1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
|
# Copyright (C) 2012 Yahoo! Inc.
#
# Author: Joshua Harlow <harlowja@yahoo-inc.com>
#
# This file is part of cloud-init. See LICENSE file for license information.
"""Write Files: write arbitrary files"""
import base64
import os
from textwrap import dedent
from cloudinit import log as logging
from cloudinit import util
from cloudinit.config.schema import (
MetaSchema,
get_meta_doc,
validate_cloudconfig_schema,
)
from cloudinit.settings import PER_INSTANCE
frequency = PER_INSTANCE
DEFAULT_OWNER = "root:root"
DEFAULT_PERMS = 0o644
DEFAULT_DEFER = False
UNKNOWN_ENC = "text/plain"
LOG = logging.getLogger(__name__)
distros = ["all"]
# The schema definition for each cloud-config module is a strict contract for
# describing supported configuration parameters for each cloud-config section.
# It allows cloud-config to validate and alert users to invalid or ignored
# configuration options before actually attempting to deploy with said
# configuration.
supported_encoding_types = [
"gz",
"gzip",
"gz+base64",
"gzip+base64",
"gz+b64",
"gzip+b64",
"b64",
"base64",
]
meta: MetaSchema = {
"id": "cc_write_files",
"name": "Write Files",
"title": "write arbitrary files",
"description": dedent(
"""\
Write out arbitrary content to files, optionally setting permissions.
Parent folders in the path are created if absent.
Content can be specified in plain text or binary. Data encoded with
either base64 or binary gzip data can be specified and will be decoded
before being written. For empty file creation, content can be omitted.
.. note::
if multiline data is provided, care should be taken to ensure that it
follows yaml formatting standards. to specify binary data, use the yaml
option ``!!binary``
.. note::
Do not write files under /tmp during boot because of a race with
systemd-tmpfiles-clean that can cause temp files to get cleaned during
the early boot process. Use /run/somedir instead to avoid race
LP:1707222."""
),
"distros": distros,
"examples": [
dedent(
"""\
# Write out base64 encoded content to /etc/sysconfig/selinux
write_files:
- encoding: b64
content: CiMgVGhpcyBmaWxlIGNvbnRyb2xzIHRoZSBzdGF0ZSBvZiBTRUxpbnV4...
owner: root:root
path: /etc/sysconfig/selinux
permissions: '0644'
"""
),
dedent(
"""\
# Appending content to an existing file
write_files:
- content: |
15 * * * * root ship_logs
path: /etc/crontab
append: true
"""
),
dedent(
"""\
# Provide gziped binary content
write_files:
- encoding: gzip
content: !!binary |
H4sIAIDb/U8C/1NW1E/KzNMvzuBKTc7IV8hIzcnJVyjPL8pJ4QIA6N+MVxsAAAA=
path: /usr/bin/hello
permissions: '0755'
"""
),
dedent(
"""\
# Create an empty file on the system
write_files:
- path: /root/CLOUD_INIT_WAS_HERE
"""
),
dedent(
"""\
# Defer writing the file until after the package (Nginx) is
# installed and its user is created alongside
write_files:
- path: /etc/nginx/conf.d/example.com.conf
content: |
server {
server_name example.com;
listen 80;
root /var/www;
location / {
try_files $uri $uri/ $uri.html =404;
}
}
owner: 'nginx:nginx'
permissions: '0640'
defer: true
"""
),
],
"frequency": frequency,
}
schema = {
"type": "object",
"properties": {
"write_files": {
"type": "array",
"items": {
"type": "object",
"properties": {
"path": {
"type": "string",
"description": dedent(
"""\
Path of the file to which ``content`` is decoded
and written
"""
),
},
"content": {
"type": "string",
"default": "",
"description": dedent(
"""\
Optional content to write to the provided ``path``.
