| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
The readfp method has been deprecated since version 3.2 [1].
[1] https://docs.python.org/3/library/configparser.html?highlight=deprecated#configparser.ConfigParser.readfp
Change-Id: Ib1aa6bba91e331f25c65a5905a89de306faa1d5a
|
| |
|
|
|
|
|
|
|
|
| |
in 'wallaby' cycle, we should test py38 by default.
Also support tox test on py36 and py38 as that's what
our check job verify on.
ref:
https://governance.openstack.org/tc/reference/runtimes/victoria.html
Change-Id: I349d80cb1b963bdb30e374994f7c18352f918e3b
|
| |
|
|
|
|
|
| |
We are stuck on a very old version of hacking (0.8). In order to move
forward, we need to fix a bunch of things that flake8 will complain about.
Change-Id: If40ac29094b90c5bae63e7423061a190655f50a3
|
| |
|
|
|
|
|
| |
The built-in cmp() function has been removed in Python 3, so don't try to
use it.
Change-Id: Ic62b7032ec6fd555974fc0d818327879d53a8ff2
|
| |
|
|
| |
Change-Id: I15deb824a85aa561c2f2e7f4ea6b4b1ce96367f9
|
| |
|
|
|
|
|
|
| |
LOG.warn is deprecated. It still used in a few places.
Updated to non-deprecated LOG.warning.
Change-Id: I6e8df0e072448fbd4077c4e5d98b2986e9855489
Closes-Bug:#1508442
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commands from AWS::CloudFormation::Init, when supplied as list, should
be run with shell=False. Only when commands are given as string, they
are meant to be run on shell.
In principle, we are trying to give least access to the shell to avoid
any inadvertent shell injections.
Change-Id: I3dc6fe0c29a14f75be044846f737e1ade23a6d6b
Closes-Bug: 1498300
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make all internal commands as list to avoid any possibility of command
line injection. Commands supplied as string are susceptible to
substitution.
All the internal commands are supplied as list to CommandRunner. As a
convention, all the commands must be given as list to subprocess except
the commands read from file, like in case of cfn hooks and commands
section in metadata.
Few internal commands require shell redirects and they will be
implemented in another patch.
Change-Id: Ifabaf44e341144bc85508dc05c76b1d83e41ae44
Partial-Bug: #1312246
|
| |
|
|
|
|
|
|
|
|
|
| |
Control the privileges by setting the effective UID before running the
command. Earlier we used to run command using su -c "USER".
Original EUID is restored after running the command. This is required to
run multiple commands in succession with different run-as users.
Change-Id: I414fc6a802f11deb320b43c6d011f802a42c40c9
Partial-Bug: #1312246
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit e424af2236ed1d6e6d0e11768f873ffe4e696221.
Splitting command strings that were previously assumed to be interpreted
by the shell at whitespace and then passing them as separate args to
execvp will not work.
Change-Id: I7c37b5852ce9b20e63bdbbaddfb852463548aa90
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CommandRunner used to run commands using su command and passing the
actual command to be run as argument to it.
su USER -c <cmd>
This is susceptible to command line injection as noted in the bug.
The fix required to do two things:
1. Pass the command to be run as list instead of a string. This is to
ensure that the actual arguments are passed as arguments to the program
ought to be executed. And by doing so, avoids running any commands
passed in the argument. On the contrary, if the command were passed as a
string to the shell, the arguments could be formed in a way to execute
malicious commands.
2. The CommandRunner runs the command directly and uses setuid to lower
the privileges if needed. If the 'runas' user is other than root, then
its UID is obtained and setuid is invoked to set the real user-id and
effective user-id to the given user.
Change-Id: I654117e994fd38411508dbe9b85d06c28dc0e411
Closes-Bug: #1312246
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ConfigParser import from six
* Drop iteritems()
* To support both Python 2 and 3
* Encode string before writing it to file
* To support both Python 2 and 3
* Use six.string_types
* To support both Python 2 and 3
* Use key on Python 3
* Because cmp is no longer working
* Add py33 and py34 to tox.ini
Change-Id: I23985be55302cd4ef577919efb51975ecbd9563d
Related-Bug: 1347899
|
| |
|
|
|
|
|
|
|
|
|
| |
* handle install/upgrade, version checks, and downgrades
* Allow users to specify packages to be installed with dnf
* Use dnf if yum isn't available, letting older cloud-configs work on
future Fedoras
Change-Id: Ib3ff49cfdd3e545aa199c944c110852700625496
|
| |
|
|
|
| |
Change-Id: I39ba2cca1f096e866f69fc016f78004ea991c0b6
Closes-Bug: 1387190
|
| |
|
|
|
|
|
|
| |
heat-cfntools depends on wget and curl. It's redundant.
