| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
| |
As we do not support python2 anymore, we can remove those 8 chars.
|
| |
|
|
|
|
|
|
|
|
|
| |
typing: Type UrlResponse.contents
As requests.Response.contents returns always an instance of bytes,
type UrlResponse.contents accordingly.
This change undercovered an incorrect typing in
sources/helpers/azure, that was hidden because
ElementTree.fromstring accepts str and bytes.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the case that the url content does not start with
`#cloud-config`, avoid downloading the full content.
Add deprecated logs to prefer `cloud-config-url` over
`url` on the kernel command line.
Restructure and link kernel command line docs to
instance-data docs.
Add some typing.
LP: #1937319
|
| |
|
|
|
|
|
|
|
| |
- Add types to let mypy pass.
- Add mypy flags:
- detect unused ignores
- redundant casts
- Drop support of `ConfigParser` in Python 2
- Harden DataSourceLXD.network_config
- Convert old-style commented types to proper types.
|
| |
|
|
| |
All exceptions thrown from futures in dual_stack()
should be logged for debugging purposes.
|
| |
|
|
|
|
|
|
|
| |
- add support for parallel http(s) requests to wait_for_url()
- implementation based loosely on RFC6555: "Happy Eyeballs" [1]
- update ec2 datasource to support dual-stack ipv6/ipv4
- only "nitro" instances have ipv6 IMDS, favor ipv4 initially
- replace httpretty with responses for ec2 tests
[1] https://datatracker.ietf.org/doc/html/rfc6555
|
| |
|
|
|
|
|
| |
It may be useful to configure connection timeout and read timeout
separately. Update readurl() to accept a tuple that is supported
by python requests to configure both.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two issues with IMDS retries:
1. IMDS_VER_WANT will never be attempted if retries=0, such as
when fetching network metadata with infinite=True.
2. get_imds_data_with_api_fallback() will attempt one request with
IMDS_VER_WANT. If the connection fails due to a timeout, connection
issue, or error code other than 400, an empty dictionary will be
returned without attempting the requested number of retries.
This PR:
- Updates get_imds_data_with_api_fallback() to invoke
get_metadata_from_imds() with the specified retries and infinite
parameters.
- Updates retry_on_url_exc to take a configurable set of HTTP error
codes and exception types to retry on.
- Add IMDS_RETRY_CODES set to retry with when fetching data from IMDS:
- 404 not found (yet)
- 410 gone / unavailable (yet)
- 429 rate-limited/throttled
- 500 server error
- Replace default callback with imds_readurl_exception_callback,
which configures retry_on_url_exc() with these error codes and
instances.
- Add new pytests for IMDS to eventually replace the unittest
equivalents and improve existing coverage.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
| |
|
|
|
|
|
| |
Raise runtime errors for unhandled cases which would cause other
exceptions. Ignore types for a few cases where a non-trivial
refactor would be required to prevent the warning.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
| |
distutils is getting deprecated soon. Let's replace it with suggested
alternatives as suggested in:
https://www.python.org/dev/peps/pep-0632/
Remove `requests` version check and related code from url_helper.py
as the versions specified are old enough to no longer be relevant.
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
| |
|
|
|
| |
Applied Black and isort, fixed any linting issues, updated tox.ini
and CI.
|
| |
|
|
|
|
| |
Changes:
tox: bump the pylint version to 2.6.0 in the default run
Fix pylint 2.6.0 W0707 warnings (raise-missing-from)
|
| |
|
|
|
|
|
|
|
|
|
| |
Our header redact logic was redacting both logged request headers and
the actual source request. This results in DataSourceEc2 sending the
invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which
gets an HTTP status response of 400.
Cloud-init retries this failed token request for 2 minutes before
falling back to IMDSv1.
LP: #1865882
|
| |
|
|
|
|
|
|
|
| |
Instead of logging the token values used log the headers and replace the actual
values with the string 'REDACTED'. This allows users to examine cloud-init.log
and see that the IMDSv2 token header is being used but avoids leaving the value
used in the log file itself.
LP: #1863943
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* url_helper: drop six
* url_helper: sort imports
* log: drop six
* log: sort imports
* handlers/__init__: drop six
* handlers/__init__: sort imports
* user_data: drop six
* user_data: sort imports
* sources/__init__: drop six
* sources/__init__: sort imports
* DataSourceOVF: drop six
* DataSourceOVF: sort imports
* sources/helpers/openstack: drop six
* sources/helpers/openstack: sort imports
* mergers/m_str: drop six
This also allowed simplification of the logic, as we will never
encounter a non-string text type.
* type_utils: drop six
* mergers/m_dict: drop six
* mergers/m_list: drop six
* cmd/query: drop six
* mergers/__init__: drop six
* net/cmdline: drop six
* reporting/handlers: drop six
* reporting/handlers: sort imports
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Headers param was accidentally omitted and no longer passed through to
readurl due to a previous commit.
