| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
| |
Signed-off-by: Jacob Salmela <jacob.salmela@hpe.com>
|
|
|
|
|
|
|
|
|
| |
this FreeBSD specific resizer resizes the root partition and grows the
Filesystem all in one.
All we have to do is call ``service growfs onestart``
Document behaviour: especially that growfs will insert a swap partition
if none is present, unless instructed otherwise.
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix cloud-init schema --system being unable to find merged
userdata stored at /var/lib/cloud/instance/cloud_config.txt.
Init.paths.get_ipath only has visibility to merged cloud config in
/var/lib/cloud/<instance_id>/cloud-config.txt after fetching the
existing cached datasource which provides instance-id from metadata
in order to determine the unique instance-id which represents the
path to the cloud-config.txt.
To support reuse of read_cfg_paths helper function, add an optional
parameter fetch_existing_datasource which indicates whether reading
the existing datasource is necessary for this helper function.
cloud-init schema --system calls read_cfg_paths providing
fetch_existing_datasource="trust" prior to calls to
paths.get_ipath().
|
|
|
|
|
|
|
| |
The code is already in the Dragonfly path, we just need to use it.
LP: #2016350
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#2142)
DSA and ED25519 key types are not supported when FIPS is enabled in crypto.
Check if FIPS has been enabled on the system and if so, do not generate those
key types. Presently the check is only available on Linux systems.
LP: 2017761
RHBZ: 2187164
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The CLI cloud-init schema now asserts that the leading header comment in user-data files is a valid user-data type. Raise an informative error otherwise about valid user-data types.
For user-data files declared with '## template: jinja', render those files first sourcing jinja variables from /run/cloud-init/instance-data.json or a new --instance-data parameter.
Once the jinja template is rendered, validate schema of the resulting #cloud-config user-data.
This branch also ensures any errors and deprecation warnings are unique.
LP: #1881925
|
|
|
|
|
|
|
|
| |
When defining json schema in a63f45f7, we were a bit too strict by
setting `minItems: 1` on the `users:` list.
This schema definition regressed the ability to prevent default_user
creation with user-data. Remove that schema constraint because the
code already supports this case.
|
|
|
|
|
|
|
|
| |
Cloud-init's host key generation mimics that of sshd-keygen.
It used to generate 640 permissions, but going forward it
should be 600. Check sshd version to set the permissions
appropriately.
LP: #2011291
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Daily PPA builds were crashing due to
refactor: stop passing log instances to cc_* handlers (#2016).
When dropping the logger argument, the tuple became a list which
then gets expanded in the call to do_resize() and crashes.
```
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/cloudinit/config/modules.py", line 257, in _run_modules
run_name, mod.handle, func_args, freq=freq
File "/usr/lib/python3/dist-packages/cloudinit/cloud.py", line 67, in run
return self._runners.run(name, functor, args, freq, clear_on_fail)
File "/usr/lib/python3/dist-packages/cloudinit/helpers.py", line 172, in run
results = functor(**args)
File "/usr/lib/python3/dist-packages/cloudinit/config/cc_resizefs.py", line 309, in handle
args=(resize_cmd),
File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 2722, in log_time
ret = func(*args, **kwargs)
TypeError: do_resize() takes 1 positional argument but 2 were given
```
Restore args as a tuple.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only set additionalProperties = False on draft4 schema
definition in jsonschema 3.0 or greater
because cloud-init globally registers its draft4 extensions
as the primary validator for any draft4-based schemas in
the same python process.
This affects solutions such as subiquity and
ubuntu-desktop-installer which invoke jsonschema.validate
in the same process at runtime just after calling
cloudinit.schema.get_jsonschema_validator.
The resulting Tracebacks are seen as something like:
jsonschema.exceptions.SchemaError:
{'$ref': '#/definitions/ref_id'} is not valid under any of the
given schema
Background:
cloud-init needs to extend draft4 schema to better
validate and warn 'deprecated' properties in draft4-based
cloud-init schema definitions. Our unittests also attempt
to strictly validate any meta schema definitions for the
cc_* config modules.
To accomplish strict meta schema validation cloud-init makes
a copy of the draft4 meta schema and adds an
'additionalProperties' = True to that schema to raise specific
errors and catch typos in cc_ module schema definitions.
