LKHN
/
cloud-init
forked from rpms/cloud-init
1
0
Fork 0
Code Issues Pull Requests Releases Activity

import cloud-init-20.3-10.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:46:09 -04:00 committed by Andrew Lukoshko
parent 836d75c274
commit f375bcc21d
39 changed files with 979 additions and 4190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cloud-init.metadata
View File

@ -1 +1 @@
5f4de38850f9691dc9789bd4db4be512c9717d7b SOURCES/cloud-init-19.4.tar.gz
cbde66f717b7883c4ab64b145042de54f131afab SOURCES/cloud-init-20.3.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/cloud-init-19.4.tar.gz
SOURCES/cloud-init-20.3.tar.gz

217
SOURCES/0001-Add-initial-redhat-setup.patch
View File

@ -1,12 +1,16 @@
From 4114343d0cd2fc3e5566eed27272480e003c89cc Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 31 May 2018 16:45:23 +0200
From 25ea7a28d69518319ae1ed1b3cd510147868fd29 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 5 Oct 2020 13:49:36 +0200
Subject: Add initial redhat setup
Rebase notes (18.5):
- added bash_completition file
- added cloud-id file
Merged patches (20.3):
- 01900d0 changing ds-identify patch from /usr/lib to /usr/libexec
- 7f47ca3 Render the generator from template instead of cp
Merged patches (19.4):
- 4ab5a61 Fix for network configuration not persisting after reboot
- 84cf125 Removing cloud-user from wheel
@ -17,38 +21,48 @@ Merged patches (18.5):
- 764159f Adding systemd mount options to wait for cloud-init
- da4d99e Adding disk_setup to rhel/cloud.cfg
- f5c6832 Enable cloud-init by default on vmware
Conflicts:
cloudinit/config/cc_chef.py:
- Updated header documentation text
- Replacing double quotes by simple quotes
setup.py:
- Adding missing cmdclass info
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
.gitignore | 1 +
cloudinit/config/cc_chef.py | 6 +-
cloudinit/config/cc_chef.py | 67 ++++-
cloudinit/settings.py | 7 +-
redhat/.gitignore | 1 +
redhat/Makefile | 71 ++++++
redhat/Makefile | 71 +++++
redhat/Makefile.common | 37 +++
redhat/cloud-init-tmpfiles.conf | 1 +
redhat/cloud-init.spec.template | 438 ++++++++++++++++++++++++++++++++++
redhat/cloud-init.spec.template | 517 ++++++++++++++++++++++++++++++++++
redhat/gating.yaml | 9 +
redhat/rpmbuild/BUILD/.gitignore | 3 +
redhat/rpmbuild/RPMS/.gitignore | 3 +
redhat/rpmbuild/SOURCES/.gitignore | 3 +
redhat/rpmbuild/SPECS/.gitignore | 3 +
redhat/rpmbuild/SRPMS/.gitignore | 3 +
redhat/scripts/frh.py | 27 +++
redhat/scripts/git-backport-diff | 327 +++++++++++++++++++++++++
redhat/scripts/git-compile-check | 215 +++++++++++++++++
redhat/scripts/process-patches.sh | 73 ++++++
redhat/scripts/frh.py | 27 ++
redhat/scripts/git-backport-diff | 327 +++++++++++++++++++++
redhat/scripts/git-compile-check | 215 ++++++++++++++
redhat/scripts/process-patches.sh | 77 +++++
redhat/scripts/tarball_checksum.sh | 3 +
rhel/README.rhel | 5 +
rhel/cloud-init-tmpfiles.conf | 1 +
rhel/cloud.cfg | 69 ++++++
rhel/cloud.cfg | 69 +++++
rhel/systemd/cloud-config.service | 18 ++
rhel/systemd/cloud-config.target | 11 +
rhel/systemd/cloud-final.service | 19 ++
rhel/systemd/cloud-init-local.service | 31 +++
rhel/systemd/cloud-init-local.service | 31 ++
rhel/systemd/cloud-init.service | 25 ++
rhel/systemd/cloud-init.target | 7 +
setup.py | 70 +-----
tools/read-version | 28 +--
30 files changed, 1417 insertions(+), 98 deletions(-)
setup.py | 23 +-
tools/read-version | 28 +-
30 files changed, 1562 insertions(+), 50 deletions(-)
create mode 100644 redhat/.gitignore
create mode 100644 redhat/Makefile
create mode 100644 redhat/Makefile.common
@ -76,19 +90,82 @@ Merged patches (18.5):
create mode 100644 rhel/systemd/cloud-init.target
diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py
index 0ad6b7f..e4408a4 100644
index aaf7136..97ef649 100644
--- a/cloudinit/config/cc_chef.py
+++ b/cloudinit/config/cc_chef.py
@@ -33,7 +33,7 @@ file).
@@ -6,7 +6,70 @@
#
# This file is part of cloud-init. See LICENSE file for license information.
chef:
directories: (defaulting to /etc/chef, /var/log/chef, /var/lib/chef,
- /var/cache/chef, /var/backups/chef, /var/run/chef)
-"""Chef: module that configures, starts and installs chef."""
+"""
+Chef
+----
+**Summary:** module that configures, starts and installs chef.
+
+This module enables chef to be installed (from packages or
+from gems, or from omnibus). Before this occurs chef configurations are
+written to disk (validation.pem, client.pem, firstboot.json, client.rb),
+and needed chef folders/directories are created (/etc/chef and /var/log/chef
+and so-on). Then once installing proceeds correctly if configured chef will
+be started (in daemon mode or in non-daemon mode) and then once that has
+finished (if ran in non-daemon mode this will be when chef finishes
+converging, if ran in daemon mode then no further actions are possible since
+chef will have forked into its own process) then a post run function can
+run that can do finishing activities (such as removing the validation pem
+file).
+
+**Internal name:** ``cc_chef``
+
+**Module frequency:** per always
+
+**Supported distros:** all
+
+**Config keys**::
+
+ chef:
+ directories: (defaulting to /etc/chef, /var/log/chef, /var/lib/chef,
+ /var/cache/chef, /var/backups/chef, /run/chef)
validation_cert: (optional string to be written to file validation_key)
special value 'system' means set use existing file
validation_key: (optional the path for validation_cert. default
@@ -89,7 +89,7 @@ CHEF_DIRS = tuple([
+ validation_cert: (optional string to be written to file validation_key)
+ special value 'system' means set use existing file
+ validation_key: (optional the path for validation_cert. default
+ /etc/chef/validation.pem)
+ firstboot_path: (path to write run_list and initial_attributes keys that
+ should also be present in this configuration, defaults
+ to /etc/chef/firstboot.json)
+ exec: boolean to run or not run chef (defaults to false, unless
+ a gem installed is requested
+ where this will then default
+ to true)
+
+ chef.rb template keys (if falsey, then will be skipped and not
+ written to /etc/chef/client.rb)
+
+ chef:
+ client_key:
+ encrypted_data_bag_secret:
+ environment:
+ file_backup_path:
+ file_cache_path:
+ json_attribs:
+ log_level:
+ log_location:
+ node_name:
+ omnibus_url:
+ omnibus_url_retries:
+ omnibus_version:
+ pid_file:
+ server_url:
+ show_time:
+ ssl_verify_mode:
+ validation_cert:
+ validation_key:
+ validation_name:
+"""
import itertools
import json
@@ -31,7 +94,7 @@ CHEF_DIRS = tuple([
'/var/lib/chef',
'/var/cache/chef',
'/var/backups/chef',
@ -97,15 +174,6 @@ index 0ad6b7f..e4408a4 100644
])
REQUIRED_CHEF_DIRS = tuple([
'/etc/chef',
@@ -113,7 +113,7 @@ CHEF_RB_TPL_DEFAULTS = {
'json_attribs': CHEF_FB_PATH,
'file_cache_path': "/var/cache/chef",
'file_backup_path': "/var/backups/chef",
- 'pid_file': "/var/run/chef/client.pid",
+ 'pid_file': "/run/chef/client.pid",
'show_time': True,
'encrypted_data_bag_secret': None,
}
diff --git a/cloudinit/settings.py b/cloudinit/settings.py
index ca4ffa8..3a04a58 100644
--- a/cloudinit/settings.py
@ -370,10 +438,10 @@ index 0000000..083c3b6
+Description=Cloud-init target
+After=multi-user.target
diff --git a/setup.py b/setup.py
index 01a67b9..b2ac9bb 100755
index cbacf48..d5cd01a 100755
--- a/setup.py
+++ b/setup.py
@@ -139,14 +139,6 @@ INITSYS_FILES = {
@@ -125,14 +125,6 @@ INITSYS_FILES = {
'sysvinit_deb': [f for f in glob('sysvinit/debian/*') if is_f(f)],
'sysvinit_openrc': [f for f in glob('sysvinit/gentoo/*') if is_f(f)],
'sysvinit_suse': [f for f in glob('sysvinit/suse/*') if is_f(f)],
@ -388,7 +456,7 @@ index 01a67b9..b2ac9bb 100755
'upstart': [f for f in glob('upstart/*') if is_f(f)],
}
INITSYS_ROOTS = {
@@ -155,9 +147,6 @@ INITSYS_ROOTS = {
@@ -142,9 +134,6 @@ INITSYS_ROOTS = {
'sysvinit_deb': 'etc/init.d',
'sysvinit_openrc': 'etc/init.d',
'sysvinit_suse': 'etc/init.d',
@ -398,55 +466,7 @@ index 01a67b9..b2ac9bb 100755
'upstart': 'etc/init/',
}
INITSYS_TYPES = sorted([f.partition(".")[0] for f in INITSYS_ROOTS.keys()])
@@ -208,47 +197,6 @@ class MyEggInfo(egg_info):
return ret
-# TODO: Is there a better way to do this??
-class InitsysInstallData(install):
- init_system = None
- user_options = install.user_options + [
- # This will magically show up in member variable 'init_sys'
- ('init-system=', None,
- ('init system(s) to configure (%s) [default: None]' %
- (", ".join(INITSYS_TYPES)))),
- ]
-
- def initialize_options(self):
- install.initialize_options(self)
- self.init_system = ""
-
- def finalize_options(self):
- install.finalize_options(self)
-
- if self.init_system and isinstance(self.init_system, str):
- self.init_system = self.init_system.split(",")
-
- if len(self.init_system) == 0:
- self.init_system = ['systemd']
-
- bad = [f for f in self.init_system if f not in INITSYS_TYPES]
- if len(bad) != 0:
- raise DistutilsArgError(
- "Invalid --init-system: %s" % (','.join(bad)))
-
- for system in self.init_system:
- # add data files for anything that starts with '<system>.'
- datakeys = [k for k in INITSYS_ROOTS
- if k.partition(".")[0] == system]
- for k in datakeys:
- if not INITSYS_FILES[k]:
- continue
- self.distribution.data_files.append(
- (INITSYS_ROOTS[k], INITSYS_FILES[k]))
- # Force that command to reinitalize (with new file list)
- self.distribution.reinitialize_command('install_data', True)
-
-
if not in_virtualenv():
USR = "/" + USR
ETC = "/" + ETC
@@ -258,14 +206,11 @@ if not in_virtualenv():
@@ -245,14 +234,11 @@ if not in_virtualenv():
INITSYS_ROOTS[k] = "/" + INITSYS_ROOTS[k]
data_files = [
@ -463,7 +483,7 @@ index 01a67b9..b2ac9bb 100755
(USR + '/share/doc/cloud-init', [f for f in glob('doc/*') if is_f(f)]),
(USR + '/share/doc/cloud-init/examples',
[f for f in glob('doc/examples/*') if is_f(f)]),
@@ -276,15 +221,8 @@ if os.uname()[0] != 'FreeBSD':
@@ -263,8 +249,7 @@ if not platform.system().endswith('BSD'):
data_files.extend([
(ETC + '/NetworkManager/dispatcher.d/',
['tools/hook-network-manager']),
@ -471,16 +491,9 @@ index 01a67b9..b2ac9bb 100755
- (LIB + '/udev/rules.d', [f for f in glob('udev/*.rules')])
+ ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')])
])
-# Use a subclass for install that handles
-# adding on the right init system configuration files
-cmdclass = {
- 'install': InitsysInstallData,
- 'egg_info': MyEggInfo,
-}
requirements = read_requires()
@@ -299,8 +237,6 @@ setuptools.setup(
# Use a subclass for install that handles
# adding on the right init system configuration files
@@ -286,8 +271,6 @@ setuptools.setup(
scripts=['tools/cloud-init-per'],
license='Dual-licensed under GPLv3 or Apache 2.0',
data_files=data_files,
@ -490,14 +503,14 @@ index 01a67b9..b2ac9bb 100755
'console_scripts': [
'cloud-init = cloudinit.cmd.main:main',
diff --git a/tools/read-version b/tools/read-version
index 6dca659..d43cc8f 100755
index 02c9064..79755f7 100755
--- a/tools/read-version
+++ b/tools/read-version
@@ -65,32 +65,8 @@ output_json = '--json' in sys.argv
src_version = ci_version.version_string()
version_long = None
-if is_gitdir(_tdir) and which("git"):
@@ -71,32 +71,8 @@ version_long = None
is_release_branch_ci = (
os.environ.get("TRAVIS_PULL_REQUEST_BRANCH", "").startswith("upstream/")
)
-if is_gitdir(_tdir) and which("git") and not is_release_branch_ci:
- flags = []
- if use_tags:
- flags = ['--tags']

161
SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch
View File

@ -1,271 +1,278 @@
From aa7ae9da7e10a5bcf190f8df3072e3864b2d8fb3 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 31 May 2018 19:37:55 +0200
From d9024cd3bd3bf09b05eb75ba3d81bd15f519c9f8 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 5 Oct 2020 13:49:46 +0200
Subject: Do not write NM_CONTROLLED=no in generated interface config files
Conflicts 20.3:
- Not appplying patch on cloudinit/net/sysconfig.py since it now has a
mechanism to identify if cloud-init is running on RHEL, having the
correct settings for NM_CONTROLLED.
X-downstream-only: true
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Ryan McCabe <rmccabe@redhat.com>
---
cloudinit/net/sysconfig.py | 1 -
cloudinit/net/sysconfig.py | 2 +-
tests/unittests/test_net.py | 30 ------------------------------
2 files changed, 31 deletions(-)
2 files changed, 1 insertion(+), 31 deletions(-)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 310cdf0..8bd7e88 100644
index 0a5d481..23e467d 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -272,7 +272,6 @@ class Renderer(renderer.Renderer):
iface_defaults = tuple([
('ONBOOT', True),
('USERCTL', False),
- ('NM_CONTROLLED', False),
('BOOTPROTO', 'none'),
('STARTMODE', 'auto'),
])
@@ -277,7 +277,7 @@ class Renderer(renderer.Renderer):
# details about this)
iface_defaults = {
- 'rhel': {'ONBOOT': True, 'USERCTL': False, 'NM_CONTROLLED': False,
+ 'rhel': {'ONBOOT': True, 'USERCTL': False,
'BOOTPROTO': 'none'},
'suse': {'BOOTPROTO': 'static', 'STARTMODE': 'auto'},
}
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index 01119e0..a931a3e 100644
index 54cc846..9985a97 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -530,7 +530,6 @@ GATEWAY=172.19.3.254
@@ -535,7 +535,6 @@ GATEWAY=172.19.3.254
HWADDR=fa:16:3e:ed:9a:59
IPADDR=172.19.1.34
NETMASK=255.255.252.0
-NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -636,7 +635,6 @@ IPADDR=172.19.1.34
USERCTL=no
@@ -633,7 +632,6 @@ IPADDR=172.19.1.34
IPADDR1=10.0.0.10
NETMASK=255.255.252.0
NETMASK1=255.255.255.0
-NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -772,7 +770,6 @@ IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64"
USERCTL=no
@@ -754,7 +752,6 @@ IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64"
IPV6INIT=yes
IPV6_DEFAULTGW=2001:DB8::1
NETMASK=255.255.252.0
-NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -889,7 +886,6 @@ NETWORK_CONFIGS = {
USERCTL=no
@@ -882,7 +879,6 @@ NETWORK_CONFIGS = {
BOOTPROTO=none
DEVICE=eth1
HWADDR=cf:d6:af:48:e8:80
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -907,7 +903,6 @@ NETWORK_CONFIGS = {
USERCTL=no"""),
@@ -899,7 +895,6 @@ NETWORK_CONFIGS = {
IPADDR=192.168.21.3
NETMASK=255.255.255.0
METRIC=10000
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -1022,7 +1017,6 @@ NETWORK_CONFIGS = {
USERCTL=no"""),
@@ -1028,7 +1023,6 @@ NETWORK_CONFIGS = {
IPV6ADDR=2001:1::1/64
IPV6INIT=yes
NETMASK=255.255.255.0
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -1491,7 +1485,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
USERCTL=no
@@ -1622,7 +1616,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
DHCPV6C=yes
IPV6INIT=yes
MACADDR=aa:bb:cc:dd:ee:ff
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Bond
@@ -1500,7 +1493,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
USERCTL=no"""),
@@ -1630,7 +1623,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
BOOTPROTO=dhcp
DEVICE=bond0.200
DHCLIENT_SET_DEFAULT_ROUTE=no
- NM_CONTROLLED=no
ONBOOT=yes
PHYSDEV=bond0
STARTMODE=auto
@@ -1519,7 +1511,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
TYPE=Ethernet
@@ -1647,7 +1639,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
IPV6_DEFAULTGW=2001:4800:78ff:1b::1
MACADDR=bb:bb:bb:bb:bb:aa
NETMASK=255.255.255.0
- NM_CONTROLLED=no
ONBOOT=yes
PRIO=22
STARTMODE=auto
@@ -1530,7 +1521,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
STP=no
@@ -1657,7 +1648,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
BOOTPROTO=none
DEVICE=eth0
HWADDR=c0:d6:9f:2c:e8:80
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -1548,7 +1538,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
USERCTL=no"""),
@@ -1674,7 +1664,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
MTU=1500
NETMASK=255.255.255.0
NETMASK1=255.255.255.0
- NM_CONTROLLED=no
ONBOOT=yes
PHYSDEV=eth0
STARTMODE=auto
@@ -1560,7 +1549,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
TYPE=Ethernet
@@ -1685,7 +1674,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
DEVICE=eth1
HWADDR=aa:d6:9f:2c:e8:80
MASTER=bond0
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
SLAVE=yes
@@ -1571,7 +1559,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
TYPE=Ethernet
@@ -1695,7 +1683,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
DEVICE=eth2
HWADDR=c0:bb:9f:2c:e8:80
MASTER=bond0
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
SLAVE=yes
@@ -1582,7 +1569,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
TYPE=Ethernet
@@ -1705,7 +1692,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
BRIDGE=br0
DEVICE=eth3
HWADDR=66:bb:9f:2c:e8:80
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -1592,7 +1578,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
USERCTL=no"""),
@@ -1714,7 +1700,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
BRIDGE=br0
DEVICE=eth4
HWADDR=98:bb:9f:2c:e8:80
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -1602,7 +1587,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
USERCTL=no"""),
@@ -1723,7 +1708,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
DEVICE=eth5
DHCLIENT_SET_DEFAULT_ROUTE=no
HWADDR=98:bb:9f:2c:e8:8a
- NM_CONTROLLED=no
ONBOOT=no
STARTMODE=manual
TYPE=Ethernet
@@ -2088,7 +2072,6 @@ iface bond0 inet6 static
USERCTL=no"""),
@@ -2177,7 +2161,6 @@ iface bond0 inet6 static
MTU=9000
NETMASK=255.255.255.0
NETMASK1=255.255.255.0
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Bond
@@ -2099,7 +2082,6 @@ iface bond0 inet6 static
USERCTL=no
@@ -2187,7 +2170,6 @@ iface bond0 inet6 static
DEVICE=bond0s0
HWADDR=aa:bb:cc:dd:e8:00
MASTER=bond0
- NM_CONTROLLED=no
ONBOOT=yes
SLAVE=yes
STARTMODE=auto
@@ -2122,7 +2104,6 @@ iface bond0 inet6 static
TYPE=Ethernet
@@ -2209,7 +2191,6 @@ iface bond0 inet6 static
DEVICE=bond0s1
HWADDR=aa:bb:cc:dd:e8:01
MASTER=bond0
- NM_CONTROLLED=no
ONBOOT=yes
SLAVE=yes
STARTMODE=auto
@@ -2161,7 +2142,6 @@ iface bond0 inet6 static
TYPE=Ethernet
@@ -2266,7 +2247,6 @@ iface bond0 inet6 static
BOOTPROTO=none
DEVICE=en0
HWADDR=aa:bb:cc:dd:e8:00
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -2180,7 +2160,6 @@ iface bond0 inet6 static
USERCTL=no"""),
@@ -2283,7 +2263,6 @@ iface bond0 inet6 static
MTU=2222
NETMASK=255.255.255.0
NETMASK1=255.255.255.0
- NM_CONTROLLED=no
ONBOOT=yes
PHYSDEV=en0
STARTMODE=auto
@@ -2222,7 +2201,6 @@ iface bond0 inet6 static
TYPE=Ethernet
@@ -2349,7 +2328,6 @@ iface bond0 inet6 static
DEVICE=br0
IPADDR=192.168.2.2
NETMASK=255.255.255.0
- NM_CONTROLLED=no
ONBOOT=yes
PRIO=22
STARTMODE=auto
@@ -2238,7 +2216,6 @@ iface bond0 inet6 static
IPADDR6=2001:1::100/96
STP=no
@@ -2363,7 +2341,6 @@ iface bond0 inet6 static
HWADDR=52:54:00:12:34:00
IPV6ADDR=2001:1::100/96
IPV6INIT=yes
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -2252,7 +2229,6 @@ iface bond0 inet6 static
IPADDR6=2001:1::101/96
USERCTL=no
@@ -2375,7 +2352,6 @@ iface bond0 inet6 static
HWADDR=52:54:00:12:34:01
IPV6ADDR=2001:1::101/96
IPV6INIT=yes
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -2327,7 +2303,6 @@ iface bond0 inet6 static
USERCTL=no
@@ -2469,7 +2445,6 @@ iface bond0 inet6 static
HWADDR=52:54:00:12:34:00
IPADDR=192.168.1.2
NETMASK=255.255.255.0
- NM_CONTROLLED=no
ONBOOT=no
STARTMODE=manual
TYPE=Ethernet
@@ -2338,7 +2313,6 @@ iface bond0 inet6 static
USERCTL=no
@@ -2479,7 +2454,6 @@ iface bond0 inet6 static
DEVICE=eth1
HWADDR=52:54:00:12:34:aa
MTU=1480
- NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -2348,7 +2322,6 @@ iface bond0 inet6 static
USERCTL=no
@@ -2488,7 +2462,6 @@ iface bond0 inet6 static
BOOTPROTO=none
DEVICE=eth2
HWADDR=52:54:00:12:34:ff
- NM_CONTROLLED=no
ONBOOT=no
STARTMODE=manual
TYPE=Ethernet
@@ -2766,7 +2739,6 @@ class TestRhelSysConfigRendering(CiTestCase):
USERCTL=no
@@ -2905,7 +2878,6 @@ class TestRhelSysConfigRendering(CiTestCase):
BOOTPROTO=dhcp
DEVICE=eth1000
HWADDR=07-1c-c6-75-a4-be
-NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -2888,7 +2860,6 @@ GATEWAY=10.0.2.2
USERCTL=no
@@ -3026,7 +2998,6 @@ GATEWAY=10.0.2.2
HWADDR=52:54:00:12:34:00
IPADDR=10.0.2.15
NETMASK=255.255.255.0
-NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -2961,7 +2932,6 @@ USERCTL=no
USERCTL=no
@@ -3096,7 +3067,6 @@ USERCTL=no
#
BOOTPROTO=dhcp
DEVICE=eth0
-NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
USERCTL=no
--
1.8.3.1

