| Age | Commit message (Collapse) | Author |
|---|
|
This was painful, but it finishes a TODO from cloudinit/subp.py.
It moves the following from util to subp:
ProcessExecutionError
subp
which
target_path
I moved subp_blob_in_tempfile into cc_chef, which is its only caller.
That saved us from having to deal with it using write_file
and temp_utils from subp (which does not import any cloudinit things now).
It is arguable that 'target_path' could be moved to a 'path_utils' or
something, but in order to use it from subp and also from utils,
we had to get it out of utils.
|
|
Avoid chpasswd on all the BSD variants.
|
|
Increasing the bits of security from 52 to 115.
LP: #1860795
|
|
* cc_ssh: fix capitalisation of SSH
* doc: fix capitalisation of SSH
* cc_keys_to_console: fix capitalisation of SSH
* ssh_util: fix capitalisation of SSH
* DataSourceIBMCloud: fix capitalisation of SSH
* DataSourceAzure: fix capitalisation of SSH
* cs_utils: fix capitalisation of SSH
* distros/__init__: fix capitalisation of SSH
* cc_set_passwords: fix capitalisation of SSH
* cc_ssh_import_id: fix capitalisation of SSH
* cc_users_groups: fix capitalisation of SSH
* cc_ssh_authkey_fingerprints: fix capitalisation of SSH
|
|
Allow setting of user passwords on FreeBSD
The www/chpasswd utility which we depended on for FreeBSD installations
does *not* do the same thing as the equally named Linux utility.
For FreeBSD, we now use the pw(8) utility (which can only process one
user at a time)
Additionally, we abstract expire passwd into a function, and override it
in the FreeBSD distro class.
Co-Authored-By: Chad Smith <chad.smith@canonical.com>
|
|
Commit 6797e822959b84c98cf73e02b2a6e3d6ab3fd4fe replaced
the LOG.warn calls that linters were warning about; this
also replaces calls that linters would not have recognised
(as `log` is generally a parameter in these scenarios).
LP: #1508442
|
|
What we had previously was inaccurate in a few respects.
LP: #1838794
|
|
Correct invalid regex to match hashes starting with the following:
- $1, $2a, $2y, $5 or $6
LP: #1811446
|
|
This admittedly does a fairly extensive re-factor to simply add a newline
to the end of sshd_config.
It makes the ssh_config updating portion of set_passwords more testable
and adds tests for that.
The new function is in 'update_ssh_config_lines' which allows you
to update a config with multiple changes even though only a single one
is currently used.
We also only restart the ssh daemon now if a change was made to the
config file. Before it was always restarted if the user specified
a value for ssh_pwauth other than 'unchanged'.
Thanks to Lorens Kockum for initial diagnosis and patch.
LP: #1677205
|
|
On centos/fedora/rhel/derivatives, /etc/ssh/sshd_config has mode 0600,
but cloud-init unilaterally sets file modes to 0644 when no explicit
mode is passed to util.write_file. On ubuntu/debian, this file has
mode 0644. With this patch, write_file learns about the copy_mode
option, which will cause it to use the mode of the existing file by
default, falling back to the explicit mode parameter if the file does
not exist.
LP: #1644064
Resolves: rhbz#1295984
|
|
This change will add support for hashed passwords in cc_set_passwords.
It checks if a password is a hash with by checking that it matches
in fairly safe way, and also that the password does not have a ":" in it.
chpasswd needs to know if the password is hashed or not, so two lists
is created so chpasswd is feed with the correct one.
LP: #1570325
|
|
This adds an integration test for setting passwords when given
as a list rather than a string. This also updates the docs and
tests so that Random is now RANDOM as is correct.
|
|
The adjusted change did not support
#cloud-config
password: passw0rd
This correctly fixes that regression.
|
|
This regression was caused by my rework of Sergio's branch.
The change now still works when there is no chpasswd/list provided.
|
|
cc_set_passwords previously supported 'list' as a multiline string:
chpasswd:
list: |
user:pass1
user015:R
This patch adds support for user/pairs as a list:
chpasswd:
list:
- user:pass1
- user015:R
LP: #1665694
|
|
The documentation indicated chpasswd/list should be a list when
the code only accepts a string.
LP: #1665773
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
The amount of code to do user and group normalization
and extraction deserves its own file so move the code
that does this to a new file and update references to the
old location.
This removes some of the funkyness done in config modules
to avoid namespace and attribute clashes as well.
|
|
This adds lots of config module documentation in a standard format.
It will greatly improve the content at readthedocs.
Additionally:
* Add a 'doc' env to tox.ini
* Changed default highlight language for sphinx conf from python to yaml
most examples in documentation are yaml configs
* Updated datasource examples to highlight sh code properly
|
|
|
|
|
|
|
|
|
|
|
|
Update ssh_pwauth handler to accept all values mentioned in
doc/examples/cloud-config.txt
|
|
make pyflakes now passes.
|
|
This just removes comments '# pylint:' things and other code
remnents of pylint.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changing password via 'chpasswd' command in rhel5 would fail, if input
to the 'chpasswd' command doesn't end with '\n'. The fix is just to
append a carriage return to the input.
|
|
|
|
1. Remove the usage of the path.join function
now that all code should be going through
the util file methods (and they can be
mocked out as needed).
2. Adjust all occurences of the above join
function to either not use it or replace
it with the standard os.path.join (which
can also be mocked out as needed)
3. Fix pylint from complaining about the
tests folder 'helpers.py' not being found
4. Add a pylintrc file that is used instead
of the options hidden in the 'run_pylint'
tool.
|
|
imported without being renamed due to
previous usage of the attribute 'distros'
|
|
the previous 'user' and make those locations
go through the new distros functions to select
the default user or the user list (depending on usage).
Adjust the tests to check the new 'default' field
that signifies the default user + test the new method
to extract just the default user from a normalized
user dictionary.
|
|
Fixed change password behavior to work with new user list handling
(LP: #1044553)
|
|
|
|
password control code
|
|
2. Move the config loading functions to where they are used (in stages)
3. Adjust cc_set_passwords to use the is_true and is_false renamed functions
4. Adjust the init stage to have a _read_base_config function used to load
the base 'initial' configuration from the following locations
a. Kernel cmdline
b. Conf.d location (+ the cloud.cfg location)
c. Built-in configuration
|
|
|
|
2. Fixing up more cloud.path.joins found to use the right ro/rw filename
|
|
|
|
some protection against module name collisions when importing.
|
