From 4050105c1cfb100e6b93c56a74ecd2fe29d87608 Mon Sep 17 00:00:00 2001 From: Garrett Holmstrom Date: Fri, 20 Sep 2013 16:04:49 -0700 Subject: Some containers lack /dev/console, so when multi_log attempts to open that device and write to it directly things can start going haywire. Here we address this problem by sending console-bound output to stdout and letting init take care of getting it to the console instead. We already configure upstart with "console output", so we need only change systemd to use "journal+console". --- cloudinit/util.py | 10 +++++----- systemd/cloud-config.service | 2 +- systemd/cloud-final.service | 2 +- systemd/cloud-init-local.service | 2 +- systemd/cloud-init.service | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cloudinit/util.py b/cloudinit/util.py index d50d3e18..02890448 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -360,11 +360,11 @@ def multi_log(text, console=True, stderr=True, if stderr: sys.stderr.write(text) if console: - # Don't use the write_file since - # this might be 'sensitive' info (not debug worthy?) - with open('/dev/console', 'wb') as wfh: - wfh.write(text) - wfh.flush() + # Some containers lack /dev/console, so we send output to + # stdout and configure upstart with "console output" and + # systemd with "journal+console" and let them take care of + # getting output to the console. + print text if log: if text[-1] == "\n": log.log(log_level, text[:-1]) diff --git a/systemd/cloud-config.service b/systemd/cloud-config.service index fc72fc48..41a86147 100644 --- a/systemd/cloud-config.service +++ b/systemd/cloud-config.service @@ -11,7 +11,7 @@ RemainAfterExit=yes TimeoutSec=0 # Output needs to appear in instance console output -StandardOutput=tty +StandardOutput=journal+console [Install] WantedBy=multi-user.target diff --git a/systemd/cloud-final.service b/systemd/cloud-final.service index f836eab6..ef0f52b9 100644 --- a/systemd/cloud-final.service +++ b/systemd/cloud-final.service @@ -11,7 +11,7 @@ RemainAfterExit=yes TimeoutSec=0 # Output needs to appear in instance console output -StandardOutput=tty +StandardOutput=journal+console [Install] WantedBy=multi-user.target diff --git a/systemd/cloud-init-local.service b/systemd/cloud-init-local.service index 6a551710..a31985c6 100644 --- a/systemd/cloud-init-local.service +++ b/systemd/cloud-init-local.service @@ -10,7 +10,7 @@ RemainAfterExit=yes TimeoutSec=0 # Output needs to appear in instance console output -StandardOutput=tty +StandardOutput=journal+console [Install] WantedBy=multi-user.target diff --git a/systemd/cloud-init.service b/systemd/cloud-init.service index d4eb9fa5..018a1fa8 100644 --- a/systemd/cloud-init.service +++ b/systemd/cloud-init.service @@ -11,7 +11,7 @@ RemainAfterExit=yes TimeoutSec=0 # Output needs to appear in instance console output -StandardOutput=tty +StandardOutput=journal+console [Install] WantedBy=multi-user.target -- cgit v1.2.3 From 0b9e965096d0cfb20284c587262945c8599ea4a3 Mon Sep 17 00:00:00 2001 From: Garrett Holmstrom Date: Fri, 20 Sep 2013 16:34:41 -0700 Subject: When selinux is completely disabled functions like restorecon raise exceptions, causing nasty things to happen on instances that boot with selinux=0. The fix is easy: simply consult is_selinux_enabled() first. --- cloudinit/util.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cloudinit/util.py b/cloudinit/util.py index d50d3e18..deac8c8d 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -161,13 +161,13 @@ class SeLinuxGuard(object): self.recursive = recursive def __enter__(self): - if self.selinux: + if self.selinux and self.selinux.is_selinux_enabled(): return True else: return False def __exit__(self, excp_type, excp_value, excp_traceback): - if self.selinux: + if self.selinux and self.selinux.is_selinux_enabled(): path = os.path.realpath(os.path.expanduser(self.path)) do_restore = False try: -- cgit v1.2.3 From 8827040ad3fdb951a38e39f73cf11fd73b17873f Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 13:51:52 -0400 Subject: cc_final_message: write to log debug also --- cloudinit/config/cc_final_message.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/config/cc_final_message.py b/cloudinit/config/cc_final_message.py index 6b864fda..e92cba4a 100644 --- a/cloudinit/config/cc_final_message.py +++ b/cloudinit/config/cc_final_message.py @@ -54,7 +54,7 @@ def handle(_name, cfg, cloud, log, args): 'datasource': str(cloud.datasource), } util.multi_log("%s\n" % (templater.render_string(msg_in, subs)), - console=False, stderr=True) + console=False, stderr=True, log=log) except Exception: util.logexc(log, "Failed to render final message template") -- cgit v1.2.3 From f0e1bf38a2b943d27c8fe20724799b2e552e7adc Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 14:52:30 -0400 Subject: instead of just writing to stdout, write to stdout if no /dev/console --- cloudinit/util.