28 changed files with 6501 additions and 3846 deletions
--- a/.cloud-init.metadata
+++ b/.cloud-init.metadata
@ -1 +1 @@
-2ae378aa2ae23b34b0ff123623ba5e2fbdc4928d SOURCES/cloud-init-21.1.tar.gz
+830185bb5ce87ad86e4d1c0c62329bb255ec1648 SOURCES/cloud-init-22.1.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/cloud-init-21.1.tar.gz
+SOURCES/cloud-init-22.1.tar.gz
--- a/SOURCES/0001-Add-initial-redhat-setup.patch
+++ b/SOURCES/0001-Add-initial-redhat-setup.patch
@ -1,13 +1,33 @@
-From 4b84d29211b7b2121afe9045c71ded5381536d8b Mon Sep 17 00:00:00 2001
-From: Eduardo Otubo <otubo@redhat.com>
-Date: Fri, 7 May 2021 13:36:03 +0200
+From 5e1e568d7085fd4443b4e3ccc492f5e31747e270 Mon Sep 17 00:00:00 2001
+From: Amy Chen <xiachen@redhat.com>
+Date: Wed, 20 Apr 2022 10:59:48 +0800
 Subject: Add initial redhat setup

-Merged patches (RHEL-9/21.1):
- 5688a1d0 Removing python-nose and python-tox as dependency
- 237d57f9 Removing mock dependency
- d1c2f496 Removing python-jsonschema dependency
- 0d1cd14c Don't override default network configuration
+Merged patches (22.1)
+- d18029bf Add netifaces package as a Requires in cloud-init.spec.template
+- 31adf961 Add gdisk and openssl as deps to fix UEFI / Azure initialization
+- f4a2905d Add dhcp-client as a dependency
+- 290e14cc cloud-init.spec.template: update %systemd_postun parameter
+- 9be4ae9b (tag: cloud-init-21.1-1.el8) Update to cloud-init-21.1-1.el8
+
+Conflicts:
+cloudinit/config/cc_chef.py  Using double quotes instead of single quotes
+
+cloudinit/settings.py
+- Using rhel settings
+- Using double quotes instead of single quotes
+
+setup.py
+- Following the changes of 21.1 rebase
+- Using double quotes instead of single quotes
+
+redhat/cloud-init.spec.template
+- Add the drop-in to the right cloud-init.spec used by our package builder, which is downstream-only part of the bz 2002492 fix.
+
+redhat/Makefile.common
+- Backport the build handling fixes from patch "Update to cloud-init-21.1-1.el8"
+
+Signed-off-by: Amy Chen <xiachen@redhat.com>

 Merged patches (21.1):
 - 915d30ad Change gating file to correct rhel version
@ -47,66 +67,54 @@ setup.py:
 - Adding missing cmdclass info

 Signed-off-by: Eduardo Otubo <otubo@redhat.com>
-
-Changes:
- move redhat to .distro to use new build script structure
- Fixing changelog for RHEL 9
-
-Merged patches (21.1):
- 69bd7f71 DataSourceAzure.py: use hostnamectl to set hostname
- 0407867e Remove race condition between cloud-init and NetworkManager
-
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
 ---
- .distro/.gitignore                    |   1 +
- .distro/Makefile                      |  74 +++++
- .distro/Makefile.common               |  30 ++
- .distro/cloud-init-tmpfiles.conf      |   1 +
- .distro/cloud-init.spec.template      | 383 ++++++++++++++++++++++++++
- .distro/gating.yaml                   |   8 +
- .distro/rpmbuild/BUILD/.gitignore     |   3 +
- .distro/rpmbuild/RPMS/.gitignore      |   3 +
- .distro/rpmbuild/SOURCES/.gitignore   |   3 +
- .distro/rpmbuild/SPECS/.gitignore     |   3 +
- .distro/rpmbuild/SRPMS/.gitignore     |   3 +
- .distro/scripts/frh.py                |  27 ++
- .distro/scripts/git-backport-diff     | 327 ++++++++++++++++++++++
- .distro/scripts/git-compile-check     | 215 +++++++++++++++
- .distro/scripts/process-patches.sh    |  88 ++++++
- .distro/scripts/tarball_checksum.sh   |   3 +
 .gitignore                            |   1 +
- cloudinit/config/cc_chef.py           |  67 ++++-
+ cloudinit/config/cc_chef.py           |  65 ++-
 cloudinit/settings.py                 |   7 +-
- cloudinit/sources/DataSourceAzure.py  |   2 +-
- requirements.txt                      |   3 -
+ redhat/.gitignore                     |   1 +
+ redhat/Makefile                       |  71 +++
+ redhat/Makefile.common                |  37 ++
+ redhat/cloud-init-tmpfiles.conf       |   1 +
+ redhat/cloud-init.spec.template       | 696 ++++++++++++++++++++++++++
+ redhat/gating.yaml                    |   8 +
+ redhat/rpmbuild/BUILD/.gitignore      |   3 +
