| Age | Commit message (Collapse) | Author |
|---|
|
If a key with the same comment already exists in a configuration, generate a new
ID for a new one.
Example of such a case:
```
ssh-rsa <base64> my_user_name
ssh-ed25519 <base64> my_user_name
```
(cherry picked from commit c02b1151e584ea6c0bca35ba6aa87504566f6949)
|
|
Added an unattended installer, compatible with similar from VyOS 1.3.
Check the `config/cloud.cfg.d/20_vyos_install.cfg` for configuration details.
|
|
Cloud-init in environments where Meta-data is available via network configures
the main interface and keeps the config in `/etc/network/interfaces.d/`.
This config later interferes with the VyOS configuration.
To avoid the problem previously the code in the `cc_vyos.py` module was used,
but this is not enough. The module is running only once during instance
deployment. But Cloud-init will re-add the config file with each boot.
There are two ways to solve this incompatibility (within Cloud-init) - disable
network config or perform cleanup during each boot.
Disabling network config is not correct in this context, because it blocks the
ability to fetch Meta-data after the first boot, which in turn blocks the
ability to run per-boot modules with an updated config.
Therefore, the cleanup code was extracted to an independent
`cc_vyos_ifupdown.py` module that performs proper cleanup with each boot.
|
|
Improperly generated configuration can break the configuration process. This fix
updates CLI items from the old to the current syntax.
Fixed CLI config items for:
- NTP servers
- HTTPS API
- domain-search
|
|
Configuration in `vyos_config_commands` is expected to use a syntax from the
target VyOS version. But, if Cloud-init applies configuration commands to a
default file, all the migrations (from the 0 version to the latest) will still
be executed on top of it.
This process can break proper config, for example, if the current syntax variant
partially repeats one of the older ones, which will trigger a migration without
need.
|
|
|
|
- added extra check for maximum supported MTU to avoid exceeding it during
configuration
- remove udev rules created by cloud-init after initialization
- fixed logic for config file selection
|
|
To avoid problems with SSH public key comments with special characters the
parser now generates UUID names for keys if a comment contains anything
except `[a-zA-Z0-9_]`.
|
|
A new option for Cloud-Init was added:
```
vyos_config_options:
network_config: <disabled/enabled>
```
Possible values:
* by default - equal to the `network['config']` from the active Cloud-Init
configuration
* `enabled` - configure networking, even if global `network['config']` is set
to `disabled`
* `disabled` - do not configure networking, regardless of global
`network['config']` value
|
|
network-config: T4954: Fixed DNS settings
|
|
Fixed different mistakes in the `cc_vyos` module, like wrong variable types,
functions calls or returns.
|
|
This commit fixes setting DNS configuration if it was presented as a string
instead array of strings.
|
|
This commit fixes the problem with overwritting tag nodes by neighbors, when
there are more than one tag node on the same level.
|
|
Added the support for all types of interfaces supported in
network-config. See detail here:
https://cloudinit.readthedocs.io/en/22.1_a/topics/network-config.html
For Networking Config Version 1:
- physical
- bond
- bridge
- vlan
- nameserver
- route
For Networking Config Version 2:
- ethernets
- bonds
- bridges
- vlans
Also, the code was refactored to reduce actions duplication and prepare
for future syntax and structure improvements.
|
|
Merged with 22.1 tag from the upstream Cloud-init repository.
Our modules were slightly modified for compatibility with the new
version.
|
|
This commit adds the ability to deconfigure all the interfaces that
Cloud-init configured during deployment and remove the configuration
file `/etc/network/interfaces.d/50-cloud-init`. This should protect from
conflicts between CLI config and actual interfaces states.
|
|
|
|
Use PEP 589 syntax for TypeDict annotation.
Also fixes previously broken typing MetaSchema typing implementation.
|
|
Fixes the spaces introduced in #1213
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
This fixes a bug that prevents the salt module from enabling the salt minion in rc.conf.
For more details:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254339
|
|
The ephemeral disk depends on a functional network to be mounted. Even
though it depends on cloud-init.service, sometimes an ordering cycle is
noticed on the instance. If the option "_netdev" is added the problem is
gone.
rhbz: #1998445
Signed-off-by: Eduardo Otubo otubo@redhat.com
|
|
Migrate from legacy schema or define new schema in
cloud-init-schema.json, adding extensive schema tests for:
- cc_apt_configure
- cc_bootcmd
- cc_byobu
- cc_ca_certs
- cc_chef
- cc_debug
- cc_disable_ec2_metadata
- cc_disk_setup
Deprecate config hyphenated schema keys in favor of underscores:
- ca_certs and ca_certs.remove_defaults instead of
ca-certs and ca-certs.remove-defaults
- Continue to honor deprecated config keys but emit DEPRECATION
warnings in logs for continued use of the deprecated keys:
- apt_sources key
- any apt v1 or v2 keys
- use or ca-certs or ca_certs.remove-defaults
- Extend apt_configure schema
- Define more strict schema below object opaque keys using
patternProperties
- create common $def apt_configure.mirror for reuse in 'primary'
and 'security' schema definitions within cc_apt_configure
Co-Authored-by: James Falcon <james.falcon@canonical.com>
|
|
|
|
LP: #1959149
|
|
Signed-off-by: Louis Sautier <sautier.louis@gmail.com>
|
|
Package a single JSON schema file for user-data validation at
cloudinit/config/cloud-init-schema.json.
