| Age | Commit message (Collapse) | Author |
|---|
|
Merged with 20.4 tag from the upstream Cloud-init repository
|
|
With the new `cc_vyos_userdata.py` module is possible to set in User-Data (`#cloud-config`) new parameter `vyos_config_commands`. This parameter should be a list of VyOS configuration commands that will be applied during deployment.
The module will run after the Meta-Data module `cc_vyos.py`.
Commands requirements:
- one command per line
- if command ending by value, it must be inside single quotes: `set some option 'value'`, `delete some option 'value'`
- a single-quote symbol is not allowed inside command or value
The commands list produced by the `show configuration commands` command on a VyOS router should comply with all the requirements, so it is easy to get a proper commands list by copying it from another router.
Usage example (User-Data content):
```
#cloud-config
vyos_config_commands:
- set system host-name 'demo123'
- set system ntp server 1.pool.ntp.org
- set system ntp server 2.pool.ntp.org
- delete interfaces ethernet eth2 address
- set interfaces ethernet eth2 address '192.0.2.1/24'
```
|
|
Existing config writes keys to /etc/ssh after deleting files matching
a glob that includes certificate files. Since sshd looks for
certificates in the same directory as the keys, a host certificate
must be placed in this directory. This update enables the certificate's
contents to be specified along with the keys.
Co-authored-by: jonathan lung <lungj@heresjono.com>
Co-authored-by: jonathan lung <jlung@kepler.space>
|
|
On FreeBSD, if a UFS has trim: (-t) or MAC multilabel: (-l) flag, resize
FS fail, because the _can_skip_ufs_resize check gets tripped up by the
missing options.
This was reported at FreeBSD Bugzilla:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250496 and as
LP: #1901958
Rather than fixing the parser as in the patches proposed there (and
attempted in #636) this pull-request rips out all of it, and simplifies
the code. We now use `growfs -N` and check if that returns an error. If
it returns the correct kind of error, we can skip the resize, because we
either are at the correct size, or the filesystem in question is broken
or not UFS. If it returns the wrong kind of error, we just re-raise it.
LP: #1901958
|
|
Allow root user to validate the userdata provided to the launched
machine using `cloud-init devel schema --system`
|
|
Since partition size is hardcoded into VyOS images for virtual environments, it is not impossible to use all available space on storage. This change enables two Cloud-init modules:
- `growpart` to grow persistence partition;
- `resizefs_vyos` to resize filesystem size to the whole partition.
The `resizefs_vyos` module forked from the main `resizefs` to allow resizing not only root partition but any custom also.
|
|
* Fix awkward English in sentence
* Add the missing word "the"
* Fix misspelling
* Add @jsf9k as a contributor
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
a reboot after `gpart resize` hasn't been necessary since ca FreeBSD 9.2
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
For cc_users_groups the user setting "expiredate" must be quoted in
order for the relevant flag and value to be then passed to the useradd
command. It its vaiue is not quoted then it is treated as Python type
datetime.date and in `cloudinit/distros/__init__.py` the below "is it a
string" condition fails and so no "--expiredate" parameter is passed to
useradd and therefore it has no effect:
```
if key in useradd_opts and val and isinstance(val, str):
useradd_cmd.extend([useradd_opts[key], val])
```
For cc_users_groups, the user setting "inactive" does not actually
disable accounts, the useradd "--inactive" option actually defines the
number of days after password expiry that users can still login. So I
have changed the docs to show it taking a quoted value of days (which
works with the current code) rather than a boolean value. The quotes
are necessary, like expiredate above, so that the value is also passed
to the useradd command.
For cc_power_state_change.py the "delay" setting value needs to have
quotes around it as otherwise its leading plus sign will be stripped
off.
|
|
To provide connectivity to the CLI in cases when there were no credentials in metadata added a fallback user `vyos/vyos`.
|
|
Reliable Scalable Cluster Technology (RSCT) is a set of software
components that together provide a comprehensive clustering
environment(RAS features) for IBM PowerVM based virtual machines. RSCT
includes the Resource Monitoring and Control (RMC) subsystem. RMC is a
generalized framework used for managing, monitoring, and manipulating
resources. RMC runs as a daemon process on individual machines and needs
creation of unique node id and restarts during VM boot.
LP: #1895979
Co-authored-by: Scott Moser <smoser@brickies.net>
|
|
`create_swap()` was previously catching and not re-raising the
ProcessExecutionError that indicated swap creation failure; this meant
that the fallback logic could never be triggered.
This commit adds the required re-raise (as well as removing a duplicated
log message).
LP: #1897099
|
|
The service installed by the CentOS and RHEL 'ntp' package is
ntpd.service
not
ntp.service
Fix that for those two distros.
Also fix chrony service from 'chrony' to 'chronyd'.