16
SOURCES/0003-limit-permissions-on-def_log_file.patch
View File

@ -1,6 +1,6 @@
From f15946568fe731dc9bf477f3f06c9c4e0f74f7c1 Mon Sep 17 00:00:00 2001
From: Lars Kellogg-Stedman <lars@redhat.com>
Date: Fri, 7 Apr 2017 18:50:54 -0400
From de22eafc9046b8ea6fddda7440df5a05f5a40607 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 5 Oct 2020 13:49:53 +0200
Subject: limit permissions on def_log_file
This sets a default mode of 0600 on def_log_file, and makes this
@ -9,6 +9,8 @@ configurable via the def_log_file_mode option in cloud.cfg.
LP: #1541196
Resolves: rhbz#1424612
X-approved-upstream: true
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/settings.py | 1 +
cloudinit/stages.py | 3 ++-
@ -28,10 +30,10 @@ index 3a04a58..439eee0 100644
'mount_default_fields': [None, None, 'auto', 'defaults,nofail', '0', '2'],
'ssh_deletekeys': False,
diff --git a/cloudinit/stages.py b/cloudinit/stages.py
index 71f3a49..68b83af 100644
index 765f4aa..d769375 100644
--- a/cloudinit/stages.py
+++ b/cloudinit/stages.py
@@ -149,8 +149,9 @@ class Init(object):
@@ -147,8 +147,9 @@ class Init(object):
def _initialize_filesystem(self):
util.ensure_dirs(self._initial_subdirs())
log_file = util.get_cfg_option_str(self.cfg, 'def_log_file')
@ -43,10 +45,10 @@ index 71f3a49..68b83af 100644
if not perms:
perms = {}
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index eb84dcf..0e82b83 100644
index f3ae5e6..b5b1fdd 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -413,10 +413,14 @@ timezone: US/Eastern
@@ -414,10 +414,14 @@ timezone: US/Eastern
# if syslog_fix_perms is a list, it will iterate through and use the
# first pair that does not raise error.
#

12
SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch
View File

@ -1,6 +1,6 @@
From e2b22710db558df261883eaf5dde866c69ba17dd Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 31 May 2018 20:00:32 +0200
From bb87d9a83ddbc5bf84fbdab9c58dedc0c9629eea Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 5 Oct 2020 13:51:34 +0200
Subject: sysconfig: Don't write BOOTPROTO=dhcp for ipv6 dhcp
Don't write BOOTPROTO=dhcp for ipv6 dhcp, as BOOTPROTO applies
@ -13,15 +13,17 @@ Signed-off-by: Ryan McCabe <rmccabe@redhat.com>
Merged patches (19.4):
- 6444df4 sysconfig: Don't disable IPV6_AUTOCONF
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
tests/unittests/test_net.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index a931a3e..1306a0f 100644
index 9985a97..2cc57fe 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -1483,6 +1483,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
@@ -1614,6 +1614,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
BOOTPROTO=none
DEVICE=bond0
DHCPV6C=yes

13
SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch
View File

@ -1,6 +1,6 @@
From 9a09efb49c2d7cade1f0ac309293166c3c2d8d7b Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Tue, 17 Apr 2018 13:07:54 +0200
From 9c6562c6d3516df8d11aa7cf7cd9cc62e5c91a70 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 5 Oct 2020 13:51:37 +0200
Subject: DataSourceAzure.py: use hostnamectl to set hostname
RH-Author: Vitaly Kuznetsov <vkuznets@redhat.com>
@ -32,6 +32,7 @@ Resolves: rhbz#1434109
X-downstream-only: yes
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
@ -39,14 +40,14 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 24f448c..6fb889c 100755
index f3c6452..1c214db 100755
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -256,7 +256,7 @@ def get_hostname(hostname_command='hostname'):
@@ -258,7 +258,7 @@ def get_hostname(hostname_command='hostname'):
def set_hostname(hostname, hostname_command='hostname'):
- util.subp([hostname_command, hostname])
- subp.subp([hostname_command, hostname])
+ util.subp(['hostnamectl', 'set-hostname', str(hostname)])

12
SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
View File

@ -1,6 +1,6 @@
From 13ee71a3add0dd2e7c60fc672134e696bd7f6a77 Mon Sep 17 00:00:00 2001
From bdcad981ac530277529d1c77fb5e9e6f89409bd8 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Wed, 20 Mar 2019 11:45:59 +0100
Date: Mon, 5 Oct 2020 13:51:44 +0200
Subject: include 'NOZEROCONF=yes' in /etc/sysconfig/network
RH-Author: Eduardo Otubo <otubo@redhat.com>
@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 8bd7e88..810b283 100644
index 23e467d..af093dd 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -754,7 +754,16 @@ class Renderer(renderer.Renderer):
@@ -888,7 +888,16 @@ class Renderer(renderer.Renderer):
# Distros configuring /etc/sysconfig/network as a file e.g. Centos
if sysconfig_path.endswith('network'):
util.ensure_dir(os.path.dirname(sysconfig_path))
@ -49,10 +49,10 @@ index 8bd7e88..810b283 100644
netcfg.append('NETWORKING_IPV6=yes')
netcfg.append('IPV6_AUTOCONF=no')
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index 1306a0f..a931a3e 100644
index 2cc57fe..9985a97 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -1483,7 +1483,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
@@ -1614,7 +1614,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
BOOTPROTO=none
DEVICE=bond0
DHCPV6C=yes

124
SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch
View File

@ -1,6 +1,6 @@
From 9d951d55a1be44bbeb5df485d14d4f84ddf01142 Mon Sep 17 00:00:00 2001
From a52c7b659c6569c78aad4b92303f289009da476c Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 2 Mar 2020 10:46:35 +0100
Date: Mon, 5 Oct 2020 13:51:50 +0200
Subject: Remove race condition between cloud-init and NetworkManager
Message-id: <20200302104635.11648-1-otubo@redhat.com>
@ -32,25 +32,131 @@ start up so it won't erase resolv.conf upon first shutdown.
x-downstream-only: yes
resolves: rhbz#1748015, rhbz#1807797 and rhbz#1804780
Signed-off-by: Eduardo Otubo otubo@redhat.com
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
rhel/systemd/cloud-final.service | 2 ++
1 file changed, 2 insertions(+)
This commit is a squash and also includes the folloowing commits:
commit 316a17b7c02a87fa9b2981535be0b20d165adc46
Author: Eduardo Otubo <otubo@redhat.com>
Date: Mon Jun 1 11:58:06 2020 +0200
Make cloud-init.service execute after network is up
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200526090804.2047-1-otubo@redhat.com>
Patchwork-id: 96809
O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up
Bugzilla: 1803928
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
cloud-init.service needs to wait until network is fully up before
continuing executing and configuring its service.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
x-downstream-only: yes
Resolves: rhbz#1831646
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
commit 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7
Author: Eduardo Otubo <otubo@redhat.com>
Date: Thu May 28 08:44:08 2020 +0200
Remove race condition between cloud-init and NetworkManager
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200327121911.17699-1-otubo@redhat.com>
Patchwork-id: 94453
O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager
Bugzilla: 1840648
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Cathy Avery <cavery@redhat.com>
cloud-init service is set to start before NetworkManager service starts,
but this does not avoid a race condition between them. NetworkManager
starts before cloud-init can write `dns=none' to the file:
/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager
doesn't read the configuration and erases all resolv.conf values upon
shutdown. On the next reboot neither cloud-init or NetworkManager will
write anything to resolv.conf, leaving it blank.
This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init
start up so it won't erase resolv.conf upon first shutdown.
x-downstream-only: yes
Signed-off-by: Eduardo Otubo otubo@redhat.com
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
commit e0b48a936433faea7f56dbc29dda35acf7d375f7
Author: Eduardo Otubo <otubo@redhat.com>
Date: Thu May 28 08:44:06 2020 +0200
Enable ssh_deletekeys by default
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200317091705.15715-1-otubo@redhat.com>
Patchwork-id: 94365
O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default
Bugzilla: 1814152
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
The configuration option ssh_deletekeys will trigger the generation
of new ssh keys for every new instance deployed.
x-downstream-only: yes
resolves: rhbz#1814152
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
rhel/cloud.cfg | 2 +-
rhel/systemd/cloud-final.service | 2 ++
rhel/systemd/cloud-init.service | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
index 82e8bf6..9ecba21 100644
--- a/rhel/cloud.cfg
+++ b/rhel/cloud.cfg
@@ -6,7 +6,7 @@ ssh_pwauth: 0
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
resize_rootfs_tmp: /dev
-ssh_deletekeys: 0
+ssh_deletekeys: 1
ssh_genkeytypes: ~
syslog_fix_perms: ~
disable_vmware_customization: false
diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service
index 739b7e3..f303483 100644
index 739b7e3..05add07 100644
--- a/rhel/systemd/cloud-final.service
+++ b/rhel/systemd/cloud-final.service
@@ -11,6 +11,8 @@ ExecStart=/usr/bin/cloud-init modules --mode=final
RemainAfterExit=yes
TimeoutSec=0
KillMode=process
+ExecStartPost=/bin/echo "try restart NetworkManager.service"
+ExecStartPost=/usr/bin/systemctl try-restart NetworkManager.service
+ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service"
+ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service
# Output needs to appear in instance console output
StandardOutput=journal+console
diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service
index d0023a0..0b3d796 100644
--- a/rhel/systemd/cloud-init.service
+++ b/rhel/systemd/cloud-init.service
@@ -5,6 +5,7 @@ Wants=sshd-keygen.service
Wants=sshd.service
After=cloud-init-local.service
After=NetworkManager.service network.service
+After=NetworkManager-wait-online.service
Before=network-online.target
Before=sshd-keygen.service
Before=sshd.service
--
1.8.3.1

76
SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch
View File

@ -1,15 +1,15 @@
From ec14b8ed9cb4264333b80b4361171b1b529c58f3 Mon Sep 17 00:00:00 2001
From c3a1b3a5d7abe51a1facbdae71aca4b2bca7d6aa Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 3 Nov 2020 12:11:45 +0100
Subject: [PATCH 3/5] Add config modules for controlling IBM PowerVM RMC.
Date: Wed, 28 Oct 2020 20:43:33 +0100
Subject: [PATCH 2/3] Add config modules for controlling IBM PowerVM RMC.
(#584)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 16: Add config modules for controlling IBM PowerVM RMC. (#584)
RH-Commit: [1/1] 734e2c48d323af31aa36abefae346ef62ba3ef5d (eterrell/cloud-init)
RH-Bugzilla: 1894014
RH-MergeRequest: 12: Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init
RH-Commit: [1/1] d175c3607a8d4f473573ba0ce42e0f311dbc31ed (eterrell/cloud-init)
RH-Bugzilla: 1886430
commit f99d4f96b00a9cfec1c721d364cbfd728674e5dc
commit f99d4f96b00a9cfec1c721d364cbfd728674e5dc (upstream/master)
Author: Aman306 <45781773+Aman306@users.noreply.github.com>
Date: Wed Oct 28 23:36:09 2020 +0530
@ -27,28 +27,24 @@ Date: Wed Oct 28 23:36:09 2020 +0530
Co-authored-by: Scott Moser <smoser@brickies.net>
Conflicts:
* Calls to module subp.* are replaced by old calls to util.* since the
patch that groups subp.* calls into its own module are introduced after
19.4 release - and it's a huge reafctoring not worth the cherry-pick.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/config/cc_refresh_rmc_and_interface.py | 158 +++++++++++++++++++++
cloudinit/config/cc_reset_rmc.py | 142 ++++++++++++++++++
cloudinit/config/cc_refresh_rmc_and_interface.py | 159 +++++++++++++++++++++
cloudinit/config/cc_reset_rmc.py | 143 ++++++++++++++++++
config/cloud.cfg.tmpl | 2 +
.../test_handler_refresh_rmc_and_interface.py | 109 ++++++++++++++
4 files changed, 411 insertions(+)
tools/.github-cla-signers | 1 +
5 files changed, 414 insertions(+)
create mode 100644 cloudinit/config/cc_refresh_rmc_and_interface.py
create mode 100644 cloudinit/config/cc_reset_rmc.py
create mode 100644 tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py
diff --git a/cloudinit/config/cc_refresh_rmc_and_interface.py b/cloudinit/config/cc_refresh_rmc_and_interface.py
new file mode 100644
index 0000000..07050c4
index 0000000..146758a
--- /dev/null
+++ b/cloudinit/config/cc_refresh_rmc_and_interface.py
@@ -0,0 +1,158 @@
@@ -0,0 +1,159 @@
+# (c) Copyright IBM Corp. 2020 All Rights Reserved
+#
+# Author: Aman Kumar Sinha <amansi26@in.ibm.com>
@ -88,6 +84,7 @@ index 0000000..07050c4
+from cloudinit import log as logging
+from cloudinit.settings import PER_ALWAYS
+from cloudinit import util
+from cloudinit import subp
+from cloudinit import netinfo
+
+import errno
@ -101,7 +98,7 @@ index 0000000..07050c4
+
+
+def handle(name, _cfg, _cloud, _log, _args):
+ if not util.which(RMCCTRL):
+ if not subp.which(RMCCTRL):
+ LOG.debug("No '%s' in path, disabled", RMCCTRL)
+ return
+
@ -142,8 +139,8 @@ index 0000000..07050c4
+ # IPv6 interface is explicitly brought up, subsequent to which the
+ # RMC services are restarted to re-establish the communication with
+ # the hypervisor.
+ util.subp(['ip', 'link', 'set', interface, 'down'])
+ util.subp(['ip', 'link', 'set', interface, 'up'])
+ subp.subp(['ip', 'link', 'set', interface, 'down'])
+ subp.subp(['ip', 'link', 'set', interface, 'up'])
+
+
+def sysconfig_path(iface):
@ -151,7 +148,7 @@ index 0000000..07050c4
+
+
+def restart_network_manager():
+ util.subp(['systemctl', 'restart', 'NetworkManager'])
+ subp.subp(['systemctl', 'restart', 'NetworkManager'])
+
+
+def disable_ipv6(iface_file):
@ -202,17 +199,17 @@ index 0000000..07050c4
+ # until the subsystem and all resource managers are stopped.
+ # -s : start Resource Monitoring & Control subsystem.
+ try:
+ util.subp([RMCCTRL, '-z'])
+ util.subp([RMCCTRL, '-s'])
+ subp.subp([RMCCTRL, '-z'])
+ subp.subp([RMCCTRL, '-s'])
+ except Exception:
+ util.logexc(LOG, 'Failed to refresh the RMC subsystem.')
+ raise
diff --git a/cloudinit/config/cc_reset_rmc.py b/cloudinit/config/cc_reset_rmc.py
new file mode 100644
index 0000000..68373ad
index 0000000..1cd7277
--- /dev/null
+++ b/cloudinit/config/cc_reset_rmc.py
@@ -0,0 +1,142 @@
@@ -0,0 +1,143 @@
+# (c) Copyright IBM Corp. 2020 All Rights Reserved
+#
+# Author: Aman Kumar Sinha <amansi26@in.ibm.com>
@ -256,6 +253,7 @@ index 0000000..68373ad
+from cloudinit import log as logging
+from cloudinit.settings import PER_INSTANCE
+from cloudinit import util
+from cloudinit import subp
+
+frequency = PER_INSTANCE
+
@ -298,10 +296,10 @@ index 0000000..68373ad
+ # under the /var/ct directory, generating a new node ID, and making it
+ # appear as if the RSCT components were just installed
+ try:
+ out = util.subp([RECFGCT])[0]
+ out = subp.subp([RECFGCT])[0]
+ LOG.debug(out.strip())
+ return out
+ except util.ProcessExecutionError:
+ except subp.ProcessExecutionError:
+ util.logexc(LOG, 'Failed to reconfigure the RSCT subsystems.')
+ raise
+
@ -329,7 +327,7 @@ index 0000000..68373ad
+ # Stop the RMC subsystem and all resource managers so that we can make
+ # some changes to it
+ try:
+ return util.subp([RMCCTRL, '-z'])
+ return subp.subp([RMCCTRL, '-z'])
+ except Exception:
+ util.logexc(LOG, 'Failed to stop the RMC subsystem.')
+ raise
@ -356,12 +354,12 @@ index 0000000..68373ad
+ LOG.error(msg)
+ raise Exception(msg)
diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
index 87c37ba..52a259c 100644
index 2beb9b0..7171aaa 100644
--- a/config/cloud.cfg.tmpl
+++ b/config/cloud.cfg.tmpl
@@ -121,6 +121,8 @@ cloud_final_modules:
@@ -135,6 +135,8 @@ cloud_final_modules:
- chef
- mcollective
{% endif %}
- salt-minion
+ - reset_rmc
+ - refresh_rmc_and_interface
@ -370,7 +368,7 @@ index 87c37ba..52a259c 100644
- scripts-per-once
diff --git a/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py b/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py
new file mode 100644
index 0000000..0c35710
index 0000000..e13b779
--- /dev/null
+++ b/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py
@@ -0,0 +1,109 @@
@ -452,7 +450,7 @@ index 0000000..0c35710
+ @mock.patch(MPATH + '.disable_ipv6')
+ @mock.patch(MPATH + '.refresh_ipv6')
+ @mock.patch(MPATH + '.netinfo.netdev_info')
+ @mock.patch(MPATH + '.util.which')
+ @mock.patch(MPATH + '.subp.which')
+ def test_handle(self, m_refresh_rmc,
+ m_netdev_info, m_refresh_ipv6, m_disable_ipv6,
+ m_restart_nm, m_which):
@ -475,7 +473,7 @@ index 0000000..0c35710
+ found = ccrmci.find_ipv6_ifaces()
+ self.assertEqual(['env5'], found)
+
+ @mock.patch(MPATH + '.util.subp')
+ @mock.patch(MPATH + '.subp.subp')
+ def test_refresh_ipv6(self, m_subp):
+ """refresh_ipv6 should ip down and up the interface."""
+ iface = "myeth0"
@ -483,6 +481,16 @@ index 0000000..0c35710
+ m_subp.assert_has_calls([
+ mock.call(['ip', 'link', 'set', iface, 'down']),
+ mock.call(['ip', 'link', 'set', iface, 'up'])])
diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers
index c67db43..802a35b 100644
--- a/tools/.github-cla-signers
+++ b/tools/.github-cla-signers
@@ -1,4 +1,5 @@
AlexBaranowski
+Aman306
beezly
bipinbachhao
BirknerAlex
--
1.8.3.1

