| Age | Commit message (Collapse) | Author |
|---|
|
Cloud config can now disable ssh access to non-root users.
When defining the 'users' list in cloud-configuration a boolean
'ssh_redirect_user: true' can be provided to disable ssh logins for
that user. Any ssh 'public-keys' defined in cloud meta-data will be added
and disabled in .ssh/authorized_keys. Any attempts to ssh as this user
using acceptable ssh keys will be presented with a message like the
following:
Please login as the user "ubuntu" rather than the user "youruser".
|
|
LP: #1727876
|
|
To deny a user elevated access, you can omit the `sudo` key from the
`users` dictionary. This works fine however it's implicitly defined
based on defaults of `cloud-init`. If the project moves to have `sudo`
access allowed for all by default (quite unlikely but still possible)
this will catch a few people out.
This introduces the ability to define an explicit `sudo: False` in the
`users` dictionary and it will prevent `sudo` access. The behaviour is
identical to omitting the key.
LP: #1771468
|
|
ext3 is not able to support file system sizes that are needed in Joyent's
cloud. For the default block size of 4k, the maximum filesystem size
for ext3 is 2^32 * 4096 = 16 TiB.
This changes the default file system type from ext3 to ext4.
LP: #1763511
|
|
LP: #1420018
|
|
Apt key was mistyped in the example.
Should be
apt:
sources:
source1:
instead of
apt:
source1:
source:
|
|
When operating in expected path, cloud-init should avoid logging with
warning. That causes 'WARNING' messages in /var/log/cloud-init.log.
By default, warnings also go to the console.
Since jsonschema is a optional dependency, and not present on xenial
and zesty, cloud-init should not warn there.
Also here:
* Add a test to integration tests to assert that there are no
warnings in /var/log/cloud-init.log.
* Update one integration test that did show warning and the related
documentation and examples.
LP: #1724354
|
|
Most users of chef will want to pin the version that is installed.
Typically new versions of chef have to be evaluated for breakage etc.
This change proposes a new optional `omnibus_version` field to the chef
configuration. The changeset also adds documentation referencing the new
field.
LP: #1462693
|
|
This fixes the disk setup example doc which specifies that the only
currently supported table_type option is 'mbr' by adding the 'gpt'
option which got supported as of 0.7.7.
LP: #1703789
|
|
- Updated to standard chef.io url
- Removed the port 4000, due to that has been deprecated
- Added Note about the run_list not being required
Signed-off-by: JJ Asghar <jj@chef.io>
|
|
If 'cmd' is provided to a fs_setup entry, then cloud-init was trying
to execute the rendered string as a single name, rather than
splitting the string. The change here will pass the string to
shell for interpretation so that it is split there.
Also fix some documentation errors and warn when fs_opts or overwrite
is provided along with 'cmd'.
LP: #1687712
|
|
Includes missing examples for RTD, including
examples for datasources, disk partitions and apt update.
Also fix doc in cloud-config-update-apt.txt.
LP: #1459604
|
|
Should be 'manage_resolv_conf' not 'manage-resolv-conf'.
LP: #1531582
|
|
Also add integration test. Note: this new test is not comprehensive; it
simply ensures that the example chef configuration does not blow up and
that chef seems to be installed after its completion.
This new test is disabled by default as it depends on a 3rd party
repository.
LP: #1678145
|
|
This change will add support for hashed passwords in cc_set_passwords.
It checks if a password is a hash with by checking that it matches
in fairly safe way, and also that the password does not have a ":" in it.
chpasswd needs to know if the password is hashed or not, so two lists
is created so chpasswd is feed with the correct one.
LP: #1570325
|
|
|
|
'nobootwait' is an upstart specific extension to the mount syntax that is
not supported by other mount systems. As Ubuntu 16.04 moved from upstart
to systemd, support for 'nobootwait' was lost.
All examples using 'nobootwait' are updated to use the standard 'nofail',
which gives the expected behaviour of not failing to boot in case a volume
is missing. There are subtle differences in semantics between
'nobootwait' and 'nofail', but it is the best substitute that gives
behaviour similar to the upstart specific option.
|
|
Python 3 would fail to load yaml from doc/examples/cloud-config-apt.txt
when the LANG (specifically LC_CTYPE) was 'C'.
