| Age | Commit message (Collapse) | Author |
|---|
|
With the new `cc_vyos_userdata.py` module is possible to set in User-Data (`#cloud-config`) new parameter `vyos_config_commands`. This parameter should be a list of VyOS configuration commands that will be applied during deployment.
The module will run after the Meta-Data module `cc_vyos.py`.
Commands requirements:
- one command per line
- if command ending by value, it must be inside single quotes: `set some option 'value'`, `delete some option 'value'`
- a single-quote symbol is not allowed inside command or value
The commands list produced by the `show configuration commands` command on a VyOS router should comply with all the requirements, so it is easy to get a proper commands list by copying it from another router.
Usage example (User-Data content):
```
#cloud-config
vyos_config_commands:
- set system host-name 'demo123'
- set system ntp server 1.pool.ntp.org
- set system ntp server 2.pool.ntp.org
- delete interfaces ethernet eth2 address
- set interfaces ethernet eth2 address '192.0.2.1/24'
```
|
|
Since partition size is hardcoded into VyOS images for virtual environments, it is not impossible to use all available space on storage. This change enables two Cloud-init modules:
- `growpart` to grow persistence partition;
- `resizefs_vyos` to resize filesystem size to the whole partition.
The `resizefs_vyos` module forked from the main `resizefs` to allow resizing not only root partition but any custom also.
|
|
To provide connectivity to the CLI in cases when there were no credentials in metadata added a fallback user `vyos/vyos`.
|
|
In rare cases, when network-config provided not by a true data source, but via kernel argument, initramfs, cloud-config file, the cloud.datasource.network_config variable may be empty. So, to make such configuration available we need to revert back to the previous variant with cloudinit.stages.Init()._find_networking_config().
|
|
Unfortunately, `cloud.get_hostname()` does not work if a hostname was configured using cloud-config. So, we still need to use the `get_hostname_fqdn()` from `cloudinit.util`.
Also, was added configuration for domain-name to handle FQDN properly, if it is available.
|
|
The `DataSourceOVF.py` file was cleaned up from VyOS-specific changes.
Also was changed related functionality in the `cc_vyos.py`:
- in addition to limited metadata provided by Cloud-init, the function `get_properties` from the `DataSourceOVF.py` used to get unfiltered values from an OVF environment;
- `set_tag` for the `interfaces ethernet` node was moved from multiple places to the `set_ipaddress` function;
- multiple checks for 'null' value in OVF were replaced with the iteration via all values and replacing `null` with `None`. This allows using easier logic during values check;
- simplified conversion of the values from OVF to an IP address;
- added logging for all actions in the `set_config_ovf` function.
|
|
Merged with 20.3 tag from the upstream Cloud-init repository
|
|
Since the `instance-data.json` file is the only way offered by Cloud-Init to get formatted metadata, using it instead of `_get_standardized_metadata()` function is safer and must be compatible with all versions.
|
|
This commit is addressed to solve some old issues with creating users in the system and simplify the parts of the module related to this. Also, some small fixes.
- removed Python modules os, cloudinit.stages, cloudinit.util dependencies. Related functionality replaced by other modules (see below)
- detection of hashed passwords was simplified, made 100% compatible with the rest Cloud-init documentation and recommendations. Also, it was moved from the `handle` function to the `set_pass_login` to reduce the code size and make it more clear
- replaced sequenced SSH public keys enumeration for keys without comments to UUID-based to simplify the code and make the logic easier
- replaced home-growed SSH key parser/checker to the native cloudinit.ssh_util.AuthKeyLineParser()
- added support for SSH key options configuration
- added possibility to use all key types supported by VyOS: 'ssh-dss', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ssh-ed25519', 'ecdsa-sha2-nistp521'
- fixed typo in configuration for `distance`/`metric` option in set_config_interfaces_v1()
- added the stable format of the Meta-Data: `v1`. It must be absolutely equal for any datasource, therefore it is always better to use data from it than from any other sources if this is possible
- added User-Data and Vendor-Data logging. Currently not used for anything, but required for a proper debugging
- replaced datasource source from the unstable metadata field to the stable `cloud.datasource.dsname`
- replaced Network-Config source from `init._find_networking_config()` to the more correct `cloud.datasource.network_config`
- replaced hostname source from the `util.get_hostname_fqdn()` to `cloud.get_hostname()`, what is actually the same, to drop `util` dependency
- the part specific for Azure cloud united with the main part of users creating code, since there is actually no platform-specific functions and everything was moved to the common places, what improved compatibility with the similar environments
- rewritten users creating logic
**Important information about users and credentials**
In the Cloud-init exists multiple ways of how to configure authentication: public keys in Meta-Data, default user name and options in the main config file, several config modules (`cc_set_passwords`, `cc_ssh`, `cc_users_groups`) configurable via `#cloud-config`, maybe something more. Cloud-Init solves this by merging information from most of these sources to a single users' database, but information can overwrite each other.
