| Age | Commit message (Collapse) | Author |
|---|
|
Cloud config can now disable ssh access to non-root users.
When defining the 'users' list in cloud-configuration a boolean
'ssh_redirect_user: true' can be provided to disable ssh logins for
that user. Any ssh 'public-keys' defined in cloud meta-data will be added
and disabled in .ssh/authorized_keys. Any attempts to ssh as this user
using acceptable ssh keys will be presented with a message like the
following:
Please login as the user "ubuntu" rather than the user "youruser".
|
|
LP: #1727876
|
|
This change will add support for hashed passwords in cc_set_passwords.
It checks if a password is a hash with by checking that it matches
in fairly safe way, and also that the password does not have a ":" in it.
chpasswd needs to know if the password is hashed or not, so two lists
is created so chpasswd is feed with the correct one.
LP: #1570325
|
|
|
|
'nobootwait' is an upstart specific extension to the mount syntax that is
not supported by other mount systems. As Ubuntu 16.04 moved from upstart
to systemd, support for 'nobootwait' was lost.
All examples using 'nobootwait' are updated to use the standard 'nofail',
which gives the expected behaviour of not failing to boot in case a volume
is missing. There are subtle differences in semantics between
'nobootwait' and 'nofail', but it is the best substitute that gives
behaviour similar to the upstart specific option.
|
|
This adds an improved apt configuration format that is fully backwards
compatible with previous behavior. This is mostly copied from curtin's
implementation.
It does:
* clean up and centralizes many of the top level 'apt_*' values that
previously existed into a single top level 'apt'key.
* support a 'source' in apt/sources/entry that has only a key
* documents new features and adds tests.
See the added doc/examples/cloud-config-apt.txt for more information.
|
|
This just mocks out use of lsb_release as it is not available
in a build environment.
Additionally mocks out use of getkeybyid. This admittedly
makes the test for a long key fingerprint not useful as it was
broken only inside getkeybyid.
Also fix 'make yaml' for cloud-config.txt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Config modules are able to declare distros that they were verified
to run on by setting 'distros' as a list in the config module.
Previously, if a module was configured to run and the running distro was not
listed as supported, it would run anyway, and a warning would be written.
Now, we change the behavior to skip those modules.
The distro (or user) can specify that a given list of modules should run anyway
by declaring the 'unverified_modules' config variable.
run_once modules will be run without this filter (ie, expecting that the user
explicitly wanted to run it).
|
|
This allows a general config option to prefix apt-get commands via
'apt_get_wrapper'. By default, the command is set to 'eatmydata', and the
mode set to 'auto'. That means if eatmydata is available (via which), it
will use it.
The 'command' can be either a array or a string.
LP: #1236531
|
|
|
|
|
|
|
|
LP: #1057195
|
|
dist-upgrade is generally more correct here to get all packages upgraded.
We add the options to change these in system_info. Also, document
the previous apt configuration change (apt_get_command).
LP: #1164147
|
|
In general, dist-upgrade is the correct behavior here.
It will get a new kernel, though, which could be annoying. So, allow
a way to turn it off (by setting 'apt_get_upgrade_subcommand: upgrade').
LP: #1164147
|
|
|
|
This allows the user to easily run stuff even after cloud-init-final
has finished. The initial reason for it is to be able to run
/sbin/poweroff and not have cloud-init complain loudly that it is
being killed.
LP: #1064665
|
|
and fix the cases where the cc yaml
is not correct.
|
|
|
|
move the section on user and group adds into
doc/examples/cloud-config-user-groups.txt
|
|
configurations were applied. The result of this bug was that cloud-config
supplied SSH public keys would fail to apply since the configured user
may or may not exist. (LP: #1042459).
cloudinit/config/cc_ssh_import_id.py:
ssh_import_id.py now handles all user SSH import IDs.
cloudinit/distros/ubuntu.py:
Removed create_user class override as cruft, since ssh_import_id
now handles all users.
config/cloud.cfg:
Moved users_groups to run under cloud_init_modules.
doc/examples/cloud-config.txt:
Added missing documentation on user and group creation.
|
|
Added "userless" mode to cloud-init for handling the creation of the users
and the default user on Ubuntu. The end goal of this is to remove the need
for the 'ubuntu' user in the cloud images and to allow individuals to
choose the default user name.
