| Age | Commit message (Collapse) | Author |
|---|
|
The correct command to create a group if `pw group add foo`. In
addition, this commit simplify a bit the logic:
- simplify a block to avoid an extra level of indentation
|
|
cloud-init has moved to cc_snap module and a top-level
config key 'snap'. cc_snap_config was deprecated in
cloud-init version 18.2
Co-authored-by: Daniel Watkins <daniel@daniel-watkins.co.uk>
|
|
doc: update cc_set_hostname frequency and descrip
After fixing LP: #1746455 the docs for cc_set_hostname were not updated
to indicate the change in frequency or why.
LP: #1827021
|
|
* freebsd: introduce the freebsd renderer
Refactoring of the FreeBSD code base to provide a real network renderer
for FreeBSD.
Use the generic update_sysconfig_file() from rhel_util to handle the
access to /etc/rc.conf.
Interfaces are not automatically renamed by FreeBSD using
the following configuration in /etc/rc.conf:
```
ifconfig_fxp0_name="eth0"
```
* freesd: use regex named groups
Reduce the complexity of `get_interfaces_by_mac_on_freebsd()` with
named groups.
* freebsd: breaks up _write_network() in tree small functions
- `_write_ifconfig_entries()`
- `_write_route_entries()`
- `_write_resolve_conf()`
* extend find_fallback_nic() to support FreeBSD
this uses `route -n show default` to find the default interface
* freebsd: use dns keys from NetworkState class
The NetworkState class (settings instance) exposes the DNS configuration
in two keys:
- `dns_nameservers`
- `dns_searchdomains`
On OpenStack, these keys are set when a global DNS server is set. The
alternative is the `dns_nameservers` and `dns_search` keys from each
subdomain. We continue to read those.
* freebsd: properly target the /etc/resolv.conf file
* freebsd: ignore 'service routing restart' ret code
On FreeBSD 10, the restart of routing and dhclient is likely to fail because
- routing: it cannot remove the loopback route, but it will still set up
the default route as expected.
- dhclient: it cannot stop the dhclient started by the netif service.
In both case, the situation is ok, and we can proceed.
* freebsd: handle case when metadata MAC local locally
Handle the case where the metadata configuration comes with a MAC that
does not exist locally.
See:
- https://github.com/canonical/cloud-init/pull/61/files/635ce14b3153934ba1041be48b7245062f21e960#r359600604
- https://github.com/canonical/cloud-init/pull/61/files/635ce14b3153934ba1041be48b7245062f21e960#r359600966
* freebsd: show up a warning if several subnet found
The FreeBSD provider currently only allow one subnet per interface.
* freebsd: honor the target parameter in _write_network
* freebsd: log when a bad route is found
* freebsd: pass _postcmds to start_services()
* freebsd: updatercconf() is depercated
Replace `updatercconf()` by `rhel_util.update_sysconfig_file()`.
* freebsd: ensure gateway is ipv4 before using it
With the legacy ENI format, an IPv6 gateway may be pushed. This instead
of the expected IPv4.
* freebsd: find_fallback_nic, support FB10
On FreeBSD <= 10, `ifconfig -l` ignores the down interfaces.
* freebsd: use util.target_path() to load resolv.conf
Ensure we access `/etc/resolv.conf`, not `etc/resolv.conf`.
* freebsd: skip subnet without netmask
Those are likely to be either invalid of in IPv6 format. IPv6 support
will be addressed later in a new patchset.
* freebsd: get_devicelist returns netif list
Ensure `get_devicelist()` returns the list of known netif on FreeBSD.