Since the curl is widely used, replace wget command to curl.
Change-Id: I691bdc046bd72a44c11f25e359c5036ae1a9e86b
Closes-Bug: 1359430
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
SUSE uses "zypper" for managing packages.
Change-Id: Iac8399e7a4e85e33cad1085f11a08fdb538a96e6
blueprint: heat-cfntools-zypper
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add res_last_path='/var/cache/heat-cfntools/last_metadata_<resource>'
in Metadata.retrieve() function to store metadata of a resource.
Remove md5 check between current metadata and last metadata, json.load()
will organize json structure.
Change-Id: Ie0c31a748f0add3fcab6a579431a28b60051f601
Closes-Bug: #1205375
Partial-Bug: #1133049
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
In ubuntu system, we can't find 'chkconfig' command, it use
"update-rc.d" or "sysv-rc-conf" for instead.
_handle_sysv_command function will pick up the right command to
enable service for ubuntu or fedora or redhat, and also map systemd
to _handle_sysv_command and remove _handle_systemd_command.
Change-Id: I5b7ceb7541e989f6b11fc1a5acf94275c1d2e75b
Closes-Bug: #1318481
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cfn-init will now fail immediately if a command with the key
ignoreErrors='false' or without that key fails (eg it returns an exit
code other than 0). This is similar to what the AWS cfn-init script is
doing.
Change-Id: I41bfa36154fa8b16541a6abb489495739b772376
Closes-Bug: #1269476
|
| |/
|
|
|
|
|
|
|
|
| |
Unless the parameter is provided, cfn-signal will use the instance UUID
from the Nova metadata as the id sent back to the WaitCondition.
In case the Nova metadata isn't available, it will use the hostname as a
fallback.
Change-Id: I1e5847c7babd7c6295d8c3e21f6cfa110a9b3026
Closes-bug: 1223429
|
| |
|
|
|
|
|
| |
This helps troubleshooting failures when running cfn-init.
Change-Id: I601506ab05d372307bb160b198a675f048e2e9ff
Closes-Bug: #1269470
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
before we would get this:
yum install a
yum install a b
yum install a b c
Now we just get
yum install a b c
Change-Id: I2067922ab03de9488a0cd4e08c8d44c00296cd6a
Closes-bug: #1235796
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use on-demand yum metadata caching to avoid downloading
50MB (Fedora 19) of extra metadata that is not necessary
for correct cfn-init operation.
Reduces time to orchestration by about 23% and cpu
utilization by about 50%.
Full detailed analsys in the launchpad bug.
Change-Id: Id51d6d506d6051b5e83f550ef318f86d84f3c7a7
Closes-Bug: 1235824
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The -k argument can be a top-level key or a nested key in which case
the keys are separated by dots (eg "foo.bar"). In case a key contains a
dot character, it needs to be surrounded by single quotes (eg
"foo.'bar.1'.fred).
If the -k option is not provided, the command prints out the full
metadata structure as before.
Change-Id: Ib05d39672086001b83e8d7f56bc42cc4ba75751c
Fixes: bug #1183299
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description of command in CFN User Guide:
Either an array or a string specifying the command to run. If you use
an array, you do not need to escape space characters or enclose
command parameters in quotes.
So we escape double quote first, and enclose each array value in
double quote.
Fixes bug #1211605
Change-Id: I28ecdb0d4b8a12690dddeac4e2398264c6d6f212
|
| |
|
|
|
|
|
|
|
| |
Promote get cwd before test command running and pass cwd to test
command.
Fixes bug #1211606
Change-Id: I2e4d3258f6d591d3d0aadffcefa36487c9122023
|
| |
|
|
|
|
| |
Required to pass pep8 H233.
Change-Id: I136dd2aa9fa567208a2fe1660b7a9085fde2927e
|
| |
|
|
|
|
|
|
|
|
| |
Tags are not properly implemented in nova so we pass the tags
to nova as metadata. So we now [w]get the nova metadata.
Since this is called repeatedly we cache the metadata.
We also add the nova instance id (uuid) as a guest tag.