+ redhat/rpmbuild/RPMS/.gitignore       |   3 +
+ redhat/rpmbuild/SOURCES/.gitignore    |   3 +
+ redhat/rpmbuild/SPECS/.gitignore      |   3 +
+ redhat/rpmbuild/SRPMS/.gitignore      |   3 +
+ redhat/scripts/frh.py                 |  25 +
+ redhat/scripts/git-backport-diff      | 327 ++++++++++++
+ redhat/scripts/git-compile-check      | 215 ++++++++
+ redhat/scripts/process-patches.sh     |  92 ++++
+ redhat/scripts/tarball_checksum.sh    |   3 +
 rhel/README.rhel                      |   5 +
 rhel/cloud-init-tmpfiles.conf         |   1 +
- rhel/cloud.cfg                        |  69 +++++
- rhel/systemd/cloud-config.service     |  18 ++
+ rhel/cloud.cfg                        |  69 +++
+ rhel/systemd/cloud-config.service     |  18 +
 rhel/systemd/cloud-config.target      |  11 +
- rhel/systemd/cloud-final.service      |  24 ++
- rhel/systemd/cloud-init-local.service |  31 +++
- rhel/systemd/cloud-init.service       |  26 ++
+ rhel/systemd/cloud-final.service      |  24 +
+ rhel/systemd/cloud-init-local.service |  31 ++
+ rhel/systemd/cloud-init.service       |  25 +
 rhel/systemd/cloud-init.target        |   7 +
- setup.py                              |  23 +-
+ setup.py                              |  28 +-
 tools/read-version                    |  28 +-
- 32 files changed, 1441 insertions(+), 54 deletions(-)
- create mode 100644 .distro/.gitignore
- create mode 100644 .distro/Makefile
- create mode 100644 .distro/Makefile.common
- create mode 100644 .distro/cloud-init-tmpfiles.conf
- create mode 100644 .distro/cloud-init.spec.template
- create mode 100644 .distro/gating.yaml
- create mode 100644 .distro/rpmbuild/BUILD/.gitignore
- create mode 100644 .distro/rpmbuild/RPMS/.gitignore
- create mode 100644 .distro/rpmbuild/SOURCES/.gitignore
- create mode 100644 .distro/rpmbuild/SPECS/.gitignore
- create mode 100644 .distro/rpmbuild/SRPMS/.gitignore
- create mode 100755 .distro/scripts/frh.py
- create mode 100755 .distro/scripts/git-backport-diff
- create mode 100755 .distro/scripts/git-compile-check
- create mode 100755 .distro/scripts/process-patches.sh
- create mode 100755 .distro/scripts/tarball_checksum.sh
+ 30 files changed, 1756 insertions(+), 55 deletions(-)
+ create mode 100644 redhat/.gitignore
+ create mode 100644 redhat/Makefile
+ create mode 100644 redhat/Makefile.common
+ create mode 100644 redhat/cloud-init-tmpfiles.conf
+ create mode 100644 redhat/cloud-init.spec.template
+ create mode 100644 redhat/gating.yaml
+ create mode 100644 redhat/rpmbuild/BUILD/.gitignore
+ create mode 100644 redhat/rpmbuild/RPMS/.gitignore
+ create mode 100644 redhat/rpmbuild/SOURCES/.gitignore
+ create mode 100644 redhat/rpmbuild/SPECS/.gitignore
+ create mode 100644 redhat/rpmbuild/SRPMS/.gitignore
+ create mode 100755 redhat/scripts/frh.py
+ create mode 100755 redhat/scripts/git-backport-diff
+ create mode 100755 redhat/scripts/git-compile-check
+ create mode 100755 redhat/scripts/process-patches.sh
+ create mode 100755 redhat/scripts/tarball_checksum.sh
 create mode 100644 rhel/README.rhel
 create mode 100644 rhel/cloud-init-tmpfiles.conf
 create mode 100644 rhel/cloud.cfg
@ -118,7 +126,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
 create mode 100644 rhel/systemd/cloud-init.target

 diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py
-index aaf71366..97ef649a 100644
+index fdb3a6e3..d028c548 100644
 --- a/cloudinit/config/cc_chef.py
 +++ b/cloudinit/config/cc_chef.py
@@ -6,7 +6,70 @@
@ -193,62 +201,29 @@ index aaf71366..97ef649a 100644
 
 import itertools
 import json
-@@ -31,7 +94,7 @@ CHEF_DIRS = tuple([
-     '/var/lib/chef',
-     '/var/cache/chef',
-     '/var/backups/chef',
-    '/var/run/chef',
-+    '/run/chef',
- ])
- REQUIRED_CHEF_DIRS = tuple([
-     '/etc/chef',
 diff --git a/cloudinit/settings.py b/cloudinit/settings.py
-index 91e1bfe7..e690c0fd 100644
+index ecc1403b..39650a5b 100644
 --- a/cloudinit/settings.py
 +++ b/cloudinit/settings.py
-@@ -47,13 +47,16 @@ CFG_BUILTIN = {
+@@ -50,13 +50,16 @@ CFG_BUILTIN = {
     ],
-     'def_log_file': '/var/log/cloud-init.log',