Very simplified logic description: if something is configured in a User-Data (`#cloud-config`), then most likely default values like username `vyos`, or SSH public keys from Meta-Data will be dropped by Cloud-Init.
This implementation should apply public SSH keys and passwords without associated username to the default user (usually `vyos`, but some platforms may allow using your own). If you are creating any additional user, a default one will not be created and common authentication methods will not be applied, so you need to provide the complete authentication details for it.
|
|
Bump the version in cloudinit/version.py to 20.3 and
update ChangeLog.
LP: #1892878
|
|
Changes:
tox: bump the pylint version to 2.6.0 in the default run
Fix pylint 2.6.0 W0707 warnings (raise-missing-from)
|
|
This fixes a long delay during boot of some instances. For Azure instance types using SR-IOV via the Hyper-V netvsc network driver, two network interfaces are created that share the same MAC, but only the virtual device should be configured and used. Updating the netplan configuration to filter on the hv_netvsc driver prevents netplan from trying to figure both devices.
LP: #1830740
|
|
|
|
* DHCP sandboxing failing on noexec mounted /var/tmp
If /var/tmp is mounted with noexec option the DHCP sandboxing will fail
with Permission Denied. This patch simply avoids this error by checking
the exec permission updating the dhcp path in negative case.
rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1857309
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
* Replacing with os.* calls
* Adding test and removing isfile() useless call.
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
Update ssh_util.py with latest list of keys (from openssh-8.3p1/sshkey.c),
Added keys:
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
ssh-xmss-cert-v01@openssh.com
ssh-xmss@openssh.com
LP: #1877869
|
|
cloud-init query tries to directly load and decode
raw user-data from /var/lib/cloud/instance/user-data.txt.
This results in UnicodeDecodeErrors on some platforms which
provide compressed content.
Avoid UnicodeDecoderErrors when parsing compressed user-data at
/var/lib/cloud/instance/user-data.txt.
LP: #1889938
|
|
Push the cloud-init.log file (Up to 500KB at once) to the KVP before reporting ready to the Azure platform.
Based on the analysis done on a large sample of cloud-init.log files, Here's the statistics collected on the log file size:
P50 P90 P95 P99 P99.9 P99.99
137K 423K 537K 3.5MB 6MB 16MB
This change limits the size of cloud-init.log file data that gets dumped to KVP to 500KB. So for ~95% of the cases, the whole log file will be dumped and for the remaining ~5%, we will get the last 500KB of the cloud-init.log file.
To asses the performance of the 500KB limit, 250 VM were deployed with a 500KB cloud-init.log file and the time taken to compress, encode and dump the entries to KVP was measured. Here's the time in milliseconds percentiles:
P50 P99 P999
75.705 232.701 1169.636
Another 250 VMs were deployed with this logic dumping their normal cloud-init.log file to KVP, the same timing was measured as above. Here's the time in milliseconds percentiles:
P50 P99 P999
1.88 5.277 6.992
Added excluded_handlers to the report_event function to be able to opt-out from reporting the events of the compressed cloud-init.log file to the cloud-init.log file.
The KVP break_down logic had a bug, where it will reuse the same key for all the split chunks of KVP which results in overwriting the split KVPs by the last one when consumed by Hyper-V. I added the split chunk index as a differentiator to the KVP key.
The Hyper-V consumes the KVPs from the KVP file as chunks whose key is 512KB and value is 2048KB but the Azure platform expects the value to be 1024KB, thus I introduced the Azure value limit.
|
|
Add new module cc_apk_configure for creating Alpine /etc/apk/repositories file.
Modify cc_ca_certs, cc_ntp, cc_power_state_change, and cc_resolv_conf for Alpine.
Add Alpine template files for Chrony and Busybox NTP support.