Given that cloud-init at runtime extends and registers
a draft4 schema validator, any external consumers
of jsonschema.validate with draft4-base schemas are
exposed to cloud-init's validator so let's limit our risk
exposure.
For python 2.6.0, we cannot specify make draft4 schema
strict because any "$ref" keys are not yet resolved
to their actual #/defintions/<id> values so the traceback above
will always be generated in 'strict' mode for complex schemas.
This does not affect jsonschema 3.0+ which appears to resolve
schema $refs values before schema validation.
|
|
|
|
| |
Use the module level Log instances instead of passing log instances
to the cc_* handlers
|
|
|
|
|
| |
Fedora wasn't previously supported for CA handling. Enabling this
allows the testsuite to pass when ran on a Fedora system. The conf
override is the same as for rhel.
|
|
|
|
|
| |
Complete the examples that the suggested code work.
The examples in this script are not correct and should be adjusted accordingly.
|
|
|
|
|
|
|
|
|
| |
Currently if a cert file doesn't exist, cc_ca_certs module crashes
This fix makes it possible to handle it gracefully.
Also, out_lines variable may not be available if os.stat returns 0.
This issue is also taken care of.
Added tests for the same.
|
|
|
|
| |
- remove too broad exceptions
- ignore dynamic base types in templater
|
|
|
| |
Co-authored-by: s-makin <sally.makin@canonical.com>
|
|
|
|
|
|
|
|
| |
On Debian and Ubuntu based systems the cc_grub_dpkg module
handles the needed change of the disk device name / path between
the pre created image and the real hardware system.
Currently it seems only BIOS mode is supported. This adds UEFI support as
well to change the configuration keys for UEFI.
|
| |
|
|
|
|
| |
- Use log_time context manager to wrap log UA-API calls
- Add a log msg pointing to UA logs
|
|
|
|
|
| |
- Add deprecation log level
- Add deprecation utilities for structured format and messaging
- Update existing deprecation log sites, add deprecated versions
|
|
|
|
|
|
|
|
| |
CA handling in the configuration module was previously not supported
for SUSE based distros. Enable this functionality by creating the
necessary configuration settings.
Secondly update the test such that it does not bleed through to the
test system.
|
|
|
|
|
|
| |
openSUSE/SUSE has distros that use read only root and btrfs. To update
a running system in such a setup the transactional-update command
needs to be used. This change implements support for use of the
transactional-update commend when appropriate.
|
|
|
|
|
|
|
| |
The parent directory would be created automatically if it does not exist. But the ownership of newly-created parent directory would always be root.
With this change, it would be set the same as `owner`.
LP: #1990513
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the distro selection code to recognize opensuse-microos as a SUSE
based distribution.
Also in this commit:
* unittest mock OpenNebula of pwd.getpwnam to avoid test leaks on SuSE
* tooling fixes to build and test opensuse
- read-dependencies fix jinja2 and PyYAML pkg aliases for opensuse
- Consolidate package operations based on OS family instead of
distro flavor to cut down on duplication of command definitions.
- format read-dependencies and run-container with black
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
docs: deprecation version generation support
schema: Add the following metadata keys:
- changed_version
- deprecated_version
- new_version
- changed_description
- new_description
- deprecation_description
- changed
- new
Generate formatted docs from this new metadata.
Update current descriptions containing unstructured data.
Switch current deprecation from a date to deprecated version.
Ensure changed/new/deprecated keys have associated version keys.
|
|
|
| |
LP: #1999164
|
|
|
|
|
| |
When annotating a schema, we should print "Valid cloud-config" along
with the filename if a file has been used rather than just the config
type.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change "ca-certs" references to "ca_certs".
New certificates are written to individual files, with an incrementing
number as part of their filename, rather than all being placed in a
single file. This resolves issues caused when certificate files
containing more than a single certificate are placed in /etc/ssl/certs
(by utilities such as "update-ca-certificates" run by ca_certs).
Alpine / Debian / Ubuntu:
The current behaviour, whilst it works, is incorrect with regard to
the design of the underlying OS utilities for managing certificates.