-     'log_cfgs': [],
-    'syslog_fix_perms': ['syslog:adm', 'root:adm', 'root:wheel', 'root:root'],
-+    'mount_default_fields': [None, None, 'auto', 'defaults,nofail', '0', '2'],
-+    'ssh_deletekeys': False,
-+    'ssh_genkeytypes': [],
-+    'syslog_fix_perms': [],
-     'system_info': {
-         'paths': {
-             'cloud_dir': '/var/lib/cloud',
-             'templates_dir': '/etc/cloud/templates/',
+     "def_log_file": "/var/log/cloud-init.log",
+     "log_cfgs": [],
+-    "syslog_fix_perms": ["syslog:adm", "root:adm", "root:wheel", "root:root"],
+    "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"],
+    "ssh_deletekeys": False,
+    "ssh_genkeytypes": [],
+    "syslog_fix_perms": [],
+     "system_info": {
+         "paths": {
+             "cloud_dir": "/var/lib/cloud",
+             "templates_dir": "/etc/cloud/templates/",
         },
-        'distro': 'ubuntu',
-+        'distro': 'rhel',
-         'network': {'renderers': None},
+-        "distro": "ubuntu",
+        "distro": "rhel",
+         "network": {"renderers": None},
     },
-     'vendor_data': {'enabled': True, 'prefix': []},
-diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
-index cee630f7..553b5a7e 100755
--- a/cloudinit/sources/DataSourceAzure.py
-+++ b/cloudinit/sources/DataSourceAzure.py
-@@ -296,7 +296,7 @@ def get_hostname(hostname_command='hostname'):
- 
- 
- def set_hostname(hostname, hostname_command='hostname'):
-    subp.subp([hostname_command, hostname])
-+    util.subp(['hostnamectl', 'set-hostname', str(hostname)])
- 
- 
- @azure_ds_telemetry_reporter
-diff --git a/requirements.txt b/requirements.txt
-index 5817da3b..5b8becd7 100644
--- a/requirements.txt
-+++ b/requirements.txt
-@@ -29,6 +29,3 @@ requests
- 
- # For patching pieces of cloud-config together
- jsonpatch
-
-# For validating cloud-config sections per schema definitions
-jsonschema
+     "vendor_data": {"enabled": True, "prefix": []},
 diff --git a/rhel/README.rhel b/rhel/README.rhel
 new file mode 100644
 index 00000000..aa29630d
@ -269,7 +244,7 @@ index 00000000..0c6d2a3b
 +d /run/cloud-init 0700 root root - -
 diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
 new file mode 100644
-index 00000000..9ecba215
+index 00000000..82e8bf62
 --- /dev/null
 +++ b/rhel/cloud.cfg
@@ -0,0 +1,69 @@
@ -281,7 +256,7 @@ index 00000000..9ecba215
 +
 +mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
 +resize_rootfs_tmp: /dev
-+ssh_deletekeys:   1
+ssh_deletekeys:   0
 +ssh_genkeytypes:  ~
 +syslog_fix_perms: ~
 +disable_vmware_customization: false
@ -452,10 +427,10 @@ index 00000000..8f9f6c9f
 +WantedBy=cloud-init.target
 diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service
 new file mode 100644
-index 00000000..0b3d796d
+index 00000000..d0023a05
 --- /dev/null
 +++ b/rhel/systemd/cloud-init.service
-@@ -0,0 +1,26 @@
+@@ -0,0 +1,25 @@
 +[Unit]
 +Description=Initial cloud-init job (metadata service crawler)
 +Wants=cloud-init-local.service
@ -463,7 +438,6 @@ index 00000000..0b3d796d
 +Wants=sshd.service
 +After=cloud-init-local.service
 +After=NetworkManager.service network.service
-+After=NetworkManager-wait-online.service
 +Before=network-online.target
 +Before=sshd-keygen.service
 +Before=sshd.service
@ -496,70 +470,78 @@ index 00000000..083c3b6f
 +Description=Cloud-init target
 +After=multi-user.target
 diff --git a/setup.py b/setup.py
-index cbacf48e..d5cd01a4 100755
+index a9132d2c..3c377eaa 100755
 --- a/setup.py
 +++ b/setup.py
-@@ -125,14 +125,6 @@ INITSYS_FILES = {
-     'sysvinit_deb': [f for f in glob('sysvinit/debian/*') if is_f(f)],
-     'sysvinit_openrc': [f for f in glob('sysvinit/gentoo/*') if is_f(f)],
-     'sysvinit_suse': [f for f in glob('sysvinit/suse/*') if is_f(f)],
-    'systemd': [render_tmpl(f)
-                for f in (glob('systemd/*.tmpl') +
-                          glob('systemd/*.service') +
-                          glob('systemd/*.target'))
-                if (is_f(f) and not is_generator(f))],
-    'systemd.generators': [
+@@ -139,21 +139,6 @@ INITSYS_FILES = {