58
SOURCES/ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch Normal file
View File

@ -0,0 +1,58 @@
From 8a7d21fa739901bad847294004266dba76c027af Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 1 Dec 2020 15:51:47 +0100
Subject: [PATCH 2/4] Adding BOOTPROTO = dhcp to render sysconfig dhcp6
stateful on RHEL (#685)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 25: Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL (#685)
RH-Commit: [1/1] b7304323096b1e40287950e44cf7aa3cdb4ba99e (eterrell/cloud-init)
RH-Bugzilla: 1859695
BOOTPROTO needs to be set to 'dhcp' on RHEL so NetworkManager can
properly acquire ipv6 address.
rhbz: #1859695
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Co-authored-by: Daniel Watkins <oddbloke@ubuntu.com>
Co-authored-by: Scott Moser <smoser@brickies.net>
---
cloudinit/net/sysconfig.py | 6 ++++++
tests/unittests/test_net.py | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 078636a4..94801a93 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -391,6 +391,12 @@ class Renderer(renderer.Renderer):
# Only IPv6 is DHCP, IPv4 may be static
iface_cfg['BOOTPROTO'] = 'dhcp6'
iface_cfg['DHCLIENT6_MODE'] = 'managed'
+ # only if rhel AND dhcpv6 stateful
+ elif (flavor == 'rhel' and
+ subnet_type == 'ipv6_dhcpv6-stateful'):
+ iface_cfg['BOOTPROTO'] = 'dhcp'
+ iface_cfg['DHCPV6C'] = True
+ iface_cfg['IPV6INIT'] = True
else:
iface_cfg['IPV6INIT'] = True
# Configure network settings using DHCPv6
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index c0337459..bcd261db 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -1359,7 +1359,7 @@ NETWORK_CONFIGS = {
},
'expected_sysconfig_rhel': {
'ifcfg-iface0': textwrap.dedent("""\
- BOOTPROTO=none
+ BOOTPROTO=dhcp
DEVICE=iface0
DHCPV6C=yes
IPV6INIT=yes
--
2.18.4

46
SOURCES/ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch
View File

@ -1,46 +0,0 @@
From 65b26a20b550ae301ca33eafe062a873f53969de Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Wed, 24 Jun 2020 07:34:32 +0200
Subject: [PATCH 3/4] Change from redhat to rhel in systemd generator tmpl
(#450)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200623154034.28563-3-otubo@redhat.com>
Patchwork-id: 97783
O-Subject: [RHEL-8.3.0/RHEL-8.2.1 cloud-init PATCH 2/3] Change from redhat to rhel in systemd generator tmpl (#450)
Bugzilla: 1834173
RH-Acked-by: Cathy Avery <cavery@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
commit 650d53d656b612442773453813d8417b234d3752
Author: Eduardo Otubo <otubo@redhat.com>
Date: Tue Jun 23 14:41:15 2020 +0200
Change from redhat to rhel in systemd generator tmpl (#450)
The name `redhat' is not used but rather `rhel' to identify the distro.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
systemd/cloud-init-generator.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/systemd/cloud-init-generator.tmpl b/systemd/cloud-init-generator.tmpl
index 45efa24..0773356 100755
--- a/systemd/cloud-init-generator.tmpl
+++ b/systemd/cloud-init-generator.tmpl
@@ -83,7 +83,7 @@ default() {
check_for_datasource() {
local ds_rc=""
-{% if variant in ["redhat", "fedora", "centos"] %}
+{% if variant in ["rhel", "fedora", "centos"] %}
local dsidentify="/usr/libexec/cloud-init/ds-identify"
{% else %}
local dsidentify="/usr/lib/cloud-init/ds-identify"
--
1.8.3.1

47
SOURCES/ci-Changing-notation-of-subp-call.patch
View File

@ -1,47 +0,0 @@
From d210f4b6c23d2739f76f9ab348090bcf350c5177 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 31 Aug 2020 09:44:05 +0200
Subject: [PATCH] Changing notation of subp call
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200824142252.16298-1-otubo@redhat.com>
Patchwork-id: 98215
O-Subject: [RHEL-7.9.z/RHEL-8.2.1/RHEL-8.3.0 cloud-init PATCH] Changing notation of subp call
Bugzilla: 1839662
RH-Acked-by: Cathy Avery <cavery@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
The previous patch was applied upstream on top of a refactoring that moves subp
to its own module (3c551f6e, Move subp into its own module. (#416), release
20.2).
Downstream we're not there yet, in order to avoid applying the above
commit and add a huge refactoring, I'll just change this call and we can
benefit of this changes in a future rebase.
x-downstream-only: yes
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/sources/helpers/vmware/imc/guestcust_util.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
index a270d9f..816f52e 100644
--- a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
+++ b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
@@ -136,8 +136,8 @@ def get_tools_config(section, key, defaultVal):
cmd = ['vmware-toolbox-cmd', 'config', 'get', section, key]
try:
- (outText, _) = subp.subp(cmd)
- except subp.ProcessExecutionError as e:
+ (outText, _) = util.subp(cmd)
+ except util.ProcessExecutionError as e:
if e.exit_code == 69:
logger.debug(
"vmware-toolbox-cmd returned 69 (unavailable) for cmd: %s."
--
1.8.3.1

115
SOURCES/ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch
View File

@ -1,115 +0,0 @@
From 94753da021d0849f4858e2c2cb98b3276842b665 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 24 Aug 2020 15:34:24 +0200
Subject: [PATCH 1/5] DHCP sandboxing failing on noexec mounted /var/tmp (#521)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 1: DHCP sandboxing failing on noexec mounted /var/tmp (#521)
RH-Commit: [1/1] 4971d742aa1de27dff61b07ef9d6d478c0889ded (eterrell/cloud-init)
RH-Bugzilla: 1879989
commit db86753f81af73826158c9522f2521f210300e2b
Author: Eduardo Otubo <otubo@redhat.com>
Date: Mon Aug 24 15:34:24 2020 +0200
DHCP sandboxing failing on noexec mounted /var/tmp (#521)
* DHCP sandboxing failing on noexec mounted /var/tmp
If /var/tmp is mounted with noexec option the DHCP sandboxing will fail
with Permission Denied. This patch simply avoids this error by checking
the exec permission updating the dhcp path in negative case.
rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1879989
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
* Replacing with os.* calls
* Adding test and removing isfile() useless call.
Co-authored-by: Rick Harding <rharding@mitechie.com>
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/net/dhcp.py | 6 ++++++
cloudinit/net/tests/test_dhcp.py | 46 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+)
diff --git a/cloudinit/net/dhcp.py b/cloudinit/net/dhcp.py
index c033cc8..841e72e 100644
--- a/cloudinit/net/dhcp.py
+++ b/cloudinit/net/dhcp.py
@@ -215,6 +215,12 @@ def dhcp_discovery(dhclient_cmd_path, interface, cleandir):
pid_file = os.path.join(cleandir, 'dhclient.pid')
lease_file = os.path.join(cleandir, 'dhcp.leases')
+ # In some cases files in /var/tmp may not be executable, launching dhclient
+ # from there will certainly raise 'Permission denied' error. Try launching
+ # the original dhclient instead.
+ if not os.access(sandbox_dhclient_cmd, os.X_OK):
+ sandbox_dhclient_cmd = dhclient_cmd_path
+
# ISC dhclient needs the interface up to send initial discovery packets.
# Generally dhclient relies on dhclient-script PREINIT action to bring the
# link up before attempting discovery. Since we are using -sf /bin/true,
diff --git a/cloudinit/net/tests/test_dhcp.py b/cloudinit/net/tests/test_dhcp.py
index c3fa1e0..08e2cfb 100644
--- a/cloudinit/net/tests/test_dhcp.py
+++ b/cloudinit/net/tests/test_dhcp.py
@@ -406,6 +406,52 @@ class TestDHCPDiscoveryClean(CiTestCase):
'eth9', '-sf', '/bin/true'], capture=True)])
m_kill.assert_has_calls([mock.call(my_pid, signal.SIGKILL)])
+ @mock.patch('cloudinit.net.dhcp.util.get_proc_ppid')
+ @mock.patch('cloudinit.net.dhcp.os.kill')
+ @mock.patch('cloudinit.net.dhcp.subp.subp')
+ def test_dhcp_discovery_outside_sandbox(self, m_subp, m_kill, m_getppid):
+ """dhcp_discovery brings up the interface and runs dhclient.
+
+ It also returns the parsed dhcp.leases file generated in the sandbox.
+ """
+ m_subp.return_value = ('', '')
+ tmpdir = self.tmp_dir()
+ dhclient_script = os.path.join(tmpdir, 'dhclient.orig')
+ script_content = '#!/bin/bash\necho fake-dhclient'
+ write_file(dhclient_script, script_content, mode=0o755)
+ lease_content = dedent("""
+ lease {
+ interface "eth9";
+ fixed-address 192.168.2.74;
+ option subnet-mask 255.255.255.0;
+ option routers 192.168.2.1;
+ }
+ """)
+ lease_file = os.path.join(tmpdir, 'dhcp.leases')
+ write_file(lease_file, lease_content)
+ pid_file = os.path.join(tmpdir, 'dhclient.pid')
+ my_pid = 1
+ write_file(pid_file, "%d\n" % my_pid)
+ m_getppid.return_value = 1 # Indicate that dhclient has daemonized
+
+ with mock.patch('os.access', return_value=False):
+ self.assertCountEqual(
+ [{'interface': 'eth9', 'fixed-address': '192.168.2.74',
+ 'subnet-mask': '255.255.255.0', 'routers': '192.168.2.1'}],
+ dhcp_discovery(dhclient_script, 'eth9', tmpdir))
+ # dhclient script got copied
+ with open(os.path.join(tmpdir, 'dhclient.orig')) as stream:
+ self.assertEqual(script_content, stream.read())
+ # Interface was brought up before dhclient called from sandbox
+ m_subp.assert_has_calls([
+ mock.call(
+ ['ip', 'link', 'set', 'dev', 'eth9', 'up'], capture=True),
+ mock.call(
+ [os.path.join(tmpdir, 'dhclient.orig'), '-1', '-v', '-lf',
+ lease_file, '-pf', os.path.join(tmpdir, 'dhclient.pid'),
+ 'eth9', '-sf', '/bin/true'], capture=True)])
+ m_kill.assert_has_calls([mock.call(my_pid, signal.SIGKILL)])
+
class TestSystemdParseLeases(CiTestCase):
--
1.8.3.1

21
SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch
View File

@ -1,12 +1,13 @@
From 5691fd1ce3eb430c8da19538b5988eba7da6d2be Mon Sep 17 00:00:00 2001
From bcbd6be99d8317793aff905c4222c351a1bf5c46 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Thu, 21 Jan 2021 09:57:53 +0100
Subject: [PATCH] DataSourceAzure: update password for defuser if exists (#671)
Date: Thu, 21 Jan 2021 10:08:49 +0100
Subject: [PATCH 1/2] DataSourceAzure: update password for defuser if exists
(#671)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 36: DataSourceAzure: update password for defuser if exists (#671)
RH-Commit: [1/1] a834a44ca127480512137b4258ff01e993fbee41 (eterrell/cloud-init)
RH-Bugzilla: 1916839
RH-MergeRequest: 37: DataSourceAzure: update password for defuser if exists (#671)
RH-Commit: [1/1] 264092a68a3771cc4ed99dad5b93f7a1433e143a (eterrell/cloud-init)
RH-Bugzilla: 1900892
commit eea754492f074e00b601cf77aa278e3623857c5a
Author: Anh Vo <anhvo@microsoft.com>
@ -28,10 +29,10 @@ Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 6fb889c4..69454c40 100755
index 1c214db9..d4a2d60f 100755
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -1206,7 +1206,7 @@ def read_azure_ovf(contents):
@@ -1231,7 +1231,7 @@ def read_azure_ovf(contents):
if password:
defuser['lock_passwd'] = False
if DEF_PASSWD_REDACTION != password:
@ -41,10 +42,10 @@ index 6fb889c4..69454c40 100755
if defuser:
cfg['system_info'] = {'default_user': defuser}
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
index a809fd87..f141dc6c 100644
index 47e03bd1..2059990a 100644
--- a/tests/unittests/test_datasource/test_azure.py
+++ b/tests/unittests/test_datasource/test_azure.py
@@ -899,6 +899,9 @@ scbus-1 on xpt0 bus 0
@@ -919,6 +919,9 @@ scbus-1 on xpt0 bus 0
crypt.crypt(odata['UserPassword'],
defuser['passwd'][0:pos]))

