| Age | Commit message (Collapse) | Author |
|---|
|
To accept NVIDIA EULA, cloud-init needs to emit latelink=true debconf
setting to the linux-restricted-modules package to allow NVIDIA
drivers to properly link to the running kernel.
LP: #1840080
|
|
Collect and record the following information through KVP:
+ timestamps related to kernel initialization and systemd activation
of cloud-init services
+ system information including cloud-init version, kernel version,
distro version, and python version
+ diagnostic events for the most common provisioning error issues
such as empty dhcp lease, corrupted ovf-env.xml, etc.
+ increasing the log frequency of polling IMDS during reprovision.
|
|
The function generate_fallback_config is used by Azure by default when
not consuming IMDS configuration data. This function is also used by any
datasource which does not implement it's own network config. This simple
fallback configuration sets up dhcp on the most likely NIC. It will now
emit network v2 instead of network v1.
This is a step toward moving all components talking in v2 and allows us
to avoid costly conversions between v1 and v2 for newer distributions
which rely on netplan.
|
|
This adds an empty publish_host_keys() method to the default datasource
that is called by cc_ssh.py. This feature can be controlled by the
'ssh_publish_hostkeys' config option. It is enabled by default but can
be disabled by setting 'enabled' to false. Also, a blacklist of key
types is supported.
In addition, this change implements ssh_publish_hostkeys() for the GCE
datasource, attempting to write the hostkeys to the instance's guest
attributes. Using these hostkeys for ssh connections is currently
supported by the alpha version of Google's 'gcloud' command-line tool.
(On Google Compute Engine, this feature will be enabled by setting the
'enable-guest-attributes' metadata key to 'true' for the
project/instance that you would like to use this feature for. When
connecting to the instance for the first time using 'gcloud compute ssh'
the hostkeys will be read from the guest attributes for the instance and
written to the user's local known_hosts file for Google Compute Engine
instances.)
|
|
- dsidentify switches to the new Exoscale datasource on matching DMI name
- New Exoscale datasource added
Signed-off-by: Mathieu Corbin <mathieu.corbin@exoscale.ch>
|
|
Previously "cmdline" network configuration could be either
user-specified network-config=... configuration data, or
initramfs-provided configuration data. Before data sources could modify
the order in which network config sources were considered, this
conflation didn't matter (and, indeed, in the default data source
configuration it will continue to not matter).
However, it _is_ desirable for a data source to be able to specify that
its network configuration should be preferred over the
initramfs-provided network configuration but still allow explicit
network-config=... configuration passed to the kernel cmdline to
continue to override both of those sources.
(This also modifies the Oracle data source to use read_initramfs_config
directly, which is effectively what it was using
read_kernel_cmdline_config for previously.)
|
|
Currently, if a platform provides any network configuration via the
"cmdline" method (i.e. network-data=... on the kernel command line,
ip=... on the kernel command line, or iBFT config via /run/net-*.conf),
the value of the data source's network_config property is completely
ignored.
This means that on platforms that use iSCSI boot (such as Oracle Compute
Infrastructure), there is no way for the data source to configure any
network interfaces other than those that have already been configured by
the initramfs.
This change allows data sources to specify the order in which network
configuration sources are considered. Data sources that opt to use this
mechanism will be expected to consume the command line network data and
integrate it themselves.
(The generic merging of network configuration sources was considered,
but we concluded that the single use case we have presently (a) didn't
warrant the increased complexity, and (b) didn't give us a broad enough
view to be sure that our generic implementation would be sufficiently
generic. This change in no way precludes a merging strategy in future.)
|
|
- Update paramiko and cryptography module versions (2.4.2) to
address issues with algo and deprecation warnings.
- Modify ssh keypair generation to work with updated paramiko
- tools/xkvm sync with newer version from curtin
- Update NoCloudKvm instance.py to work with updated xkvm
- pass -name to instance, useful for debugging on shared host
- Add cache_mode platform config; default to cache=none,aio=native
- Switch to yaml.safe_load() in platforms.py
|
|
If input to network_state.parse_net_config_data was netplan (v2 yaml)
then the network state would lose the mtu information on bond or vlan.
LP: #1836949
|
|
On systems with many interfaces, processing udev events may take a while.
Cloud-init expects devices included in a provided network-configuration
to be present when attempting to configure them. This patch adds a step
in net configuration where it will check for devices provided in the
configuration and if not found, issue udevadm settle commands to wait
for them to appear.
Additionally, the default path for udev persistent network rules
70-persistent-net.rules may also be written to systems which include
the 75-net-generator.rules. During boot, cloud-init and the
generator may race and interleave values causing issues. OpenSUSE
will now use a newer file, 85-persistent-net-cloud-init.rules which
will take precedence over values created by 75-net-generator and
avoid collisions on the same file.