* replace rhel_util.update_sysconfig_file wrapper call, with a wrapper function
* reverse if condition to remove an indent
Co-authored-by: Igor Galić <me+github@igalic.co>
|
|
* cc_snappy: remove deprecated module
* cloud_tests: remove cc_snappy tests (and references)
This module was deprecated in favor of cc_snap in cloud-init v.18.2
|
|
* cc_ssh: fix capitalisation of SSH
* doc: fix capitalisation of SSH
* cc_keys_to_console: fix capitalisation of SSH
* ssh_util: fix capitalisation of SSH
* DataSourceIBMCloud: fix capitalisation of SSH
* DataSourceAzure: fix capitalisation of SSH
* cs_utils: fix capitalisation of SSH
* distros/__init__: fix capitalisation of SSH
* cc_set_passwords: fix capitalisation of SSH
* cc_ssh_import_id: fix capitalisation of SSH
* cc_users_groups: fix capitalisation of SSH
* cc_ssh_authkey_fingerprints: fix capitalisation of SSH
|
|
* Add headers for Authorized and Host key sections, move the authorized
section up as it is probably more relevant.
LP: #1827021
|
|
Bump the version in cloudinit/version.py to be 19.4 and update ChangeLog.
LP: #1856761
|
|
LP: #1855196
|
|
|
|
|
|
Specifically, revert the changes to logic which are incorrect. The
testing introduced is for a separate part of the codebase, so is
retained.
This (partially) reverts commit
e2840f1771158748780a768f6bfbb117cd7610c6.
|
|
The query command checks the user's uid when running and takes two
different code paths. As a normal user is returns fake data, that these
tests were expecting. As a root user, the actual user and vendor data
files are ready.
LP: #1856096
|
|
|
|
Azure stores the instance ID with an incorrect byte ordering for the
first three hyphen delimited parts. This results in invalid
is_new_instance checks forcing Azure datasource to recrawl the metadata
service.
When persisting instance-id from the metadata service, swap the
instance-id string byte order such that it is consistent with
that returned by dmi information. Check whether the instance-id
string is a byte-swapped match when determining correctly whether
the Azure platform instance-id has actually changed.
|
|
on FreeBSD, `lock_passwd` is implemented as `pw usermod <user> -h -`
This does not lock the account. It prompts for a password change on the console during cloud-init run.
To lock an account, we have to execute: `pw lock <name>`
LP: #1854594
|
|
|
|
Add an Amazon distro in the redhat OS family
|
|
RedHat dhcp client writes out rfc3442 classless-static-routes in a different format[1]
than what is found in isc-dhcp clients. This patch adds support for the RedHat format.
1. Background details on the format
https://bugzilla.redhat.com/show_bug.cgi?id=516325
https://github.com/vaijab/fedora-dhcp/blob/e83fb19c51765442d77fa60596bfdb2b3b9fbe2e/dhcp-rfc3442-classless-static-routes.patch#L252
https://github.com/heftig/NetworkManager/blob/f56c82d86122fc45304fc829b5f1e4766ed51589/src/dhcp-manager/nm-dhcp-client.c#L978
LP: #1850642
|
|
Sending a valid but empty v1 network config resulted in a
stacktrace during execution. Update the network_state
parse path to specific check if the 'config' key is None
(not present) versus being present but explicitly empty.
Also add some network_state unittests.
LP: #1852496
|
|
From original work by: Andrew Jorgensen <ajorgens@amazon.com>
Reviewed-by: Matt Nierzwicki <nierzwic@amazon.com>
Reviewed-by: Ethan Faust <efaust@amazon.com>
|
|
Currently cloud-init does not know how to handle multiple file
configuration on section AuthorizedKeysFile of ssh configuration.
cloud-init will mess up the home user directory by creating bogus
folders inside it.
This patch provides a fix for this erroneous behavior. It gathers all
keys from all the files listed on the section AuthorizedKeysFile of ssh
configuration and merge all of them inside home user
~/.ssh/authorized_keys of the vm deployed.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
|
|
|
Headers param was accidentally omitted and no longer passed through to
readurl due to a previous commit.
To avoid this omission of params in the future, drop positional param
definitions from read_file_or_url and pass all kwargs through to readurl
when we are not operating on a file.
In util:read_seeded, correct the case where invalid positional param
file_retries was being passed into read_file_or_url.
