| Age | Commit message (Collapse) | Author |
|---|
|
Distro subclasses arch, freebsd and debian still have a path with an
implemented _write_network method which has a return value. Can drop
this pylint ignore when _write_network is dropped from arch, freebsd
and debian.
|
|
Any distro that has a '_write_nework_config' method should no
longer get their _write_network called at all. So lets drop
that code and raise a RuntimeError any time we got there.
Replace the one caller of 'apply_network' (legacy openstack path)
with a call to apply_network_config after converting the ENI to
network config.
|
|
Cloud config can now disable ssh access to non-root users.
When defining the 'users' list in cloud-configuration a boolean
'ssh_redirect_user: true' can be provided to disable ssh logins for
that user. Any ssh 'public-keys' defined in cloud meta-data will be added
and disabled in .ssh/authorized_keys. Any attempts to ssh as this user
using acceptable ssh keys will be presented with a message like the
following:
Please login as the user "ubuntu" rather than the user "youruser".
|
|
Multiple distros use sysconfig format but have different content
and paths to certain files. Update distros to specify these
template paths in their renderer_configs dictionary.
|
|
Linux guests can provide information to Hyper-V hosts via KVP.
KVP allows the guests to provide any string key-value-pairs back to the
host's registry. On linux, kvp communication pools are presented as pool
files in /var/lib/hyperv/.kvp_pool_#.
The following reporting configuration can enable this kvp reporting in
addition to default logging if the pool files exist:
reporting:
logging:
type: log
telemetry:
type: hyperv
|
|
To deny a user elevated access, you can omit the `sudo` key from the
`users` dictionary. This works fine however it's implicitly defined
based on defaults of `cloud-init`. If the project moves to have `sudo`
access allowed for all by default (quite unlikely but still possible)
this will catch a few people out.
This introduces the ability to define an explicit `sudo: False` in the
`users` dictionary and it will prevent `sudo` access. The behaviour is
identical to omitting the key.
LP: #1771468
|
|
Add a base NTP client configuration dictionary and allow Distro
specific changes to be merged. Add a select client function which
implements logic to preferr installed clients over clients which
need to be installed. Also allow distributions to override the
cloud-init defaults.
LP: #1749722
|
|
The instance identity document is a better source for region information,
partly because region isn't actually in meta-data at all, only
availability-zone, which happens to be named similarly.
Reviewed-by: Ethan Faust <efaust@amazon.com>
Reviewed-by: Cyle Riggs <cyler@amazon.com>
Reviewed-by: Tom Kirchner <tjk@amazon.com>
Reviewed-by: Matt Nierzwicki <nierzwic@amazon.com>
[ajorgens@amazon.com: rebase onto 0.7.9]
[ajorgens@amazon.com: changes per merge proposal discussions]
|
|
The 'cloud-init clean' command allows a user or script to clear cloud-init
artifacts from the system so that cloud-init sees the system as
unconfigured upon reboot. Optional parameters can be provided to remove
cloud-init logs and reboot after clean.
The 'cloud-init status' command allows the user or script to check whether
cloud-init has finished all configuration stages and whether errors
occurred. An optional --wait argument will poll on a 0.25 second interval
until cloud-init configuration is complete. The benefit here is scripts
can block on cloud-init completion before performing post-config tasks.
|
|
Modules can optionally define a list of supported distros on which they can run
by declaring a distros attribute in the cc_*py module. This branch fixes
handling of cloudinit.stages.Modules.run_section. The behavior of run_section
is now the following:
- always run a module if the module doesn't declare a distros attribute
- always run a module if the module declares distros = [ALL_DISTROS]
- skip a module if the distribution on which we run isn't in module.distros
- force a run of a skipped module if unverified_modules configuration contains
the module name
LP: #1715738
LP: #1715690
|
|
Currently the cloud-init default locale (en_US.UTF-8) is set by
the base datasource class. This patch allows a distro to overide
the fallback value with one that's available in the distro but continues
to respect an image which has preconfigured a locale.
- Distro object now has a get_locale method which will return a
preconfigure locale setting by checking the distros locale system
configuration file. If not set or not present, return the default
locale of en_US.UTF-8 which retains behavior of all previous cloud-init
releases.
- Apply locale now handles regenerating locales or system configuration
files as needed.
- Adjust apply_locale logic to skip locale-regen if the specified LANG
value is C.UTF-8,C, or POSIX; they do not require regeneration.
- Further add unittests to exercise the default paths for Ubuntu and
non-ubuntu paths to validate they get the LANG expected.
|
|
This gets initial opensuse and SLES support back to a working state.
Still missing is more complete network file writing and unit tests.
|
|
Many changes here to get us able to build rpms on CentOS 5 or 6 and RHEL.
* add 'Requires' as 'BuildRequires' also.
This allows us to run cloud-init tools in the build environment, and
also will allow us to run tests in the build process.
* build for both systemd and upstart (centos 5) init systems.
* Add 'centos' as a variant
Adding the variant means we can use the 'centos' user as default on centos
rather than a 'fedora' or 'rhel'.