230
SOURCES/ci-Detect-kernel-version-before-swap-file-creation-428.patch
View File

@ -1,230 +0,0 @@
From 17f972b6fb172fe19d6e115a20664eefdbd3838d Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 24 Aug 2020 15:25:38 +0200
Subject: [PATCH 3/3] Detect kernel version before swap file creation (#428)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200820092042.5418-4-otubo@redhat.com>
Patchwork-id: 98191
O-Subject: [RHEL-8.3.0 cloud-init PATCH 3/3] Detect kernel version before swap file creation (#428)
Bugzilla: 1794664
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
commit b749548a9eb43b34cce64f8688107645411abc8c
Author: Eduardo Otubo <otubo@redhat.com>
Date: Tue Aug 18 23:12:02 2020 +0200
Detect kernel version before swap file creation (#428)
According to man page `man 8 swapon', "Preallocated swap files are
supported on XFS since Linux 4.18". This patch checks for kernel version
before attepting to create swapfile, using dd for XFS only on kernel
versions <= 4.18 or btrfs.
Add new func util.kernel_version which returns a tuple of ints (major, minor)
Signed-off-by: Eduardo Otubo otubo@redhat.com
Signed-off-by: Eduardo Otubo otubo@redhat.com
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/config/cc_mounts.py | 8 +-
cloudinit/util.py | 4 +
.../unittests/test_handler/test_handler_mounts.py | 107 +++++++++++++++++++++
tests/unittests/test_util.py | 15 +++
4 files changed, 131 insertions(+), 3 deletions(-)
diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py
index 0573026..e1c43e3 100644
--- a/cloudinit/config/cc_mounts.py
+++ b/cloudinit/config/cc_mounts.py
@@ -65,7 +65,7 @@ swap file is created.
from string import whitespace
import logging
-import os.path
+import os
import re
from cloudinit import type_utils
@@ -249,7 +249,8 @@ def create_swapfile(fname, size):
fstype = util.get_mount_info(swap_dir)[1]
- if fstype in ("xfs", "btrfs"):
+ if (fstype == "xfs" and
+ util.kernel_version() < (4, 18)) or fstype == "btrfs":
create_swap(fname, size, "dd")
else:
try:
@@ -259,7 +260,8 @@ def create_swapfile(fname, size):
LOG.warning("Will attempt with dd.")
create_swap(fname, size, "dd")
- util.chmod(fname, 0o600)
+ if os.path.exists(fname):
+ util.chmod(fname, 0o600)
try:
util.subp(['mkswap', fname])
except util.ProcessExecutionError:
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 5d51ba8..ad89376 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -79,6 +79,10 @@ CONTAINER_TESTS = (['systemd-detect-virt', '--quiet', '--container'],
['lxc-is-container'])
+def kernel_version():
+ return tuple(map(int, os.uname().release.split('.')[:2]))
+
+
@lru_cache()
def get_architecture(target=None):
out, _ = subp(['dpkg', '--print-architecture'], capture=True,
diff --git a/tests/unittests/test_handler/test_handler_mounts.py b/tests/unittests/test_handler/test_handler_mounts.py
index 7bcefa0..27bcc6f 100644
--- a/tests/unittests/test_handler/test_handler_mounts.py
+++ b/tests/unittests/test_handler/test_handler_mounts.py
@@ -132,6 +132,113 @@ class TestSanitizeDevname(test_helpers.FilesystemMockingTestCase):
'ephemeral0.1', lambda x: disk_path, mock.Mock()))
+class TestSwapFileCreation(test_helpers.FilesystemMockingTestCase):
+
+ def setUp(self):
+ super(TestSwapFileCreation, self).setUp()
+ self.new_root = self.tmp_dir()
+ self.patchOS(self.new_root)
+
+ self.fstab_path = os.path.join(self.new_root, 'etc/fstab')
+ self.swap_path = os.path.join(self.new_root, 'swap.img')
+ self._makedirs('/etc')
+
+ self.add_patch('cloudinit.config.cc_mounts.FSTAB_PATH',
+ 'mock_fstab_path',
+ self.fstab_path,
+ autospec=False)
+
+ self.add_patch('cloudinit.config.cc_mounts.subp.subp',
+ 'm_subp_subp')
+
+ self.add_patch('cloudinit.config.cc_mounts.util.mounts',
+ 'mock_util_mounts',
+ return_value={
+ '/dev/sda1': {'fstype': 'ext4',
+ 'mountpoint': '/',
+ 'opts': 'rw,relatime,discard'
+ }})
+
+ self.mock_cloud = mock.Mock()
+ self.mock_log = mock.Mock()
+ self.mock_cloud.device_name_to_device = self.device_name_to_device
+
+ self.cc = {
+ 'swap': {
+ 'filename': self.swap_path,
+ 'size': '512',
+ 'maxsize': '512'}}
+
+ def _makedirs(self, directory):
+ directory = os.path.join(self.new_root, directory.lstrip('/'))
+ if not os.path.exists(directory):
+ os.makedirs(directory)
+
+ def device_name_to_device(self, path):
+ if path == 'swap':
+ return self.swap_path
+ else:
+ dev = None
+
+ return dev
+
+ @mock.patch('cloudinit.util.get_mount_info')
+ @mock.patch('cloudinit.util.kernel_version')
+ def test_swap_creation_method_fallocate_on_xfs(self, m_kernel_version,
+ m_get_mount_info):
+ m_kernel_version.return_value = (4, 20)
+ m_get_mount_info.return_value = ["", "xfs"]
+
+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, [])
+ self.m_subp_subp.assert_has_calls([
+ mock.call(['fallocate', '-l', '0M', self.swap_path], capture=True),
+ mock.call(['mkswap', self.swap_path]),
+ mock.call(['swapon', '-a'])])
+
+ @mock.patch('cloudinit.util.get_mount_info')
+ @mock.patch('cloudinit.util.kernel_version')
+ def test_swap_creation_method_xfs(self, m_kernel_version,
+ m_get_mount_info):
+ m_kernel_version.return_value = (3, 18)
+ m_get_mount_info.return_value = ["", "xfs"]
+
+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, [])
+ self.m_subp_subp.assert_has_calls([
+ mock.call(['dd', 'if=/dev/zero',
+ 'of=' + self.swap_path,
+ 'bs=1M', 'count=0'], capture=True),
+ mock.call(['mkswap', self.swap_path]),
+ mock.call(['swapon', '-a'])])
+
+ @mock.patch('cloudinit.util.get_mount_info')
+ @mock.patch('cloudinit.util.kernel_version')
+ def test_swap_creation_method_btrfs(self, m_kernel_version,
+ m_get_mount_info):
+ m_kernel_version.return_value = (4, 20)
+ m_get_mount_info.return_value = ["", "btrfs"]
+
+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, [])
+ self.m_subp_subp.assert_has_calls([
+ mock.call(['dd', 'if=/dev/zero',
+ 'of=' + self.swap_path,
+ 'bs=1M', 'count=0'], capture=True),
+ mock.call(['mkswap', self.swap_path]),
+ mock.call(['swapon', '-a'])])
+
+ @mock.patch('cloudinit.util.get_mount_info')
+ @mock.patch('cloudinit.util.kernel_version')
+ def test_swap_creation_method_ext4(self, m_kernel_version,
+ m_get_mount_info):
+ m_kernel_version.return_value = (5, 14)
+ m_get_mount_info.return_value = ["", "ext4"]
+
+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, [])
+ self.m_subp_subp.assert_has_calls([
+ mock.call(['fallocate', '-l', '0M', self.swap_path], capture=True),
+ mock.call(['mkswap', self.swap_path]),
+ mock.call(['swapon', '-a'])])
+
+
class TestFstabHandling(test_helpers.FilesystemMockingTestCase):
swap_path = '/dev/sdb1'
diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py
index 0e71db8..87dc8dd 100644
--- a/tests/unittests/test_util.py
+++ b/tests/unittests/test_util.py
@@ -1177,4 +1177,19 @@ class TestGetProcEnv(helpers.TestCase):
my_ppid = os.getppid()
self.assertEqual(my_ppid, util.get_proc_ppid(my_pid))
+
+class TestKernelVersion():
+ """test kernel version function"""
+
+ params = [
+ ('5.6.19-300.fc32.x86_64', (5, 6)),
+ ('4.15.0-101-generic', (4, 15)),
+ ('3.10.0-1062.12.1.vz7.131.10', (3, 10)),
+ ('4.18.0-144.el8.x86_64', (4, 18))]
+
+ @mock.patch('os.uname')
+ @pytest.mark.parametrize("uname_release,expected", params)
+ def test_kernel_version(self, m_uname, uname_release, expected):
+ m_uname.return_value.release = uname_release
+ assert expected == util.kernel_version()
# vi: ts=4 expandtab
--
1.8.3.1

164
SOURCES/ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch
View File

@ -1,164 +0,0 @@
From 49e5a49cc007b2a751eea212b4052e92837ebc8a Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 24 Aug 2020 15:25:34 +0200
Subject: [PATCH 1/3] Do not use fallocate in swap file creation on xfs. (#70)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200820092042.5418-2-otubo@redhat.com>
Patchwork-id: 98194
O-Subject: [RHEL-8.3.0 cloud-init PATCH 1/3] Do not use fallocate in swap file creation on xfs. (#70)
Bugzilla: 1794664
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
commit 6603706eec1c39d9d591c8ffa0ef7171b74d84d6
Author: Eduardo Otubo <otubo@redhat.com>
Date: Thu Jan 23 17:41:48 2020 +0100
Do not use fallocate in swap file creation on xfs. (#70)
When creating a swap file on an xfs filesystem, fallocate cannot be used.
Doing so results in failure of swapon and a message like:
swapon: swapfile has holes
The solution here is to maintain a list (currently containing only XFS)
of filesystems where fallocate cannot be used. The, on those fileystems
use the slower but functional 'dd' method.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Co-authored-by: Adam Dobrawy <naczelnik@jawnosc.tk>
Co-authored-by: Scott Moser <smoser@brickies.net>
Co-authored-by: Daniel Watkins <daniel@daniel-watkins.co.uk>
LP: #1781781
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/config/cc_mounts.py | 67 ++++++++++++++++------
.../unittests/test_handler/test_handler_mounts.py | 12 ++++
2 files changed, 62 insertions(+), 17 deletions(-)
diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py
index c741c74..4293844 100644
--- a/cloudinit/config/cc_mounts.py
+++ b/cloudinit/config/cc_mounts.py
@@ -223,13 +223,58 @@ def suggested_swapsize(memsize=None, maxsize=None, fsys=None):
return size
+def create_swapfile(fname, size):
+ """Size is in MiB."""
+
+ errmsg = "Failed to create swapfile '%s' of size %dMB via %s: %s"
+
+ def create_swap(fname, size, method):
+ LOG.debug("Creating swapfile in '%s' on fstype '%s' using '%s'",
+ fname, fstype, method)
+
+ if method == "fallocate":
+ cmd = ['fallocate', '-l', '%dM' % size, fname]
+ elif method == "dd":
+ cmd = ['dd', 'if=/dev/zero', 'of=%s' % fname, 'bs=1M',
+ 'count=%d' % size]
+
+ try:
+ util.subp(cmd, capture=True)
+ except util.ProcessExecutionError as e:
+ LOG.warning(errmsg, fname, size, method, e)
+ util.del_file(fname)
+
+ swap_dir = os.path.dirname(fname)
+ util.ensure_dir(swap_dir)
+
+ fstype = util.get_mount_info(swap_dir)[1]
+
+ if fstype in ("xfs", "btrfs"):
+ create_swap(fname, size, "dd")
+ else:
+ try:
+ create_swap(fname, size, "fallocate")
+ except util.ProcessExecutionError as e:
+ LOG.warning(errmsg, fname, size, "dd", e)
+ LOG.warning("Will attempt with dd.")
+ create_swap(fname, size, "dd")
+
+ util.chmod(fname, 0o600)
+ try:
+ util.subp(['mkswap', fname])
+ except util.ProcessExecutionError:
+ util.del_file(fname)
+ raise
+
+
def setup_swapfile(fname, size=None, maxsize=None):
"""
fname: full path string of filename to setup
size: the size to create. set to "auto" for recommended
maxsize: the maximum size
"""
- tdir = os.path.dirname(fname)
+ swap_dir = os.path.dirname(fname)
+ mibsize = str(int(size / (2 ** 20)))
if str(size).lower() == "auto":
try:
memsize = util.read_meminfo()['total']
@@ -237,28 +282,16 @@ def setup_swapfile(fname, size=None, maxsize=None):
LOG.debug("Not creating swap: failed to read meminfo")
return
- util.ensure_dir(tdir)
- size = suggested_swapsize(fsys=tdir, maxsize=maxsize,
+ util.ensure_dir(swap_dir)
+ size = suggested_swapsize(fsys=swap_dir, maxsize=maxsize,
memsize=memsize)
if not size:
LOG.debug("Not creating swap: suggested size was 0")
return
- mbsize = str(int(size / (2 ** 20)))
- msg = "creating swap file '%s' of %sMB" % (fname, mbsize)
- try:
- util.ensure_dir(tdir)
- util.log_time(LOG.debug, msg, func=util.subp,
- args=[['sh', '-c',
- ('rm -f "$1" && umask 0066 && '
- '{ fallocate -l "${2}M" "$1" || '
- 'dd if=/dev/zero "of=$1" bs=1M "count=$2"; } && '
- 'mkswap "$1" || { r=$?; rm -f "$1"; exit $r; }'),
- 'setup_swap', fname, mbsize]])
-
- except Exception as e:
- raise IOError("Failed %s: %s" % (msg, e))
+ util.log_time(LOG.debug, msg="Setting up swap file", func=create_swapfile,
+ args=[fname, mibsize])
return fname
diff --git a/tests/unittests/test_handler/test_handler_mounts.py b/tests/unittests/test_handler/test_handler_mounts.py
index 0fb160b..7bcefa0 100644
--- a/tests/unittests/test_handler/test_handler_mounts.py
+++ b/tests/unittests/test_handler/test_handler_mounts.py
@@ -181,6 +181,18 @@ class TestFstabHandling(test_helpers.FilesystemMockingTestCase):
return dev
+ def test_swap_integrity(self):
+ '''Ensure that the swap file is correctly created and can
+ swapon successfully. Fixing the corner case of:
+ kernel: swapon: swapfile has holes'''
+
+ fstab = '/swap.img swap swap defaults 0 0\n'
+
+ with open(cc_mounts.FSTAB_PATH, 'w') as fd:
+ fd.write(fstab)
+ cc = {'swap': ['filename: /swap.img', 'size: 512', 'maxsize: 512']}
+ cc_mounts.handle(None, cc, self.mock_cloud, self.mock_log, [])
+
def test_fstab_no_swap_device(self):
'''Ensure that cloud-init adds a discovered swap partition
to /etc/fstab.'''
--
1.8.3.1

41
SOURCES/ci-Enable-ssh_deletekeys-by-default.patch
View File

@ -1,41 +0,0 @@
From 251836a62eb3061b8d26177fd5997a96dccec21b Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Thu, 28 May 2020 08:44:06 +0200
Subject: [PATCH 3/4] Enable ssh_deletekeys by default
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200317091705.15715-1-otubo@redhat.com>
Patchwork-id: 94365
O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default
Bugzilla: 1814152
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
The configuration option ssh_deletekeys will trigger the generation
of new ssh keys for every new instance deployed.
x-downstream-only: yes
resolves: rhbz#1814152
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
rhel/cloud.cfg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
index 82e8bf6..9ecba21 100644
--- a/rhel/cloud.cfg
+++ b/rhel/cloud.cfg
@@ -6,7 +6,7 @@ ssh_pwauth: 0
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
resize_rootfs_tmp: /dev
-ssh_deletekeys: 0
+ssh_deletekeys: 1
ssh_genkeytypes: ~
syslog_fix_perms: ~
disable_vmware_customization: false
--
1.8.3.1

98
SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch
View File

@ -1,13 +1,13 @@
From 02924179d423c919d0d46e6149da5bb8d26dd0d5 Mon Sep 17 00:00:00 2001
From 5ded09d5acf4d653fe2cbd54814f53063d265489 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 3 Nov 2020 12:16:37 +0100
Subject: [PATCH 4/5] Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on
Date: Thu, 29 Oct 2020 15:05:42 +0100
Subject: [PATCH 1/3] Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on
static6 (#634)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 17: Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634)
RH-Commit: [1/2] ba604c675f7c54a3e1768945a9ba77918ca4a57b (eterrell/cloud-init)
RH-Bugzilla: 1894015
RH-MergeRequest: 13: [RHEL-8.4.0] Add support for ipv6_autoconf on cloud-init-20.3
RH-Commit: [1/1] 41e61c35893f4487981a1ad31f9f97a9a740b397 (eterrell/cloud-init)
RH-Bugzilla: 1889635
commit b46e4a8cff667c8441622089cf7d57aeb88220cd
Author: Eduardo Otubo <otubo@redhat.com>
@ -40,15 +40,7 @@ Date: Thu Oct 29 15:05:42 2020 +0100
Signed-off-by: Eduardo Otubo otubo@redhat.com
Conflicts:
* The context of the patches are slightly different from upstream since
the there is more code added around the changes. But nothing interfering
on the patches.
* One minor conflict, removed the "flavor == 'rhel'" check because the
commit that introduced this change is after the 19.4 release. No harm
done since this commit is intended to be shipped to RHEL only anyways.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Eduardo Otubo otubo@redhat.com
---
cloudinit/net/network_state.py | 3 +-
cloudinit/net/sysconfig.py | 4 +
@ -58,10 +50,10 @@ Signed-off-by: Eduardo Otubo <otubo@redhat.com>
5 files changed, 115 insertions(+), 2 deletions(-)
diff --git a/cloudinit/net/network_state.py b/cloudinit/net/network_state.py
index f3e8e25..2525fc9 100644
index b2f7d31..d9e7fd5 100644
--- a/cloudinit/net/network_state.py
+++ b/cloudinit/net/network_state.py
@@ -822,7 +822,8 @@ def _normalize_subnet(subnet):
@@ -820,7 +820,8 @@ def _normalize_subnet(subnet):
if subnet.get('type') in ('static', 'static6'):
normal_subnet.update(
@ -72,25 +64,25 @@ index f3e8e25..2525fc9 100644
for r in subnet.get('routes', [])]
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 4b4ed09..4210544 100644
index af093dd..c078898 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -401,6 +401,10 @@ class Renderer(renderer.Renderer):
' because ipv4 subnet-level mtu:%s provided.',
iface_cfg.name, iface_cfg[mtu_key], subnet['mtu'])
iface_cfg[mtu_key] = subnet['mtu']
@@ -451,6 +451,10 @@ class Renderer(renderer.Renderer):
iface_cfg[mtu_key] = subnet['mtu']
else:
iface_cfg[mtu_key] = subnet['mtu']
+
+ if subnet_is_ipv6(subnet):
+ if subnet_is_ipv6(subnet) and flavor == 'rhel':
+ iface_cfg['IPV6_FORCE_ACCEPT_RA'] = False
+ iface_cfg['IPV6_AUTOCONF'] = False
elif subnet_type == 'manual':
# If the subnet has an MTU setting, then ONBOOT=True
# to apply the setting
if flavor == 'suse':
LOG.debug('Unknown subnet type setting "%s"', subnet_type)
diff --git a/cloudinit/sources/helpers/openstack.py b/cloudinit/sources/helpers/openstack.py
index 0778f45..6ef4f90 100644
index 65e020c..3e6365f 100644
--- a/cloudinit/sources/helpers/openstack.py
+++ b/cloudinit/sources/helpers/openstack.py
@@ -592,11 +592,17 @@ def convert_net_json(network_json=None, known_macs=None):
@@ -602,11 +602,17 @@ def convert_net_json(network_json=None, known_macs=None):
elif network['type'] in ['ipv6_slaac', 'ipv6_dhcpv6-stateless',
'ipv6_dhcpv6-stateful']:
subnet.update({'type': network['type']})
@ -110,11 +102,11 @@ index 0778f45..6ef4f90 100644
# Enable accept_ra for stateful and legacy ipv6_dhcp types
if network['type'] in ['ipv6_dhcpv6-stateful', 'ipv6_dhcp']:
diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py
index 4ea4203..b85a333 100644
index 8d7b09c..f9fc3a1 100644
--- a/tests/unittests/test_distros/test_netconfig.py
+++ b/tests/unittests/test_distros/test_netconfig.py
@@ -673,7 +673,9 @@ class TestNetCfgDistroOpensuse(TestNetCfgDistroBase):
IPADDR6=2607:f0d0:1002:0011::2/64
@@ -514,7 +514,9 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase):
DEVICE=eth0
IPV6ADDR=2607:f0d0:1002:0011::2/64
IPV6INIT=yes
+ IPV6_AUTOCONF=no
@ -122,12 +114,12 @@ index 4ea4203..b85a333 100644
+ IPV6_FORCE_ACCEPT_RA=no
NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index 2eedb12..b2b7c4b 100644
index 9985a97..d7a7a65 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -768,7 +768,9 @@ IPADDR6_2=2001:DB10::10/64
@@ -750,7 +750,9 @@ IPADDR=172.19.1.34
IPV6ADDR=2001:DB8::10/64
IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64"
IPV6INIT=yes
@ -136,17 +128,17 @@ index 2eedb12..b2b7c4b 100644
+IPV6_FORCE_ACCEPT_RA=no
NETMASK=255.255.252.0
ONBOOT=yes
STARTMODE=auto
@@ -1016,6 +1018,8 @@ NETWORK_CONFIGS = {
IPADDR6=2001:1::1/64
TYPE=Ethernet
@@ -1022,6 +1024,8 @@ NETWORK_CONFIGS = {
IPADDR=192.168.14.2
IPV6ADDR=2001:1::1/64
IPV6INIT=yes
+ IPV6_AUTOCONF=no
+ IPV6_FORCE_ACCEPT_RA=no
NETMASK=255.255.255.0
ONBOOT=yes
STARTMODE=auto
@@ -1201,6 +1205,33 @@ NETWORK_CONFIGS = {
TYPE=Ethernet
@@ -1247,6 +1251,33 @@ NETWORK_CONFIGS = {
"""),
},
},
@ -180,8 +172,8 @@ index 2eedb12..b2b7c4b 100644
'dhcpv6_stateless': {
'expected_eni': textwrap.dedent("""\
auto lo
@@ -1507,6 +1538,8 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
IPADDR6=2001:1::1/64
@@ -1636,6 +1667,8 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
IPADDR=192.168.14.2
IPV6ADDR=2001:1::1/64
IPV6INIT=yes
+ IPV6_AUTOCONF=no
@ -189,8 +181,8 @@ index 2eedb12..b2b7c4b 100644
IPV6_DEFAULTGW=2001:4800:78ff:1b::1
MACADDR=bb:bb:bb:bb:bb:aa
NETMASK=255.255.255.0
@@ -2067,6 +2100,8 @@ iface bond0 inet6 static
IPADDR6=2001:1::1/92
@@ -2158,6 +2191,8 @@ iface bond0 inet6 static
IPADDR1=192.168.1.2
IPV6ADDR=2001:1::1/92
IPV6INIT=yes
+ IPV6_AUTOCONF=no
@ -198,8 +190,8 @@ index 2eedb12..b2b7c4b 100644
MTU=9000
NETMASK=255.255.255.0
NETMASK1=255.255.255.0
@@ -2154,6 +2189,8 @@ iface bond0 inet6 static
IPADDR6=2001:1::bbbb/96
@@ -2259,6 +2294,8 @@ iface bond0 inet6 static
IPADDR1=192.168.1.2
IPV6ADDR=2001:1::bbbb/96
IPV6INIT=yes
+ IPV6_AUTOCONF=no
@ -207,27 +199,27 @@ index 2eedb12..b2b7c4b 100644
IPV6_DEFAULTGW=2001:1::1
MTU=2222
NETMASK=255.255.255.0
@@ -2213,6 +2250,9 @@ iface bond0 inet6 static
IPADDR6=2001:1::100/96
@@ -2341,6 +2378,9 @@ iface bond0 inet6 static
HWADDR=52:54:00:12:34:00
IPV6ADDR=2001:1::100/96
IPV6INIT=yes
+ IPV6_AUTOCONF=no
+ IPV6_FORCE_ACCEPT_RA=no
+ NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -2226,6 +2266,9 @@ iface bond0 inet6 static
IPADDR6=2001:1::101/96
USERCTL=no
@@ -2352,6 +2392,9 @@ iface bond0 inet6 static
HWADDR=52:54:00:12:34:01
IPV6ADDR=2001:1::101/96
IPV6INIT=yes
+ IPV6_AUTOCONF=no
+ IPV6_FORCE_ACCEPT_RA=no
+ NM_CONTROLLED=no
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
@@ -3015,6 +3058,61 @@ USERCTL=no
USERCTL=no
@@ -3151,6 +3194,61 @@ USERCTL=no
self._compare_files_to_expected(entry[self.expected_name], found)
self._assert_headers(found)
@ -289,8 +281,8 @@ index 2eedb12..b2b7c4b 100644
def test_dhcpv6_reject_ra_config_v2(self):
entry = NETWORK_CONFIGS['dhcpv6_reject_ra']
found = self._render_and_read(network_config=yaml.load(
@@ -3133,6 +3231,8 @@ USERCTL=no
IPADDR6=2001:db8::100/32
@@ -3268,6 +3366,8 @@ USERCTL=no
IPADDR=192.168.42.100
IPV6ADDR=2001:db8::100/32
IPV6INIT=yes
+ IPV6_AUTOCONF=no

