| Age | Commit message (Collapse) | Author |
|---|
|
While addressing undeclared variable in 'cloud-init status', I also fixed
the errors raised by automated code reviews against cloud-init master at
https://lgtm.com/projects/g/cloud-init/cloud-init/alerts
The following items are addressed:
* Fix 'cloud-init status':
* Only report 'running' state when any stage in
/run/cloud-init/status.json has a start time but no finished time.
Default start time to 0 if null.
* undeclared variable 'reason' now reports 'Cloud-init enabled by
systemd cloud-init-generator' when systemd enables cloud-init
* cc_rh_subscription.py util.subp return values aren't set during if an
exception is raised, use ProcessExecution as e instead.
* distros/freebsd.py:
* Drop repetitive looping over ipv4 and ipv6 nic lists.
* Initialize bsddev to 'NOTFOUND' in the event that no devs are
discovered
* declare nics_with_addresses = set() in broader scope outside
check_downable conditional
* cloudinit/util.py: Raise TypeError if mtype parameter isn't string,
iterable or None.
LP: #1744796
|
|
Resize of btrfs fails if the mount point for the file system we are trying
to resize, i.e. the root of the filesystem is read only. With this change
we use a known (currently snapper specific) rw location to work around a
flaw that blocks resizing of the ro filesystem.
LP: #1734787
|
|
When subp raised a ProcessExecutionError, that exception's stderr and
stdout might end up being the string '-' rather than bytes.
This mean that:
try:
subp(mycommand, decode=False)
except ProcessExecutionError as e:
pass
Would have 'e.stdout' set to '-' while the caller would expect bytes.
Also reduce the try/except block in subp to a specifically the two lines
that may raise an OSError.
|
|
This issue was first identified when manual_cache_clean was set, as
ds-identify would write /run/cloud-init/cloud.cfg with
# manual_cache_clean
that would generate a warning as cloud-init expected to load a dict.
Any other "empty" config would also log such a warning.
Also fix reading of di_report to allow it to be None, as ds-identify
would write:
di_report:
# manual_cache_clean
which reads as 'di_report: None' rather than di_report: {}.
LP: #1742479
|
|
This branch resolves lints seen by pylint revision 1.8.1 and updates our
pinned tox pylint dependency used by our tox pylint target.
|
|
Each DataSource subclass must define its own get_data method. This branch
formalizes our DataSource class to require that subclasses define an
explicit dsname for sourcing cloud-config datasource configuration.
Subclasses must also override the _get_data method or a
NotImplementedError is raised.
The branch also writes /run/cloud-init/instance-data.json. This file
contains all meta-data, user-data and vendor-data and a standardized set
of metadata keys in a json blob which other utilities with root-access
could make use of. Because some meta-data or user-data is potentially
sensitive the file is only readable by root.
Generally most metadata content types should be json serializable. If
specific keys or values are not serializable, those specific values will
be base64encoded and the key path will be listed under the top-level key
'base64-encoded-keys' in instance-data.json. If json writing fails due to
other TypeErrors or UnicodeDecodeErrors, a warning log will be emitted to
/var/log/cloud-init.log and no instance-data.json will be created.
|
|
The 'cloud-init clean' command allows a user or script to clear cloud-init
artifacts from the system so that cloud-init sees the system as
unconfigured upon reboot. Optional parameters can be provided to remove
cloud-init logs and reboot after clean.
The 'cloud-init status' command allows the user or script to check whether
cloud-init has finished all configuration stages and whether errors
occurred. An optional --wait argument will poll on a 0.25 second interval
until cloud-init configuration is complete. The benefit here is scripts
can block on cloud-init completion before performing post-config tasks.
|
|
There is a race condition where our sandboxed dhclient properly writes a
lease file but has not yet written a pid file. If the sandbox temporary
directory is torn down before the dhclient subprocess writes a pidfile
DataSourceEc2Local gets a traceback and the instance will fallback to
DataSourceEc2 in the init-network stage. This wastes boot cycles we'd
rather not spend.
Fix handling of sandboxed dhclient to wait for both pidfile and leasefile
before proceding. If either file doesn't show in 5 seconds, log a warning
and return empty lease results {}.
