diff options
author | Scott Moser <smoser@brickies.net> | 2017-01-10 11:25:27 -0500 |
---|---|---|
committer | Scott Moser <smoser@brickies.net> | 2017-01-10 11:25:27 -0500 |
commit | 670cd160f43cd4d2ff32d03515926a019c966fb8 (patch) | |
tree | e1c807cae509cb7127805bd21ebc50f142c31e1d | |
parent | 0c1398edee59a80da08c7262c7fc7981ac0ba488 (diff) | |
download | cloud-init-git-670cd160f43cd4d2ff32d03515926a019c966fb8.tar.gz |
Import version 0.7.5-0ubuntu1.5ubuntu/0.7.5-0ubuntu1.5
Imported using git-import-dsc
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/patches/lp-1356855-fix-cloudstack-metadata.patch | 20 | ||||
-rw-r--r-- | debian/patches/lp-1422388-cloudstack-passwords.patch | 119 | ||||
-rw-r--r-- | debian/patches/series | 2 |
4 files changed, 148 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 0f8c9aeb..95bfb5d7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +cloud-init (0.7.5-0ubuntu1.5) trusty; urgency=medium + + * Backport support for fetching passwords in CloudStack (LP: #1422388). + * Fix CloudStack metadata retrieval (LP: #1356855). + + -- Daniel Watkins <daniel.watkins@canonical.com> Wed, 11 Mar 2015 10:57:10 -0600 + cloud-init (0.7.5-0ubuntu1.4) trusty; urgency=medium [ Ben Howard ] diff --git a/debian/patches/lp-1356855-fix-cloudstack-metadata.patch b/debian/patches/lp-1356855-fix-cloudstack-metadata.patch new file mode 100644 index 00000000..aafef7f0 --- /dev/null +++ b/debian/patches/lp-1356855-fix-cloudstack-metadata.patch @@ -0,0 +1,20 @@ +Description: Backport CloudStack metadata fix. + CloudStack requires a trailing slash for its EC2 "compatible" metadata + service. +Author: Daniel Watkins <daniel.watkins@canonical.com> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1356855 +Last-Update: 2015-02-25 + +--- cloud-init-0.7.5.orig/cloudinit/ec2_utils.py ++++ cloud-init-0.7.5/cloudinit/ec2_utils.py +@@ -166,7 +166,9 @@ def get_instance_metadata(api_version='l + metadata_address='http://169.254.169.254', + ssl_details=None, timeout=5, retries=5): + md_url = url_helper.combine_url(metadata_address, api_version) +- md_url = url_helper.combine_url(md_url, 'meta-data') ++ # Note, 'meta-data' explicitly has trailing /. ++ # this is required for CloudStack (LP: #1356855) ++ md_url = url_helper.combine_url(md_url, 'meta-data/') + caller = functools.partial(util.read_file_or_url, + ssl_details=ssl_details, timeout=timeout, + retries=retries) diff --git a/debian/patches/lp-1422388-cloudstack-passwords.patch b/debian/patches/lp-1422388-cloudstack-passwords.patch new file mode 100644 index 00000000..cf960212 --- /dev/null +++ b/debian/patches/lp-1422388-cloudstack-passwords.patch @@ -0,0 +1,119 @@ +Description: Backport CloudStack password support. +Author: Daniel Watkins <daniel.watkins@canonical.com> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1422388 +Last-Update: 2015-02-25 + +--- a/cloudinit/sources/DataSourceCloudStack.py ++++ b/cloudinit/sources/DataSourceCloudStack.py +@@ -27,6 +27,8 @@ + import os + import time + ++from six.moves import http_client ++ + from cloudinit import ec2_utils as ec2 + from cloudinit import log as logging + from cloudinit import sources +@@ -38,6 +40,54 @@ + LOG = logging.getLogger(__name__) + + ++class CloudStackPasswordServerClient(object): ++ """ ++ Implements password fetching from the CloudStack password server. ++ ++ http://cloudstack-administration.readthedocs.org/en/latest/templates.html#adding-password-management-to-your-templates ++ has documentation about the