+     "sysvinit_deb": [f for f in glob("sysvinit/debian/*") if is_f(f)],
+     "sysvinit_openrc": [f for f in glob("sysvinit/gentoo/*") if is_f(f)],
+     "sysvinit_suse": [f for f in glob("sysvinit/suse/*") if is_f(f)],
+-    "systemd": [
+-        render_tmpl(f)
+-        for f in (
+-            glob("systemd/*.tmpl")
+-            + glob("systemd/*.service")
+-            + glob("systemd/*.socket")
+-            + glob("systemd/*.target")
+-        )
+-        if (is_f(f) and not is_generator(f))
+-    ],
+-    "systemd.generators": [
 -        render_tmpl(f, mode=0o755)
-        for f in glob('systemd/*') if is_f(f) and is_generator(f)],
-     'upstart': [f for f in glob('upstart/*') if is_f(f)],
+-        for f in glob("systemd/*")
+-        if is_f(f) and is_generator(f)
+-    ],
+     "upstart": [f for f in glob("upstart/*") if is_f(f)],
 }
 INITSYS_ROOTS = {
-@@ -142,9 +134,6 @@ INITSYS_ROOTS = {
-     'sysvinit_deb': 'etc/init.d',
-     'sysvinit_openrc': 'etc/init.d',
-     'sysvinit_suse': 'etc/init.d',
-    'systemd': pkg_config_read('systemd', 'systemdsystemunitdir'),
-    'systemd.generators': pkg_config_read('systemd',
-                                          'systemdsystemgeneratordir'),
-     'upstart': 'etc/init/',
+@@ -163,10 +148,6 @@ INITSYS_ROOTS = {
+     "sysvinit_deb": "etc/init.d",
+     "sysvinit_openrc": "etc/init.d",
+     "sysvinit_suse": "etc/init.d",
+-    "systemd": pkg_config_read("systemd", "systemdsystemunitdir"),
+-    "systemd.generators": pkg_config_read(
+-        "systemd", "systemdsystemgeneratordir"
+-    ),
+     "upstart": "etc/init/",
 }
 INITSYS_TYPES = sorted([f.partition(".")[0] for f in INITSYS_ROOTS.keys()])
-@@ -245,14 +234,11 @@ if not in_virtualenv():
-         INITSYS_ROOTS[k] = "/" + INITSYS_ROOTS[k]
- 
- data_files = [
-    (ETC + '/cloud', [render_tmpl("config/cloud.cfg.tmpl")]),
-+    (ETC + '/bash_completion.d', ['bash_completion/cloud-init']),
-     (ETC + '/cloud/cloud.cfg.d', glob('config/cloud.cfg.d/*')),
-     (ETC + '/cloud/templates', glob('templates/*')),
-    (USR_LIB_EXEC + '/cloud-init', ['tools/ds-identify',
-                                    'tools/uncloud-init',
-+    (USR_LIB_EXEC + '/cloud-init', ['tools/uncloud-init',
-                                     'tools/write-ssh-key-fingerprints']),
-    (USR + '/share/bash-completion/completions',
-     ['bash_completion/cloud-init']),
-     (USR + '/share/doc/cloud-init', [f for f in glob('doc/*') if is_f(f)]),
-     (USR + '/share/doc/cloud-init/examples',
-         [f for f in glob('doc/examples/*') if is_f(f)]),
-@@ -263,8 +249,7 @@ if not platform.system().endswith('BSD'):
-     data_files.extend([
-         (ETC + '/NetworkManager/dispatcher.d/',
-          ['tools/hook-network-manager']),
-        (ETC + '/dhcp/dhclient-exit-hooks.d/', ['tools/hook-dhclient']),
-        (LIB + '/udev/rules.d', [f for f in glob('udev/*.rules')])
-+        ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')])
-     ])
- # Use a subclass for install that handles
- # adding on the right init system configuration files
-@@ -286,8 +271,6 @@ setuptools.setup(
-     scripts=['tools/cloud-init-per'],
-     license='Dual-licensed under GPLv3 or Apache 2.0',
+@@ -281,15 +262,13 @@ data_files = [
+     (
+         USR_LIB_EXEC + "/cloud-init",
+         [
+-            "tools/ds-identify",
+             "tools/hook-hotplug",
+             "tools/uncloud-init",
+             "tools/write-ssh-key-fingerprints",
+         ],
+     ),
+     (
+-        USR + "/share/bash-completion/completions",
+-        ["bash_completion/cloud-init"],
+        ETC + "/bash_completion.d", ["bash_completion/cloud-init"],
+     ),
+     (USR + "/share/doc/cloud-init", [f for f in glob("doc/*") if is_f(f)]),
+     (
+@@ -308,8 +287,7 @@ if not platform.system().endswith("BSD"):
+                 ETC + "/NetworkManager/dispatcher.d/",
+                 ["tools/hook-network-manager"],
+             ),
+-            (ETC + "/dhcp/dhclient-exit-hooks.d/", ["tools/hook-dhclient"]),