When content is present and encoding is not '%s',
decode the content prior to writing. Default:
**''**
"""
% UNKNOWN_ENC
),
},
"owner": {
"type": "string",
"default": DEFAULT_OWNER,
"description": dedent(
"""\
Optional owner:group to chown on the file. Default:
**{owner}**
""".format(
owner=DEFAULT_OWNER
)
),
},
"permissions": {
"type": "string",
"default": oct(DEFAULT_PERMS).replace("o", ""),
"description": dedent(
"""\
Optional file permissions to set on ``path``
represented as an octal string '0###'. Default:
**'{perms}'**
""".format(
perms=oct(DEFAULT_PERMS).replace("o", "")
)
),
},
"encoding": {
"type": "string",
"default": UNKNOWN_ENC,
"enum": supported_encoding_types,
"description": dedent(
"""\
Optional encoding type of the content. Default is
**text/plain** and no content decoding is
performed. Supported encoding types are:
%s."""
% ", ".join(supported_encoding_types)
),
},
"append": {
"type": "boolean",
"default": False,
"description": dedent(
"""\
Whether to append ``content`` to existing file if
``path`` exists. Default: **false**.
"""
),
},
"defer": {
"type": "boolean",
"default": DEFAULT_DEFER,
"description": dedent(
"""\
Defer writing the file until 'final' stage, after
users were created, and packages were installed.
Default: **{defer}**.
""".format(
defer=DEFAULT_DEFER
)
),
},
},
"required": ["path"],
"additionalProperties": False,
},
}
},
}
__doc__ = get_meta_doc(meta, schema) # Supplement python help()
def handle(name, cfg, _cloud, log, _args):
validate_cloudconfig_schema(cfg, schema)
file_list = cfg.get("write_files", [])
filtered_files = [
f
for f in file_list
if not util.get_cfg_option_bool(f, "defer", DEFAULT_DEFER)
]
if not filtered_files:
log.debug(
"Skipping module named %s,"
" no/empty 'write_files' key in configuration",
name,
)
return
write_files(name, filtered_files)
def canonicalize_extraction(encoding_type):
if not encoding_type:
encoding_type = ""
encoding_type = encoding_type.lower().strip()
if encoding_type in ["gz", "gzip"]:
return ["application/x-gzip"]
if encoding_type in ["gz+base64", "gzip+base64", "gz+b64", "gzip+b64"]:
return ["application/base64", "application/x-gzip"]
# Yaml already encodes binary data as base64 if it is given to the
# yaml file as binary, so those will be automatically decoded for you.
# But the above b64 is just for people that are more 'comfortable'
# specifing it manually (which might be a possiblity)
if encoding_type in ["b64", "base64"]:
return ["application/base64"]
if encoding_type:
LOG.warning(
"Unknown encoding type %s, assuming %s", encoding_type, UNKNOWN_ENC
)
return [UNKNOWN_ENC]
def write_files(name, files):
if not files:
return
for (i, f_info) in enumerate(files):
path = f_info.get("path")
if not path:
LOG.warning(
"No path provided to write for entry %s in module %s",
i + 1,
name,
)
continue
path = os.path.abspath(path)
extractions = canonicalize_extraction(f_info.get("encoding"))
contents = extract_contents(f_info.get("content", ""), extractions)
(u, g) = util.extract_usergroup(f_info.get("owner", DEFAULT_OWNER))
perms = decode_perms(f_info.get("permissions"), DEFAULT_PERMS)
omode = "ab" if util.get_cfg_option_bool(f_info, "append") else "wb"
util.write_file(path, contents, omode=omode, mode=perms)
util.chownbyname(path, u, g)
def decode_perms(perm, default):
if perm is None:
return default
try:
if isinstance(perm, (int, float)):
# Just 'downcast' it (if a float)
return int(perm)
else:
# Force to string and try octal conversion
return int(str(perm), 8)
except (TypeError, ValueError):
reps = []
for r in (perm, default):
try:
reps.append("%o" % r)
except TypeError:
reps.append("%r" % r)
LOG.warning("Undecodable permissions %s, returning default %s", *reps)
return default
def extract_contents(contents, extraction_types):
result = contents
for t in extraction_types:
if t == "application/x-gzip":
result = util.decomp_gzip(result, quiet=False, decode=False)
elif t == "application/base64":
result = base64.b64decode(result)
elif t == UNKNOWN_ENC:
pass
return result
# vi: ts=4 expandtab
|