* drop argparse from the requirements.
On any system other than python 2.6, having a 'requirements' that mentions
argparse just causes problems. Instead we add that Requires to the spec
directly.
* list dependency on dmidecode (as redhat distro spec had)
* remove duplicate line in files section ({_unitdir}/cloud-*)
* Use rpm macros for init-system chunks and drop use
of init_system variable template
* Add el6 only build-req on python-argparse
* python-cheetah is not required in the build environment as the
the spec is already rendered. (We will soon move the spec to jinja).
|
|
This patch targets to make FreeBSD 10.3 or 11 work on Azure. The
modifications abide by the rule of:
* making as less modification as possible
* delegate to the distro or datasource where possible.
The main modifications are:
1. network configuration improvements, and movement into distro path.
2. Fix setting of password.
Password setting through "pw" can only work through pipe.
3. Add 'root:wheel' to syslog_fix_perms field.
4. Support resizing default file system (ufs)
5. copy cloud.cfg for freebsd to /etc/cloud/cloud.cfg rather than
/usr/local/etc/cloud/cloud.cfg.
6. Azure specific changes:
a. When reading the azure endpoint, search in a different path
and read a different option name (option-245 vs. unknown-245).
so, the lease file path should be generated according to platform.
b. adjust the handling of ephemeral mounts for ufs filesystem and
for finding the ephemeral device.
c. fix mounting of cdrom
LP: #1636345
|
|
This will change all instances of LOG.warn to LOG.warning as warn
is now a deprecated method. It will also make sure any logging
uses lazy logging by passing string format arguments as function
parameters.
|
|
Previously, the distro had hard coded which network renderer it would
use. This adds support for just picking the right renderer based
on what is available.
Now, that can be set via a priority in system_info, but should
generally work. That config looks like:
system_info:
network:
renderers: ["eni", "sysconfig"]
When no renderers are found, a specific RendererNotFoundError is raised.
stages.py is modified to catch that and log it at error level. This
path should not really be exercised, but could occur if for example an
Ubuntu system did not have ifupdown, or a rhel system did not have
sysconfig. In such a system previously we would have quietly rendered
ENI configuration but that would have been ignored. This is one step
better in that we at least log the error.
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
Cloud-config provided like:
users:
- default
- name: foobar
groups: sudo, adm
Would result in adduser being called as:
useradd foobar --groups 'sudo, adm' -m
Which would cause error:
useradd: group ' adm' does not exist
The fix here is just to always normalize groups and remove whitespace.
Additionally a fix and unit tests to explicitly set system=False
or no_create_home=True. Previously those paths did not test the value
of the entry, only the presense of the entry.
LP: #1354694
|
|
The documentation shows group names in the 'groups:' key delimited by
", ", but this will result in group names that contain spaces. This
can cause the 'groupadd' or 'useradd' commands to fail.
This patch ensures that we strip whitespace from either end of the
group names passed to the 'groups:' key.
LP: #1354694
|
|
Ubuntu Core images use the `snap create-user` to add users to an
Ubuntu Core system. Add support for creating snap users by adding
a key to the users dictionary.
users:
- name: bob
snapuser: bob@bobcom.io
Or via the 'snappy' dictionary:
snappy:
email: bob@bobcom.io
Users may also create a snap user without contacting the SSO by
providing a 'system-user' assertion by importing them into snapd.
Additionally, Ubuntu Core systems have a read-only /etc/passwd such that
the normal useradd/groupadd commands do not function without an additional
flag, '--extrausers', which redirects the pwd to /var/lib/extrausers.
Move the system_is_snappy() check from cc_snappy module to util for
re-use and then update the Distro class to append '--extrausers' if
the system is Ubuntu Core.
|
|
The amount of code to do user and group normalization
and extraction deserves its own file so move the code
that does this to a new file and update references to the
old location.
This removes some of the funkyness done in config modules
to avoid namespace and attribute clashes as well.
|
|
os.uname is a method, not a property.
|
|
|
|
Previous commit disabled the consumption of 'injected' files in
configdrive (openstack server boot --file=/target/file=local-file)
unless the datasource was in 'pass' mode. The default mode is 'net'
so that would never happen.
Also here are:
a.) a fix for 'links_path_prefix' string from debian, to finally
disable the rendering of systemd.link files (LP: #1594546)
b.) some comments to apply_network_config
c.) implement a backwards compatibility for for distros that do
not yet implement apply_network_config by converting the network
config into ENI format and calling apply_network.
This is required because prior to the previous commit, those distros
would have had 'apply_network' called with the openstack provided
ENI file. But after this change they will have apply_network_config
called by cloudinit's main.
d.) a network_state_to_eni helper for converting net config to eni
it supports the not-actually-correct 'hwaddress' field in ENI.