+-            (LIB + "/udev/rules.d", [f for f in glob("udev/*.rules")]),
+            ("/usr/lib/udev/rules.d", [f for f in glob("udev/*.rules")]),
+             (
+                 ETC + "/systemd/system/sshd-keygen@.service.d/",
+                 ["systemd/disable-sshd-keygen-if-cloud-init-active.conf"],
+@@ -339,8 +317,6 @@ setuptools.setup(
+     scripts=["tools/cloud-init-per"],
+     license="Dual-licensed under GPLv3 or Apache 2.0",
     data_files=data_files,
 -    install_requires=requirements,
 -    cmdclass=cmdclass,
     entry_points={
-         'console_scripts': [
-             'cloud-init = cloudinit.cmd.main:main',
+         "console_scripts": [
+             "cloud-init = cloudinit.cmd.main:main",
 diff --git a/tools/read-version b/tools/read-version
 index 02c90643..79755f78 100755
 --- a/tools/read-version
@ -600,5 +582,5 @@ index 02c90643..79755f78 100755
 # version is X.Y.Z[+xxx.gHASH]
 # version_long is None or X.Y.Z-xxx-gHASH
 -- 
-2.27.0
+2.31.1

--- a/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch
+++ b/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch
@ -1,4 +1,4 @@
-From 3f895d7236fab4f12482435829b530022a2205ec Mon Sep 17 00:00:00 2001
+From e0dc628ac553072891fa6607dc91b652efd99be2 Mon Sep 17 00:00:00 2001
 From: Eduardo Otubo <otubo@redhat.com>
 Date: Fri, 7 May 2021 13:36:06 +0200
 Subject: Do not write NM_CONTROLLED=no in generated interface config  files
@ -8,53 +8,31 @@ Conflicts 20.3:
 mechanism to identify if cloud-init is running on RHEL, having the
 correct settings for NM_CONTROLLED.

-Merged patches (21.1):
- ecbace48 sysconfig: Don't write BOOTPROTO=dhcp for ipv6 dhcp
- a1a00383 include 'NOZEROCONF=yes' in /etc/sysconfig/network
 X-downstream-only: true
 Signed-off-by: Eduardo Otubo <otubo@redhat.com>
 Signed-off-by: Ryan McCabe <rmccabe@redhat.com>
 ---
- cloudinit/net/sysconfig.py  | 13 +++++++++++--
+ cloudinit/net/sysconfig.py  |  1 -
 tests/unittests/test_net.py | 28 ----------------------------
- 2 files changed, 11 insertions(+), 30 deletions(-)
+ 2 files changed, 29 deletions(-)

 diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
-index 99a4bae4..d5440998 100644
+index ba85c4f6..e06ddee7 100644
 --- a/cloudinit/net/sysconfig.py
 +++ b/cloudinit/net/sysconfig.py
-@@ -289,7 +289,7 @@ class Renderer(renderer.Renderer):
-     #                                         details about this)
- 
-     iface_defaults = {
-        'rhel': {'ONBOOT': True, 'USERCTL': False, 'NM_CONTROLLED': False,
-+        'rhel': {'ONBOOT': True, 'USERCTL': False,
-                  'BOOTPROTO': 'none'},
-         'suse': {'BOOTPROTO': 'static', 'STARTMODE': 'auto'},
-     }
-@@ -925,7 +925,16 @@ class Renderer(renderer.Renderer):
-         # Distros configuring /etc/sysconfig/network as a file e.g. Centos
-         if sysconfig_path.endswith('network'):
-             util.ensure_dir(os.path.dirname(sysconfig_path))
-            netcfg = [_make_header(), 'NETWORKING=yes']
-+            netcfg = []
-+            for line in util.load_file(sysconfig_path, quiet=True).split('\n'):
-+                if 'cloud-init' in line:
-+                    break
-+                if not line.startswith(('NETWORKING=',
-+                                        'IPV6_AUTOCONF=',
-+                                        'NETWORKING_IPV6=')):
-+                    netcfg.append(line)
-+            # Now generate the cloud-init portion of sysconfig/network
-+            netcfg.extend([_make_header(), 'NETWORKING=yes'])
-             if network_state.use_ipv6:
-                 netcfg.append('NETWORKING_IPV6=yes')
-                 netcfg.append('IPV6_AUTOCONF=no')
+@@ -336,7 +336,6 @@ class Renderer(renderer.Renderer):
+         "rhel": {
+             "ONBOOT": True,
+             "USERCTL": False,
+-            "NM_CONTROLLED": False,
+             "BOOTPROTO": "none",
+         },
+         "suse": {"BOOTPROTO": "static", "STARTMODE": "auto"},
 diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
-index 38d934d4..c67b5fcc 100644
+index 47e4ba00..591241b3 100644