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/cloudinit/util.py b/cloudinit/util.py index 02890448..89307aa5 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -360,11 +360,21 @@ def multi_log(text, console=True, stderr=True, if stderr: sys.stderr.write(text) if console: - # Some containers lack /dev/console, so we send output to - # stdout and configure upstart with "console output" and - # systemd with "journal+console" and let them take care of - # getting output to the console. - print text + conpath = "/dev/console" + if os.path.exists(conpath): + with open(conpath, 'wb') as wfh: + wfh.write(text) + wfh.flush() + else: + # A container may lack /dev/console (arguably a container bug). If + # it does not exist, then write output to stdout. this will result + # in duplicate stderr and stdout messages if stderr was True. + # + # even though upstart or systemd might have set up output to go to + # /dev/console, the user may have configured elsewhere via + # cloud-config 'output'. If there is /dev/console, messages will + # still get there. + sys.stdout.write(text) if log: if text[-1] == "\n": log.log(log_level, text[:-1]) -- cgit v1.2.3 From c674737a5df96ef23826b6fc0e4a9bf2f70712c9 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 14:59:06 -0400 Subject: add '\n' to no key fingerprint warning --- cloudinit/config/cc_ssh_authkey_fingerprints.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/config/cc_ssh_authkey_fingerprints.py b/cloudinit/config/cc_ssh_authkey_fingerprints.py index c38bcea2..be8083db 100644 --- a/cloudinit/config/cc_ssh_authkey_fingerprints.py +++ b/cloudinit/config/cc_ssh_authkey_fingerprints.py @@ -63,7 +63,7 @@ def _is_printable_key(entry): def _pprint_key_entries(user, key_fn, key_entries, hash_meth='md5', prefix='ci-info: '): if not key_entries: - message = ("%sno authorized ssh keys fingerprints found for user %s." + message = ("%sno authorized ssh keys fingerprints found for user %s.\n" % (prefix, user)) util.multi_log(message) return -- cgit v1.2.3 From 6437d67a354d04b3add3c9d4217f46d8d83c1886 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 15:07:49 -0400 Subject: bddeb: depend on cloud-utils or cloud-guest-utils saucy split cloud-utils into cloud-guest-utils and cloud-image-utils. The former is in the cloud image, the latter is not, and we actually need it for growpart which is in the former. --- packages/bddeb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/bddeb b/packages/bddeb index 30559870..8de4d466 100755 --- a/packages/bddeb +++ b/packages/bddeb @@ -145,7 +145,7 @@ def main(): print("Creating a debian/ folder in %r" % (xdir)) if not args.no_cloud_utils: - append_requires=['cloud-utils'] + append_requires=['cloud-utils | cloud-guest-utils'] else: append_requires=[] write_debian_folder(xdir, version, revno, append_requires) -- cgit v1.2.3 From d8ad6d56cd1a9424ce023d9a91e1b87e34a8000c Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 15:12:10 -0400 Subject: update ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index dc2b95ea..a4629b06 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ - add 'cc_disk_setup' config module for paritioning disks and creating filesystems. Useful if attached disks are not formatted (LP: #1218506) - Fix usage of libselinux-python when selinux is disabled. [Garret Holmstrom] + - multi_log: only write to /dev/console if it exists [Garret Holmstrom] 0.7.2: - add a debian watch file - add 'sudo' entry to ubuntu's default user (LP: #1080717) -- cgit v1.2.3 From 4063358ec2f20bcff4328fb659cecbed668a9a48 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Thu, 26 Sep 2013 08:47:14 -0400 Subject: fix spelling in ChangeLog --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a4629b06..8222e2b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,8 +20,8 @@ - add OpenNebula Datasource [Vlastimil Holer] - add 'cc_disk_setup' config module for paritioning disks and creating filesystems. Useful if attached disks are not formatted (LP: #1218506) - - Fix usage of libselinux-python when selinux is disabled. [Garret Holmstrom] - - multi_log: only write to /dev/console if it exists [Garret Holmstrom] + - Fix usage of libselinux-python when selinux is disabled. [Garrett Holmstrom] + - multi_log: only write to /dev/console if it exists [Garrett Holmstrom] 0.7.2: - add a debian watch file - add 'sudo' entry to ubuntu's default user (LP: #1080717) -- cgit v1.2.3