61
SOURCES/ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch Normal file
View File

@ -0,0 +1,61 @@
From d3889c4645a1319c3d677006164b618ee53f4c8b Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 7 Dec 2020 14:23:22 +0100
Subject: [PATCH 3/4] Fix unit failure of cloud-final.service if NetworkManager
was not present.
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 27: Fix unit failure of cloud-final.service if NetworkManager was not present.
RH-Commit: [1/1] 3c65a2cca140fff48df1ef32919e3cb035506a2b (eterrell/cloud-init)
RH-Bugzilla: 1898943
cloud-final.service would fail if NetworkManager was not installed.
journal -u cloud-final.service would show:
cloud-init[5328]: Cloud-init v. 19.4 finished at ...
echo[5346]: try restart NetworkManager.service
systemctl[5349]: Failed to reload-or-try-restart
NetworkManager.service: Unit not found.
systemd[1]: cloud-final.service: control process exited,
code=exited status=5
systemd[1]: Failed to start Execute cloud user/final scripts.
systemd[1]: Unit cloud-final.service entered failed state.
systemd[1]: cloud-final.service failed.
The change here is to only attempt to restart NetworkManager if it is
present, and its SubState is 'running'.
The multi-line shell in a systemd unit is less than ideal, but I'm not
aware of any other way of conditionally doing this.
Note that both of 'try-reload-or-restart' and 'reload-or-try-restart'
will fail if the service is not present. So this would also affect rhel
8 systems that do not use NetworkManager.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
rhel/systemd/cloud-final.service | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service
index 05add077..e281c0cf 100644
--- a/rhel/systemd/cloud-final.service
+++ b/rhel/systemd/cloud-final.service
@@ -11,8 +11,11 @@ ExecStart=/usr/bin/cloud-init modules --mode=final
RemainAfterExit=yes
TimeoutSec=0
KillMode=process
-ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service"
-ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service
+# Restart NetworkManager if it is present and running.
+ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \
+ out=$(systemctl show --property=SubState $u) || exit; \
+ [ "$out" = "SubState=running" ] || exit 0; \
+ systemctl reload-or-try-restart $u'
# Output needs to appear in instance console output
StandardOutput=journal+console
--
2.18.4

40
SOURCES/ci-Make-cloud-init.service-execute-after-network-is-up.patch
View File

@ -1,40 +0,0 @@
From 301b1770d3e2580c3ee168261a9a97d143cc5f59 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 1 Jun 2020 11:58:06 +0200
Subject: [PATCH] Make cloud-init.service execute after network is up
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200526090804.2047-1-otubo@redhat.com>
Patchwork-id: 96809
O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up
Bugzilla: 1803928
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
cloud-init.service needs to wait until network is fully up before
continuing executing and configuring its service.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
x-downstream-only: yes
Resolves: rhbz#1831646
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
rhel/systemd/cloud-init.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service
index d0023a0..0b3d796 100644
--- a/rhel/systemd/cloud-init.service
+++ b/rhel/systemd/cloud-init.service
@@ -5,6 +5,7 @@ Wants=sshd-keygen.service
Wants=sshd.service
After=cloud-init-local.service
After=NetworkManager.service network.service
+After=NetworkManager-wait-online.service
Before=network-online.target
Before=sshd-keygen.service
Before=sshd.service
--
1.8.3.1

49
SOURCES/ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch Normal file
View File

@ -0,0 +1,49 @@
From 15852ea6958c18e3830aa9244b36cd0decc93b95 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Thu, 7 Jan 2021 16:51:30 +0100
Subject: [PATCH] Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful
on RHEL (#753)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 29: Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful on RHEL (#753)
RH-Commit: [1/1] 46943f83071d243bcc61f9d987b4fe7d9cf98596 (eterrell/cloud-init)
RH-Bugzilla: 1859695
IPV6_AUTOCONF needs to be set to 'no' on RHEL so NetworkManager can
properly acquire ipv6 address.
rhbz: #1859695
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/net/sysconfig.py | 1 +
tests/unittests/test_net.py | 1 +
2 files changed, 2 insertions(+)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 94801a93..1793977d 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -397,6 +397,7 @@ class Renderer(renderer.Renderer):
iface_cfg['BOOTPROTO'] = 'dhcp'
iface_cfg['DHCPV6C'] = True
iface_cfg['IPV6INIT'] = True
+ iface_cfg['IPV6_AUTOCONF'] = False
else:
iface_cfg['IPV6INIT'] = True
# Configure network settings using DHCPv6
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index bcd261db..844d5ba8 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -1363,6 +1363,7 @@ NETWORK_CONFIGS = {
DEVICE=iface0
DHCPV6C=yes
IPV6INIT=yes
+ IPV6_AUTOCONF=no
IPV6_FORCE_ACCEPT_RA=yes
DEVICE=iface0
NM_CONTROLLED=no
--
2.18.4

52
SOURCES/ci-Remove-race-condition-between-cloud-init-and-Network.patch
View File

@ -1,52 +0,0 @@
From 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Thu, 28 May 2020 08:44:08 +0200
Subject: [PATCH 4/4] Remove race condition between cloud-init and
NetworkManager
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200327121911.17699-1-otubo@redhat.com>
Patchwork-id: 94453
O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager
Bugzilla: 1840648
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Cathy Avery <cavery@redhat.com>
cloud-init service is set to start before NetworkManager service starts,
but this does not avoid a race condition between them. NetworkManager
starts before cloud-init can write `dns=none' to the file:
/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager
doesn't read the configuration and erases all resolv.conf values upon
shutdown. On the next reboot neither cloud-init or NetworkManager will
write anything to resolv.conf, leaving it blank.
This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init
start up so it won't erase resolv.conf upon first shutdown.
x-downstream-only: yes
Signed-off-by: Eduardo Otubo otubo@redhat.com
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
rhel/systemd/cloud-final.service | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service
index f303483..05add07 100644
--- a/rhel/systemd/cloud-final.service
+++ b/rhel/systemd/cloud-final.service
@@ -11,8 +11,8 @@ ExecStart=/usr/bin/cloud-init modules --mode=final
RemainAfterExit=yes
TimeoutSec=0
KillMode=process
-ExecStartPost=/bin/echo "try restart NetworkManager.service"
-ExecStartPost=/usr/bin/systemctl try-restart NetworkManager.service
+ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service"
+ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service
# Output needs to appear in instance console output
StandardOutput=journal+console
--
1.8.3.1

80
SOURCES/ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch Normal file
View File

@ -0,0 +1,80 @@
From 4dde2a9bed58aba13c730bf4a7314b21038d7a31 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 25 Jan 2021 16:24:29 +0100
Subject: [PATCH 2/2] Revert "ssh_util: handle non-default AuthorizedKeysFile
config (#586)" (#775)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 38: Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" (#775)
RH-Commit: [1/1] aec2860c773ad1921f3949dc622543e81860c5bf (eterrell/cloud-init)
RH-Bugzilla: 1919972
commit cdc5b81f33aee0ed3ef1ae239e5cec1906d0178a
Author: Daniel Watkins <oddbloke@ubuntu.com>
Date: Tue Jan 19 12:23:23 2021 -0500
Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" (#775)
This reverts commit b0e73814db4027dba0b7dc0282e295b7f653325c.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/ssh_util.py | 6 +++---
tests/unittests/test_sshutil.py | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index d5113996..c08042d6 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -262,13 +262,13 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG):
except (IOError, OSError):
# Give up and use a default key filename
- auth_key_fns.append(default_authorizedkeys_file)
+ auth_key_fns[0] = default_authorizedkeys_file
util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in SSH "
"config from %r, using 'AuthorizedKeysFile' file "
"%r instead", DEF_SSHD_CFG, auth_key_fns[0])
- # always store all the keys in the first file configured on sshd_config
- return (auth_key_fns[0], parse_authorized_keys(auth_key_fns))
+ # always store all the keys in the user's private file
+ return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns))
def setup_user_keys(keys, username, options=None):
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
index 88a111e3..fd1d1bac 100644
--- a/tests/unittests/test_sshutil.py
+++ b/tests/unittests/test_sshutil.py
@@ -593,7 +593,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
fpw.pw_name, sshd_config)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
- self.assertEqual(authorized_keys, auth_key_fn)
+ self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
@@ -610,7 +610,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
sshd_config = self.tmp_path('sshd_config')
util.write_file(
sshd_config,
- "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys)
+ "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys)
)
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
@@ -618,7 +618,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
- self.assertEqual(user_keys, auth_key_fn)
+ self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
--
2.18.4

89
SOURCES/ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch
View File

@ -1,89 +0,0 @@
From 07755100b11abd4d429577f9f3f57a2c43592089 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 17 Aug 2020 11:14:45 +0200
Subject: [PATCH 1/2] When tools.conf does not exist, running cmd
"vmware-toolbox-cmd config get deployPkg enable-custom-scripts", the return
code will be EX_UNAVAILABLE(69), on this condition, it should not take it as
error. (#413)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200710094434.9711-1-otubo@redhat.com>
Patchwork-id: 97934
O-Subject: [RHEL-7.9.z/RHEL-8.2.1/RHEL-8.3.0 cloud-init PATCH] When tools.conf does not exist, running cmd "vmware-toolbox-cmd config get deployPkg enable-custom-scripts", the return code will be EX_UNAVAILABLE(69), on this condition, it should not take it as error. (#413)
Bugzilla: 1839662
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
From: chengcheng-chcheng <63850735+chengcheng-chcheng@users.noreply.github.com>
The diff seems slightly different from upstream because of some parts
being in different positions. But the final result is the file patched
guestcust_util.py (within this block) exactly identical to the one
upstream.
Also: Sorry for the commit message being just a Subject and this being
enormous. I kept the original from upstream.
commit c6d09af67626c2f2241c64c10c9e27e8752ba87b
Author: chengcheng-chcheng <63850735+chengcheng-chcheng@users.noreply.github.com>
Date: Wed Jun 10 00:20:47 2020 +0800
When tools.conf does not exist, running cmd "vmware-toolbox-cmd config get deployPkg enable-custom-scripts", the return code will be EX_UNAVAILABLE(69), on this condition, it should not take it as error. (#413)
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
.../sources/helpers/vmware/imc/guestcust_util.py | 33 +++++++++++++---------
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
index 3d369d0..a270d9f 100644
--- a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
+++ b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
@@ -133,23 +133,30 @@ def get_tools_config(section, key, defaultVal):
'vmware-toolbox-cmd not installed, returning default value')
return defaultVal
- retValue = defaultVal
cmd = ['vmware-toolbox-cmd', 'config', 'get', section, key]
try:
- (outText, _) = util.subp(cmd)
- m = re.match(r'([^=]+)=(.*)', outText)
- if m:
- retValue = m.group(2).strip()
- logger.debug("Get tools config: [%s] %s = %s",
- section, key, retValue)
- else:
+ (outText, _) = subp.subp(cmd)
+ except subp.ProcessExecutionError as e:
+ if e.exit_code == 69:
logger.debug(
- "Tools config: [%s] %s is not found, return default value: %s",
- section, key, retValue)
- except util.ProcessExecutionError as e:
- logger.error("Failed running %s[%s]", cmd, e.exit_code)
- logger.exception(e)
+ "vmware-toolbox-cmd returned 69 (unavailable) for cmd: %s."
+ " Return default value: %s", " ".join(cmd), defaultVal)
+ else:
+ logger.error("Failed running %s[%s]", cmd, e.exit_code)
+ logger.exception(e)
+ return defaultVal
+
+ retValue = defaultVal
+ m = re.match(r'([^=]+)=(.*)', outText)
+ if m:
+ retValue = m.group(2).strip()
+ logger.debug("Get tools config: [%s] %s = %s",
+ section, key, retValue)
+ else:
+ logger.debug(
+ "Tools config: [%s] %s is not found, return default value: %s",
+ section, key, retValue)
return retValue
--
1.8.3.1

90
SOURCES/ci-cc_mounts-fix-incorrect-format-specifiers-316.patch
View File

@ -1,90 +0,0 @@
From c3a019b57cade8e6c3963f6bd2c7c15cd67e561c Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Wed, 2 Sep 2020 14:59:06 +0200
Subject: [PATCH] cc_mounts: fix incorrect format specifiers (#316)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200825131749.4989-1-otubo@redhat.com>
Patchwork-id: 98217
O-Subject: [RHEL-8.3.0 cloud-init PATCH] cc_mounts: fix incorrect format specifiers (#316)
Bugzilla: 1794664
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
RH-Acked-by: Cathy Avery <cavery@redhat.com>
Conflicts: Not exactly a conflict, but removed optional notations
"variable: type" and "-> type" from function header create_swapfile() as
it is only available on Python >= 3.5 and this patch is for RHEL-7.9
only (Python 2.*). The rest of the cherry-pick was clean.
commit 9d7b35ce23aaf8741dd49b16e359c96591be3c76
Author: Daniel Watkins <oddbloke@ubuntu.com>
Date: Wed Apr 15 16:53:08 2020 -0400
cc_mounts: fix incorrect format specifiers (#316)
LP: #1872836
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/config/cc_mounts.py | 6 +++---
cloudinit/config/tests/test_mounts.py | 22 ++++++++++++++++++++++
2 files changed, 25 insertions(+), 3 deletions(-)
create mode 100644 cloudinit/config/tests/test_mounts.py
diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py
index e1c43e3..55b6770 100644
--- a/cloudinit/config/cc_mounts.py
+++ b/cloudinit/config/cc_mounts.py
@@ -226,17 +226,17 @@ def suggested_swapsize(memsize=None, maxsize=None, fsys=None):
def create_swapfile(fname, size):
"""Size is in MiB."""
- errmsg = "Failed to create swapfile '%s' of size %dMB via %s: %s"
+ errmsg = "Failed to create swapfile '%s' of size %sMB via %s: %s"
def create_swap(fname, size, method):
LOG.debug("Creating swapfile in '%s' on fstype '%s' using '%s'",
fname, fstype, method)
if method == "fallocate":
- cmd = ['fallocate', '-l', '%dM' % size, fname]
+ cmd = ['fallocate', '-l', '%sM' % size, fname]
elif method == "dd":
cmd = ['dd', 'if=/dev/zero', 'of=%s' % fname, 'bs=1M',
- 'count=%d' % size]
+ 'count=%s' % size]
try:
util.subp(cmd, capture=True)
diff --git a/cloudinit/config/tests/test_mounts.py b/cloudinit/config/tests/test_mounts.py
new file mode 100644
index 0000000..c7dad61
--- /dev/null
+++ b/cloudinit/config/tests/test_mounts.py
@@ -0,0 +1,22 @@
+# This file is part of cloud-init. See LICENSE file for license information.
+from unittest import mock
+
+from cloudinit.config.cc_mounts import create_swapfile
+
+
+M_PATH = 'cloudinit.config.cc_mounts.'
+
+
+class TestCreateSwapfile:
+
+ @mock.patch(M_PATH + 'util.subp')
+ def test_happy_path(self, m_subp, tmpdir):
+ swap_file = tmpdir.join("swap-file")
+ fname = str(swap_file)
+
+ # Some of the calls to util.subp should create the swap file; this
+ # roughly approximates that
+ m_subp.side_effect = lambda *args, **kwargs: swap_file.write('')
+
+ create_swapfile(fname, '')
+ assert mock.call(['mkswap', fname]) in m_subp.call_args_list
--
1.8.3.1

42
SOURCES/ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch
View File

@ -1,42 +0,0 @@
From e7a0cd9aa71dfd7715eca4b393db0aa348e05f8f Mon Sep 17 00:00:00 2001
From: jmaloy <jmaloy@redhat.com>
Date: Thu, 28 May 2020 08:43:58 +0200
Subject: [PATCH 1/4] cc_set_password: increase random pwlength from 9 to 20
(#189)
RH-Author: jmaloy <jmaloy@redhat.com>
Message-id: <20200313015002.3297-2-jmaloy@redhat.com>
Patchwork-id: 94253
O-Subject: [RHEL-8.2 cloud-init PATCH 1/1] cc_set_password: increase random pwlength from 9 to 20 (#189)
Bugzilla: 1812171
RH-Acked-by: Eduardo Otubo <eterrell@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
From: Ryan Harper <ryan.harper@canonical.com>
Increasing the bits of security from 52 to 115.
LP: #1860795
(cherry picked from commit 42788bf24a1a0a5421a2d00a7f59b59e38ba1a14)
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/config/cc_set_passwords.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
index c3c5b0f..0742234 100755
--- a/cloudinit/config/cc_set_passwords.py
+++ b/cloudinit/config/cc_set_passwords.py
@@ -236,7 +236,7 @@ def handle(_name, cfg, cloud, log, args):
raise errors[-1]
-def rand_user_password(pwlen=9):
+def rand_user_password(pwlen=20):
return util.rand_str(pwlen, select_from=PW_SET)
--
1.8.3.1

