From 66490ebb92af59d148f79aae42a2eddc1ecedb7e Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Tue, 30 Jul 2013 14:23:10 -0400
Subject: add util.log_time helper

The reason for this is that more and more things I was wanting to be able to
see how long they took.  This puts that time logic into a single place.  It
also supports (by default) reading from /proc/uptime as the timing mechanism.

While that is almost certainly slower than time.time(), it does give
millisecond granularity and is not affected by 'ntpdate' having
run in between the two events.
---
 cloudinit/sources/DataSourceAzure.py | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'cloudinit/sources')

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 2f28702e..f906b8fa 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -138,13 +138,11 @@ class DataSourceAzureNet(sources.DataSource):
             bname = pk['fingerprint'] + ".crt"
             fp_files += [os.path.join(mycfg['data_dir'], bname)]
 
-        start = time.time()
-        missing = wait_for_files(wait_for + fp_files)
+        missing = util.log_time(logfunc=LOG.debug, msg="waiting for files",
+                                func=wait_for_files,
+                                args=(wait_for + fp_files,))
         if len(missing):
             LOG.warn("Did not find files, but going on: %s", missing)
-        else:
-            LOG.debug("waited %.3f seconds for %d files to appear",
-                      time.time() - start, len(wait_for))
 
         if shcfgxml in missing:
             LOG.warn("SharedConfig.xml missing, using static instance-id")
@@ -206,11 +204,11 @@ def apply_hostname_bounce(hostname, policy, interface, command,
         command = BOUNCE_COMMAND
 
     LOG.debug("pubhname: publishing hostname [%s]", msg)
-    start = time.time()
     shell = not isinstance(command, (list, tuple))
     # capture=False, see comments in bug 1202758 and bug 1206164.
-    (output, err) = util.subp(command, shell=shell, capture=False, env=env)
-    LOG.debug("publishing hostname took %.3f seconds", time.time() - start)
+    util.log_time(logfunc=LOG.debug, msg="publishing hostname",
+        func=util.subp, kwargs={'command': command, 'shell': shell,
+                                'capture': False, 'env': env})
 
 
 def crtfile_to_pubkey(fname):
-- 
cgit v1.2.3


From 0ca150b08433fbc57e10d599a46e300142c955c5 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Tue, 30 Jul 2013 14:28:09 -0400
Subject: set reading /proc/uptime to false by default.

reading /proc/uptime is going to be slower, and no reason to do it on most
things.  Better to only do it when you suspect maybe a need for it.
---
 bin/cloud-init                       | 5 ++---
 cloudinit/sources/DataSourceAzure.py | 5 +++--
 cloudinit/util.py                    | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'cloudinit/sources')

diff --git a/bin/cloud-init b/bin/cloud-init
index bd9ddc04..b4f9fd07 100755
--- a/bin/cloud-init
+++ b/bin/cloud-init
@@ -503,9 +503,8 @@ def main():
 
     (name, functor) = args.action
 
-    return util.log_time(logfunc=LOG.debug,
-                         msg="cloud-init mode '%s'" % name, uptime=True,
-                         func=functor, args=(name, args))
+    return util.log_time(logfunc=LOG.debug, msg="cloud-init mode '%s'" % name,
+                         get_uptime=True, func=functor, args=(name, args))
 
 
 if __name__ == '__main__':
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index f906b8fa..1a74de21 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -207,8 +207,9 @@ def apply_hostname_bounce(hostname, policy, interface, command,
     shell = not isinstance(command, (list, tuple))
     # capture=False, see comments in bug 1202758 and bug 1206164.
     util.log_time(logfunc=LOG.debug, msg="publishing hostname",
-        func=util.subp, kwargs={'command': command, 'shell': shell,
-                                'capture': False, 'env': env})
+        get_uptime=True, func=util.subp,
+        kwargs={'command': command, 'shell': shell, 'capture': False,
+                'env': env})
 
 
 def crtfile_to_pubkey(fname):
diff --git a/cloudinit/util.py b/cloudinit/util.py
index b0eb56e6..4a74ba57 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -1772,7 +1772,7 @@ def which(program):
     return None
 
 
-def log_time(logfunc, msg, func, args=None, kwargs=None, get_uptime=True):
+def log_time(logfunc, msg, func, args=None, kwargs=None, get_uptime=False):
     if args is None:
         args = []
     if kwargs is None:
-- 
cgit v1.2.3


From e668da729a0f9cd5d93d909a9b44d74cf6925dd5 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Thu, 15 Aug 2013 13:16:01 -0400
Subject: do not set 'password', but set 'passwd' to crypt'd value

'password' was the wrong key.  It should have been setting the default
user's "plain_text_password".

Instead of doing that, though, we're encrypting the value and putting it in
'passwd', which will then be passed on to useradd.  The key value in doing
this is that the plain text password will not be stored in obj.pkl.

(admittedly it is still in plain text in the ovf-env.xml file).
---
 cloudinit/sources/DataSourceAzure.py          |  7 ++++++-
 tests/unittests/test_datasource/test_azure.py | 11 ++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

(limited to 'cloudinit/sources')

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 1a74de21..7ec622bf 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -17,6 +17,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import base64
+import crypt
 import os
 import os.path
 import time
@@ -424,7 +425,7 @@ def read_azure_ovf(contents):
     if username:
         defuser['name'] = username
     if password:
-        defuser['password'] = password
+        defuser['passwd'] = encrypt_pass(password)
         defuser['lock_passwd'] = False
 
     if defuser:
@@ -436,6 +437,10 @@ def read_azure_ovf(contents):
     return (md, ud, cfg)
 
 
+def encrypt_pass(password, salt_id="$6$"):
+    return crypt.crypt(password, salt_id + util.rand_str(strlen=16))
+
+
 def list_possible_azure_ds_devs():
     # return a sorted list of devices that might have a azure datasource
     devlist = []
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
index 06f8a5d2..1ca6a79d 100644
--- a/tests/unittests/test_datasource/test_azure.py
+++ b/tests/unittests/test_datasource/test_azure.py
@@ -2,6 +2,7 @@ from cloudinit import helpers
 from cloudinit.sources import DataSourceAzure
 from tests.unittests.helpers import populate_dir
 
+import crypt
 import base64
 from mocker import MockerTestCase
 import os
@@ -207,11 +208,15 @@ class TestAzureDataSource(MockerTestCase):
         self.assertTrue('default_user' in dsrc.cfg['system_info'])
         defuser = dsrc.cfg['system_info']['default_user']
 
-        # default user shoudl be updated for password and username
-        # and should not be locked.
+        # default user should be updated username and should not be locked.
         self.assertEqual(defuser['name'], odata['UserName'])
-        self.assertEqual(defuser['password'], odata['UserPassword'])
         self.assertFalse(defuser['lock_passwd'])
+        # passwd is crypt formated string $id$salt$encrypted
+        # encrypting plaintext with salt value of everything up to final '$'
+        # should equal that after the '$'
+        pos = defuser['passwd'].rfind("$") + 1
+        self.assertEqual(defuser['passwd'],
+            crypt.crypt(odata['UserPassword'], defuser['passwd'][0:pos]))
 
     def test_userdata_found(self):
         mydata = "FOOBAR"
-- 
cgit v1.2.3