Also drop duplicated file:// prefix addition from read_seeded because
read_file_or_url does that work anyway.
LP: #1854084
|
|
This makes for a slightly prettier and less confusing log.
|
|
Allow setting of user passwords on FreeBSD
The www/chpasswd utility which we depended on for FreeBSD installations
does *not* do the same thing as the equally named Linux utility.
For FreeBSD, we now use the pw(8) utility (which can only process one
user at a time)
Additionally, we abstract expire passwd into a function, and override it
in the FreeBSD distro class.
Co-Authored-By: Chad Smith <chad.smith@canonical.com>
|
|
LP: #1853543
|
|
Since `is_FreeBSD()` is used a lot, which uses `system_info()`, which uses `get_linux_distro()` we add caching, by decorating the following functions with `@lru_cache`:
- get_architecture()
- _lsb_release()
- is_FreeBSD
- get_linux_distro
- system_info()
- _get_cmdline()
Since [functools](https://docs.python.org/3/library/functools.html) only exists in Python 3, only python 3 will benefit from this improvement. For python 2, our shim is just a pass-thru. Too bad, but, also… https://pythonclock.org/
The main motivation here was, at first, to cache more, following the style of _lsb_release.
That is now consolidated under this very same roof.
LP: #1815030
|
|
* ec2: Add support for AWS IMDS v2 (session-oriented)
AWS now supports a new version of fetching Instance Metadata[1].
Update cloud-init's ec2 utility functions and update ec2 derived
datasources accordingly. For DataSourceEc2 (versus ec2-look-alikes)
cloud-init will issue the PUT request to obtain an API token for
the maximum lifetime and then all subsequent interactions with the
IMDS will include the token in the header.
If the API token endpoint is unreachable on Ec2 platform, log a
warning and fallback to using IMDS v1 and which does not use
session tokens when communicating with the Instance metadata
service.
We handle read errors, typically seen if the IMDS is beyond one
etwork hop (IMDSv2 responses have a ttl=1), by setting the api token
to a disabled value and then using IMDSv1 paths.
To support token-based headers, ec2_utils functions were updated
to support custom headers_cb and exception_cb callback functions
so Ec2 could store, or refresh API tokens in the event of token
becoming stale.
[1] https://docs.aws.amazon.com/AWSEC2/latest/ \
UserGuide/ec2-instance-metadata.html \
#instance-metadata-v2-how-it-works
|
|
Router advertisements are required for the default route
to be set up, thus accept_ra should be enabled for
dhcpv6-stateful.
sysconf: IPV6_FORCE_ACCEPT_RA controls accept_ra sysctl.
eni: mode static and mode dhcp 'accept_ra' controls sysctl.
Add 'accept-ra: true|false' parameter to config v1 and
v2. When True: accept_ra is set to '1'. When False:
accept_ra is set to '0'. When not defined in config the
value is left to the operating system default.
This change also extend the IPv6 support to distinguish
between slaac and dhcpv6-stateless. SLAAC is autoconfig
without any options from DHCP, while stateless auto-configures
the address and the uses DHCP for other options.
LP: #1806014
LP: #1808647
|
|
On FreeBSD our helpers live in /usr/local/lib/cloud-init/
LP: #1852491
|
|
Azure's Instance Metadata Service (IMDS) reports multiple IPv6
addresses, via the http://169.254.169.254/metadata/instance/network
route. Any additional values after the first in 'ipAddresses' under the
'ipv6' interface key are extracted and configured as static IPs on
the interface.
|
|
Fix traceback when running with a config drive containing a metadata file which has
local-hostname set to null. Cloud-init ignores absent local-hostname or None values.
LP: #1852100
|
|
|
|
|
|
The KVPs currently being emitted to the .kvp_pool file can have
duplicate keys which is wrong since these keys should be unique.
The situation can occur if for example one azure function
called twice or more and this function is reporting telemetry
through the use of KVPs. Any KVP consumer can get confused by
the duplicate keys and a race condition can and have occurred.
|
|
Bump the version in cloudinit/version.py to be 19.3 and update ChangeLog.