LP: #1735331
|
|
Things done here:
- identify 'suse' as a variant in util.system_info and
also tools/render-cloudcfg.
- update systemd and cloud.cfg templates for suse specific changes.
LP: #1718640
|
|
/run/cloud-init/tmp is on a filesystem mounted noexec, so running
dchlient in Ec2Local during discovery breaks with 'Permission denied'.
This branch allows us to run from a different tmp dir so we have exec
rights.
LP: #1717627
|
|
Most users of chef will want to pin the version that is installed.
Typically new versions of chef have to be evaluated for breakage etc.
This change proposes a new optional `omnibus_version` field to the chef
configuration. The changeset also adds documentation referencing the new
field.
LP: #1462693
|
|
During boot, the usage of /tmp is not safe. In systemd systems,
systemd-tmpfiles-clean may run at any point and clear out a temp file
while cloud-init is using it. The solution here is to use
/run/cloud-init/tmp.
LP: #1707222
|
|
A patch to allow scripts missing a #! to run by using shell=True was
proposed but rejected. Instead we emit a log message to help the user
understand what went wrong.
|
|
Making lots of random invalid DNS queries interferes with the ability
of security teams to identify malicious or anomalous behavior from DNS
logs. The same goal should be achievable with a consistent query for a
name that is disallowed.
LP: #1088611
|
|
load_shell_content previously would not allow shell comment characters
in the content being parsed. If comments=True is not passed then an
exception would previously be raised as the line would not be guaranteed to
have an '=' in it.
|
|
This fixes stacktrace and warning message that would be printed
to the log if running inside a container and read_dmi_data tried
to access a key that was not present.
In a container, the /sys/class/dmi/id data is not relevant to the
but to the host. Additionally an unpriviledged container might see
strange behavior:
# cd /sys/class/dmi/id/
# id -u
0
# ls -l chassis_serial
-r-------- 1 nobody nogroup 4096 Jun 29 16:49 chassis_serial
# cat chassis_serial
cat: /sys/class/dmi/id/chassis_serial: Permission denied
The solution here is to just always return None when running in a
container.
LP: #1701325
|
|
- Simplify the logic of 'variant' in util.system_info
much of the data from
https://github.com/hpcugent/easybuild/wiki/OS_flavor_name_version
- fix get_resource_disk_on_freebsd when running on a system without
an Azure resource disk.
- fix tools/build-on-freebsd to replace oauth with oauthlib and add
bash which is a dependency for tests.
- update a fiew places that were checking for freebsd but not using
the util.is_FreeBSD()
|
|
Unix file modes are usually represented as octal, but they were being
interpreted as decimal, for example 0o644 would be printed as '420'.
Reviewed-by: Tom Kirchner <tjk@amazon.com>
|
|
On some systems with python-libselinux a bug[1] related to recursive
restorecon fails but the distro release does not yet include
an update. This change will accept the error and log a warning.
1. https://bugzilla.redhat.com/show_bug.cgi?id=1406520
LP: #1686751
|
|
Here we move the config/cloud.cfg to be rendered as a template.
That allows us to maintain deltas between distros in one place.
Currently we use 'variant' variable to make decisions.
A tools/render-cloudcfg is provided to render the file.
There were changes to setup.py, MANIFEST.in to allow us to put all
files into a virtual env installation and to render the cloud-config
file in 'install' or 'bdist' targets.
We have also included some config changes that were found in the
redhat distro spec.
* include some config changes from the redhat distro spec.
The rendered cloud.cfg has some differences.
Ubuntu: white space and comment changes only.
Freebsd:
- whitespace changes and comment changes
- datasource_list definition moved to be closer to 'datasource'.
- enable modules: migrator, write_files
- move package-update-upgrade-install to final.
The initial work was done by Josh Harlow.
|
|
The motivation for this is to make tip-pylint target green.
It does 2 things:
a.) silence a warning that is generated in pylint 1.7.1, but not
other versions of pylint. This bug in pylint is filed at
https://github.com/PyCQA/pylint/issues/1444
b.) move tox -e pylint to use pylint 1.7.1
|
|
Recent core snap images (edge channel revision 1886) do not contain the
previously known files used to detect that a system is ubuntu core.