LP: #1817368
|
|
The EphemeralDHCP context manager did not parse or handle
rfc3442 classless static routes which prevented reading
datasource metadata in some clouds. This branch adds support
for extracting the field from the leases output, parsing the
format and then adding the required iproute2 ip commands to
apply (and teardown) the static routes.
LP: #1821102
|
|
The debian ntp.conf template did not contain a newline for the
comment used to mark the rendered ntp pools configured. This
resulted in an invalid line:
'# poolspool 0.int.pool.ntp.org iburst'
rather than:
'# pools
pool 0.int.pool.ntp.org iburst'
This patch fixes the template and updates the unittest to
verify that the rendered templates puts servers and pools
at the beginning of a line.
LP: #1836598
|
|
Support is for now implemented in such a way that it will fall back to
the old `_write_network()` if netplan is not available on the image.
|
|
With a large size ISO file attached to iso dev, ds-identify might
grep it entirely if iso dev is ISO9660, it takes very long time to
start OS.
Resolve this by:
- Adding a checker to read the ISO size (from sysfs). If
the size of the ISO filesystem is > 10MiB then the ISO will be
ignored (logged as oversized).
- Move the ovf vmware guest customization checker to be
ahead of cdrom ovf checker, so no need check the ISO size if vmware
guest customization is enabled.
LP: #1806701
|
|
cloud-init does not trigger reboots of a VM therefore adding custom
scripts to rc.local does not execute the post scripts. This patch
moves post-scripts into per-instance scripts dir and has cc_scripts
module run the post-scripts.
Also in this branch:
- Remove the sh interpreter and execute the customization script
directly.
- Update the unit test.
LP: #1833192
|
|
This allows cloud-init query region to show valid region data for Azure
|
|
Currently, only a few bonding parameters can be configured on
sysconfig systems. This patch aims to support more parameters
documented on the docs site.
|
|
When OpenStack is deployed on some hypervisors (such as VMware
vSphere), cloud-init doesn't detect that it needs to probe the
metadata service because the DMI product name field can't be set
to a field that is recognized by cloud-init. However, the asset
tag field can be set via flavor extra specs or image metadata.
A similar approach is already used to identify Open Telekom Cloud.
This patch allows cloud init to recognize "OpenStack Nova" or
"OpenStack Compute" in the asset tag field as an indication that
the instance being configured is running on an OpenStack platform.
LP: #1669875
|
|
Previous versions of netplan included a misspelling for the
bond parameter around gratuitous-arp. This has been fixed and released
and cloud-init needs to accept both values. This branch fixes the
key that will be rendered and transforms the previous misspelling
when capturing network_state.
LP: #1827238
|
|
- UFS file system support
- GPT partition table support
- add support for newfs's -L parameter (label)
- move freebsd specific test from Azure to freebsd
|
|
blkid is a Linux-only command. With this patch, cloud-init uses another
approach to find the data source on FreeBSD.
LP: #1645824
|
|
The Azure data source helper attempts to use information in the dhcp
lease to find the Wireserver endpoint (IP address). Under some unusual
circumstances, those attempts will fail. This change uses a static
address, known to be always correct in the Azure public and sovereign
clouds, when the helper fails to locate a valid dhcp lease. This
address is not guaranteed to be correct in Azure Stack environments;
it's still best to use the information from the lease whenever possible.
|
|
|
|
Under some circumstances, cc_disk_setup may reformat volumes which
already appear in /etc/fstab (e.g. Azure ephemeral drive is reformatted
from NTFS to ext4 after service-heal). Normally, cc_mounts only calls
mount -a if it altered /etc/fstab. With this change cc_mounts will read
/proc/mounts and verify if configured mounts are already mounted and if
not raise flag to request a mount -a. This handles the case where no
changes to fstab occur but a mount -a is required due to change in
underlying device which prevented the .mount unit from running until
after disk was reformatted.
LP: #1825596
|
|
If the IMDS primary server is not available, falling back to the
secondary server takes about 1s. The net result is that the
expected E2E time is slightly more than 1s. This change increases
the timeout to 2s to prevent the infinite loop of timeouts.
|
|
+ Truncate KVP Pool file to prevent stale entries from
being processed by the Hyper-V KVP reporter.
+ Drop filtering of KVPs as it is no longer needed.
+ Batch appending of existing KVP entries.
|
|
Currently on 18.04, running tox -e py27 will spew errors like:
.tests/unittests/test_net.py:2649: YAMLLoadWarning: calling yaml.load()
without Loader=... is deprecated, as the default Loader is unsafe.
Please read https://msg.pyyaml.org/load for full details.