 --- a/tests/unittests/test_net.py
 +++ b/tests/unittests/test_net.py
-@@ -535,7 +535,6 @@ GATEWAY=172.19.3.254
+@@ -579,7 +579,6 @@ GATEWAY=172.19.3.254
 HWADDR=fa:16:3e:ed:9a:59
 IPADDR=172.19.1.34
 NETMASK=255.255.252.0
@ -62,7 +40,7 @@ index 38d934d4..c67b5fcc 100644
 ONBOOT=yes
 TYPE=Ethernet
 USERCTL=no
-@@ -633,7 +632,6 @@ IPADDR=172.19.1.34
+@@ -712,7 +711,6 @@ IPADDR=172.19.1.34
 IPADDR1=10.0.0.10
 NETMASK=255.255.252.0
 NETMASK1=255.255.255.0
@ -70,7 +48,7 @@ index 38d934d4..c67b5fcc 100644
 ONBOOT=yes
 TYPE=Ethernet
 USERCTL=no
-@@ -756,7 +754,6 @@ IPV6_AUTOCONF=no
+@@ -874,7 +872,6 @@ IPV6_AUTOCONF=no
 IPV6_DEFAULTGW=2001:DB8::1
 IPV6_FORCE_ACCEPT_RA=no
 NETMASK=255.255.252.0
@ -78,23 +56,23 @@ index 38d934d4..c67b5fcc 100644
 ONBOOT=yes
 TYPE=Ethernet
 USERCTL=no
-@@ -884,7 +881,6 @@ NETWORK_CONFIGS = {
+@@ -1053,7 +1050,6 @@ NETWORK_CONFIGS = {
                 BOOTPROTO=none
                 DEVICE=eth1
                 HWADDR=cf:d6:af:48:e8:80
 -                NM_CONTROLLED=no
                 ONBOOT=yes
                 TYPE=Ethernet
-                 USERCTL=no"""),
-@@ -901,7 +897,6 @@ NETWORK_CONFIGS = {
+                 USERCTL=no"""
+@@ -1072,7 +1068,6 @@ NETWORK_CONFIGS = {
                 IPADDR=192.168.21.3
                 NETMASK=255.255.255.0
                 METRIC=10000
 -                NM_CONTROLLED=no
                 ONBOOT=yes
                 TYPE=Ethernet
-                 USERCTL=no"""),
-@@ -1032,7 +1027,6 @@ NETWORK_CONFIGS = {
+                 USERCTL=no"""
+@@ -1244,7 +1239,6 @@ NETWORK_CONFIGS = {
                 IPV6_AUTOCONF=no
                 IPV6_FORCE_ACCEPT_RA=no
                 NETMASK=255.255.255.0
@ -102,15 +80,15 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 TYPE=Ethernet
                 USERCTL=no
-@@ -1737,7 +1731,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+@@ -2093,7 +2087,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 DHCPV6C=yes
                 IPV6INIT=yes
                 MACADDR=aa:bb:cc:dd:ee:ff
 -                NM_CONTROLLED=no
                 ONBOOT=yes
                 TYPE=Bond
-                 USERCTL=no"""),
-@@ -1745,7 +1738,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+                 USERCTL=no"""
+@@ -2103,7 +2096,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 BOOTPROTO=dhcp
                 DEVICE=bond0.200
                 DHCLIENT_SET_DEFAULT_ROUTE=no
@ -118,7 +96,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 PHYSDEV=bond0
                 USERCTL=no
-@@ -1763,7 +1755,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+@@ -2123,7 +2115,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 IPV6_DEFAULTGW=2001:4800:78ff:1b::1
                 MACADDR=bb:bb:bb:bb:bb:aa
                 NETMASK=255.255.255.0
@ -126,15 +104,15 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 PRIO=22
                 STP=no
-@@ -1773,7 +1764,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+@@ -2135,7 +2126,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 BOOTPROTO=none
                 DEVICE=eth0
                 HWADDR=c0:d6:9f:2c:e8:80
 -                NM_CONTROLLED=no
                 ONBOOT=yes
                 TYPE=Ethernet
-                 USERCTL=no"""),
-@@ -1790,7 +1780,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+                 USERCTL=no"""
+@@ -2154,7 +2144,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 MTU=1500
                 NETMASK=255.255.255.0
                 NETMASK1=255.255.255.0
@ -142,7 +120,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 PHYSDEV=eth0
                 USERCTL=no
-@@ -1800,7 +1789,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+@@ -2166,7 +2155,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 DEVICE=eth1
                 HWADDR=aa:d6:9f:2c:e8:80
                 MASTER=bond0
@ -150,7 +128,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 SLAVE=yes
                 TYPE=Ethernet
-@@ -1810,7 +1798,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+@@ -2178,7 +2166,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 DEVICE=eth2