46
SOURCES/ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch
View File

@ -1,46 +0,0 @@
From f67f56e85c0fdb1c94527a6a1795bbacd2e6fdb0 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Wed, 24 Jun 2020 07:34:34 +0200
Subject: [PATCH 4/4] cloud-init.service.tmpl: use "rhel" instead of "redhat"
(#452)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200623154034.28563-4-otubo@redhat.com>
Patchwork-id: 97784
O-Subject: [RHEL-8.3.0/RHEL-8.2.1 cloud-init PATCH 3/3] cloud-init.service.tmpl: use "rhel" instead of "redhat" (#452)
Bugzilla: 1834173
RH-Acked-by: Cathy Avery <cavery@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
From: Daniel Watkins <oddbloke@ubuntu.com>
commit ddc4c2de1b1e716b31384af92f5356bfc6136944
Author: Daniel Watkins <oddbloke@ubuntu.com>
Date: Tue Jun 23 09:43:04 2020 -0400
cloud-init.service.tmpl: use "rhel" instead of "redhat" (#452)
We use "rhel" consistently everywhere else.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
systemd/cloud-init.service.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl
index 9ad3574..af6d9a8 100644
--- a/systemd/cloud-init.service.tmpl
+++ b/systemd/cloud-init.service.tmpl
@@ -10,7 +10,7 @@ After=systemd-networkd-wait-online.service
{% if variant in ["ubuntu", "unknown", "debian"] %}
After=networking.service
{% endif %}
-{% if variant in ["centos", "fedora", "redhat"] %}
+{% if variant in ["centos", "fedora", "rhel"] %}
After=network.service
After=NetworkManager.service
{% endif %}
--
1.8.3.1

350
SOURCES/ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch
View File

@ -1,350 +0,0 @@
From f6dc3cf39a4884657478a47894ce8a76ec9a72c5 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Wed, 24 Jun 2020 07:34:29 +0200
Subject: [PATCH 1/4] ec2: Do not log IMDSv2 token values, instead use REDACTED
(#219)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200505082940.18316-1-otubo@redhat.com>
Patchwork-id: 96264
O-Subject: [RHEL-7.9/RHEL-8.3 cloud-init PATCH] ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)
Bugzilla: 1822343
RH-Acked-by: Cathy Avery <cavery@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Note: There's no RHEL-8.3/cloud-init-19.4 branch yet, but it should be
queued to be applied on top of it when it's created.
commit 87cd040ed8fe7195cbb357ed3bbf53cd2a81436c
Author: Ryan Harper <ryan.harper@canonical.com>
Date: Wed Feb 19 15:01:09 2020 -0600
ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)
Instead of logging the token values used log the headers and replace the actual
values with the string 'REDACTED'. This allows users to examine cloud-init.log
and see that the IMDSv2 token header is being used but avoids leaving the value
used in the log file itself.
LP: #1863943
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/ec2_utils.py | 12 ++++++++--
cloudinit/sources/DataSourceEc2.py | 35 +++++++++++++++++++----------
cloudinit/url_helper.py | 27 ++++++++++++++++------
tests/unittests/test_datasource/test_ec2.py | 17 ++++++++++++++
4 files changed, 70 insertions(+), 21 deletions(-)
diff --git a/cloudinit/ec2_utils.py b/cloudinit/ec2_utils.py
index 57708c1..34acfe8 100644
--- a/cloudinit/ec2_utils.py
+++ b/cloudinit/ec2_utils.py
@@ -142,7 +142,8 @@ def skip_retry_on_codes(status_codes, _request_args, cause):
def get_instance_userdata(api_version='latest',
metadata_address='http://169.254.169.254',
ssl_details=None, timeout=5, retries=5,
- headers_cb=None, exception_cb=None):
+ headers_cb=None, headers_redact=None,
+ exception_cb=None):
ud_url = url_helper.combine_url(metadata_address, api_version)
ud_url = url_helper.combine_url(ud_url, 'user-data')
user_data = ''
@@ -155,7 +156,8 @@ def get_instance_userdata(api_version='latest',
SKIP_USERDATA_CODES)
response = url_helper.read_file_or_url(
ud_url, ssl_details=ssl_details, timeout=timeout,
- retries=retries, exception_cb=exception_cb, headers_cb=headers_cb)
+ retries=retries, exception_cb=exception_cb, headers_cb=headers_cb,
+ headers_redact=headers_redact)
user_data = response.contents
except url_helper.UrlError as e:
if e.code not in SKIP_USERDATA_CODES:
@@ -169,11 +171,13 @@ def _get_instance_metadata(tree, api_version='latest',
metadata_address='http://169.254.169.254',
ssl_details=None, timeout=5, retries=5,
leaf_decoder=None, headers_cb=None,
+ headers_redact=None,
exception_cb=None):
md_url = url_helper.combine_url(metadata_address, api_version, tree)
caller = functools.partial(
url_helper.read_file_or_url, ssl_details=ssl_details,
timeout=timeout, retries=retries, headers_cb=headers_cb,
+ headers_redact=headers_redact,
exception_cb=exception_cb)
def mcaller(url):
@@ -197,6 +201,7 @@ def get_instance_metadata(api_version='latest',
metadata_address='http://169.254.169.254',
ssl_details=None, timeout=5, retries=5,
leaf_decoder=None, headers_cb=None,
+ headers_redact=None,
exception_cb=None):
# Note, 'meta-data' explicitly has trailing /.
# this is required for CloudStack (LP: #1356855)
@@ -204,6 +209,7 @@ def get_instance_metadata(api_version='latest',
metadata_address=metadata_address,
ssl_details=ssl_details, timeout=timeout,
retries=retries, leaf_decoder=leaf_decoder,
+ headers_redact=headers_redact,
headers_cb=headers_cb,
exception_cb=exception_cb)
@@ -212,12 +218,14 @@ def get_instance_identity(api_version='latest',
metadata_address='http://169.254.169.254',
ssl_details=None, timeout=5, retries=5,
leaf_decoder=None, headers_cb=None,
+ headers_redact=None,
exception_cb=None):
return _get_instance_metadata(tree='dynamic/instance-identity',
api_version=api_version,
metadata_address=metadata_address,
ssl_details=ssl_details, timeout=timeout,
retries=retries, leaf_decoder=leaf_decoder,
+ headers_redact=headers_redact,
headers_cb=headers_cb,
exception_cb=exception_cb)
# vi: ts=4 expandtab
diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
index b9f346a..0f2bfef 100644
--- a/cloudinit/sources/DataSourceEc2.py
+++ b/cloudinit/sources/DataSourceEc2.py
@@ -31,6 +31,9 @@ STRICT_ID_DEFAULT = "warn"
API_TOKEN_ROUTE = 'latest/api/token'
API_TOKEN_DISABLED = '_ec2_disable_api_token'
AWS_TOKEN_TTL_SECONDS = '21600'
+AWS_TOKEN_PUT_HEADER = 'X-aws-ec2-metadata-token'
+AWS_TOKEN_REQ_HEADER = AWS_TOKEN_PUT_HEADER + '-ttl-seconds'
+AWS_TOKEN_REDACT = [AWS_TOKEN_PUT_HEADER, AWS_TOKEN_REQ_HEADER]
class CloudNames(object):
@@ -158,7 +161,8 @@ class DataSourceEc2(sources.DataSource):
for api_ver in self.extended_metadata_versions:
url = url_tmpl.format(self.metadata_address, api_ver)
try:
- resp = uhelp.readurl(url=url, headers=headers)
+ resp = uhelp.readurl(url=url, headers=headers,
+ headers_redact=AWS_TOKEN_REDACT)
except uhelp.UrlError as e:
LOG.debug('url %s raised exception %s', url, e)
else:
@@ -180,6 +184,7 @@ class DataSourceEc2(sources.DataSource):
self.identity = ec2.get_instance_identity(
api_version, self.metadata_address,
headers_cb=self._get_headers,
+ headers_redact=AWS_TOKEN_REDACT,
exception_cb=self._refresh_stale_aws_token_cb).get(
'document', {})
return self.identity.get(
@@ -205,7 +210,8 @@ class DataSourceEc2(sources.DataSource):
LOG.debug('Fetching Ec2 IMDSv2 API Token')
url, response = uhelp.wait_for_url(
urls=urls, max_wait=1, timeout=1, status_cb=self._status_cb,
- headers_cb=self._get_headers, request_method=request_method)
+ headers_cb=self._get_headers, request_method=request_method,
+ headers_redact=AWS_TOKEN_REDACT)
if url and response:
self._api_token = response
@@ -252,7 +258,8 @@ class DataSourceEc2(sources.DataSource):
url, _ = uhelp.wait_for_url(
urls=urls, max_wait=url_params.max_wait_seconds,
timeout=url_params.timeout_seconds, status_cb=LOG.warning,
- headers_cb=self._get_headers, request_method=request_method)
+ headers_redact=AWS_TOKEN_REDACT, headers_cb=self._get_headers,
+ request_method=request_method)
if url:
metadata_address = url2base[url]
@@ -420,6 +427,7 @@ class DataSourceEc2(sources.DataSource):
if not self.wait_for_metadata_service():
return {}
api_version = self.get_metadata_api_version()
+ redact = AWS_TOKEN_REDACT
crawled_metadata = {}
if self.cloud_name == CloudNames.AWS:
exc_cb = self._refresh_stale_aws_token_cb
@@ -429,14 +437,17 @@ class DataSourceEc2(sources.DataSource):
try:
crawled_metadata['user-data'] = ec2.get_instance_userdata(
api_version, self.metadata_address,
- headers_cb=self._get_headers, exception_cb=exc_cb_ud)
+ headers_cb=self._get_headers, headers_redact=redact,
+ exception_cb=exc_cb_ud)
crawled_metadata['meta-data'] = ec2.get_instance_metadata(
api_version, self.metadata_address,
- headers_cb=self._get_headers, exception_cb=exc_cb)
+ headers_cb=self._get_headers, headers_redact=redact,
+ exception_cb=exc_cb)
if self.cloud_name == CloudNames.AWS:
identity = ec2.get_instance_identity(
api_version, self.metadata_address,
- headers_cb=self._get_headers, exception_cb=exc_cb)
+ headers_cb=self._get_headers, headers_redact=redact,
+ exception_cb=exc_cb)
crawled_metadata['dynamic'] = {'instance-identity': identity}
except Exception:
util.logexc(
@@ -455,11 +466,12 @@ class DataSourceEc2(sources.DataSource):
if self.cloud_name != CloudNames.AWS:
return None
LOG.debug("Refreshing Ec2 metadata API token")
- request_header = {'X-aws-ec2-metadata-token-ttl-seconds': seconds}
+ request_header = {AWS_TOKEN_REQ_HEADER: seconds}
token_url = '{}/{}'.format(self.metadata_address, API_TOKEN_ROUTE)
try:
- response = uhelp.readurl(
- token_url, headers=request_header, request_method="PUT")
+ response = uhelp.readurl(token_url, headers=request_header,
+ headers_redact=AWS_TOKEN_REDACT,
+ request_method="PUT")
except uhelp.UrlError as e:
LOG.warning(
'Unable to get API token: %s raised exception %s',
@@ -500,8 +512,7 @@ class DataSourceEc2(sources.DataSource):
API_TOKEN_DISABLED):
return {}
# Request a 6 hour token if URL is API_TOKEN_ROUTE
- request_token_header = {
- 'X-aws-ec2-metadata-token-ttl-seconds': AWS_TOKEN_TTL_SECONDS}
+ request_token_header = {AWS_TOKEN_REQ_HEADER: AWS_TOKEN_TTL_SECONDS}
if API_TOKEN_ROUTE in url:
return request_token_header
if not self._api_token:
@@ -511,7 +522,7 @@ class DataSourceEc2(sources.DataSource):
self._api_token = self._refresh_api_token()
if not self._api_token:
return {}
- return {'X-aws-ec2-metadata-token': self._api_token}
+ return {AWS_TOKEN_PUT_HEADER: self._api_token}
class DataSourceEc2Local(DataSourceEc2):
diff --git a/cloudinit/url_helper.py b/cloudinit/url_helper.py
index 1496a47..3e7de9f 100644
--- a/cloudinit/url_helper.py
+++ b/cloudinit/url_helper.py
@@ -8,6 +8,7 @@
#
# This file is part of cloud-init. See LICENSE file for license information.
+import copy
import json
import os
import requests
@@ -41,6 +42,7 @@ else:
SSL_ENABLED = False
CONFIG_ENABLED = False # This was added in 0.7 (but taken out in >=1.0)
_REQ_VER = None
+REDACTED = 'REDACTED'
try:
from distutils.version import LooseVersion
import pkg_resources
@@ -199,9 +201,9 @@ def _get_ssl_args(url, ssl_details):
def readurl(url, data=None, timeout=None, retries=0, sec_between=1,
- headers=None, headers_cb=None, ssl_details=None,
- check_status=True, allow_redirects=True, exception_cb=None,
- session=None, infinite=False, log_req_resp=True,
+ headers=None, headers_cb=None, headers_redact=None,
+ ssl_details=None, check_status=True, allow_redirects=True,
+ exception_cb=None, session=None, infinite=False, log_req_resp=True,
request_method=None):
"""Wrapper around requests.Session to read the url and retry if necessary
@@ -217,6 +219,7 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1,
:param headers: Optional dict of headers to send during request
:param headers_cb: Optional callable returning a dict of values to send as
headers during request
+ :param headers_redact: Optional list of header names to redact from the log
:param ssl_details: Optional dict providing key_file, ca_certs, and
cert_file keys for use on in ssl connections.
:param check_status: Optional boolean set True to raise when HTTPError
@@ -243,6 +246,8 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1,
req_args['method'] = request_method
if timeout is not None:
req_args['timeout'] = max(float(timeout), 0)
+ if headers_redact is None:
+ headers_redact = []
# It doesn't seem like config
# was added in older library versions (or newer ones either), thus we
# need to manually do the retries if it wasn't...
@@ -287,6 +292,12 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1,
if k == 'data':
continue
filtered_req_args[k] = v
+ if k == 'headers':
+ for hkey, _hval in v.items():
+ if hkey in headers_redact:
+ filtered_req_args[k][hkey] = (
+ copy.deepcopy(req_args[k][hkey]))
+ filtered_req_args[k][hkey] = REDACTED
try:
if log_req_resp:
@@ -339,8 +350,8 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1,
return None # Should throw before this...
-def wait_for_url(urls, max_wait=None, timeout=None,
- status_cb=None, headers_cb=None, sleep_time=1,
+def wait_for_url(urls, max_wait=None, timeout=None, status_cb=None,
+ headers_cb=None, headers_redact=None, sleep_time=1,
exception_cb=None, sleep_time_cb=None, request_method=None):
"""
urls: a list of urls to try
@@ -352,6 +363,7 @@ def wait_for_url(urls, max_wait=None, timeout=None,
status_cb: call method with string message when a url is not available
headers_cb: call method with single argument of url to get headers
for request.
+ headers_redact: a list of header names to redact from the log
exception_cb: call method with 2 arguments 'msg' (per status_cb) and
'exception', the exception that occurred.
sleep_time_cb: call method with 2 arguments (response, loop_n) that
@@ -415,8 +427,9 @@ def wait_for_url(urls, max_wait=None, timeout=None,
headers = {}
response = readurl(
- url, headers=headers, timeout=timeout,
- check_status=False, request_method=request_method)
+ url, headers=headers, headers_redact=headers_redact,
+ timeout=timeout, check_status=False,
+ request_method=request_method)
if not response.contents:
reason = "empty response [%s]" % (response.code)
url_exc = UrlError(ValueError(reason), code=response.code,
diff --git a/tests/unittests/test_datasource/test_ec2.py b/tests/unittests/test_datasource/test_ec2.py
index 34a089f..bd5bd4c 100644
--- a/tests/unittests/test_datasource/test_ec2.py
+++ b/tests/unittests/test_datasource/test_ec2.py
@@ -429,6 +429,23 @@ class TestEc2(test_helpers.HttprettyTestCase):
self.assertTrue(ds.get_data())
self.assertFalse(ds.is_classic_instance())
+ def test_aws_token_redacted(self):
+ """Verify that aws tokens are redacted when logged."""
+ ds = self._setup_ds(
+ platform_data=self.valid_platform_data,
+ sys_cfg={'datasource': {'Ec2': {'strict_id': False}}},
+ md={'md': DEFAULT_METADATA})
+ self.assertTrue(ds.get_data())
+ all_logs = self.logs.getvalue().splitlines()
+ REDACT_TTL = "'X-aws-ec2-metadata-token-ttl-seconds': 'REDACTED'"
+ REDACT_TOK = "'X-aws-ec2-metadata-token': 'REDACTED'"
+ logs_with_redacted_ttl = [log for log in all_logs if REDACT_TTL in log]
+ logs_with_redacted = [log for log in all_logs if REDACT_TOK in log]
+ logs_with_token = [log for log in all_logs if 'API-TOKEN' in log]
+ self.assertEqual(1, len(logs_with_redacted_ttl))
+ self.assertEqual(79, len(logs_with_redacted))
+ self.assertEqual(0, len(logs_with_token))
+
@mock.patch('cloudinit.net.dhcp.maybe_perform_dhcp_discovery')
def test_valid_platform_with_strict_true(self, m_dhcp):
"""Valid platform data should return true with strict_id true."""
--
1.8.3.1

128
SOURCES/ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch
View File

@ -1,128 +0,0 @@
From dc9460f161efce6770f66bb95d60cea6d27df722 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Thu, 25 Jun 2020 08:03:59 +0200
Subject: [PATCH] ec2: only redact token request headers in logs, avoid
altering request (#230)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200624112104.376-1-otubo@redhat.com>
Patchwork-id: 97793
O-Subject: [RHEL-8.3.0 cloud-init PATCH] ec2: only redact token request headers in logs, avoid altering request (#230)
Bugzilla: 1822343
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
RH-Acked-by: Cathy Avery <cavery@redhat.com>
From: Chad Smith <chad.smith@canonical.com>
commit fa1abfec27050a4fb71cad950a17e42f9b43b478
Author: Chad Smith <chad.smith@canonical.com>
Date: Tue Mar 3 15:23:33 2020 -0700
ec2: only redact token request headers in logs, avoid altering request (#230)
Our header redact logic was redacting both logged request headers and
the actual source request. This results in DataSourceEc2 sending the
invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which
gets an HTTP status response of 400.
Cloud-init retries this failed token request for 2 minutes before
falling back to IMDSv1.
LP: #1865882
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/tests/test_url_helper.py | 34 +++++++++++++++++++++++++++++++++-
cloudinit/url_helper.py | 15 ++++++++-------
2 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/cloudinit/tests/test_url_helper.py b/cloudinit/tests/test_url_helper.py
index 1674120..29b3937 100644
--- a/cloudinit/tests/test_url_helper.py
+++ b/cloudinit/tests/test_url_helper.py
@@ -1,7 +1,8 @@
# This file is part of cloud-init. See LICENSE file for license information.
from cloudinit.url_helper import (
- NOT_FOUND, UrlError, oauth_headers, read_file_or_url, retry_on_url_exc)
+ NOT_FOUND, UrlError, REDACTED, oauth_headers, read_file_or_url,
+ retry_on_url_exc)
from cloudinit.tests.helpers import CiTestCase, mock, skipIf
from cloudinit import util
from cloudinit import version
@@ -50,6 +51,9 @@ class TestOAuthHeaders(CiTestCase):
class TestReadFileOrUrl(CiTestCase):
+
+ with_logs = True
+
def test_read_file_or_url_str_from_file(self):
"""Test that str(result.contents) on file is text version of contents.
It should not be "b'data'", but just "'data'" """
@@ -71,6 +75,34 @@ class TestReadFileOrUrl(CiTestCase):
self.assertEqual(result.contents, data)
self.assertEqual(str(result), data.decode('utf-8'))
+ @httpretty.activate
+ def test_read_file_or_url_str_from_url_redacting_headers_from_logs(self):
+ """Headers are redacted from logs but unredacted in requests."""
+ url = 'http://hostname/path'
+ headers = {'sensitive': 'sekret', 'server': 'blah'}
+ httpretty.register_uri(httpretty.GET, url)
+
+ read_file_or_url(url, headers=headers, headers_redact=['sensitive'])
+ logs = self.logs.getvalue()
+ for k in headers.keys():
+ self.assertEqual(headers[k], httpretty.last_request().headers[k])
+ self.assertIn(REDACTED, logs)
+ self.assertNotIn('sekret', logs)
+
+ @httpretty.activate
+ def test_read_file_or_url_str_from_url_redacts_noheaders(self):
+ """When no headers_redact, header values are in logs and requests."""
+ url = 'http://hostname/path'
+ headers = {'sensitive': 'sekret', 'server': 'blah'}
+ httpretty.register_uri(httpretty.GET, url)
+
+ read_file_or_url(url, headers=headers)
+ for k in headers.keys():
+ self.assertEqual(headers[k], httpretty.last_request().headers[k])
+ logs = self.logs.getvalue()
+ self.assertNotIn(REDACTED, logs)
+ self.assertIn('sekret', logs)
+
@mock.patch(M_PATH + 'readurl')
def test_read_file_or_url_passes_params_to_readurl(self, m_readurl):
"""read_file_or_url passes all params through to readurl."""
diff --git a/cloudinit/url_helper.py b/cloudinit/url_helper.py
index 3e7de9f..e6188ea 100644
--- a/cloudinit/url_helper.py
+++ b/cloudinit/url_helper.py
@@ -291,13 +291,14 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1,
for (k, v) in req_args.items():
if k == 'data':
continue
- filtered_req_args[k] = v
- if k == 'headers':
- for hkey, _hval in v.items():
- if hkey in headers_redact:
- filtered_req_args[k][hkey] = (
- copy.deepcopy(req_args[k][hkey]))
- filtered_req_args[k][hkey] = REDACTED
+ if k == 'headers' and headers_redact:
+ matched_headers = [k for k in headers_redact if v.get(k)]
+ if matched_headers:
+ filtered_req_args[k] = copy.deepcopy(v)
+ for key in matched_headers:
+ filtered_req_args[k][key] = REDACTED
+ else:
+ filtered_req_args[k] = v
try:
if log_req_resp:
--
1.8.3.1