Perform validate_cloudconfig_schema call to just after the
user-data is consumed. This will allow single validation of all
user-data against the full schema instead of
repetitive validatation calls against each cloud-config module
(cloudinit.config.cc_*) sub-schemas.
This branch defines the simple apt_pipelining schema and
migrates existing cc_apk_configure into cloud-init-schema.json.
The expectation will be additional branches to migrate from legacy
"schema" attributes inside each cloud-config module toward unique
cc_<module_name> definitions in the global shema file under "$defs"
of cloud-init-schema-X.Y..json.
Before legacy sub-schema definitions are migrated the following
funcs grew support to read sub-schemas from both static
cloud-init-schema.json and the individual cloud-config module
"schema" attributes:
- get_schema: source base schema file from cloud-init-schema.json
and supplement with all legacy cloud-config module "schema" defs
- get_meta_doc: optional schema param so cloud-config modules
no longer provide the own local sub-schemas
- _get_property_doc: render only documentation of sub-schema based
on meta['id'] provided
- validate_cloudconfig_schema: allow optional schema param
Additionally, fix two minor bugs in _schemapath_for_cloudconfig:
- `cloud-init devel schema --annotate` which results in a Traceback
if two keys at the same indent level have invalid types.
- exit early on empty cloud-config to avoid a Traceback on the CLI
|
|
Adds a new module to allow setting keyboard layout,
for use-cases in which cloud-init is used to configure
OS images meant for physical computers instead
of the cloud.
This initial release only implements support
for Linux distributions that allow layout to be
set through systemd's localectl.
LP: #1951593
|
|
Includes:
- Update tox.ini and .travis.yml accordingly
- Cleanup tox.ini with new tox syntax and cloud-init dependencies
- Update documentation accordingly
- Replace/remove xenial references where additional testing isn't required
- Remove xenial checks in integration tests
- Replace yield_fixture with fixture in pytest tests
Sections of code commented with lines like "Remove when Xenial is no
longer supported" still exist as they're require additional testing.
|
|
|
|
Warn during boot when an empty config is provided. Likewise,
`cloud-init devel schema --annotate` should not throw exception, return
something meaningful instead.
|
|
cloud-init currently makes calls to ubuntu_advantage without assume-yes.
some ua enable commands, such as ua enable fips, have prompts. In an
automated environment, calling ua enable without --assume-yes will
result in errors and not applying the change. This sets --assume-yes by
default for all enable commands. This capability was added two years ago
in ua commit 576e605ceb5f so should be safe for use in all systems at
this time.
LP: #1954842
|
|
Applied Black and isort, fixed any linting issues, updated tox.ini
and CI.
|
|
* Use proper logging
* Add parsing for patternProperties
* Add label to annotate patternProperties
* Log warning if schema parsing fails during metaschema processing
* Some schema test fixes
|
|
|
|
Improve schema validation.
This adds strict validation of config module definitions at testing
time, with plumbing included for future runtime validation. This
eliminates a class of bugs resulting from schemas that have definitions
that are incorrect, but get interpreted by jsonschema as
"additionalProperties" that are therefore ignored.
- Add strict meta-schema for jsonschema unit test validation
- Separate schema from module metadata structure
- Improve type annotations for various functions and data types
Cleanup:
- Remove unused jsonschema "required" elements
- Eliminate manual memoization in schema.py:get_schema(),
reference module.__doc__ directly
|
|
This attempts to standardize unit test file location under test/unittests/
such that any source file located at cloudinit/path/to/file.py may have a
corresponding unit test file at test/unittests/path/to/test_file.py.
Noteworthy Comments:
====================
Four different duplicate test files existed:
test_{gpg,util,cc_mounts,cc_resolv_conf}.py
Each of these duplicate file pairs has been merged together. This is a
break in git history for these files.
The test suite appears to have a dependency on test order. Changing test
order causes some tests to fail. This should be rectified, but for now
some tests have been modified in
tests/unittests/config/test_set_passwords.py.
A helper class name starts with "Test" which causes pytest to try
executing it as a test case, which then throws warnings "due to Class
having __init__()". Silence by changing the name of the class.