                 HWADDR=c0:bb:9f:2c:e8:80
                 MASTER=bond0
@ -158,31 +136,31 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 SLAVE=yes
                 TYPE=Ethernet
-@@ -1820,7 +1807,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+@@ -2190,7 +2177,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 BRIDGE=br0
                 DEVICE=eth3
                 HWADDR=66:bb:9f:2c:e8:80
 -                NM_CONTROLLED=no
                 ONBOOT=yes
                 TYPE=Ethernet
-                 USERCTL=no"""),
-@@ -1829,7 +1815,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+                 USERCTL=no"""
+@@ -2201,7 +2187,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 BRIDGE=br0
                 DEVICE=eth4
                 HWADDR=98:bb:9f:2c:e8:80
 -                NM_CONTROLLED=no
                 ONBOOT=yes
                 TYPE=Ethernet
-                 USERCTL=no"""),
-@@ -1838,7 +1823,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
+                 USERCTL=no"""
+@@ -2212,7 +2197,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
                 DEVICE=eth5
                 DHCLIENT_SET_DEFAULT_ROUTE=no
                 HWADDR=98:bb:9f:2c:e8:8a
 -                NM_CONTROLLED=no
                 ONBOOT=no
                 TYPE=Ethernet
-                 USERCTL=no"""),
-@@ -2294,7 +2278,6 @@ iface bond0 inet6 static
+                 USERCTL=no"""
+@@ -2689,7 +2673,6 @@ iface bond0 inet6 static
         MTU=9000
         NETMASK=255.255.255.0
         NETMASK1=255.255.255.0
@ -190,7 +168,7 @@ index 38d934d4..c67b5fcc 100644
         ONBOOT=yes
         TYPE=Bond
         USERCTL=no
-@@ -2304,7 +2287,6 @@ iface bond0 inet6 static
+@@ -2701,7 +2684,6 @@ iface bond0 inet6 static
         DEVICE=bond0s0
         HWADDR=aa:bb:cc:dd:e8:00
         MASTER=bond0
@ -198,7 +176,7 @@ index 38d934d4..c67b5fcc 100644
         ONBOOT=yes
         SLAVE=yes
         TYPE=Ethernet
-@@ -2326,7 +2308,6 @@ iface bond0 inet6 static
+@@ -2729,7 +2711,6 @@ iface bond0 inet6 static
         DEVICE=bond0s1
         HWADDR=aa:bb:cc:dd:e8:01
         MASTER=bond0
@ -206,15 +184,15 @@ index 38d934d4..c67b5fcc 100644
         ONBOOT=yes
         SLAVE=yes
         TYPE=Ethernet
-@@ -2383,7 +2364,6 @@ iface bond0 inet6 static
+@@ -2794,7 +2775,6 @@ iface bond0 inet6 static
                 BOOTPROTO=none
                 DEVICE=en0
                 HWADDR=aa:bb:cc:dd:e8:00
 -                NM_CONTROLLED=no
                 ONBOOT=yes
                 TYPE=Ethernet
-                 USERCTL=no"""),
-@@ -2402,7 +2382,6 @@ iface bond0 inet6 static
+                 USERCTL=no"""
+@@ -2815,7 +2795,6 @@ iface bond0 inet6 static
                 MTU=2222
                 NETMASK=255.255.255.0
                 NETMASK1=255.255.255.0
@ -222,7 +200,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 PHYSDEV=en0
                 USERCTL=no
-@@ -2467,7 +2446,6 @@ iface bond0 inet6 static
+@@ -2890,7 +2869,6 @@ iface bond0 inet6 static
                 DEVICE=br0
                 IPADDR=192.168.2.2
                 NETMASK=255.255.255.0
@ -230,7 +208,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 PRIO=22
                 STP=no
-@@ -2591,7 +2569,6 @@ iface bond0 inet6 static
+@@ -3032,7 +3010,6 @@ iface bond0 inet6 static
                 HWADDR=52:54:00:12:34:00
                 IPADDR=192.168.1.2
                 NETMASK=255.255.255.0
@ -238,7 +216,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=no
                 TYPE=Ethernet
                 USERCTL=no
-@@ -2601,7 +2578,6 @@ iface bond0 inet6 static
+@@ -3044,7 +3021,6 @@ iface bond0 inet6 static
                 DEVICE=eth1
                 HWADDR=52:54:00:12:34:aa
                 MTU=1480
@ -246,7 +224,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=yes
                 TYPE=Ethernet
                 USERCTL=no
-@@ -2610,7 +2586,6 @@ iface bond0 inet6 static
+@@ -3055,7 +3031,6 @@ iface bond0 inet6 static
                 BOOTPROTO=none
