730d0ed5973c8b. | 
|  |  | 
|  | Mapped from ahosmanmsft | 
|  |  | 
|  |  | 
|  | Parse /etc/system-release-cpe to detect Amazon Linux and set the proper value. | 
|  | Mapped from fredlefebvre | 
|  |  | 
|  |  | 
|  | Headers param was accidentally omitted and no longer passed through to
readurl due to a previous commit.
To avoid this omission of params in the future, drop positional param
definitions from read_file_or_url and pass all kwargs through to readurl
when we are not operating on a file.
In util:read_seeded, correct the case where invalid positional param
file_retries was being passed into read_file_or_url.
Also drop duplicated file:// prefix addition from read_seeded because
read_file_or_url does that work anyway.
LP: #1854084 | 
|  | Mapped from eric-lafontaine1 | 
|  | Mapped from xiaofengw | 
|  | This makes for a slightly prettier and less confusing log. | 
|  | Added Azure to cloud tests supporting upstream integration testing.
Implement the inherited platform classes, Azure configurations
to release/platform, and docs on how to run Azure CI. | 
|  | Allow setting of user passwords on FreeBSD
The www/chpasswd utility which we depended on for FreeBSD installations
does *not* do the same thing as the equally named Linux utility.
For FreeBSD, we now use the pw(8) utility (which can only process one
user at a time)
Additionally, we abstract expire passwd into a function, and override it
in the FreeBSD distro class.
Co-Authored-By: Chad Smith <chad.smith@canonical.com> | 
|  | To run: ./tools/migrate-lp-user-to-github LAUCHPAD_USERNAME GITHUB_USERNAME | 
|  | LP: #1853543 | 
|  | Since `is_FreeBSD()` is used a lot, which uses `system_info()`, which uses `get_linux_distro()` we add caching, by decorating the following functions with `@lru_cache`:
- get_architecture()
- _lsb_release()
- is_FreeBSD
- get_linux_distro
- system_info()
- _get_cmdline()
Since [functools](https://docs.python.org/3/library/functools.html) only exists in Python 3, only python 3 will benefit from this improvement. For python 2, our shim is just a pass-thru. Too bad, but, also… https://pythonclock.org/
The main motivation here was, at first, to cache more, following the style of _lsb_release.
That is now consolidated under this very same roof.
LP: #1815030 | 
|  | Mapped from d-info-e | 
|  | * ec2: Add support for AWS IMDS v2 (session-oriented)
AWS now supports a new version of fetching Instance Metadata[1].
Update cloud-init's ec2 utility functions and update ec2 derived
datasources accordingly.  For DataSourceEc2 (versus ec2-look-alikes)
cloud-init will issue the PUT request to obtain an API token for
the maximum lifetime and then all subsequent interactions with the
IMDS will include the token in the header.
If the API token endpoint is unreachable on Ec2 platform, log a
warning and fallback to using IMDS v1 and which does not use
session tokens when communicating with the Instance metadata
service. 
We handle read errors, typically seen if the IMDS is beyond one 
etwork hop (IMDSv2 responses have a ttl=1), by setting the api token
to a disabled value and then using IMDSv1 paths.
To support token-based headers, ec2_utils functions were updated
to support custom headers_cb and exception_cb callback functions
so Ec2 could store, or refresh API tokens in the event of token
becoming stale.
[1] https://docs.aws.amazon.com/AWSEC2/latest/ \
UserGuide/ec2-instance-metadata.html \
#instance-metadata-v2-how-it-works | 
|  | The cloudsigma tests had few test cases that were not getting
all the "mocks" set up correctly.  Specifically is_running_in_cloudsigma
was not getting replaced and calls would leak through to
util.read_dmi_data. | 
|  | Router advertisements are required for the default route
to be set up, thus accept_ra should be enabled for
dhcpv6-stateful.
sysconf: IPV6_FORCE_ACCEPT_RA controls accept_ra sysctl.
eni: mode static and mode dhcp 'accept_ra' controls sysctl.
Add 'accept-ra: true|false' parameter to config v1 and
v2. When True: accept_ra is set to '1'. When False:
accept_ra is set to '0'. When not defined in config the
value is left to the operating system default.
This change also extend the IPv6 support to distinguish
between slaac and dhcpv6-stateless. SLAAC is autoconfig
without any options from DHCP, while stateless auto-configures
the address and the uses DHCP for other options.
LP: #1806014
LP: #1808647 |