# helpers.py is imported in many test files, import paths change
cloudinit/tests/helpers.py -> tests/unittests/helpers.py
# Move directories:
cloudinit/distros/tests -> tests/unittests/distros
cloudinit/cmd/devel/tests -> tests/unittests/cmd/devel
cloudinit/cmd/tests -> tests/unittests/cmd/
cloudinit/sources/helpers/tests -> tests/unittests/sources/helpers
cloudinit/sources/tests -> tests/unittests/sources
cloudinit/net/tests -> tests/unittests/net
cloudinit/config/tests -> tests/unittests/config
cloudinit/analyze/tests/ -> tests/unittests/analyze/
# Standardize tests already in tests/unittests/
test_datasource -> sources
test_distros -> distros
test_vmware -> sources/vmware
test_handler -> config # this contains cloudconfig module tests
test_runs -> runs
|
|
When cloud-init is configured to show SSH user key fingerprints during
boot two of the same message appears for each user. This appears to be as
the util.multi_log call defaults to send to both console directly and to
stderr (which also goes to console).
This change sends them only to console directly.
|
|
testing: monkeypatch system_info call in unit tests
system_info can make calls that read or write from the filesystem, which
should require special mocking. It is also decorated with 'lru_cache',
which means test authors often don't realize they need to be mocking.
Also, we don't actually want the results from the user's local
machine, so monkeypatching it across all tests should be reasonable.
Additionally, moved some of 'system_info` into a helper function to
reduce the surface area of the monkeypatch, added tests for the new
function (and fixed a bug as a result), and removed related mocks that
should be no longer needed.
|
|
Don't throw an exception when mirror arch is unspecified.
|
|
When we added the install hotplug module, we forgot to update the
redhet/cloud-init.spec.in file and allow for execution on /usr/libexec.
This PR adds that functionality.
|
|
Also, add the "signed by" option to source definitions. This enables
users to limit the scope of trust for individual keys.
LP: #1836336
|
|
When ssh host keys are generated during initial boot the full output of
ssh-keygen, including the randomart for the key, is displayed on the
console for each of the generated key types, which takes up a large
amount of screen output (17 lines per key type).
With this change ssh-keygen output is still displayed by default.
Setting ssh_quiet_keygen to True will prevent ssh-keygen output from
appearing. If only the fingerprints of the host keys should be
displayed then this can be achieved using the existing
emit_keys_to_console and/or ssh_fp_console_blacklist settings.
|
|
This commit removes automatically installing udev rules for hotplug
and adds a module to install them instead.
Automatically including the udev rules and checking if hotplug was
enabled consumed too many resources in certain circumstances. Moving the
rules to a module ensures we don't spend extra extra cycles on hotplug
if hotplug functionality isn't desired.
LP: #1946003
|
|
The main idea is to introduce a second module that takes care of
writing files, but in the 'final' stage.
While the introduction of a second module would allow for choosing
the appropriate place withing the order of modules (and stages),
there is no addition top-level directive being added to the cloud
configuration schema. Instead, 'write-files' schema is being extended
to include a 'defer' attribute used only by the 'write-deffered-files'
modules.
The new module 'write-deferred-files' reuses as much as
possible of the 'write-files' functionality.
|
|
Various modules restart services and they all have logic to try and
detect if they are running on a system that needs 'systemctl' or
'service', and then have code to decide which order the arguments
need to be etc. On top of that, not all modules do this in the same way.
The duplication and different approaches are not ideal but this also
makes it hard to add support for a new distribution that does not use
either 'systemctl' or 'service'.
This change adds a new manage_service() method to the distro class
and updates several modules to use it.
|
|
When default host keys are created by sshd-keygen (/etc/ssh/ssh_host_*_key)
in RHEL/CentOS/Fedora, openssh it performs the following:
# create new keys
if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
exit 1
fi
# sanitize permissions
/usr/bin/chgrp ssh_keys $KEY
/usr/bin/chmod 640 $KEY
/usr/bin/chmod 644 $KEY.pub
Note that the group ssh_keys exists only in RHEL/CentOS/Fedora.
Now that we disable sshd-keygen to allow only cloud-init to create
them, we miss the "sanitize permissions" part, where we set the group
owner as ssh_keys and the private key mode to 640.
According to https://bugzilla.redhat.com/show_bug.cgi?id=2013644#c8, failing
to set group ownership and permissions like openssh does makes the RHEL openscap
tool generate an error.
Signed-off-by: Emanuele Giuseppe Esposito eesposit@redhat.com
RHBZ: 2013644
|
|
Also added supporting distro/datasource classes and updated tests
that have a `get_cloud` call.
|
|
Growpart uses mktemp internally to save some date. This could lead to
conflicts with tmpfile clean service during boot. This patch
explicitly make it uses a tmp file under /var/tmp
Signed-off-by: ushen <yshxxsjt715@gmail.com>
|
|
Allow comments in runcmd and report failed commands correctly
A `runcmd` script may fail to parse properly, but does not mark
`runcmd` as failed when that occurs. Additionally `shellify()` fails
to correctly parse scripts that contain a comment line.
Rectify both issues and add unit tests to verify correct behavior.
LP: #1853146
|
|
Some modules' frequency are documented as `always` while others as
`per always`. The difference in wording can be confusing. This change
updates all such modules to use `always`.
Signed-off-by: Nicolas Bock <nicolas.bock@canonical.com>
|