LP: #1851428
|
|
Network v2 configuration for Azure will set both dhcp4 and
dhcp6 to False by default.
When IPv6 privateIpAddresses are present for an interface in Azure's
Instance Metadata Service (IMDS), set dhcp6: True and provide a
route-metric value that will match the corresponding dhcp4 route-metric.
The route-metric value will increase by 100 for each additional
interface present to ensure the primary interface has a route to IMDS.
Also fix dhcp route-metric rendering for eni and sysconfig distros.
LP: #1850308
|
|
When ConfigDrive discovers the source path /config-drive, subplatform
is now reports 'config-drive'
LP: #1849731
|
|
In typical cases, SmartOS does not use DHCP for network configuration.
As such, if the network configuration changes that is reflected in
metadata and will be picked up during the next boot.
LP: #1765801
Joyent: OS-6902 reconfigure network on each boot
|
|
This patch enables control over SSH public-key import and
discarding supplied user-data (both disabled by default).
allow-userdata: false
ssh:
allow_public_ssh_keys: false
This feature enables closed appliances to prevent customers
from unintentionally breaking the appliance which were
not designed for user interaction.
The downstream change for this is here:
https://github.com/delphix/cloud-init/pull/4
|
|
Function return false for ipv6_dhcpv6-stateless|stateful,
the eni renderer does not add '6' to 'inet' which is
incorrect.
The subnet_is_ipv6() function is updated to also return
true if startswith('ipv6').
LP: #1848690
|
|
For security concern, we disable the custom script
by default.If a custom script is provided, stop
customization unless the custom script is explicitly
enabled by tools config.
|
|
This change adds two new parameters:
* csr_attributes
* csr_attributes_path
Those parameters allow to configure the content of the
csr_attributes.yaml file.
See https://puppet.com/docs/puppet/latest/config_file_csr_attributes.html
|
|
After initial boot ovf-env.xml is copied to agent dir
(/var/lib/waagent/) with REDACTED password.
On subsequent boots DataSourceAzure loads with a configuration where the
user specified in /var/lib/waagent/ovf-env.xml is locked.
If instance id changes, cc_users_groups action will lock the user.
Fix this behavior by not locking the user if its password is REDACTED.
LP: #1849677
|
|
netplan introduced an 'info' subcommand which emits yaml describing
implemented features that indicate new or changed fields and values
in the yaml that it accepts. Previously, cloud-init emitted the key
'mtu6' for ipv6 MTU values. This is not correct and netplan will
fail to parse these values. Netplan as of 0.98 supports both the
info subcommand and the ipv6-mtu key.
This branch modifies the netplan renderer to collect the netplan
info output into a 'features' property which is a list of available
feature flags which the renderer can use to modify its output. If
the command is not available, no feature flags are set and
cloud-init will render IPv6 MTU values just as MTU for the subnet.
|
|
Here we replace uses of the pyyaml module directly with functions
provided by cloudinit.safeyaml. Also, change/move
cloudinit.util.yaml_dumps
to
cloudinit.safeyaml.dumps
LP: #1849640
|
|
The exoscale datasource defines a shorter timeout than the default (10)
but did not override url_max_wait, resulting in a single attempt being
made to wait for the metadata service.
In some rare cases, a race condition means the route to the metadata
service is not set within 10 seconds, and more attempts should be made.
This sets the url_max_wait for the datasource to 120.
|
|
In addition to ifup/ifdown the sysconfig renderer looks for
evidence that the sysconfig directory is properly populated.
This secondary check only considered RedHat specific location.
Fix this by adding a SUSE specific file and returning True if
either RedHat or SUSE file is present.
LP: #1849378
|
|
Commit e7b0e5f72 added support for configuring infiniband devices by
adding a new infiniband 'type'. This commit updates eni and sysconfig
renderers to consume this new type and configure infiniband devices
correctly.
LP: #1847114
|