The change here just uses cloud-init's yaml, which does safeloading
by default.
|
|
Restrict the sysconfig renderer availabily to known distros.
Ubuntu/Debian systems may include network-manager but they do
not have support for reading sysconfig network output; that is
enabled via a Network-Manager plugin: ifcfg-rh which is not
available in Ubuntu/Debian.
LP: #1819994
|
|
Mock util.SeLinuxGuard to do nothing within tests that mock functions
used by the guard, when those mocks confuse the guard. This has no
impact when executing unit tests on systems which do not enable selinux
(e.g. Ubuntu).
LP: #1825253
|
|
Moving update_events from a class attribute to an instance attribute
means that it doesn't exist on DataSource objects that are unpickled,
causing tracebacks on cloud-init upgrade.
As this change is only required for cloud-init installations which don't
utilise ds-identify, we're backing it out to be reintroduced once the
upgrade path bug has been addressed.
This reverts commit f2fd6eac4407e60d0e98826ab03847dda4cde138.
|
|
NoCloud data source now accepts both 'cidata' and 'CIDATA'
as filesystem labels. This is similar to DataSourceConfigDrive's
support for 'config-2' and 'CONFIG-2'.
|
|
The apt_pipelining test-cases were broken but until cloud-init
changed it's default behavior to not disable, these silently passed
as both only ever checked if pipelinging was disabled.
First, the tests used the 'apt' namespace, which is not for
configuring pipelining, rather that requires 'apt_pipelining'
as the namespace.
Second, the 'os' variant needs to check that cloud-init does not
write a configuration file; it was a copy-and-paste error from the
disable test-case.
This branch fixes the config and collection to validate both
scenarios.
|
|
The Azure platform surfaces random bytes into /sys via Hyper-V.
Python 2.7 json.dump() raises an exception if asked to convert
a str with non-character content, and python 3.0 json.dump()
won't serialize a "bytes" value. As a result, c-i instance
data is often not written by Azure, making reboots slower (c-i
has to repeat work).
The random data is base64-encoded and then decoded into a string
(str or unicode depending on the version of Python in use). The
base64 string has just as many bits of entropy, so we're not
throwing away useful "information", but we can be certain
json.dump() will correctly serialize the bits.
|
|
For writing IPv6 addresses to ifcfg-* the name "IPV6ADDR" is used. For
secondary IPs the value for "IPV6ADDR_SECONDARIES" is set. On SUSE based
distributions the names "IPADDR6" and "IPADDR6_$SOMELABEL" need to be
used.
|
|
When rendering ipv6 static routes in eni format the
post-up/pre down commands were not correct for ipv6.
LP: #1818669
|
|
The ubuntu_drivers config module enables usage of the 'ubuntu-drivers'
command. At this point it only serves as a way of installing NVIDIA
drivers for general purpose graphics processing unit (GPGPU)
functionality.
Also, a small usability improvement to get_cfg_by_path to allow it to
take a string for the key path
"toplevel/second/mykey"
in addition to the original:
("toplevel", "second", "mykey")
|
|
Currently, DataSourceAzure updates self.update_events in __init__. As
update_events is a class attribute on DataSource, this updates it for
all instances of classes derived from DataSource including those for
other clouds. This means that if DataSourceAzure is even instantiated,
its behaviour is applied to whichever data source ends up being used for
boot.
To address this, update_events is moved from a class attribute to an
instance attribute (that is therefore populated at instantiation time).
This retains the defaults for all DataSource sub-class instances, but
avoids them being able to mutate the state in instances of other
DataSource sub-classes.
update_events is only ever referenced on an instance of DataSource (or a
sub-class); no code relies on it being a class attribute. (In fact,
it's only used within methods on DataSource or its sub-classes, so it
doesn't even _need_ to remain public, though I think it's appropriate
for it to be public.)
DataSourceScaleway is also updated to move update_events from a
class attribute to an instance attribute, as the class attribute would
now be masked by the DataSource instance attribute.
LP: #1819913
|
|
When the network configuration has a default route configured and
another network device that is configured with dhcp, SUSE sysconfig
output should not accept the default route provided by the dhcp
server.
LP: #1812117
|
|
In some cases, the 'passwd' command might not be available, but
'usermod' might be. In debian systems both are provided by the
'passwd' package. In Redhat/Centos passwd comes from 'passwd' package
while 'usermod' comes from `shadow-utils`
This should just support either one with no real cost other than
the check.
|
|
Some deployments of OpenStack expose link types to the guest which
cloud-init doesn't recognise. These will almost always be physical, so
we can operate more robustly if we assume that they are (whilst warning
the user that we're seeing something unexpected).