53
SOURCES/ci-fix-a-typo-in-man-page-cloud-init.1-752.patch Normal file
View File

@ -0,0 +1,53 @@
From c90d5c11eb99ec25e0fd90585bad9283e60bda7e Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 26 Jan 2021 10:48:55 +0100
Subject: [PATCH] fix a typo in man page cloud-init.1 (#752)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 39: fix a typo in man page cloud-init.1 (#752)
RH-Commit: [1/1] d2f7efbc63a7928ef175ac0714053dba20aab01a (eterrell/cloud-init)
RH-Bugzilla: 1913127
commit 48b2c5f16bd4ef754fef137ea19894908d4bf1db
Author: Amy Chen <66719270+xiachen-rh@users.noreply.github.com>
Date: Wed Jan 6 22:37:02 2021 +0800
fix a typo in man page cloud-init.1 (#752)
1. fix a typo in cloud-init.1
2. add xiachen-rh as contributor
Conflict: We don't really use tools/.github-cla-signers, but had to fix
a tiny conflict of already included names on the file.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
doc/man/cloud-init.1 | 2 +-
tools/.github-cla-signers | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/doc/man/cloud-init.1 b/doc/man/cloud-init.1
index 9b52dc8d..3fde4148 100644
--- a/doc/man/cloud-init.1
+++ b/doc/man/cloud-init.1
@@ -10,7 +10,7 @@ cloud-init \- Cloud instance initialization
Cloud-init provides a mechanism for cloud instance initialization.
This is done by identifying the cloud platform that is in use, reading
provided cloud metadata and optional vendor and user
-data, and then intializing the instance as requested.
+data, and then initializing the instance as requested.
Generally, this command is not normally meant to be run directly by
the user. However, some subcommands may useful for development or
diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers
index 802a35bd..e5d2b95c 100644
--- a/tools/.github-cla-signers
+++ b/tools/.github-cla-signers
@@ -21,3 +21,4 @@ sshedi
TheRealFalcon
tomponline
tsanghan
+xiachen-rh
--
2.18.4

203
SOURCES/ci-net-fix-rendering-of-static6-in-network-config-77.patch
View File

@ -1,203 +0,0 @@
From 3ee8f2f5dde1bb27e682c5985bffe6fb9f9e5e0b Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Thu, 5 Nov 2020 12:42:26 +0100
Subject: [PATCH 5/5] net: fix rendering of 'static6' in network config (#77)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 17: Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634)
RH-Commit: [2/2] 30eb756aceb37761d50c70eb4f684662a11afa3f (eterrell/cloud-init)
RH-Bugzilla: 1894015
commit dacdd30080bd8183d1f1c1dc9dbcbc8448301529
Author: Ryan Harper <ryan.harper@canonical.com>
Date: Wed Jan 8 11:30:17 2020 -0600
net: fix rendering of 'static6' in network config (#77)
* net: fix rendering of 'static6' in network config
A V1 static6 network typo was misrendered in eni, it's not valid.
It was ignored in sysconfig and netplan. This branch fixes eni,
updates sysconfig, netplan to render it correctly and adds unittests
for all cases.
Reported-by: Raphaël Enrici
LP: #1850988
* net: add comment about static6 type in subnet_is_ipv6
Co-authored-by: Chad Smith <blackboxsw@gmail.com>
Co-authored-by: Daniel Watkins <daniel@daniel-watkins.co.uk>
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/net/eni.py | 4 +-
cloudinit/net/netplan.py | 2 +-
cloudinit/net/network_state.py | 2 +-
cloudinit/net/sysconfig.py | 4 +-
tests/unittests/test_distros/test_netconfig.py | 55 +++++++++++++++++++++++++-
5 files changed, 61 insertions(+), 6 deletions(-)
diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py
index 7077106..2f71456 100644
--- a/cloudinit/net/eni.py
+++ b/cloudinit/net/eni.py
@@ -429,7 +429,9 @@ class Renderer(renderer.Renderer):
iface['mode'] = 'auto'
# Use stateless DHCPv6 (0=off, 1=on)
iface['dhcp'] = '0'
- elif subnet_is_ipv6(subnet) and subnet['type'] == 'static':
+ elif subnet_is_ipv6(subnet):
+ # mode might be static6, eni uses 'static'
+ iface['mode'] = 'static'
if accept_ra is not None:
# Accept router advertisements (0=off, 1=on)
iface['accept_ra'] = '1' if accept_ra else '0'
diff --git a/cloudinit/net/netplan.py b/cloudinit/net/netplan.py
index 14d3999..8985527 100644
--- a/cloudinit/net/netplan.py
+++ b/cloudinit/net/netplan.py
@@ -98,7 +98,7 @@ def _extract_addresses(config, entry, ifname, features=None):
entry.update({sn_type: True})
elif sn_type in IPV6_DYNAMIC_TYPES:
entry.update({'dhcp6': True})
- elif sn_type in ['static']:
+ elif sn_type in ['static', 'static6']:
addr = "%s" % subnet.get('address')
if 'prefix' in subnet:
addr += "/%d" % subnet.get('prefix')
diff --git a/cloudinit/net/network_state.py b/cloudinit/net/network_state.py
index 2525fc9..48e5b6e 100644
--- a/cloudinit/net/network_state.py
+++ b/cloudinit/net/network_state.py
@@ -942,7 +942,7 @@ def subnet_is_ipv6(subnet):
# 'static6', 'dhcp6', 'ipv6_dhcpv6-stateful', 'ipv6_dhcpv6-stateless' or
# 'ipv6_slaac'
if subnet['type'].endswith('6') or subnet['type'] in IPV6_DYNAMIC_TYPES:
- # This is a request for DHCPv6.
+ # This is a request either static6 type or DHCPv6.
return True
elif subnet['type'] == 'static' and is_ipv6_addr(subnet.get('address')):
return True
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 4210544..1989d01 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -378,7 +378,7 @@ class Renderer(renderer.Renderer):
iface_cfg['IPV6_AUTOCONF'] = True
elif subnet_type in ['dhcp4', 'dhcp']:
iface_cfg['BOOTPROTO'] = 'dhcp'
- elif subnet_type == 'static':
+ elif subnet_type in ['static', 'static6']:
# grep BOOTPROTO sysconfig.txt -A2 | head -3
# BOOTPROTO=none|bootp|dhcp
# 'bootp' or 'dhcp' cause a DHCP client
@@ -434,7 +434,7 @@ class Renderer(renderer.Renderer):
continue
elif subnet_type in IPV6_DYNAMIC_TYPES:
continue
- elif subnet_type == 'static':
+ elif subnet_type in ['static', 'static6']:
if subnet_is_ipv6(subnet):
ipv6_index = ipv6_index + 1
ipv6_cidr = "%s/%s" % (subnet['address'], subnet['prefix'])
diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py
index b85a333..e277bca 100644
--- a/tests/unittests/test_distros/test_netconfig.py
+++ b/tests/unittests/test_distros/test_netconfig.py
@@ -109,13 +109,31 @@ auto eth1
iface eth1 inet dhcp
"""
+V1_NET_CFG_IPV6_OUTPUT = """\
+# This file is generated from information provided by the datasource. Changes
+# to it will not persist across an instance reboot. To disable cloud-init's
+# network configuration capabilities, write a file
+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
+# network: {config: disabled}
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet6 static
+ address 2607:f0d0:1002:0011::2/64
+ gateway 2607:f0d0:1002:0011::1
+
+auto eth1
+iface eth1 inet dhcp
+"""
+
V1_NET_CFG_IPV6 = {'config': [{'name': 'eth0',
'subnets': [{'address':
'2607:f0d0:1002:0011::2',
'gateway':
'2607:f0d0:1002:0011::1',
'netmask': '64',
- 'type': 'static'}],
+ 'type': 'static6'}],
'type': 'physical'},
{'name': 'eth1',
'subnets': [{'control': 'auto',
@@ -141,6 +159,23 @@ network:
dhcp4: true
"""
+V1_TO_V2_NET_CFG_IPV6_OUTPUT = """\
+# This file is generated from information provided by the datasource. Changes
+# to it will not persist across an instance reboot. To disable cloud-init's
+# network configuration capabilities, write a file
+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
+# network: {config: disabled}
+network:
+ version: 2
+ ethernets:
+ eth0:
+ addresses:
+ - 2607:f0d0:1002:0011::2/64
+ gateway6: 2607:f0d0:1002:0011::1
+ eth1:
+ dhcp4: true
+"""
+
V2_NET_CFG = {
'ethernets': {
'eth7': {
@@ -376,6 +411,14 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
V1_NET_CFG,
expected_cfgs=expected_cfgs.copy())
+ def test_apply_network_config_ipv6_ub(self):
+ expected_cfgs = {
+ self.eni_path(): V1_NET_CFG_IPV6_OUTPUT
+ }
+ self._apply_and_verify_eni(self.distro.apply_network_config,
+ V1_NET_CFG_IPV6,
+ expected_cfgs=expected_cfgs.copy())
+
class TestNetCfgDistroUbuntuNetplan(TestNetCfgDistroBase):
def setUp(self):
@@ -419,6 +462,16 @@ class TestNetCfgDistroUbuntuNetplan(TestNetCfgDistroBase):
V1_NET_CFG,
expected_cfgs=expected_cfgs.copy())
+ def test_apply_network_config_v1_ipv6_to_netplan_ub(self):
+ expected_cfgs = {
+ self.netplan_path(): V1_TO_V2_NET_CFG_IPV6_OUTPUT,
+ }
+
+ # ub_distro.apply_network_config(V1_NET_CFG_IPV6, False)
+ self._apply_and_verify_netplan(self.distro.apply_network_config,
+ V1_NET_CFG_IPV6,
+ expected_cfgs=expected_cfgs.copy())
+
def test_apply_network_config_v2_passthrough_ub(self):
expected_cfgs = {
self.netplan_path(): V2_TO_V2_NET_CFG_OUTPUT,
--
1.8.3.1

85
SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch
View File

@ -1,13 +1,13 @@
From 2f9d58439c94fe00cee951c213f14ace6da73691 Mon Sep 17 00:00:00 2001
From 51a90ecbdf1f3900183d8ec641eeb4571decf6dc Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 15 Sep 2020 18:00:00 +0200
Subject: [PATCH 2/5] network: Fix type and respect name when rendering vlan in
Date: Wed, 4 Nov 2020 12:37:54 +0100
Subject: [PATCH] network: Fix type and respect name when rendering vlan in
sysconfig. (#541)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 10: ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection [rhel-8.3.0.z]
RH-Commit: [1/1] fe8bd8bc184d2391b3f9ac6af80e231649d6019a (eterrell/cloud-init)
RH-Bugzilla: 1890551
RH-MergeRequest: 19: network: Fix type and respect name when rendering vlan in sysconfig. (#541)
RH-Commit: [1/1] 75bea46017397082c5763125a5f35806c2f840e9 (eterrell/cloud-init)
RH-Bugzilla: 1881462
commit 8439b191ec2f336d544cab86dba2860f969cd5b8
Author: Eduardo Otubo <otubo@redhat.com>
@ -29,13 +29,6 @@ Date: Tue Sep 15 18:00:00 2020 +0200
LP: #1826608
RHBZ: #1861871
Conflicts:
* A hunk on cloudinit/net/sysconfig.py could not apply cleanly as it
depends on a verification on the distro flavor, which is not implemented
on cloud-init-19.4.
* Couple of hunks could not apply cleanly on tests/unittests/test_net.py
because the definition of unit test response moved a little bit.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/net/sysconfig.py | 32 +++++++++-
@ -44,10 +37,10 @@ Signed-off-by: Eduardo Otubo <otubo@redhat.com>
3 files changed, 112 insertions(+), 5 deletions(-)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 810b283..4b4ed09 100644
index c078898..078636a 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -95,6 +95,10 @@ class ConfigMap(object):
@@ -99,6 +99,10 @@ class ConfigMap(object):
def __len__(self):
return len(self._conf)
@ -56,9 +49,9 @@ index 810b283..4b4ed09 100644
+ return False
+
def to_string(self):
buf = six.StringIO()
buf = io.StringIO()
buf.write(_make_header())
@@ -102,6 +106,8 @@ class ConfigMap(object):
@@ -106,6 +110,8 @@ class ConfigMap(object):
buf.write("\n")
for key in sorted(self._conf.keys()):
value = self._conf[key]
@ -66,8 +59,8 @@ index 810b283..4b4ed09 100644
+ continue
if isinstance(value, bool):
value = self._bool_map[value]
if not isinstance(value, six.string_types):
@@ -207,6 +213,7 @@ class NetInterface(ConfigMap):
if not isinstance(value, str):
@@ -214,6 +220,7 @@ class NetInterface(ConfigMap):
'bond': 'Bond',
'bridge': 'Bridge',
'infiniband': 'InfiniBand',
@ -75,7 +68,7 @@ index 810b283..4b4ed09 100644
}
def __init__(self, iface_name, base_sysconf_dir, templates,
@@ -260,6 +267,11 @@ class NetInterface(ConfigMap):
@@ -267,6 +274,11 @@ class NetInterface(ConfigMap):
c.routes = self.routes.copy()
return c
@ -87,25 +80,25 @@ index 810b283..4b4ed09 100644
class Renderer(renderer.Renderer):
"""Renders network information in a /etc/sysconfig format."""
@@ -599,7 +611,16 @@ class Renderer(renderer.Renderer):
iface_name = iface['name']
iface_cfg = iface_contents[iface_name]
iface_cfg['VLAN'] = True
- iface_cfg['PHYSDEV'] = iface_name[:iface_name.rfind('.')]
+ iface_cfg.kind = 'vlan'
@@ -701,7 +713,16 @@ class Renderer(renderer.Renderer):
iface_cfg['ETHERDEVICE'] = iface_name[:iface_name.rfind('.')]
else:
iface_cfg['VLAN'] = True
- iface_cfg['PHYSDEV'] = iface_name[:iface_name.rfind('.')]
+ iface_cfg.kind = 'vlan'
+
+ rdev = iface['vlan-raw-device']
+ supported = _supported_vlan_names(rdev, iface['vlan_id'])
+ if iface_name not in supported:
+ LOG.info(
+ "Name '%s' for vlan '%s' is not officially supported"
+ "by RHEL. Supported: %s",
+ iface_name, rdev, ' '.join(supported))
+ iface_cfg['PHYSDEV'] = rdev
+ rdev = iface['vlan-raw-device']
+ supported = _supported_vlan_names(rdev, iface['vlan_id'])
+ if iface_name not in supported:
+ LOG.info(
+ "Name '%s' for vlan '%s' is not officially supported"
+ "by RHEL. Supported: %s",
+ iface_name, rdev, ' '.join(supported))
+ iface_cfg['PHYSDEV'] = rdev
iface_subnets = iface.get("subnets", [])
route_cfg = iface_cfg.routes
@@ -771,6 +792,15 @@ class Renderer(renderer.Renderer):
@@ -909,6 +930,15 @@ class Renderer(renderer.Renderer):
"\n".join(netcfg) + "\n", file_mode)
@ -122,10 +115,10 @@ index 810b283..4b4ed09 100644
sysconfig = available_sysconfig(target=target)
nm = available_nm(target=target)
diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py
index 6720995..4ea4203 100644
index f9fc3a1..a1df066 100644
--- a/tests/unittests/test_distros/test_netconfig.py
+++ b/tests/unittests/test_distros/test_netconfig.py
@@ -526,6 +526,87 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase):
@@ -541,6 +541,87 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase):
V1_NET_CFG_IPV6,
expected_cfgs=expected_cfgs.copy())
@ -214,37 +207,37 @@ index 6720995..4ea4203 100644
class TestNetCfgDistroOpensuse(TestNetCfgDistroBase):
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index a931a3e..2eedb12 100644
index d7a7a65..c033745 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -1496,7 +1496,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
@@ -1656,7 +1656,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
DHCLIENT_SET_DEFAULT_ROUTE=no
ONBOOT=yes
PHYSDEV=bond0
STARTMODE=auto
- TYPE=Ethernet
USERCTL=no
VLAN=yes"""),
'ifcfg-br0': textwrap.dedent("""\
@@ -1541,7 +1540,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
@@ -1699,7 +1698,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
NETMASK1=255.255.255.0
ONBOOT=yes
PHYSDEV=eth0
STARTMODE=auto
- TYPE=Ethernet
USERCTL=no
VLAN=yes"""),
'ifcfg-eth1': textwrap.dedent("""\
@@ -2163,7 +2161,6 @@ iface bond0 inet6 static
@@ -2302,7 +2300,6 @@ iface bond0 inet6 static
NETMASK1=255.255.255.0
ONBOOT=yes
PHYSDEV=en0
STARTMODE=auto
- TYPE=Ethernet
USERCTL=no
VLAN=yes"""),
},
@@ -3180,7 +3177,6 @@ USERCTL=no
@@ -3409,7 +3406,6 @@ USERCTL=no
NM_CONTROLLED=no
ONBOOT=yes
PHYSDEV=eno1
STARTMODE=auto
- TYPE=Ethernet
USERCTL=no
VLAN=yes

