| Age | Commit message (Collapse) | Author |
|---|
|
Based on the setting Datasource/Ec2/strict_id, the datasource
will now warn once per instance.
|
|
|
|
There were some logic errors in sysconfig.py that appear to be the
result of accidentally typing "iface" where it should have been
"iface_cfg". This patch corrects those problems so that the module
can run successfully.
LP: #1665441
Resolves: rhbz#1389530
|
|
the MetadataLeafDecoder would return a bytes value b'' instead of
an empty string if the value of a key was empty. In all other cases
the value would be a string.
This was discovered when trying to json.dumps(get_instance_metadata())
on a recent OpenStack, where the value of 'public-ipv4' was empty.
The attempt to dump that with json would raise
TypeError: b'' is not JSON serializable
|
|
When the ds-identify code landed, it started writing /run/cloud.cfg
but at the moment, nothing was reading that. The result is that
ds-identify only worked to disable cloud-init entirely.
|
|
When manual_cache_clean is enabled, write a file to
/var/lib/cloud/instance/manual-clean. That file can then be read by
ds-identify or another tool to indicate that manual cleaning is in place.
|
|
ds-identify is run here from the generator. If ds-identify does
not see any datasources, it can completely disable cloud-init.
The big value in this is that if there is no datasource, no python
will ever be loaded, and cloud-init will be disabled.o
The default policy being added here is:
search,found=all,maybe=all,notfound=disabled
That means:
- enable (in 'datasource_list') all sources that are found.
- if none are found, enable all 'maybe'.
- if no maybe are found, then disable cloud-init.
On platforms without DMI (everything except for aarch64 and x86),
the default 'notfound' setting is 'enabled'. This is because many of
the detection mechanisms rely on dmi data, which is present only on
x86 and aarch64.
|
|
The iface:alias syntax for eni rendering is brittle with ipv6.
Replace it with using multiple iface stanzas with the same iface
name which is supported. Side-effect is that one can no longer
do 'ifup $iface:$alias' but requires instead use of ip address
{add|delete} instead.
LP: #1657940
|
|
cloud-init adds ssh_authorized_keys to the default user and to
root but for root it disables the keys with a prefix command.
However, if the public_key key is of type ecdsa-sha2-nistp521,
it is not parsed correctly, and the prefix command is not prepended.
Resolves: rhbz#1151824
LP: #1658174
|
|
On EC2, instance metadata can include credentials that remain valid for as
much as 6 hours. Reading these and allowing them to be pickled represents
a potential vulnerability if a snapshot of the disk is taken and shared as
part of an AMI.
This skips security-credentials when walking the meta-data tree.
LP: #1638312
Reviewed-by: Ian Weller <iweller@amazon.com>
Reviewed-by: Ben Cressey <bcressey@amazon.com>
Reported-by: Kyle Barnes <barnesky@amazon.com>
|
|
This modifies get_data in DataSourceOpenStack.py to get the timeout
and retries values from the data source configuration, rather than
from keyword arguments. This permits get_data to use the same timeout
as other methods, and allows an operator to increase the timeout in
environments where the metadata service takes longer than five seconds
to respond.
LP: #1657130
Resolves: rhbz#1408589
|
|
- staticIPV4 property can be either None or a valid Array. Need to
check for None before accessing the ip address.
- Modified few misc. log messages.
- Added a new log message while waiting for the customization config file.
- Added support to configure the maximum amount of time to wait for the
customization config file.
- VMware Customization Support is provided only for DataSourceOVF class and
not for any other child classes. Implemented a new variable
vmware_customization_supported to check whether the 'VMware Customization'
support is available for a specific datasource or not.
- Changed the function get_vmware_cust_settings to get_max_wait_from_cfg.
- Removed the code that does 'ifdown and iup' in NIC configurator.
|
|
|
|
Recent fedora releases use "dnf" instead of "yum" for package
management. While there is a compatible "yum" cli available, there's
no guarantee that it will be available.
With this patch, cloud-init will check for /usr/bin/dnf and use that
if it exists instead of yum.
rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1194451
LP: #1647118
|
|
Failures to load the kernel command line's url (cloud-config-url=)
would previously get swallowed. This should make it much more
obvious when that happens. With logging going to expected places
at sane levels (WARN will go to stderr by default).
|
|
Bump the version in cloudinit/version.py to be 0.7.9.
|
|
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
|
The correct order of precedence when reading the base config:
builtin config
system config
kernel command line provided config.