system. This implementation is following that ++ found at ++ https://github.com/shankerbalan/cloudstack-scripts/blob/master/cloud-set-guest-password-debian ++ ++ The CloudStack password server is, essentially, a broken HTTP ++ server. It requires us to provide a valid HTTP request (including a ++ DomU_Request header, which is the meat of the request), but just ++ writes the text of its response on to the socket, without a status ++ line or any HTTP headers. This makes HTTP libraries sad, which ++ explains the screwiness of the implementation of this class. ++ ++ This should be fixed in CloudStack by commit ++ a72f14ea9cb832faaac946b3cf9f56856b50142a in December 2014. ++ """ ++ ++ def __init__(self, virtual_router_address): ++ self.virtual_router_address = virtual_router_address ++ ++ def _do_request(self, domu_request): ++ # We have to provide a valid HTTP request, but a valid HTTP ++ # response is not returned. This means that getresponse() chokes, ++ # so we use the socket directly to read off the response. ++ # Because we're reading off the socket directly, we can't re-use the ++ # connection. ++ conn = http_client.HTTPConnection(self.virtual_router_address, 8080) ++ try: ++ conn.request('GET', '', headers={'DomU_Request': domu_request}) ++ conn.sock.settimeout(30) ++ output = conn.sock.recv(1024).decode('utf-8').strip() ++ finally: ++ conn.close() ++ return output ++ ++ def get_password(self): ++ password = self._do_request('send_my_password') ++ if password in ['', 'saved_password']: ++ return None ++ if password == 'bad_request': ++ raise RuntimeError('Error when attempting to fetch root password.') ++ self._do_request('saved_password') ++ return password ++ ++ + class DataSourceCloudStack(sources.DataSource): + def __init__(self, sys_cfg, distro, paths): + sources.DataSource.__init__(self, sys_cfg, distro, paths) +@@ -45,10 +95,11 @@ + # Cloudstack has its metadata/userdata URLs located at + # http://<virtual-router-ip>/latest/ + self.api_ver = 'latest' +- vr_addr = get_vr_address() +- if not vr_addr: ++ self.vr_addr = get_vr_address() ++ if not self.vr_addr: + raise RuntimeError("No virtual router found!") +- self.metadata_address = "http://%s/" % (vr_addr) ++ self.metadata_address = "http://%s/" % (self.vr_addr,) ++ self.cfg = {} + + def _get_url_settings(self): + mcfg = self.ds_cfg +@@ -92,6 +143,9 @@ + + return bool(url) + ++ def get_config_obj(self): ++ return self.cfg ++ + def get_data(self): + seed_ret = {} + if util.read_optional_seed(seed_ret, base=(self.seed_dir + "/")): +@@ -109,6 +163,22 @@ + self.metadata_address) + LOG.debug("Crawl of metadata service took %s seconds", + int(time.time() - start_time)) ++ password_client = CloudStackPasswordServerClient(self.vr_addr) ++ try: ++ set_password = password_client.get_password() ++ except Exception: ++ util.logexc(LOG, ++ 'Failed to fetch password from virtual router %s', ++ self.vr_addr) ++ else: ++ if set_password: ++ self.cfg = { ++ 'ssh_pwauth': True, ++ 'password': set_password, ++ 'chpasswd': { ++ 'expire': False, ++ }, ++ } + return True + except Exception: + util.logexc(LOG, 'Failed fetching from metadata service %s', diff --git a/debian/patches/series b/debian/patches/series index dd6aad96..d5b3ff16 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,5 @@ lp-1336855-grub_xvda.patch lp-1383794-gce-short_name.patch lp-1404311-gce-data_encoding.patch lp-1422919-azure-g5_ephemeral.patch +lp-1422388-cloudstack-passwords.patch +lp-1356855-fix-cloudstack-metadata.patch |