The changes here are to look in 2 additional locations to determine
if a system is snappy.
LP: #1689944
|
|
This patch targets to make FreeBSD 10.3 or 11 work on Azure. The
modifications abide by the rule of:
* making as less modification as possible
* delegate to the distro or datasource where possible.
The main modifications are:
1. network configuration improvements, and movement into distro path.
2. Fix setting of password.
Password setting through "pw" can only work through pipe.
3. Add 'root:wheel' to syslog_fix_perms field.
4. Support resizing default file system (ufs)
5. copy cloud.cfg for freebsd to /etc/cloud/cloud.cfg rather than
/usr/local/etc/cloud/cloud.cfg.
6. Azure specific changes:
a. When reading the azure endpoint, search in a different path
and read a different option name (option-245 vs. unknown-245).
so, the lease file path should be generated according to platform.
b. adjust the handling of ephemeral mounts for ufs filesystem and
for finding the ephemeral device.
c. fix mounting of cdrom
LP: #1636345
|
|
Growing the root partition would fail in either of two cases:
a.) if the device /dev/root existed
b.) the kernel command line had upper case letters in PARTUUID=<value>
the kernel will accept upper case partuuid, but udev creates
links with lower case. In that scenario, we need to adjust to
a /dev/disk/by-<partuuid|uuid> with lower case.
The fix here addresses that, and also fixes uuid similarly for the
lowercase issue.
LP: #1684869
|
|
This will change all instances of LOG.warn to LOG.warning as warn
is now a deprecated method. It will also make sure any logging
uses lazy logging by passing string format arguments as function
parameters.
|
|
On centos/fedora/rhel/derivatives, /etc/ssh/sshd_config has mode 0600,
but cloud-init unilaterally sets file modes to 0644 when no explicit
mode is passed to util.write_file. On ubuntu/debian, this file has
mode 0644. With this patch, write_file learns about the copy_mode
option, which will cause it to use the mode of the existing file by
default, falling back to the explicit mode parameter if the file does
not exist.
LP: #1644064
Resolves: rhbz#1295984
|
|
When booted without an initramfs, the root device will be /dev/root, not a
named device. There is partial support for this when resizing filesystems,
but not for growing partitions, without which it doesn't do much good. Move
the /dev/root resolution code to util.py and use it from cc_growpart.py.
Also, booting without an initramfs only works with a root= argument that's
either a kernel device name (which is unstable) or a partition UUID. Handle
the case of root=PARTUUID=value, not just LABEL and UUID.
LP: #1677376
|
|
Network configuration version 2 format is implemented in a package
called netplan (nplan)[1] which allows consolidated network config
for multiple network controllers.
- Add a new netplan renderer
- Update default policy, placing eni and sysconfig first
This requires explicit policy to enable netplan over eni
on systems which have both (Yakkety, Zesty, UC16)
- Allow any network state (parsed from any format cloud-init supports) to
render to v2 if system supports netplan.
- Move eni's _subnet_is_ipv6 to common code for use by other renderers
- Make sysconfig renderer always emit /etc/syconfig/network configuration
- Update cloud-init.service systemd unit to also wait on
systemd-networkd-wait-online.service
1. https://lists.ubuntu.com/archives/ubuntu-devel/2016-July/039464.html
|
|
Previously, the distro had hard coded which network renderer it would
use. This adds support for just picking the right renderer based
on what is available.
Now, that can be set via a priority in system_info, but should
generally work. That config looks like:
system_info:
network:
renderers: ["eni", "sysconfig"]
When no renderers are found, a specific RendererNotFoundError is raised.
stages.py is modified to catch that and log it at error level. This
path should not really be exercised, but could occur if for example an
Ubuntu system did not have ifupdown, or a rhel system did not have
sysconfig. In such a system previously we would have quietly rendered
ENI configuration but that would have been ignored. This is one step
better in that we at least log the error.
|
|
Failures to load the kernel command line's url (cloud-config-url=)
would previously get swallowed. This should make it much more
obvious when that happens. With logging going to expected places
at sane levels (WARN will go to stderr by default).