The changes here do 2 things:
a.) remove the non-ascii characters from the yaml file.
b.) fix the validate-yaml.py program to decode using utf-8 specifically
rather than using the inherited settings.
This fixes it now for ascii and in the future also should non-ascii slip in.
|
|
Several various minor fixes for the readthedocs documentation.
|
|
Instead, it will simply append the new entry.
|
|
Ubuntu Core images use the `snap create-user` to add users to an
Ubuntu Core system. Add support for creating snap users by adding
a key to the users dictionary.
users:
- name: bob
snapuser: bob@bobcom.io
Or via the 'snappy' dictionary:
snappy:
email: bob@bobcom.io
Users may also create a snap user without contacting the SSO by
providing a 'system-user' assertion by importing them into snapd.
Additionally, Ubuntu Core systems have a read-only /etc/passwd such that
the normal useradd/groupadd commands do not function without an additional
flag, '--extrausers', which redirects the pwd to /var/lib/extrausers.
Move the system_is_snappy() check from cc_snappy module to util for
re-use and then update the Distro class to append '--extrausers' if
the system is Ubuntu Core.
|
|
This adds lots of config module documentation in a standard format.
It will greatly improve the content at readthedocs.
Additionally:
* Add a 'doc' env to tox.ini
* Changed default highlight language for sphinx conf from python to yaml
most examples in documentation are yaml configs
* Updated datasource examples to highlight sh code properly
|
|
This adds an improved apt configuration format that is fully backwards
compatible with previous behavior. This is mostly copied from curtin's
implementation.
It does:
* clean up and centralizes many of the top level 'apt_*' values that
previously existed into a single top level 'apt'key.
* support a 'source' in apt/sources/entry that has only a key
* documents new features and adds tests.
See the added doc/examples/cloud-config-apt.txt for more information.
|
|
Add support for installing and configuring ntp service, exposing the
minimum config of servers or pools to be added. If none are defined
then fallback on generating a list of pools by distro hosted at
pool.ntp.org (which matches what's found in the default ntp.conf
shipped in the respective distro).
|
|
This just mocks out use of lsb_release as it is not available
in a build environment.
Additionally mocks out use of getkeybyid. This admittedly
makes the test for a long key fingerprint not useful as it was
broken only inside getkeybyid.
Also fix 'make yaml' for cloud-config.txt
|
|
|
|
|
|
|
|
|
|
|
|
Note that runcmd runs only on first boot.
Note that strings need to be quoted, not escaped.
Switch bootcmd list text to use - not * like everything else.
|
|
|
|
|
|
|
|
|
|
Now, validation_key is always a path to a file, as it is in
chef's client.rb syntax.
validation_cert is always the *content* of that file that should
be written. However, if validation_cert is the string "system",
then we do not write that value, but rather assume the file exists.
LP: #1568940
|
|
|
|
|
|
Update make check target to run pep8 and run pyflakes or pyflakes3
depending on the value of 'PYVER'. This way the python3 build
environment does not need python2 and vice versa.
Also have make check run the 'yaml' test.
tox: have tox run pep8 in the pyflakes
|
|
A few changes:
a.) change to using '--name=value' rather than '--name' 'value'
b.) make sure only strings are passed to command
(useful for storage_create_loop: which is likely an integer)
c.) document simple working example
d.) support installing zfs if not present and storage_backedn has it.
|
|
|
|
|
|
|
|
|
|
LX-brand zones on Joyent's SmartOS use a different metadata source
(socket file) than the KVM-based SmartOS virtualization (serial port).
This patch adds support for recognizing the different flavors of
virtualization on SmartOS and setting up a metadata source file object.
After the file object is created, the rest of the code for the datasource
LP: #1540965
|
|
|
|
if 'condition' is provided to config in power_state, then
consult it before powering off.
This allows the user to shut down only if a condition is met, and
leave the system in a debuggable state otherwise.
An example is as simple as:
power_state:
mode: poweroff
condition: ['sh', '-c', '[ -f /disable-poweroff ]']
|
|
|
|
|
|
|