LP: #1897915
|
|
In rare cases, when network-config provided not by a true data source, but via kernel argument, initramfs, cloud-config file, the cloud.datasource.network_config variable may be empty. So, to make such configuration available we need to revert back to the previous variant with cloudinit.stages.Init()._find_networking_config().
|
|
|
|
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
|
|
Unfortunately, `cloud.get_hostname()` does not work if a hostname was configured using cloud-config. So, we still need to use the `get_hostname_fqdn()` from `cloudinit.util`.
Also, was added configuration for domain-name to handle FQDN properly, if it is available.
|
|
The `DataSourceOVF.py` file was cleaned up from VyOS-specific changes.
Also was changed related functionality in the `cc_vyos.py`:
- in addition to limited metadata provided by Cloud-init, the function `get_properties` from the `DataSourceOVF.py` used to get unfiltered values from an OVF environment;
- `set_tag` for the `interfaces ethernet` node was moved from multiple places to the `set_ipaddress` function;
- multiple checks for 'null' value in OVF were replaced with the iteration via all values and replacing `null` with `None`. This allows using easier logic during values check;
- simplified conversion of the values from OVF to an IP address;
- added logging for all actions in the `set_config_ovf` function.
|
|
Under FreeBSD, we want to use "shutdown -p" for poweroff.
Alpine Linux also has some specificities.
We choose to define a method that returns the shutdown command line to
use, rather than a method that actually does the shutdown. This makes it
easier to have the tests in test_handler_power_state do their
verifications.
Two tests are added for the special behaviours that are known so far.
|
|
Merged with 20.3 tag from the upstream Cloud-init repository
|
|
Since the `instance-data.json` file is the only way offered by Cloud-Init to get formatted metadata, using it instead of `_get_standardized_metadata()` function is safer and must be compatible with all versions.
|
|
This commit is addressed to solve some old issues with creating users in the system and simplify the parts of the module related to this. Also, some small fixes.
- removed Python modules os, cloudinit.stages, cloudinit.util dependencies. Related functionality replaced by other modules (see below)
- detection of hashed passwords was simplified, made 100% compatible with the rest Cloud-init documentation and recommendations. Also, it was moved from the `handle` function to the `set_pass_login` to reduce the code size and make it more clear
- replaced sequenced SSH public keys enumeration for keys without comments to UUID-based to simplify the code and make the logic easier
- replaced home-growed SSH key parser/checker to the native cloudinit.ssh_util.AuthKeyLineParser()
- added support for SSH key options configuration
- added possibility to use all key types supported by VyOS: 'ssh-dss', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ssh-ed25519', 'ecdsa-sha2-nistp521'
- fixed typo in configuration for `distance`/`metric` option in set_config_interfaces_v1()
- added the stable format of the Meta-Data: `v1`. It must be absolutely equal for any datasource, therefore it is always better to use data from it than from any other sources if this is possible
- added User-Data and Vendor-Data logging. Currently not used for anything, but required for a proper debugging
- replaced datasource source from the unstable metadata field to the stable `cloud.datasource.dsname`
- replaced Network-Config source from `init._find_networking_config()` to the more correct `cloud.datasource.network_config`
- replaced hostname source from the `util.get_hostname_fqdn()` to `cloud.get_hostname()`, what is actually the same, to drop `util` dependency
- the part specific for Azure cloud united with the main part of users creating code, since there is actually no platform-specific functions and everything was moved to the common places, what improved compatibility with the similar environments
- rewritten users creating logic
**Important information about users and credentials**
In the Cloud-init exists multiple ways of how to configure authentication: public keys in Meta-Data, default user name and options in the main config file, several config modules (`cc_set_passwords`, `cc_ssh`, `cc_users_groups`) configurable via `#cloud-config`, maybe something more. Cloud-Init solves this by merging information from most of these sources to a single users' database, but information can overwrite each other.
Very simplified logic description: if something is configured in a User-Data (`#cloud-config`), then most likely default values like username `vyos`, or SSH public keys from Meta-Data will be dropped by Cloud-Init.
This implementation should apply public SSH keys and passwords without associated username to the default user (usually `vyos`, but some platforms may allow using your own). If you are creating any additional user, a default one will not be created and common authentication methods will not be applied, so you need to provide the complete authentication details for it.
|
|
* LXD: detach network from profile before deleting it
When cleaning up the bridge network created by default by LXD as part
of the `lxd init` process detach the network its profile before deleting
it. LXD will otherwise refuse to delete it with error:
Error: The network is currently in use.
Discussion with LXD upstream: https://github.com/lxc/lxd/issues/7804.
LP: #1776958
* LXD bridge deletion: fail if bridge exists but can't be deleted
* LXD bridge deletion: remove useless failure logging
|
|
Changes:
tox: bump the pylint version to 2.6.0 in the default run
Fix pylint 2.6.0 W0707 warnings (raise-missing-from)
|
|
Update ssh_util.py with latest list of keys (from openssh-8.3p1/sshkey.c),
Added keys:
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
ssh-xmss-cert-v01@openssh.com
ssh-xmss@openssh.com
LP: #1877869
|
|
Add new module cc_apk_configure for creating Alpine /etc/apk/repositories file.