Add Alpine template file for /etc/hosts.
|
|
According to man page `man 8 swapon', "Preallocated swap files are
supported on XFS since Linux 4.18". This patch checks for kernel version
before attepting to create swapfile, using dd for XFS only on kernel
versions <= 4.18 or btrfs.
Add new func util.kernel_version which returns a tuple of ints (major, minor)
Signed-off-by: Eduardo Otubo otubo@redhat.com
|
|
* cli: add devel make-mime subcommand
Cloud-init documents an in-source-tree tool, make-mime.py used to
help users create multi-part mime user-data. This tool is not shipped
in the cloud-init install and unavailable at runtime. This patch
takes tools/make-mime.py and makes the functionality available via
the devel subcommand.
The primary interface of --attach file:content-type is still present.
The cli now adds:
-l, --list-types Print out a list of supported content-types
-f, --force Ignore errors for unsupported content-types
The tool will now raise a RunTime error if the supplied content-type
is not supported (or more likely a typo:
x-shell-script vs. x-shellscript)
* make-mime: write to stderr and exit 1 instead of raising RuntimeError
* Update example to match docs
* Update docs for make-mime subcommand
* Remove tools/make-mime.py; replaced by cloud-init devel make-mime
Co-authored-by: Rick Harding <rharding@mitechie.com>
|
|
Commit d00126c167fc06d913d99cfc184bf3402cb8cf53 regressed cloud-init
handling in multipart MIME user-data. Specifically, cloud-init would
examine the payload of the MIME part to determine what the content
type and subsequently which handler to use. This meant that user-data
which had shellscript payloads (starts with #!) were always handled
as shellscripts, rather than their declared MIME type and affected
when the payload was handled.
One failing scenario was a MIME part with text/cloud-boothook type
declared and a shellscript payload. This was run at shellscript
processing time rather than boothook time resulting in an change in
behavior from previous cloud-init releases.
To continue to support known scenarios where clouds have specifed
a MIME type of text/x-shellscript but provided a payload of something
other than shellscripts, we're changing the lookup logic to check for
the TYPES_NEEDED (text/plain, text/x-not-multipart) and only
text/x-shellscript.
It is safe to check text/x-shellscript parts as all shellscripts must
include the #! marker and will be detected as text/x-shellscript types.
If the content is missing the #! marker, it will not be excuted. If
the content is detected as something cloud-init supports, such as
#cloud-config the appropriate cloud-init handler will be used.
This change will fix hanldling for parts which were shellscripts but
ran with the wrong handler due to ignoring of the provided mime-type.
LP: #1888822
|
|
|
|
This PR refactors Azure report ready code to include more robust tests and telemetry.
|
|
* v2 of the API is now default with fallback to v1.
* Refactored the Oracle datasource to fetch version, instance, and vnic metadata simultaneously.
|
|
Few of the 'User and Groups' configurations in cloud-config have no effect on
already existing users. This was not documented earlier.
This change set adds that information to documentation.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
This aligns their docstrings more closely with their actual behaviour.
|
|
The /opc/v1/ metadata endpoints[0] are universally available in Oracle
Cloud Infrastructure and the OpenStack endpoints are considered
deprecated, so we can refactor the data source to use the OPC endpoints
exclusively. This simplifies the datasource code substantially, and
enables use of OPC-specific attributes in future.
[0] https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Tasks/gettingmetadata.htm
|
|
* Fix a typo in apt pipelining module
Changed `whcih` to `which`.
* Update .github-cla-signers
I have signed the CLA on Canonical's site, adding my username to list of CLA signers.
* Update .github-cla-signers
I need to sort the list alphabetically.
|
|
Update DataSourceNoCloud and ds-identify to recognize LABEL_FATBOOT labels from blkid.
Also updated associated tests.
LP: #1841466
|
|
Add "sle_hpc" to list of values which are variant 'suse'.
|
|
This commit fixes a situation when it is necessary to configure more than one IP address on an interface. Previously only the latest one address survived. With this fix, it is possible to add all compatible addresses.
|
|
Changes:
- added logging messages
- optimized structure
- added back network configuration version 1 support (new implementation)
- fixed static gateway settings in network configuration version 2
|
|
DataSourceAzure: Gracefully handle the case of set hostname failure during provisioning
|
|
Add support for VMware's vCD configuration setting DEFAULT-RUN-POST-CUST-SCRIPT.
When set True, it will default vms to run post customization scripts if the VM has not been configured in VMTools with "enable-custom-scripts" set False.