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
The correct order of precedence when reading the base config:
builtin config
system config
kernel command line provided config.
This reverts commit 63501f44, which actually broke the behavior it
reported to fix. It also adds some unit tests to ensure this behavior
is not broken again.
LP: #1582323
|
|
This replaces long single lines in a log or console output
with multiple lines that are much easier to read.
It indents the stdout and stderr so logs are more easily
read also.
|
|
pycodestyle 2.1.0 is in Ubuntu zesty, and complained about the
changes made here. Simple style changes. This makes 'make pep8'
pass again when built in a zesty build system with proposed enabled.
|
|
aarch64 systems have functional dmidecode, so allow that to be used.
- aarch64 has support for dmidecode as well
|
|
Ubuntu Core images use the `snap create-user` to add users to an
Ubuntu Core system. Add support for creating snap users by adding
a key to the users dictionary.
users:
- name: bob
snapuser: bob@bobcom.io
Or via the 'snappy' dictionary:
snappy:
email: bob@bobcom.io
Users may also create a snap user without contacting the SSO by
providing a 'system-user' assertion by importing them into snapd.
Additionally, Ubuntu Core systems have a read-only /etc/passwd such that
the normal useradd/groupadd commands do not function without an additional
flag, '--extrausers', which redirects the pwd to /var/lib/extrausers.
Move the system_is_snappy() check from cc_snappy module to util for
re-use and then update the Distro class to append '--extrausers' if
the system is Ubuntu Core.
|
|
This gets the tests running in centos 6.
* ProcessExecutionError: remove setting of .message
Nothing in cloud-init seems to use .message anywhere, so
it does not seem necessary.
The reason to change it is that on 2.6 it spits out:
cloudinit/util.py:286: DeprecationWarning: BaseException.message
* tox.ini: add a centos6 environment
the tox versions listed here replicate a centos6 install with
packages from EPEL.
You will still need a python2.6 to run this env so we do not
enable it by default.
|
|
The test in decode_binary for six.text_type was incorrect as that includes
unicode type in Python 2 which should actually be decoded.
When the type is string_types we now properly check only for basestring and
str in Python 2 and Python 3 respectively and return the given blob without
making an attempt to decode.
|
|
In order for a caller to use 'env' argument of subp, they
will realistically do:
env = os.environ.copy()
env['FOO'] = 'BZR'
subp(cmd, env=env)
This shortens that to be:
subp(cmd, update_env={'FOO': 'BZR'})
Add tests, and update growpart tests to use mock when playing with
os.environ.
|
|
Dmidecode is not going to run successfully on anything other than an
x86 or x86_64, just avoid running it anywhere else.
|
|
This syntax doesn't work in python 2.6
|
|
This gets Gentoo work on simple configs with static IPs or
DHCP on physical interfaces. This gets Gentoo bootable again.
|
|
This adds an improved apt configuration format that is fully backwards
compatible with previous behavior. This is mostly copied from curtin's
implementation.
It does:
* clean up and centralizes many of the top level 'apt_*' values that
previously existed into a single top level 'apt'key.
* support a 'source' in apt/sources/entry that has only a key
* documents new features and adds tests.
See the added doc/examples/cloud-config-apt.txt for more information.
|
|
Per [1], DigitalOcean provides the metadata in multiple formats. The JSON
document is the preferred endpoint.
Changes:
- Switch to the v1.json meta-data endpoint
- Identify droplet identity from SMBIOS
- Only poll for metadata when the instance is confirmed to be a droplet
- Removal of hard-coded mirrors
Additionally, centralize the gates on running 'dmidecode' on arm arches,
and update tests to address.
[1] https://developers.digitalocean.com/documentation/metadata/
|
|
|
|
|
|
|
|
|
|
key is the filename, and "old" input shall be handled as it was all the time.
For compatibility this will (continue to) overwrite the file of multiple
options that did not specify an output file (they all get the same default).
Yet it will process them all - as it always did - e.g. to add the keys of all
of them.
Any users of the new format won't have these issues, as they will always have
a key.
|
|
|