To avoid this omission of params in the future, drop positional param
definitions from read_file_or_url and pass all kwargs through to readurl
when we are not operating on a file.
In util:read_seeded, correct the case where invalid positional param
file_retries was being passed into read_file_or_url.
Also drop duplicated file:// prefix addition from read_seeded because
read_file_or_url does that work anyway.
LP: #1854084
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ec2: Add support for AWS IMDS v2 (session-oriented)
AWS now supports a new version of fetching Instance Metadata[1].
Update cloud-init's ec2 utility functions and update ec2 derived
datasources accordingly. For DataSourceEc2 (versus ec2-look-alikes)
cloud-init will issue the PUT request to obtain an API token for
the maximum lifetime and then all subsequent interactions with the
IMDS will include the token in the header.
If the API token endpoint is unreachable on Ec2 platform, log a
warning and fallback to using IMDS v1 and which does not use
session tokens when communicating with the Instance metadata
service.
We handle read errors, typically seen if the IMDS is beyond one
etwork hop (IMDSv2 responses have a ttl=1), by setting the api token
to a disabled value and then using IMDSv1 paths.
To support token-based headers, ec2_utils functions were updated
to support custom headers_cb and exception_cb callback functions
so Ec2 could store, or refresh API tokens in the event of token
becoming stale.
[1] https://docs.aws.amazon.com/AWSEC2/latest/ \
UserGuide/ec2-instance-metadata.html \
#instance-metadata-v2-how-it-works
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an empty publish_host_keys() method to the default datasource
that is called by cc_ssh.py. This feature can be controlled by the
'ssh_publish_hostkeys' config option. It is enabled by default but can
be disabled by setting 'enabled' to false. Also, a blacklist of key
types is supported.
In addition, this change implements ssh_publish_hostkeys() for the GCE
datasource, attempting to write the hostkeys to the instance's guest
attributes. Using these hostkeys for ssh connections is currently
supported by the alpha version of Google's 'gcloud' command-line tool.
(On Google Compute Engine, this feature will be enabled by setting the
'enable-guest-attributes' metadata key to 'true' for the
project/instance that you would like to use this feature for. When
connecting to the instance for the first time using 'gcloud compute ssh'
the hostkeys will be read from the guest attributes for the instance and
written to the user's local known_hosts file for Google Compute Engine
instances.)
|
| |
|
|
|
|
| |
Fixes:
- flake8: use ==/!= to compare str, bytes, and int literals
- pycodestyle: E117 over-indented
|
| |
|
|
|
|
|
|
|
| |
There is an infrequent race when the booting instance can hit the IMDS
service before it is fully available. This results in a
requests.ConnectTimeout being raised.
Azure's retry_callback logic now retries on either 404s or Timeouts.
LP:1800223
|
| |
|
|
|
|
|
|
|
| |
When reusing a preprovisioned VM, report ready to Azure fabric as soon as
we get the reprovision data and the goal state so that we are not delayed
by the cloud-init stage switch, saving 2-3 seconds. Also reduce logging
when polling IMDS for reprovision data.
LP: #1799594
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The result of a read_file_or_url on a file and on a url would differ
in behavior.
str(UrlResponse) would return UrlResponse.contents.decode('utf-8')
while
str(FileResponse) would return str(FileResponse.contents)
The difference being "b'foo'" versus "foo".
As part of the general goal of cleaning util, move read_file_or_url
into url_helper.
|
| |
|
|
|
| |
This enables warnings produced by pylint for unused variables (W0612),
and fixes the existing errors.
|
| |
|
|
|
|
|
|
|
|
|
| |
Reducing timeout to 1 second as IMDS responds within a handful
of milliseconds. Also get rid of max_retries to prevent exiting
out of polling loop early due to IMDS outage / upgrade.
Reduce Azure PreProvisioning HTTP timeouts during polling to
avoid waiting an extra minute.
LP: #1752977
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit e9e8616, there was an inversion of the logic of the
exception_cb return value meaning, breaking the (network) OpenStack
DataSource, which implemented exception_cb as should_retry_cb, returning
True when a retry should be done and False when the retry loop should
be broken and the exception reraised again immediately.
The OpenStack DS was the only user of this callback at the time and not
touched by the commit (nor did the commit message mention an intended
change), so this almost certainly happened by mistake.
These days, we have a second user of the callback in DataSourceScaleway.
It uses the new logic, so it needs change if we fix the meaning of the
return value.
This patch reverts the meaning of url_helper.read_url() execption_cb
to the old semantics. It updates the comment and adjusts the Scaleway
datasource.
The patch has been tested on Open Telekom Cloud (which uses the
OpenStack network Datasource) where previously a missing user_data
and network_data.json would be retried 6 times each despite them
not being present (they are optional!) and the server repsonding
with a correct 404. After the patch, boot times are 10s faster,
as we no longer pointlessly retry these files.