For "remove_defaults" the system-installed certificate files should not
be actually deleted (otherwise it becomes problematic if someone wishes
to later re-enable one or more of them), rather they should be
deactivated and these OSes already provide the means to do so - this MR
modifies the certificate entries in the /etc/ca-certificates.conf file
by prefixing them with "!" - when the update-ca-certificate utility is
then run it will *not* place such delimited certificates into either the
/etc/ssl/certs/ directory (via symlinks) nor add them to the
(re)generated certificates bundle file.
Additionally it is incorrect for added certificates to be placed in the
/usr/share/ca-certificates directory - this location is intended for
standard/"official" certificates, the /usr/local/share/ca-certificates
directory is intended for "local" or "site-specific" certificates and so
this PR adds them there instead - for certs in
/usr/local/share/ca-certificates the update-ca-certificates utility will
automatically use them, there is *no* need to add their filenames to the
/etc/ca-certificates.conf file.
LP: #1931174
|
|
|
|
|
|
|
| |
This writes a byte string to the device instead of a string when
purging the partition table.
Essentially, this will prevent the error "a bytes-like object is
required, not 'str'" from happening.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cloud-init schema --annotate now walks any valid
user-data, vendor-data and vendor2-data to report
whether any of these cloud-config files provide invalid
or deprecated schema values.
Also, fix a bug in nested mapping annotations to
properly report the full nested indexed schema path.
The following now can be annotated without KeyErrors:
users:
- default
- lock-passwd: false
name: root
|
|
|
| |
LP #2004599
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cc_puppet: Update puppet service name to puppet-agent
From Lunar, we see that the default puppet version is 7.20
which replaces `puppet.service` with `puppet-agent.service`.
Thus, we need to have a way of calling the appropriate
service depending on the distribution of puppet installed.
Attempt to install, start or enable puppet-agent first and fallback
to puppet.
Log warnings if neither preferred package names exist or if the
package_name in user-data is not able to be configured.
LP: #2002969
|
|
|
|
| |
- Add stronger warnings for resolv_conf module.
- Add link to lxd network config docs.
|
|
|
|
|
| |
On Bionic in GCE, when restarting ssh, it's not uncommon to see a
traceback with `ssh.service is not active, cannot reload.`. Instead log
a warning.
|
|
|
|
|
|
|
|
|
| |
If the host-keys are provided the private key permissions have 0600
which is indeed correct. But the public key has 0600 which should
instead be 0644.
With this change the public key is always 0644 and the private key
is 0600 if provided or 640 if generated (to match sshd-keygen
functionality).
|
|
|
|
|
|
|
|
| |
If the file exists but is empty, do nothing.
Otherwise cloud-init will crash because it does not handle the empty file.
RHBZ: 2140893
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
|
|
| |
Missed a .strip() in the implementation
|
|
|
| |
In #1909, I added a subp call with incorrect syntax. Fixing that here.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Diataxis overhaul and style review
Introduces the Diataxis[1] framework including:
- Created Diataxis folders
- Moved all content to correct folders
- Updated index page with Diataxis sections
- Brought LHS nav bar into line with Diataxis
- Brought all docs in line with Ubuntu style guide
Additional minor/housekeeping changes:
- Added anchor tags/updated others
- Moved how-to content out of FAQ page (created new pages)
- Decorated various elements with tags (see below)
- Acronyms capitalised (and expanded on first showing if poss)
- All headings now sentence case
- Styling on all pages now self-consistent with each other
- Some minor edits to language, mostly for clarity
- Lists presented with headings in boldface changed to subheadings
- (to make use of RHS navigation bar for user convenience)
I also addressed inconsistencies in formatting and language.
I'm aware that some of these changes may need to be reverted or
changed to something else, so if I've made any errors in
judgement through lack of knowledge, please lmk (or if there are
overdue changes you want to make now while I'm doing it).
I have decorated files/paths with the :file: rST tag, obvious commands
with :command:, keyboard shortcuts with :kbd: and references to UI
elements with :guilabel: - the default styling may not be ideal,
but with the tags in place it can be edited en-masse through the
style files so the text elements display as expected.
There is an :abbr: tag that theoretically works like the hoverxref
package, but the default styling makes it hard to read the text so
I have not used it. There are similar tags for Python elements but
I haven't used them either, due to unfamiliarity with the base code.
[1] https://diataxis.fr/
|
|
|
|
|
|
|
| |
If the service starts between checking status and writing config, then
the new config will no longer be applied. Move the status checking later
so the config is already written before we check if restart needed.