This reverts commit 63501f44, which actually broke the behavior it
reported to fix. It also adds some unit tests to ensure this behavior
is not broken again.
LP: #1582323
|
|
|
|
Update ssh_util.py with latest list of keys (from openssh-7.3p1/sshkeys.c),
and remove extinct keys ending with "-v00@openssh.com"
Added keys:
rsa-sha2-256,
rsa-sha2-512,
ed25519,
ssh-ed25519,
ssh-ed25519-cert-v01@openssh.com
Removed both of the double entries for the keys:
ssh-dss-cert-v00@openssh.com
ssh-rsa-cert-v00@openssh.com
|
|
In some situations, cloud-init will erroneously append a default
domain to an already fully qualified hostname, resulting in something
like 'localhost.localdomain.localdomain'. This patch checks to see if
the value returned by util.get_hostname() contains a '.', and if it
does treats it as a fully qualified name.
Resolves: rhbz#1389048
LP: #1647910
|
|
'nobootwait' is an upstart specific extension to the mount syntax that is
not supported by other mount systems. As Ubuntu 16.04 moved from upstart
to systemd, support for 'nobootwait' was lost.
All examples using 'nobootwait' are updated to use the standard 'nofail',
which gives the expected behaviour of not failing to boot in case a volume
is missing. There are subtle differences in semantics between
'nobootwait' and 'nofail', but it is the best substitute that gives
behaviour similar to the upstart specific option.
|
|
The bit.ly link seems to have expired. Replace it with link to
'latest' version of EC2 docs.
|
|
Cloud-config provided like:
users:
- default
- name: foobar
groups: sudo, adm
Would result in adduser being called as:
useradd foobar --groups 'sudo, adm' -m
Which would cause error:
useradd: group ' adm' does not exist
The fix here is just to always normalize groups and remove whitespace.
Additionally a fix and unit tests to explicitly set system=False
or no_create_home=True. Previously those paths did not test the value
of the entry, only the presense of the entry.
LP: #1354694
|
|
During recent changes to cc_mounts, on systemd systems, we started using
systemctl daemon-reload
rather than 'mount -a' to get mounts done.
The belief was that since entries in /etc/fstab would be written
to tell systemd that they should be after cloud-init
(x-systemd.requires=cloud-init.service) that the reload would then
let systemd mount the units as expected.
That doesn't seem to work, and new mount entries end up not getting
mounted. The change here moves back to using 'mount -a', but
then also does a systemctl daemon-reload.
LP: #1647708
|
|
CloudSigma would not get any datasources loaded during cloud-init local.
Thus, when the network datasource was removed, *no* CloudSigma
datasources would be loaded.
LP: #1648380
|
|
The documentation shows group names in the 'groups:' key delimited by
", ", but this will result in group names that contain spaces. This
can cause the 'groupadd' or 'useradd' commands to fail.
This patch ensures that we strip whitespace from either end of the
group names passed to the 'groups:' key.
LP: #1354694
|
|
I've seen cases of unable to read from files as
well as the existing os errors so catch io error
and skip by using the smarter read_sys_net instead.
LP: #1625766
|
|
These are just simple syntax fixes to work correctly on python2.6.
Found when testing in a centos 6 container.
|
|
This extends the list of device 'types' that are considered to be physical
to include hyperv, hw_veb, and vhost_user.
LP: #1642679
|
|
The previous behavior would miss ip6= on the command line and
would not pay attention to the written net-* or net6-* files if
only ip6= was found.
The fix here enables parsing the files if either ip= or ip6= is found,
and adds some tests as well.
LP: #1639930
|
|
This replaces long single lines in a log or console output
with multiple lines that are much easier to read.
It indents the stdout and stderr so logs are more easily
read also.
|
|
Several various minor fixes for the readthedocs documentation.
|
|
A user has pointed out that upon set up of a machine, users typically
remove repos (sometimes all of them) and then add repos in. This does
make sense for a typical user.
|
|
If TZ is not set in environment, then datetime.datetime() will
stat /etc/localtime on every usage. datetime is used in the logging
path of cloud-init, and as such this is very busy.
During a normal cloud-init boot, it results in we roughly
400+ stat calls to /etc/localtime.