Add datasource documentation with a bit more context about this interaction on VMware products.
With this fix, the behavior will be:
* If VM administrator doesn't want others to execute a script on this VM, VMtools can set "enable-custom-scripts" to false from the utility "vmware-toolbox-cmd".
* If VM administrator doesn't set value to "enable-custom-scripts", then by default this script is disabled for security purpose.
* For VMware's vCD product , the preference is to enable the script if "enable-custom-scripts" is not set. vCD will generate a configuration file with "DEFAULT-RUN-POST-CUST-SCRIPT" set to true. This flag works for both VMware customization engine and cloud-init.
|
|
JSONDecodeError is only available in Python 3.5+. When it isn't available (i.e. on Python 3.4, which cloud-init still supports) use the more generic ValueError.
|
|
(#483)
Problem: When cc_ca_certs configuration has both "remove-defaults: true"
and also specifies one, or more, new trusted CAs to add then the resultant
/etc/ca-certificates.conf file's 1st line is blank. As noted in comments
in the existing cc_ca_certs.py code blank lines in this file cause problems.
Fix: Before adding the cloud-init CA filename to this file first check the
size of the file - if is is empty (as all existing CAs have been deleted)
then write only the cloud-init CA filename to the file rather than appending
it to the file.
|
|
It is confusing for scripts, where a disabled user has been specified,
that ssh exits with a zero status by default without indication anything
failed.
I think exitting with a non-zero status would make more clear in scripts
and automated setups where things failed, thus making noticing the issue
and debugging easier.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Aleksandar Kostadinov <akostadi@redhat.com>
LP: #1170059
|
|
* cloudinit: remove global disable of pylint W0107 and fix errors
This includes removing a test class which contained no tests but wasn't
detected as empty because of an errant pass statement.
* .pylintrc: update disable comment to match arguments
|
|
* Refactor `cloudinit.net.wait_for_physdevs` to `cloudinit.distros.networking.Networking.wait_for_physdevs`
* Split the Linux-specific `udevadm_settle` call out to a separate abstract `Networking.settle` method; implement it on `LinuxNetworking` and add a `NotImplementedError` implementation to `BSDNetworking`
* Modify `wait_for_physdevs`s one callsite to use the new location
LP: #1884626
|
|
This includes a fix to a test that had a string concatenation issue, and
so was only testing a prefix of what was intended.
|
|
|
|
Do not fail if /etc/fstab is not present. Some images, like container
rootfs may not include this file by default.
LP: #1886531
|
|
Specifically:
* disable E1102 in cloudinit/sources/helpers/openstack.py for reasons
described in a comment, and
* refactor `abs_join` to require at least one positional argument; this
matches os.path.join's signature, and that mismatch is what was
causing pylint to emit a warning
* bump to pylint 2.4.2
|
|
This is an improvement over indirect parameterisation for a few reasons:
* The test code is much easier to read, the mark names are much more
intuitive than the indirect parameterisation invocation, and there's
less boilerplate to boot
* The fixture no longer has to overload the single parameter that
fixtures can take with multiple meanings
|
|
For versions before 20.2, we allowed the use of ec2 mirrors if the datasource availability_zone matches one of the ec2 regions. We are now updating that behavior to allow allow the use of ec2 mirrors on ec2 instances or if the user directly passes an an ec2 mirror url through #cloud-config apt directives.
LP: #1456277
|
|
As the first refactor PR, this also includes the initial structure for tests.
LP: #1884619
|
|
test using it (#461)
caplog is only available in pytest itself from 3.0 onwards. In xenial, we only have pytest 2.8.7. However, in xenial we do have pytest-catchlog available (as python3-pytest-catchlog), so we use that where appropriate.
|
|
Changes are made that simplify code and aim to properly support FreeBSD:
- use `util.find_devs_with` instead call directly `blkid`, because on FreeBSD is not supported well and `util.find_devs_with` have solution for FreeBSD for that
- introduction of an additional name on FAT file system, which is used in FreeBSD
- drop shell to use default value, because FreeBSD – by default – does not have `/bin/bash`
|
|
Create a schema object for the chef module and validate this schema in the handle function of the module.
Some of the config keys description, so I tried looking at the code and chef documentation to provide an information to the user. However, I don't know if I have the best description for all fields. For example, for the key show_time I could not find an accurate description of what it did, so I used what was in our code base to infer what it should do.
LP: #1858888
|
|
|