Change-Id: I599f22fd5166e88cb3d21a71ead5f48c5c5a9269
|
| |
|
|
|
|
| |
Fixes bug #1205378
Change-Id: Ie55725e04aa6045b52c33a5cdd4d2be4ac1a6cc3
|
| |
|
|
|
|
|
|
| |
Github tarball and zipball support was removed in the change set to
pipe handing in sources. The changeset add it in and restructured.
Change-Id: I107f42e9961cd8776161d1f6a2efe9d103aea125
Fixes: bug #1195622
|
| |
|
|
|
|
|
|
|
| |
For tgz(or tar.bz2) sources, use pipe like `wget -O -
http://www.example.com/a.tar.gz | tar -xvf -` to save disk space
usage.
Change-Id: I59663aed098e8c96d8a41b2d84200f2a1e43a927
Fixes: bug #1192135
|
| |
|
|
|
|
|
|
| |
Register a hook to delete the temporary directory created by sources
handler at program cfn-init exit.
Change-Id: I821195cf510d35f94b1e7656dacc0dfe308ceeb1
Fixes: bug #1191674
|
| |
|
|
|
|
|
|
| |
Python 3.x deprecated octal literals in the form
0755. Use 0o755 instead which works at least
with Python 2.6 and newer
Change-Id: I70dc33cb674499548732408924aa2ae728e17ea3
|
| |
|
|
|
|
|
|
|
| |
Add display() method to the Metadata class that prints the metadata to
standard output if the metdata has been successfully retrieved (either
from local cache or from the remote server).
Change-Id: Idf6c1aecf2a5204d7cf7fbf3c8d826f750a72785
Fixes: bug #1183298
|
| |
|
|
| |
Change-Id: I6c364240d9e336fc4f38c2f4bc1fea2ae5e91511
|
| |
|
|
|
|
|
|
|
|
| |
When we don't have AWS::CloudFormation::Init in Metadata, this just
means that cfn-init cannot do anything. However, cfn-hup still has hooks
which are just scheduled to be run on any change in the Metadata.
Fixes bug #1155999
Change-Id: I21c4f2137f8045128a86278b4d90768ea97455d1
|
| |
|
|
| |
Change-Id: Id3b47db0d3ef3830f134d7f213e1d519d0466f60
|
| |
|
|
|
|
|
|
|
|
| |
/tmp is unsafe if a user were to somehow be able to create the file
before it was cached there they can issue commands to cfn-init that
would likely elevate their permissions.
Fixes bug #1164756
Change-Id: I54e1e1be178274cb0a2b50f54e859e004e1f1c78
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Malicious users could predict these tempfile names and overwrite root
owned files using a symlink attack.
Also fixes a bug in order of operations which caused tar to fail if
the destination directory did not exist yet.
Fixes bug #1166323
Change-Id: Ib4040eed27aa7e1e4d2bf53df6cae8e2b6c95f50
|
| |
|
|
|
|
|
|
| |
Now info is logged that no AWS::CloudFormation::Init
existed in the metadata.
Fixes: bug #1155999
Change-Id: Ice7016c65a5bf18f50c3552629f7a182d48db1f2
|
| |
|
|
|
| |
Change-Id: I28f1d4d29ef5a15682df909c5be7886a7ee5c4a6
Fixes: bug #1154808
|
| |
|
|
|
|
|
| |
Adds test coverage for HupConfig
Fixes: Bug #1133050
Change-Id: Icb410b99b22401eadb1f58adf982517af0df48ed
|
| |
|
|
|
|
|
| |
The __str__ method now uses the properties to improve the test coverage
Part of bug #1152434
Change-Id: Id06843feb81187c84fd8eac290e3d2ac2382d450
|
| |
|
|
|
| |
Fixes: bug #1152431
Change-Id: If2c01eb97dfd303c5130008c3cd17c83a888a51a
|
| |
|
|
|
|
|
| |
Also fix the python to comply. This has to be done as a single
change otherwise we'll never bootstrap gating.
Change-Id: I4a21d57e0341802a1652428dee16c60abb30251d
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The /var/lib/heat-cfntools directory should be owned by the
heat-cfntools package for whichever distro it is included.
This avoids the problem of heat writing to directories owned
by cloud-init.
This is the guest-side change which corresponds to this review
https://review.openstack.org/#/c/23052/
Fixes: Bug #1105806
|
| |
|
|
| |
The raised MetadataServerConnectionError had weird
whitespace in the message too.
|