74
SOURCES/ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch
View File

@ -1,74 +0,0 @@
From 44b6004ee17cd2ae5930c7d8fd3ecafd7485a4d6 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 17 Aug 2020 11:14:47 +0200
Subject: [PATCH 2/2] ssh exit with non-zero status on disabled user (#472)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200729074459.16096-1-otubo@redhat.com>
Patchwork-id: 98071
O-Subject: [RHEL-8.3.0 cloud-init PATCH] ssh exit with non-zero status on disabled user (#472)
Bugzilla: 1833874
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
commit e161059a18173e2b61c54dba9eab774401fb5f1f
Author: Eduardo Otubo <otubo@redhat.com>
Date: Wed Jul 15 20:21:02 2020 +0200
ssh exit with non-zero status on disabled user (#472)
It is confusing for scripts, where a disabled user has been specified,
that ssh exits with a zero status by default without indication anything
failed.
I think exitting with a non-zero status would make more clear in scripts
and automated setups where things failed, thus making noticing the issue
and debugging easier.
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Aleksandar Kostadinov <akostadi@redhat.com>
LP: #1170059
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/ssh_util.py | 4 +++-
doc/examples/cloud-config.txt | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index bcb23a5..8ff61a2 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -40,11 +40,13 @@ VALID_KEY_TYPES = (
"ssh-rsa-cert-v01@openssh.com",
)
+_DISABLE_USER_SSH_EXIT = 142
DISABLE_USER_OPTS = (
"no-port-forwarding,no-agent-forwarding,"
"no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\""
- " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10\"")
+ " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;"
+ "exit " + str(_DISABLE_USER_SSH_EXIT) + "\"")
class AuthKeyLine(object):
diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index 0e82b83..f00db68 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -235,7 +235,7 @@ disable_root: false
# The string '$USER' will be replaced with the username of the default user.
# The string '$DISABLE_USER' will be replaced with the username to disable.
#
-# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10"
+# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit 142"
# disable ssh access for non-root-users
# To disable ssh access for non-root users, ssh_redirect_user: true can be
--
1.8.3.1

98
SOURCES/ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch Normal file
View File

@ -0,0 +1,98 @@
From b84a1e6d246bbb758f0530038612bd18eff71767 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 8 Dec 2020 13:27:22 +0100
Subject: [PATCH 4/4] ssh_util: handle non-default AuthorizedKeysFile config
(#586)
RH-Author: Eduardo Terrell Ferrari Otubo (eterrell)
RH-MergeRequest: 28: ssh_util: handle non-default AuthorizedKeysFile config (#586)
RH-Commit: [1/1] f7ce396e3002c53a3504e653b58810efb956aa26 (eterrell/cloud-init)
RH-Bugzilla: 1862967
commit b0e73814db4027dba0b7dc0282e295b7f653325c
Author: Eduardo Otubo <otubo@redhat.com>
Date: Tue Oct 20 18:04:59 2020 +0200
ssh_util: handle non-default AuthorizedKeysFile config (#586)
The following commit merged all ssh keys into a default user file
`~/.ssh/authorized_keys` in sshd_config had multiple files configured for
AuthorizedKeysFile:
commit f1094b1a539044c0193165a41501480de0f8df14
Author: Eduardo Otubo <otubo@redhat.com>
Date: Thu Dec 5 17:37:35 2019 +0100
Multiple file fix for AuthorizedKeysFile config (#60)
This commit ignored the case when sshd_config would have a single file for
AuthorizedKeysFile, but a non default configuration, for example
`~/.ssh/authorized_keys_foobar`. In this case cloud-init would grab all keys
from this file and write a new one, the default `~/.ssh/authorized_keys`
causing the bug.
rhbz: #1862967
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
cloudinit/ssh_util.py | 6 +++---
tests/unittests/test_sshutil.py | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index c08042d6..d5113996 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -262,13 +262,13 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG):
except (IOError, OSError):
# Give up and use a default key filename
- auth_key_fns[0] = default_authorizedkeys_file
+ auth_key_fns.append(default_authorizedkeys_file)
util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in SSH "
"config from %r, using 'AuthorizedKeysFile' file "
"%r instead", DEF_SSHD_CFG, auth_key_fns[0])
- # always store all the keys in the user's private file
- return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns))
+ # always store all the keys in the first file configured on sshd_config
+ return (auth_key_fns[0], parse_authorized_keys(auth_key_fns))
def setup_user_keys(keys, username, options=None):
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
index fd1d1bac..88a111e3 100644
--- a/tests/unittests/test_sshutil.py
+++ b/tests/unittests/test_sshutil.py
@@ -593,7 +593,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
fpw.pw_name, sshd_config)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
+ self.assertEqual(authorized_keys, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
@@ -610,7 +610,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
sshd_config = self.tmp_path('sshd_config')
util.write_file(
sshd_config,
- "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys)
+ "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys)
)
(auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
@@ -618,7 +618,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
)
content = ssh_util.update_authorized_keys(auth_key_entries, [])
- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
+ self.assertEqual(user_keys, auth_key_fn)
self.assertTrue(VALID_CONTENT['rsa'] in content)
self.assertTrue(VALID_CONTENT['dsa'] in content)
--
2.18.4

55
SOURCES/ci-swap-file-size-being-used-before-checked-if-str-315.patch
View File

@ -1,55 +0,0 @@
From 4f177d3363a0efb2ee67b8a46efaca7707c2437f Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Mon, 24 Aug 2020 15:25:36 +0200
Subject: [PATCH 2/3] swap file "size" being used before checked if str (#315)
RH-Author: Eduardo Otubo <otubo@redhat.com>
Message-id: <20200820092042.5418-3-otubo@redhat.com>
Patchwork-id: 98192
O-Subject: [RHEL-8.3.0 cloud-init PATCH 2/3] swap file "size" being used before checked if str (#315)
Bugzilla: 1794664
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
commit 46cf23c28812d3e3ba0c570defd9a05628af5556
Author: Eduardo Otubo <otubo@redhat.com>
Date: Tue Apr 14 17:45:14 2020 +0200
swap file "size" being used before checked if str
Swap file size variable was being used before checked if it's set to str
"auto". If set to "auto", it will break with:
failed to setup swap: unsupported operand type(s) for /: 'str' and 'int'
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/config/cc_mounts.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py
index 4293844..0573026 100644
--- a/cloudinit/config/cc_mounts.py
+++ b/cloudinit/config/cc_mounts.py
@@ -274,7 +274,6 @@ def setup_swapfile(fname, size=None, maxsize=None):
maxsize: the maximum size
"""
swap_dir = os.path.dirname(fname)
- mibsize = str(int(size / (2 ** 20)))
if str(size).lower() == "auto":
try:
memsize = util.read_meminfo()['total']
@@ -286,6 +285,7 @@ def setup_swapfile(fname, size=None, maxsize=None):
size = suggested_swapsize(fsys=swap_dir, maxsize=maxsize,
memsize=memsize)
+ mibsize = str(int(size / (2 ** 20)))
if not size:
LOG.debug("Not creating swap: suggested size was 0")
return
--
1.8.3.1

1900
SOURCES/ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch
View File

File diff suppressed because it is too large Load Diff

46
SOURCES/ci-utils-use-SystemRandom-when-generating-random-passwo.patch
View File

@ -1,46 +0,0 @@
From ebbc83c1ca52620179d94dc1d92c44883273e4ef Mon Sep 17 00:00:00 2001
From: jmaloy <jmaloy@redhat.com>
Date: Thu, 28 May 2020 08:44:02 +0200
Subject: [PATCH 2/4] utils: use SystemRandom when generating random password.
(#204)
RH-Author: jmaloy <jmaloy@redhat.com>
Message-id: <20200313184329.16696-2-jmaloy@redhat.com>
Patchwork-id: 94294
O-Subject: [RHEL-8.2 cloud-init PATCH 1/1] utils: use SystemRandom when generating random password. (#204)
Bugzilla: 1812174
RH-Acked-by: Eduardo Otubo <eterrell@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
From: Dimitri John Ledkov <xnox@ubuntu.com>
As noticed by Seth Arnold, non-deterministic SystemRandom should be
used when creating security sensitive random strings.
(cherry picked from commit 3e2f7356effc9e9cccc5ae945846279804eedc46)
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
cloudinit/util.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 9d9d5c7..5d51ba8 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -401,9 +401,10 @@ def translate_bool(val, addons=None):
def rand_str(strlen=32, select_from=None):
+ r = random.SystemRandom()
if not select_from:
select_from = string.ascii_letters + string.digits
- return "".join([random.choice(select_from) for _x in range(0, strlen)])
+ return "".join([r.choice(select_from) for _x in range(0, strlen)])
def rand_dict_key(dictionary, postfix=None):
--
1.8.3.1

173
SPECS/cloud-init.spec
View File

@ -5,8 +5,8 @@
%global debug_package %{nil}
Name: cloud-init
Version: 19.4
Release: 11%{?dist}.3
Version: 20.3
Release: 10%{?dist}
Summary: Cloud instance init scripts
Group: System Environment/Base
@ -22,52 +22,24 @@ Patch0004: 0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch
Patch0005: 0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch
Patch0006: 0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
Patch0007: 0007-Remove-race-condition-between-cloud-init-and-Network.patch
# For bz#1812171 - CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-8]
Patch8: ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch
# For bz#1812174 - CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-8]
Patch9: ci-utils-use-SystemRandom-when-generating-random-passwo.patch
# For bz#1814152 - CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-8]
Patch10: ci-Enable-ssh_deletekeys-by-default.patch
# For bz#1840648 - [cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok)
Patch11: ci-Remove-race-condition-between-cloud-init-and-Network.patch
# For bz#1803928 - [RHEL8.3] Race condition of starting cloud-init and NetworkManager
Patch12: ci-Make-cloud-init.service-execute-after-network-is-up.patch
# For bz#1822343 - [RHEL8.3] Do not log IMDSv2 token values into cloud-init.log
Patch13: ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch
# For bz#1834173 - [rhel-8.3]Incorrect ds-identify check in cloud-init-generator
Patch14: ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch
# For bz#1834173 - [rhel-8.3]Incorrect ds-identify check in cloud-init-generator
Patch15: ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch
# For bz#1822343 - [RHEL8.3] Do not log IMDSv2 token values into cloud-init.log
Patch16: ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch
# For bz#1839662 - [ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform
Patch17: ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch
# For bz#1833874 - [rhel-8.3]using root user error should cause a non-zero exit code
Patch18: ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch
# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init
Patch19: ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch
# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init
Patch20: ci-swap-file-size-being-used-before-checked-if-str-315.patch
# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init
Patch21: ci-Detect-kernel-version-before-swap-file-creation-428.patch
# For bz#1839662 - [ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform
Patch22: ci-Changing-notation-of-subp-call.patch
# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init
Patch23: ci-cc_mounts-fix-incorrect-format-specifiers-316.patch
# For bz#1879989 - [Azure][RHEL 8] cloud-init Permission denied with the use of mount option noexec [rhel-8.3.0.z]
Patch24: ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch
# For bz#1890551 - [rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection [rhel-8.3.0.z]
Patch25: ci-network-Fix-type-and-respect-name-when-rendering-vla.patch
# For bz#1894014 - Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init [rhel-8.3.0.z]
Patch26: ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch
# For bz#1894015 - Add support for ipv6_autoconf[rhel-8.3.0.z]
Patch27: ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch
# For bz#1894015 - Add support for ipv6_autoconf[rhel-8.3.0.z]
Patch28: ci-net-fix-rendering-of-static6-in-network-config-77.patch
# For bz#1916839 - [Azure] Update existing user password RHEL8x [rhel-8.3.0.z]
Patch29: ci-DataSourceAzure-update-password-for-defuser-if-exist.patch
# For bz#1931835 - SUSE specific option, STARTMODE, should not exist in ifcfg-XXX file. [rhel-8.3.0.z]
Patch30: ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch
Patch8: ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch
Patch9: ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch
# For bz#1881462 - [rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection
Patch10: ci-network-Fix-type-and-respect-name-when-rendering-vla.patch
# For bz#1859695 - [Cloud-init] DHCPv6 assigned address is not added to VM's interface
Patch11: ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch
# For bz#1898943 - [rhel-8]cloud-final.service fails if NetworkManager not installed.
Patch12: ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch
# For bz#1862967 - [cloud-init]Customize ssh AuthorizedKeysFile causes login failure
Patch13: ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch
# For bz#1859695 - [Cloud-init] DHCPv6 assigned address is not added to VM's interface
Patch14: ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch
# For bz#1900892 - [Azure] Update existing user password RHEL8x
Patch15: ci-DataSourceAzure-update-password-for-defuser-if-exist.patch
# For bz#1919972 - [RHEL-8.4] ssh keys can be shared across users giving potential root access
Patch16: ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch
# For bz#1913127 - A typo in cloud-init man page
Patch17: ci-fix-a-typo-in-man-page-cloud-init.1-752.patch
BuildArch: noarch
@ -100,7 +72,6 @@ BuildRequires: /usr/bin/dnf
Requires: e2fsprogs
Requires: iproute
Requires: libselinux-python3
Requires: net-tools
Requires: policycoreutils-python3
Requires: procps
Requires: python3-configobj
@ -141,6 +112,8 @@ sed -i -e 's|#!/usr/bin/env python|#!/usr/bin/env python3|' \
python3 tools/render-cloudcfg --variant fedora > $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg
sed -i "s,@@PACKAGED_VERSION@@,%{version}-%{release}," $RPM_BUILD_ROOT/%{python3_sitelib}/cloudinit/version.py
mkdir -p $RPM_BUILD_ROOT/var/lib/cloud
# /run/cloud-init needs a tmpfiles.d entry
@ -169,6 +142,12 @@ chmod 755 $RPM_BUILD_ROOT/usr/lib/systemd/system-generators/cloud-init-generator
[ ! -d $RPM_BUILD_ROOT/usr/lib/%{name} ] && mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name}
cp -p tools/ds-identify $RPM_BUILD_ROOT%{_libexecdir}/%{name}/ds-identify
# installing man pages
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1/
for man in cloud-id.1 cloud-init.1 cloud-init-per.1; do
install -c -m 0644 doc/man/${man} ${RPM_BUILD_ROOT}%{_mandir}/man1/${man}
chmod -x ${RPM_BUILD_ROOT}%{_mandir}/man1/*
done
%clean
rm -rf $RPM_BUILD_ROOT
@ -237,6 +216,7 @@ fi
%{_libexecdir}/%{name}
%{_bindir}/cloud-init*
%doc %{_datadir}/doc/%{name}
%{_mandir}/man1/*
%dir %verify(not mode) /run/cloud-init
%dir /var/lib/cloud
/etc/NetworkManager/dispatcher.d/cloud-init-azure-hook
@ -251,30 +231,73 @@ fi
%config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
%changelog
* Wed Mar 10 2021 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-11.el8_3.3
- ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch [bz#1931835]
- Resolves: bz#1931835
(SUSE specific option, STARTMODE, should not exist in ifcfg-XXX file. [rhel-8.3.0.z])
* Tue Feb 02 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-10.el8
- ci-fix-a-typo-in-man-page-cloud-init.1-752.patch [bz#1913127]
- Resolves: bz#1913127
(A typo in cloud-init man page)
* Tue Jan 26 2021 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-11.el8_3.2
- ci-DataSourceAzure-update-password-for-defuser-if-exist.patch [bz#1916839]
- Resolves: bz#1916839
([Azure] Update existing user password RHEL8x [rhel-8.3.0.z])
* Tue Jan 26 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-9.el8
- ci-DataSourceAzure-update-password-for-defuser-if-exist.patch [bz#1900892]
- ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch [bz#1919972]
- Resolves: bz#1900892
([Azure] Update existing user password RHEL8x)
- Resolves: bz#1919972
([RHEL-8.4] ssh keys can be shared across users giving potential root access)
* Mon Nov 09 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-11.el8_3.1
- ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch [bz#1879989]
- ci-network-Fix-type-and-respect-name-when-rendering-vla.patch [bz#1890551]
- ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch [bz#1894014]
- ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch [bz#1894015]
- ci-net-fix-rendering-of-static6-in-network-config-77.patch [bz#1894015]
- Resolves: bz#1879989
([Azure][RHEL 8] cloud-init Permission denied with the use of mount option noexec [rhel-8.3.0.z])
- Resolves: bz#1890551
([rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection [rhel-8.3.0.z])
- Resolves: bz#1894014
(Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init [rhel-8.3.0.z])
- Resolves: bz#1894015
(Add support for ipv6_autoconf[rhel-8.3.0.z])
* Thu Jan 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-8.el8
- ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch [bz#1859695]
- Resolves: bz#1859695
([Cloud-init] DHCPv6 assigned address is not added to VM's interface)
* Tue Jan 05 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-7.el8
- ci-Report-full-specific-version-with-cloud-init-version.patch [bz#1898949]
- Resolves: bz#1898949
(cloud-init should report full specific full version with "cloud-init --version")
* Mon Dec 14 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-6.el8
- ci-Installing-man-pages-in-the-correct-place-with-corre.patch [bz#1612573]
- ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch [bz#1859695]
- ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch [bz#1898943]
- ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch [bz#1862967]
- Resolves: bz#1612573
(Man page scan results for cloud-init)
- Resolves: bz#1859695
([Cloud-init] DHCPv6 assigned address is not added to VM's interface)
- Resolves: bz#1898943
([rhel-8]cloud-final.service fails if NetworkManager not installed.)
- Resolves: bz#1862967
([cloud-init]Customize ssh AuthorizedKeysFile causes login failure)
* Fri Nov 27 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-5.el8
- ci-network-Fix-type-and-respect-name-when-rendering-vla.patch [bz#1881462]
- Resolves: bz#1881462
([rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection)
* Tue Nov 24 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-4.el8
- ci-Changing-permission-of-cloud-init-generator-to-755.patch [bz#1897528]
- Resolves: bz#1897528
(Change permission on ./systemd/cloud-init-generator.tmpl to 755 instead of 771)
* Fri Nov 13 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-3.el8
- ci--Removing-net-tools-dependency.patch [bz#1881871]
- ci--Adding-man-pages-to-Red-Hat-spec-file.patch [bz#1612573]
- Resolves: bz#1881871
(Remove net-tools legacy dependency from spec file)
- Resolves: bz#1612573
(Man page scan results for cloud-init)
* Tue Nov 03 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-2.el8
- ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch [bz#1889635]
- ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch [bz#1886430]
- Resolves: bz#1886430
(Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init)
- Resolves: bz#1889635
(Add support for ipv6_autoconf on cloud-init-20.3)
* Fri Oct 23 2020 Eduardo Otubo <otubo@redhat.com> - 20.3-1.el8
- Rebase to cloud-init 20.3 [bz#1885185]
- Resolves: bz#1885185
([RHEL-8.4.0] cloud-init rebase to 20.3)
* Wed Sep 02 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-11.el8
- ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1794664]
@ -345,10 +368,10 @@ fi
- Resolves: bz#1840648
([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok))
* Mon Apr 20 2020 Miroslav Rezanina <mrezanin@redhat.coM> - 19.4-1.el8
- Rebase to cloud-init 19.4 [bz#1803095]
- Resolves: bz#1803095
([RHEL-8.3.0] cloud-init rebase to 19.4)
* Mon Apr 20 2020 Miroslav Rezanina <mrezanin@redhat.coM> - 19.4-1.el8.1
- Rebase to cloud-init 19.4 [bz#1811912]
- Resolves: bz#1811912
([RHEL-8.2.1] cloud-init rebase to 19.4)
* Tue Mar 10 2020 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-12.el8
- ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1807797]