From 4050105c1cfb100e6b93c56a74ecd2fe29d87608 Mon Sep 17 00:00:00 2001 From: Garrett Holmstrom Date: Fri, 20 Sep 2013 16:04:49 -0700 Subject: Some containers lack /dev/console, so when multi_log attempts to open that device and write to it directly things can start going haywire. Here we address this problem by sending console-bound output to stdout and letting init take care of getting it to the console instead. We already configure upstart with "console output", so we need only change systemd to use "journal+console". --- cloudinit/util.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'cloudinit') diff --git a/cloudinit/util.py b/cloudinit/util.py index d50d3e18..02890448 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -360,11 +360,11 @@ def multi_log(text, console=True, stderr=True, if stderr: sys.stderr.write(text) if console: - # Don't use the write_file since - # this might be 'sensitive' info (not debug worthy?) - with open('/dev/console', 'wb') as wfh: - wfh.write(text) - wfh.flush() + # Some containers lack /dev/console, so we send output to + # stdout and configure upstart with "console output" and + # systemd with "journal+console" and let them take care of + # getting output to the console. + print text if log: if text[-1] == "\n": log.log(log_level, text[:-1]) -- cgit v1.2.3 From 0b9e965096d0cfb20284c587262945c8599ea4a3 Mon Sep 17 00:00:00 2001 From: Garrett Holmstrom Date: Fri, 20 Sep 2013 16:34:41 -0700 Subject: When selinux is completely disabled functions like restorecon raise exceptions, causing nasty things to happen on instances that boot with selinux=0. The fix is easy: simply consult is_selinux_enabled() first. --- cloudinit/util.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'cloudinit') diff --git a/cloudinit/util.py b/cloudinit/util.py index d50d3e18..deac8c8d 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -161,13 +161,13 @@ class SeLinuxGuard(object): self.recursive = recursive def __enter__(self): - if self.selinux: + if self.selinux and self.selinux.is_selinux_enabled(): return True else: return False def __exit__(self, excp_type, excp_value, excp_traceback): - if self.selinux: + if self.selinux and self.selinux.is_selinux_enabled(): path = os.path.realpath(os.path.expanduser(self.path)) do_restore = False try: -- cgit v1.2.3 From 8827040ad3fdb951a38e39f73cf11fd73b17873f Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 13:51:52 -0400 Subject: cc_final_message: write to log debug also --- cloudinit/config/cc_final_message.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cloudinit') diff --git a/cloudinit/config/cc_final_message.py b/cloudinit/config/cc_final_message.py index 6b864fda..e92cba4a 100644 --- a/cloudinit/config/cc_final_message.py +++ b/cloudinit/config/cc_final_message.py @@ -54,7 +54,7 @@ def handle(_name, cfg, cloud, log, args): 'datasource': str(cloud.datasource), } util.multi_log("%s\n" % (templater.render_string(msg_in, subs)), - console=False, stderr=True) + console=False, stderr=True, log=log) except Exception: util.logexc(log, "Failed to render final message template") -- cgit v1.2.3 From f0e1bf38a2b943d27c8fe20724799b2e552e7adc Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 14:52:30 -0400 Subject: instead of just writing to stdout, write to stdout if no /dev/console --- cloudinit/util.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'cloudinit') diff --git a/cloudinit/util.py b/cloudinit/util.py index 02890448..89307aa5 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -360,11 +360,21 @@ def multi_log(text, console=True, stderr=True, if stderr: sys.stderr.write(text) if console: - # Some containers lack /dev/console, so we send output to - # stdout and configure upstart with "console output" and - # systemd with "journal+console" and let them take care of - # getting output to the console. - print text + conpath = "/dev/console" + if os.path.exists(conpath): + with open(conpath, 'wb') as wfh: + wfh.write(text) + wfh.flush() + else: + # A container may lack /dev/console (arguably a container bug). If + # it does not exist, then write output to stdout. this will result + # in duplicate stderr and stdout messages if stderr was True. + # + # even though upstart or systemd might have set up output to go to + # /dev/console, the user may have configured elsewhere via + # cloud-config 'output'. If there is /dev/console, messages will + # still get there. + sys.stdout.write(text) if log: if text[-1] == "\n": log.log(log_level, text[:-1]) -- cgit v1.2.3 From c674737a5df96ef23826b6fc0e4a9bf2f70712c9 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Wed, 25 Sep 2013 14:59:06 -0400 Subject: add '\n' to no key fingerprint warning --- cloudinit/config/cc_ssh_authkey_fingerprints.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cloudinit') diff --git a/cloudinit/config/cc_ssh_authkey_fingerprints.py b/cloudinit/config/cc_ssh_authkey_fingerprints.py index c38bcea2..be8083db 100644 --- a/cloudinit/config/cc_ssh_authkey_fingerprints.py +++ b/cloudinit/config/cc_ssh_authkey_fingerprints.py @@ -63,7 +63,7 @@ def _is_printable_key(entry): def _pprint_key_entries(user, key_fn, key_entries, hash_meth='md5', prefix='ci-info: '): if not key_entries: - message = ("%sno authorized ssh keys fingerprints found for user %s." + message = ("%sno authorized ssh keys fingerprints found for user %s.\n" % (prefix, user)) util.multi_log(message) return -- cgit v1.2.3