The value we set is :/etc/localtime, which is described at
https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html
See also merge proposal at 307722 for more background.
https://code.launchpad.net/~raharper/cloud-init/+git/cloud-init/+merge/307722
|
|
Cloud-init has for some time relied on walinuxagent to do some bits
of work necessary for instance initialization. That reliance has
not been needed for a while, but we have still defaulted to it.
This change uses the "builtin" path that Daniel Watkins added
some time ago by default. Also, Adjust tests that assumed the
non-__builtin__ Azure agent_command.
LP: #1538522
|
|
The version of sfdisk in wily (and onwards) only accepts sectors as a
valid disk size. As such, this refactors the MBR code path in
cc_disk_setup to use sectors.
- use --unit=S: while newer versions of sfdisk assume --unit=S, older
versions do not so we specifically pass it in. Versions of sfdisk
found in supported OSes such as centos6 wont assume --unit=S.
- add --force: this exists back to centos 6 (2.17.2), so it should
be fine, and is what we ultimately want.
"do what I say, even if it is stupid"
- keep --Linux. Even though this has been deprecated for quite some
time, we keep it until versions that want it are unsupported.
If necessary at some point we could check for util linux version
and if it had --Linux and use it in those cases.
Additionally, improve usefulness of some log messages.
LP: #1460715
|
|
This adds a call to 'activate_datasource'. That will be called
during init stage (or init-local in the event of a 'local' dsmode).
It is present so that the datasource can do platform specific operations
that may be necessary. It is passed the fully rendered cloud-config
and whether or not the instance is a new instance.
The Azure datasource uses this to address formatting of the ephemeral
devices. It does so by
a.) waiting for the device to come online
b.) removing the marker files for the disk_setup and mounts modules
if it finds that the ephemeral device has been reset.
LP: #1611074
|
|
pycodestyle 2.1.0 is in Ubuntu zesty, and complained about the
changes made here. Simple style changes. This makes 'make pep8'
pass again when built in a zesty build system with proposed enabled.
|
|
Simply fix a commit that should not have been pushed.
|
|
Oracle public cloud has the string 'unavailable' in its metadata
service for 'block-device-mapping'. The change here is to return
None in device_name_to_device if that is the case.
|
|
Simple typo fixes.
|
|
The implementation to add ipv6 support to Ubuntu initramfs changed
(see bug 1621507). The changes here adjust to handle the new path.
Now, the ipv6 route includes using the variable 'DEVICE6' in
net6-DEVICE.conf files.
LP: #1621615
|
|
aarch64 systems have functional dmidecode, so allow that to be used.
- aarch64 has support for dmidecode as well
|
|
Support AliYun(Ali-Cloud ECS). This datasource inherits from EC2,
the main difference is the meta-server address is changed to
100.100.100.200.
The datasource behaves similarly to EC2 and relies on network polling.
As such, it is not enabled by default.
|
|
Previous commit f0747c4b4cf073273e11d383f0354257be7276ed relocated
normalize_users_groups to ug_util module, but missed modifying
the cc_users_groups config module. Apply the location change to fix.
|
|
The function exec_mkpart_gpt was simply not waiting for udev events
to flush after calling sgdisk. The corresponding function
exec_mkpart_mbr already did.
This should fix a transient failure where mkfs would fail with
'not a block device'.
LP: #1626243
|
|
Update the summary of rsyslog module and add logging.rst to docs.
|
|
Ubuntu Core images use the `snap create-user` to add users to an
Ubuntu Core system. Add support for creating snap users by adding
a key to the users dictionary.
users:
- name: bob
snapuser: bob@bobcom.io
Or via the 'snappy' dictionary:
snappy:
email: bob@bobcom.io
Users may also create a snap user without contacting the SSO by
providing a 'system-user' assertion by importing them into snapd.
Additionally, Ubuntu Core systems have a read-only /etc/passwd such that
the normal useradd/groupadd commands do not function without an additional
flag, '--extrausers', which redirects the pwd to /var/lib/extrausers.
Move the system_is_snappy() check from cc_snappy module to util for
re-use and then update the Distro class to append '--extrausers' if
the system is Ubuntu Core.
|
|
Set the default value for 'ssh_svcname' in rhel distros.
This means that it no longer needs to be set in system_info config.
|