LP: #1602373
|
|
pylint --errors-only found several errors. Some of the changes
here represent real errors, others just code that pylint did
not like.
|
|
currently does not work in lxc
https://github.com/lxc/lxd/issues/2063
|
|
== background ==
DataSource Mode (dsmode) is present in many datasources in cloud-init.
dsmode was originally added to cloud-init to specify when this datasource
should be 'realized'.
cloud-init has 4 stages of boot.
a.) cloud-init --local . network is guaranteed not present.
b.) cloud-init (--network). network is guaranteed present.
c.) cloud-config
d.) cloud-init final
'init_modules' [1] are run "as early as possible". And as such, are executed
in either 'a' or 'b' based on the datasource. However, executing them means
that user-data has been fully consumed. User-data and vendor-data may have
'#include http://...' which then rely on the network being present. boothooks
are an example of the things run in init_modules.
The 'dsmode' was a way for a user to indicate that init_modules
should run at 'a' (dsmode=local) or 'b' (dsmode=net) directly.
Things were further confused when a datasource could provide networking
configuration. Then, we needed to apply the networking config at 'a'
but if the user had provided boothooks that expected networking, then the
init_modules would need to be executed at 'b'. The config drive datasource
hacked its way through this and applies networking if *it* detects it is
a new instance.
== Suggested Change ==
The plan is to
1. incorporate 'dsmode' into DataSource superclass
2. make all existing datasources default to network
3. apply any networking configuration from a datasource on first boot only
apply_networking will always rename network devices when it runs.
for bug 1579130.
4. run init_modules at cloud-init (network) time frame unless datasource
is 'local'.
5. Datasources can provide a 'first_boot' method that will be called when
a new instance_id is found. This will allow the config drive's write_files
to be applied once.
Over all, this will very much simplify things. We'll no longer have
2 sources like DataSourceNoCloud and DataSourceNoCloudNet, but would just
have one source with a dsmode.
== Concerns ==
Some things have odd reliance on dsmode. For example, OpenNebula's get_hostname
uses it to determine if it should do a lookup of an ip address.
== Bugs to fix here ==
http://pad.lv/1577982 ConfigDrive: cloud-init fails to configure network from network_data.json
http://pad.lv/1579130 need to support systemd.link renaming of devices in container
http://pad.lv/1577844 Drop unnecessary blocking of all net udev rules
|
|
|
|
revision 1179 regressed adding a user that did not have a 'groups'
entry present in cloud-config.
This handles that correctly, making 'add_user' able to take:
a.) groups="group1,group2"
b.) groups=["group1", "group2"]
c.) groups=None
d.) no groups parameter
Additionally, if a primary group is specified it will also be created.
End result is that this is functional:
#cloud-config
groups: ["sudo"]
users:
- name: sysop
primary-group: sysop
groups: "sudo,adm"
shell: /bin/bash
- name: user1
primary-group: users
groups: sudo
- name: foo1
- name: bar
gecos: Bar
groups: ["bargroup"]
Resulting in:
$ groups sysop
sysop : sysop adm sudo
$ groups user1
user1 : users sudo
$ groups foo1
foo1 : foo1
$ groups bar
bar : bar bargroup
LP: #1562918
|
|
|
|
When provided with gzipped data, an exception would be raised
because of a conversion to string.
This fixes the issue and adds a test for write_files.
LP: #1565638
|
|
revision 1179 regressed adding a user that did not have a 'groups'
entry present. This should handle that correctly, making 'add_user'
able to take:
a.) groups="group1,group2"
b.) groups=["group1", "group2"]
c.) groups=None
d.) no groups parameter
LP: #1562918
|
|
there is no data source that has a populated network_config()
so at this point this doesn't do anything.
|
|
|
|
this adds the consumption of 'network-config' to the datasourcenocloud.
There is an implementation of the network rendering taht is untested
in distros/debian.
|
|
This add 'lxd' to the list of groups that the default user is added to.
It also changes behavior to create any necessary groups that are listed
for the user rather than failing to add the user.
Theres also a fix for usage of logexc that I found along the way.
LP: #1539317
|
|
|
|
Update make check target to use pep8, pyflakes, pyflakes3.
|
|
|
|
|
|
the already implemented functionality of changing the password with a hashed string, but which wasn't used anywhere.
|
|
Unless /etc/localtime is an existing file and not a symlink,
then we will symlink instead of copying the tz_file to /etc/localtime.
The copy was due to an old bug in Ubuntu, symlink should be preferred.
LP: #1543025
|
|
Also implement DataSource.region for EC2 and GCE data sources.
|
|
|
|
The existing cloud-init code determines if systemd is in use by looking at the
distribution name and version. This is prone to error because:
- RHEL derivatives other than CentOS (e.g., Scientific Linux) will fail this test, and
- Distributions that are not derived from RHEL also use systemd
This patch makes cloud-init use the same logic that is used in systemd's
sd_booted() method
(http://www.freedesktop.org/software/systemd/man/sd_booted.html)
LP: #1461201
|
|
eu-central-1 means that 'central' is a direction to update the
regular expression to understand.
LP: #1456684
|
|
|
|
|
|
|
|
|