LP: #1998526
|
|
|
|
|
| |
When starting `wg-quick` service of an already configured system due to meta-data changed,
changes in Wireguard config won't be loaded as the service already runs during cloud-init config
section. Restart `wg-quick` systemd service to fix this behavior and improve idempotency.
|
|
|
|
|
|
|
|
|
|
|
|
| |
btrfs has operations that are blocking and when we try to resize a btrfs
filesystem we may be in a race condition with blocking operations. Use the
enqueue feature introduced in btrfs 5.10 to queue our resize request until
resize if possible.
Before this commit, hitting this race would cause the command to
immediately fail. With this change, the resize is queued and the command
blocks until resize has completed (event driven, with a poll loop of 1m).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the creation of single partitions on MBR devices. Currently this
fails with the following debug output:
cc_disk_setup.py[DEBUG]: Calculating partition layout
cc_disk_setup.py[DEBUG]: Layout is: 0,
cc_disk_setup.py[DEBUG]: Creating partition table on /dev/sdb
subp.py[DEBUG]: Running command ['/sbin/sfdisk', '--Linux', '--unit=S',
'--force', '/dev/sdb'] with allowed return codes [0] (shell=False,
capture=True)
util.py[DEBUG]: Creating partition on /dev/sdb took 0.237 seconds
util.py[WARNING]: Failed partitioning operation
Failed to partition device /dev/sdb
Unexpected error while running command.
Command: ['/sbin/sfdisk/', '--Linux', '--unit=S', '--force', '/dev/sdb']
Exit code: 1
Reason: -
Stdout: Checking that no-one is using this disk right now ... OK
Disk /dev/sdb: 16 MiB, 16777216 bytes, 32768 sectors
Disk model: HARDDISK
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
>>> Created a new DOS disklabel with disk identifier 0xb3604c9a.
/dev/sdb1: Leaving.
Stderr: sfdisk: --Linux option is unnecessary and deprecated
Start sector 0 out of range.
Failed to add #1 partition: Result not representable
util.py[DEBUG]: Failed partitioning operation
On a BIOS/MBR partitioned device the 1st partition cannot start at sector
0 as this is reserved for the MBR.
Documentation clarifications/corrections and additional examples added.
Also remove "--Linux" and "--unit=S" options from sfdisk calls, these
options have been deprecated since October 2014.
Note: This is not a change of behavior because the change provoking
the error was introduced in util-linux 2.26 in Xenial. Thus, every
supported cloud-init version fails.
LP: #1851438
|
| |
|
|
|
| |
Add test and support for parsing IEC prefix format.
|
| |
|
|
|
|
|
|
|
|
| |
Ensure Pro instances are detached before the test run and
that the test only runs on LTS releases.
As ua.UserFacingError is not properly converted to str,
manually pick its msg to provide the user a more informative
logging msg.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When testing cc_disk_setup it failed with the following error:
Unexpected error while running command.
Command: ['/sbin/mkfs.ext4', '/dev/sdc1', '-L', 'disk3-fs2']
Exit code: 1
Reason: -
Stdout:
Stderr: mke2fs 1.46.5 (30-Dec-2021)
mkfs.ext4: invalid blocks '-L' on device '/dev/sdc1'
The manpages for mkfs.ext4, mkfs.xfs, and mkswap all indicate that
options should be passed *before* the device name but cc_disk_setup
passed them after the device name - in the case of mkfx.ext4 a
"fs-size" can be passed after the device and that is what the
"-L disk3-fs2" option is being misintepreted as.
This PR ensures that the device name is passed last. The underlying
issue appears to be due to a different in behaviour between glibc and
musl where glibc "helps" applications by re-ordered command-line
parameters by musl does not[1] as it sticks to POSIX spec.
This PR also modifies 2 testcases to cater for this change in the code,
adds a note to disk_setup to clarify that when creating a swap partition
a fs_entry also needs to be specified so that mkswap is run, adds to the
examples how to specify a non-default partition type (i.e. for swap),
and modifies the description for disk_setup to clarify this.
[1] https://wiki.musl-libc.org/functional-differences-from-glibc.html#Miscellaneous_functions_with_GNU_quirks
|