LP: #1028503
|
|
users and the default user on Ubuntu.
cloudinit/config/cc_users_groups.py: new cloud-config module for creating
users and groups on instance initialization.
- Creates users and group
- Sets "user" directive used in ssh_import_id
cloudinit/config/cc_ssh_import_id.py: module will rely upon users_groups
for setting the default user. Removed assumption of 'ubuntu' user.
cloudinit/distros/__init__.py: Added new abstract methods for getting
and creating the default user.
cloudinit/distros/ubuntu.py: Defined abstract methods for getting and
and creating the default 'ubuntu' user on Ubuntu instances.
cloudinit/util.py: Added ability to hide command run through util.subp to
prevent the commands from showing in the logs. Used by user_groups
cloud-config module.
config/cloud.cfg: Removed "user: ubuntu" directive and replaced with new
user-less syntax.
doc/examples/cloud-config.txt: Documented the creation of users and groups.
|
|
As described in the bug, enough non-cloud users experienced issues with
cloud-init selecting a mirror due to consumer level network providers using
dns server redirection.
We're turning this off by default.
LP: #974509
|
|
|
|
|
|
- Changed values to be more simplistic and intuitive
- Only allow pipelining values up to 5
- Changed to per_instance over per_always to remove need
for tracking the values
- Fixed Python style
|
|
- cloud-config option of "apt-pipelining"
- Address LP: 948461
|
|
- reference cloud-init-per
- mention that INSTANCE_ID is in environment of bootcmd scripts
|
|
Currently cloud-init writes something like this to console output:
ec2: #############################################################
ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
ec2: 2048 78:ae:f3:91:04:6f:8d:ee:ef:e1:2d:72:83:6a:d0:82 root@h (RSA)
ec2: 1024 d3:b6:32:64:22:d4:43:05:f9:25:b4:f3:65:4e:e2:51 root@h (DSA)
ec2: -----END SSH HOST KEY FINGERPRINTS-----
ec2: #############################################################
the key fingerprints are useful for humans to read, but not so useful
for machines, as you cannot populate a KnownHostsFile (~/.ssh/known_hosts)
from the data there.
This change adds output like:
-----BEGIN SSH HOST KEY KEYS-----
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdH......STI= root@h
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYRIQe6m......tWF3 root@h
-----END SSH HOST KEY KEYS-----
Those lines can easily be grabbed and appended to a known_hosts file.
|
|
The default management of /etc/hosts in 0.6.2 (Ubuntu 11.10)
was problematic for a couple different uses, and represented a change
in what was present in previous releases.
This changes the default behavior back to the way it was in 11.04/0.6.1.
It makes 'manage_etc_hosts' in cloud-config more than just a boolean.
It can now have 3 values:
* False (default): do not update /etc/hosts ever
* "localhost": manage /etc/hosts' 127.0.1.1 entry (the way it was done
in 11.10/0.6.2)
* True (or "template"): manage /etc/hosts via template file
This addresses bugs
* LP: #890501
* LP: #871966
|
|
|
|
|
|
This adds doc/examples/cloud-config.txt data for the
options that were added when pulling in Fedora support.
|
|
|
|
|
|
|
|
|
|
The primary motivation for this is so that 'nobootwait' is not hard
coded to appear in the fs_opts field.
LP: #785542
|
|
Previously, when cloud-config was ready, cloud-init would emit an
upstart event with:
initctl emit cloud-config
Now, that command is configurable via the 'cc_ready_cmd' value in
cloud.cfg or user data. The default behavior is not changed.
LP: #785551
|