Modify cc_ca_certs, cc_ntp, cc_power_state_change, and cc_resolv_conf for Alpine.
Add Alpine template files for Chrony and Busybox NTP support.
Add Alpine template file for /etc/hosts.
|
|
According to man page `man 8 swapon', "Preallocated swap files are
supported on XFS since Linux 4.18". This patch checks for kernel version
before attepting to create swapfile, using dd for XFS only on kernel
versions <= 4.18 or btrfs.
Add new func util.kernel_version which returns a tuple of ints (major, minor)
Signed-off-by: Eduardo Otubo otubo@redhat.com
|
|
Few of the 'User and Groups' configurations in cloud-config have no effect on
already existing users. This was not documented earlier.
This change set adds that information to documentation.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
* Fix a typo in apt pipelining module
Changed `whcih` to `which`.
* Update .github-cla-signers
I have signed the CLA on Canonical's site, adding my username to list of CLA signers.
* Update .github-cla-signers
I need to sort the list alphabetically.
|
|
This commit fixes a situation when it is necessary to configure more than one IP address on an interface. Previously only the latest one address survived. With this fix, it is possible to add all compatible addresses.
|
|
Changes:
- added logging messages
- optimized structure
- added back network configuration version 1 support (new implementation)
- fixed static gateway settings in network configuration version 2
|
|
(#483)
Problem: When cc_ca_certs configuration has both "remove-defaults: true"
and also specifies one, or more, new trusted CAs to add then the resultant
/etc/ca-certificates.conf file's 1st line is blank. As noted in comments
in the existing cc_ca_certs.py code blank lines in this file cause problems.
Fix: Before adding the cloud-init CA filename to this file first check the
size of the file - if is is empty (as all existing CAs have been deleted)
then write only the cloud-init CA filename to the file rather than appending
it to the file.
|
|
* cloudinit: remove global disable of pylint W0107 and fix errors
This includes removing a test class which contained no tests but wasn't
detected as empty because of an errant pass statement.
* .pylintrc: update disable comment to match arguments
|
|
This includes a fix to a test that had a string concatenation issue, and
so was only testing a prefix of what was intended.
|
|
|
|
Do not fail if /etc/fstab is not present. Some images, like container
rootfs may not include this file by default.
LP: #1886531
|
|
test using it (#461)
caplog is only available in pytest itself from 3.0 onwards. In xenial, we only have pytest 2.8.7. However, in xenial we do have pytest-catchlog available (as python3-pytest-catchlog), so we use that where appropriate.
|
|
Create a schema object for the chef module and validate this schema in the handle function of the module.
Some of the config keys description, so I tried looking at the code and chef documentation to provide an information to the user. However, I don't know if I have the best description for all fields. For example, for the key show_time I could not find an accurate description of what it did, so I used what was in our code base to infer what it should do.
LP: #1858888
|
|
If the instance symlink doesn't exist, then we shouldn't create a
directory in its place, because that breaks future boots.
LP: #1883903
|
|
This was brought up in review of #416.
Makes sense to remove the local copy of "is this executable file".
|
|
runparts (run a directory of scripts) seems to fit well in subp
module. The request to move it there was raised in #416.
Replace use of logexc with LOG.debug as logexc comes from util.
|
|
This was painful, but it finishes a TODO from cloudinit/subp.py.
It moves the following from util to subp:
ProcessExecutionError
subp
which
target_path
I moved subp_blob_in_tempfile into cc_chef, which is its only caller.
That saved us from having to deal with it using write_file
and temp_utils from subp (which does not import any cloudinit things now).
It is arguable that 'target_path' could be moved to a 'path_utils' or
something, but in order to use it from subp and also from utils,
we had to get it out of utils.
|
|
Remove extra spaces after a ','
|
|
Replace the hardcoded list of devices with a more robust way of determining
the device which grub is installed to.
We use grub-probe to fetch the underlying disk the /boot directory is
located on, and attempt to match the disk with its /dev/disk/by-id value.
If no such /dev/disk/by-id/ value exists, we fallback to the plain disk
name.
The changes are robust to unstable kernel device names and ordering, and use
/dev/disk/by-id values to populate grub-pc/install_devices where possible.
LP: #1877491
|
|
Co-authored-by: Daniel Watkins <oddbloke@ubuntu.com>
|
|
And add an example of providing a list of assertions.
|
|
|
|
Specifically, ensure that given values are either strings, or arrays of strings.
|
|
We recently discovered that pylint is failing to report some errors when
invoked across our entire codebase (see
https://github.com/PyCQA/pylint/issues/3611). I've run pylint across
every Python file under cloudinit/[0], and this commit fixes the issues
so-discovered.
[0] find cloudinit/ -name "*.py" | xargs -n 1 -t .tox/pylint/bin/python -m pylint
|