LP: #1702160
LP: #1298921
|
| |
|
|
|
|
|
|
| |
Just replace a couple things like:
if b > a and b < c:
with:
if a < b < c:
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change will enable azure vms to report provisioning has completed
twice, first to tell the fabric it has completed then a second time to
enable customer settings. The datasource for the second provisioning is
the Instance Metadata Service (IMDS),and the VM will poll indefinitely for
the new ovf-env.xml from IMDS.
This branch introduces EphemeralDHCPv4 which encapsulates common logic
used by both DataSourceEc2 an DataSourceAzure for temporary DHCP
interactions without side-effects.
LP: #1734991
|
| |
|
|
|
|
|
|
|
|
| |
oauth_headers is the only function which requires oauthlib, move the
import and ImportError handling inside this function to only attempt
loading at runtime if called. This will allow us to build on platforms
that don't have python-oauthlib installed by default. Add simple unittests
around the missing oauthlib dependencies to make sure the function
performs as intended and raises and NotImplementedError if oauthlib can't
be imported.
|
| |
|
|
|
|
|
|
|
| |
We are unable to ship python-oauthlib in RHEL. This commit allows
imports of url_helper to succeed even when oauthlib is unavailable
and OauthUrlHelper.oauth_headers to raise a NotImplementedException
when called.
LP: #1713760
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Here we add and enable by default a datasource for Scaleway cloud.
The datasource quickly exits unless one of three things:
a.) 'Scaleway' found as the system vendor
b.) 'scaleway' found on the kernel command line.
c.) the directory /var/run/scaleway exists (this is currently created
by the scaleway initramfs module).
One interesting bit of this particular datasource is that it requires
the source port of the http request to be < 1024.
|
| |
|
|
|
|
|
| |
This will change all instances of LOG.warn to LOG.warning as warn
is now a deprecated method. It will also make sure any logging
uses lazy logging by passing string format arguments as function
parameters.
|
| |
|
|
|
| |
Now tox will run pylint. The .pylintrc file sets pylint to only produce
errors, and will ignore certain classes that are known problematic (six).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has been a recurring ask and we had initially just made the change to
the cloud-init 2.0 codebase. As the current thinking is we'll just
continue to enhance the current codebase, its desirable to relicense to
match what we'd intended as part of the 2.0 plan here.
- put a brief description of license in LICENSE file
- put full license versions in LICENSE-GPLv3 and LICENSE-Apache2.0
- simplify the per-file header to reference LICENSE
- tox: ignore H102 (Apache License Header check)
Add license header to files that ship.
Reformat headers, make sure everything has vi: at end of file.
Non-shipping files do not need the copyright header,
but at the moment tests/ have it.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This would cause problems in the event that we actually had a bad
clock. We add a retry in the main (for test) also, to ensure that
the oauth timestamp fix gets in place.
LP: #1499869
|
| |
|
|
|
|
| |
we want cloud-init user agent to be present even if the user
provided some headers. In the event that they provided User-Agent,
this will respect their wishes.
|
| |
|
|
|
|
|
|
|
|
|
| |
the previous version was broken. The vital fixes here are:
* adding parsedate and oauth1 imports to url_helper
* fix skew_data usage intending to use self.skew_data
Additionally:
* reorder imports in url_helper
* fixes to python3 -m cloudinit.sources.DataSourceMaas
LP: #1488507
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
python2 scoping is different and running wait_for_url in python3
results in a use of undeclared variable 'e'.
$ python3 -c 'from cloudinit import url_helper; \
url_helper.wait_for_url("o", max_wait=3,timeout=1, exception_cb=print)'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "cloudinit/url_helper.py", line 358, in wait_for_url
exception_cb(msg=status_msg, exception=e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UrlResponse: biggest change... make readurl return bytes, making user
know what to do with it.
util: add load_tfile_or_url for loading text file or url
as read_file_or_url now returns bytes
ec2_utils: all meta-data is text, remove non-obvious string translations
DigitalOcean: adjust for ec2_utils
DataSourceGCE, DataSourceMAAS: user-data is binary other fields are text.
openstack.py: read paths without decoding to text. This is ok as paths
other than user-data are json, and load_json will handle
load_file still returns text, and that is what most things use.
|
| |
|
|
|
|
| |
to be behind trunk.
`tox -e py27` passes full test suite. Now to work on replacing mocker.
|
| |
|
|
|
| |
This just removes comments '# pylint:' things and other code
remnents of pylint.
|
| |
|
|
|
|
| |
Fixed all complaints from running "make pep8". Also version locked
pep8 in test-requirements.txt to ensure that pep8 requirements don't
change without an explicit commit.
|
| |
|
|
|
|
|
|
|
|
| |
Waiting around for a metadata service in a given datasource means that if its
not there all the subsequent datasources have to wait, and boot is slowed down.
As it is right now, EC2 is the only one that has the right to wait. In the
past, we had to wait around for the EC2 metadata service. I really do not want
to extend that courtesy to other cloud platforms. A network based metadata
service should be up as soon as networking is up.
|