LP: #1639263
|
|
- Remove the last few places that use `if PY26`
- Replace our Python version detection logic with six's (which we were
already using in most places)
|
|
pylint now complains about assignment of None from a
return of a function call. This does not account for subclassing
so we resolve this issue by removing the assignment in the unittest.
|
|
When providing netplan configuration to cloud-init, the internal
network state would enable DHCP if the 'dhcp' key was present in
the source config. In netplan, dhcp[46] is a boolean and the
value of the boolean should control whether DHCP is enabled rather
than the presence of the key. This issue leaded to inconsistant
sysconfig/network-scripts on fedora. 'BOOTPROTO' was always 'dhcp',
even if the address config was static.
After this change a dhcp subnet is added only if the 'dhcp' setting
in source cfg dict is True.
LP: #1818032
|
|
In test_ds_identify, don't mutate otherwise-static test data. When
running tests in a random order, this was causing failures due to
breaking preconditions for other tests.
In tests/helpers, reset logging level in tearDown. Some of the CLI
tests set the level of the root logger in a way that isn't correctly
reset.
For test_poll_imds_re_dhcp_on_timeout and
test_dhcp_discovery_run_in_sandbox_warns_invalid_pid, mock out
time.sleep; this saves ~11 seconds (or ~40% of previous test time!).
|
|
Encrypted data bags require a secrets file to be present to
decrypt, and the location of the file must be configured the
Chef client configuration file, client.rb.
This update enables cloud-init's chef module to update that
setting in client.rb.
LP: #1817082
|
|
The Azure data source is expected to expose a list of
ssh keys for the user-to-be-provisioned in the crawled
metadata. When configured to use the __builtin__ agent
this list is built by the WALinuxAgentShim. The shim
retrieves the full set of certificates and public keys
exposed to the VM from the wireserver, extracts any
ssh keys it can, and returns that list.
This fix reduces that list of ssh keys to just the
ones whose fingerprints appear in the "administrative
user" section of the ovf-env.xml file. The Azure
control plane exposes other ssh keys to the VM for
other reasons, but those should not be added to the
authorized_keys file for the provisioned user.
|
|
When integration tests verification fails, the object returned
contains has 'error' and 'traceback' keys. Each key can contain empty
strings. If the simplified 'error' message is empty, fallback and use
the more verbose full 'traceback' text in the failure summary.
|
|
AWS EC2 instances' network come in 2 basic flavors: Classic and VPC
(Virtual Private Cloud). The former has an interesting behavior of having
its MAC address changed whenever the instance is stopped/restarted. This
behavior is not observed in VPC instances.
In Ubuntu 18.04 (Bionic) the network "management" changed from ENI-style
(etc/network/interfaces) to netplan, and when using netplan we observe
the following block present in /etc/netplan/50-cloud-init.yaml:
match:
macaddress: aa:bb:cc:dd:ee:ff
Jani Ollikainen noticed in Launchpad bug #1802073 that the EC2 Classic
instances were booting without network access in Bionic after stop/restart
procedure, due to their MAC address change behavior. It was narrowed down
to the netplan MAC match block, that kept the old MAC address after
stopping and restarting an instance, since the network configuration
writing happens by default only once in EC2 instances, in the first boot.
This patch changes the network configuration write to every boot in EC2
Classic instances, by checking against the "vpc-id" metadata information
provided only in the VPC instances - if we don't have this metadata value,
cloud-init will rewrite the network configuration file in every boot.
This was tested in an EC2 Classic instance and proved to fix the issue;
unit tests were also added for the new method is_classic_instance().
LP: #1802073
Reported-by: Jani Ollikainen <jani.ollikainen@ik.fi>
Suggested-by: Ryan Harper <ryan.harper@canonical.com>
Co-developed-by: Chad Smith <chad.smith@canonical.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
|
|
FreeBSD ifconfig output for ipv6 addrs doesn't find scopeid values
when present in the output and the pformat rendering assumes that
an ipv6 address will have a 'scope6' entry in the netdev info
dictionary. This patch finds the scopeid value, which is not
always inside <>, and in some cases v6 addrs don't have a scopeid
value in the output, so when rendering the table, allow scope6 value
to be replaced with the empty value.
LP: #1779672
|
|
Cloud-init rendered netplan with duplicate aliases if a network config
included "global" nameserver/search values. Netplan uses can read yaml
files which do use aliaes but cloud-init did not render a single yaml
dictionary, instead it combined yaml sections into a single document
which sometimes resulted in duplicate aliases being present.
This branch introduces a yaml SafeDumper class which can set the
'ignore_aliases' attribute. This is not enabled by default but callers
to util.yaml_dumps can pass a boolean to toggle this. The netplan
render uses noalias=True and the resulting yaml output does not contain
any aliases.
LP: #1815051
|