                 DEVICE=eth2
                 HWADDR=52:54:00:12:34:ff
@ -254,7 +232,7 @@ index 38d934d4..c67b5fcc 100644
                 ONBOOT=no
                 TYPE=Ethernet
                 USERCTL=no
-@@ -3027,7 +3002,6 @@ class TestRhelSysConfigRendering(CiTestCase):
+@@ -3628,7 +3603,6 @@ class TestRhelSysConfigRendering(CiTestCase):
 BOOTPROTO=dhcp
 DEVICE=eth1000
 HWADDR=07-1c-c6-75-a4-be
@ -262,7 +240,7 @@ index 38d934d4..c67b5fcc 100644
 ONBOOT=yes
 TYPE=Ethernet
 USERCTL=no
-@@ -3148,7 +3122,6 @@ GATEWAY=10.0.2.2
+@@ -3840,7 +3814,6 @@ GATEWAY=10.0.2.2
 HWADDR=52:54:00:12:34:00
 IPADDR=10.0.2.15
 NETMASK=255.255.255.0
@ -270,7 +248,7 @@ index 38d934d4..c67b5fcc 100644
 ONBOOT=yes
 TYPE=Ethernet
 USERCTL=no
-@@ -3218,7 +3191,6 @@ USERCTL=no
+@@ -3910,7 +3883,6 @@ USERCTL=no
 #
 BOOTPROTO=dhcp
 DEVICE=eth0
@ -279,5 +257,5 @@ index 38d934d4..c67b5fcc 100644
 TYPE=Ethernet
 USERCTL=no
 -- 
-2.27.0
+2.31.1

--- a/SOURCES/0003-limit-permissions-on-def_log_file.patch
+++ b/SOURCES/0003-limit-permissions-on-def_log_file.patch
@ -1,4 +1,4 @@
-From 680ebcb46d1db6f02f2b21c158b4a9af2d789ba3 Mon Sep 17 00:00:00 2001
+From cb7b35ca10c82c9725c3527e3ec5fb8cb7c61bc0 Mon Sep 17 00:00:00 2001
 From: Eduardo Otubo <otubo@redhat.com>
 Date: Fri, 7 May 2021 13:36:08 +0200
 Subject: limit permissions on def_log_file
@ -22,31 +22,31 @@ Signed-off-by: Eduardo Otubo <otubo@redhat.com>
 3 files changed, 6 insertions(+)

 diff --git a/cloudinit/settings.py b/cloudinit/settings.py
-index e690c0fd..43a1490c 100644
+index 39650a5b..3c2145e9 100644
 --- a/cloudinit/settings.py
 +++ b/cloudinit/settings.py
-@@ -46,6 +46,7 @@ CFG_BUILTIN = {
-         'None',
+@@ -49,6 +49,7 @@ CFG_BUILTIN = {
+         "None",
     ],
-     'def_log_file': '/var/log/cloud-init.log',
-+    'def_log_file_mode': 0o600,
-     'log_cfgs': [],
-     'mount_default_fields': [None, None, 'auto', 'defaults,nofail', '0', '2'],
-     'ssh_deletekeys': False,
+     "def_log_file": "/var/log/cloud-init.log",
+    "def_log_file_mode": 0o600,
+     "log_cfgs": [],
+     "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"],
+     "ssh_deletekeys": False,
 diff --git a/cloudinit/stages.py b/cloudinit/stages.py
-index 3ef4491c..83e25dd1 100644
+index 3f17294b..61db1dbd 100644
 --- a/cloudinit/stages.py
 +++ b/cloudinit/stages.py
-@@ -147,6 +147,7 @@ class Init(object):
+@@ -205,6 +205,7 @@ class Init(object):
     def _initialize_filesystem(self):
         util.ensure_dirs(self._initial_subdirs())
-         log_file = util.get_cfg_option_str(self.cfg, 'def_log_file')
-+        log_file_mode = util.get_cfg_option_int(self.cfg, 'def_log_file_mode')
+         log_file = util.get_cfg_option_str(self.cfg, "def_log_file")
+        log_file_mode = util.get_cfg_option_int(self.cfg, "def_log_file_mode")
         if log_file:
-             util.ensure_file(log_file, preserve_mode=True)
-             perms = self.cfg.get('syslog_fix_perms')
+             util.ensure_file(log_file, mode=0o640, preserve_mode=True)
+             perms = self.cfg.get("syslog_fix_perms")
 diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
-index de9a0f87..bb33ad45 100644
+index a2b4a3fa..0ccf3147 100644
 --- a/doc/examples/cloud-config.txt
 +++ b/doc/examples/cloud-config.txt
@@ -414,10 +414,14 @@ timezone: US/Eastern
@ -65,5 +65,5 @@ index de9a0f87..bb33ad45 100644
 
 # you can set passwords for a user or multiple users
 -- 
-2.27.0
+2.31.1

--- a/SOURCES/0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
+++ b/SOURCES/0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
@ -0,0 +1,52 @@
+From ffa647e83efd4293bd027e9e390274aad8a12d94 Mon Sep 17 00:00:00 2001
+From: Eduardo Otubo <otubo@redhat.com>
+Date: Fri, 7 May 2021 13:36:13 +0200
+Subject: include 'NOZEROCONF=yes' in /etc/sysconfig/network
+
+RH-Author: Eduardo Otubo <otubo@redhat.com>
+Message-id: <20190320114559.23708-1-otubo@redhat.com>
+Patchwork-id: 84937
+O-Subject: [RHEL-7.7 cloud-init PATCH] include 'NOZEROCONF=yes' in /etc/sysconfig/network
+Bugzilla: 1653131
+RH-Acked-by: Cathy Avery <cavery@redhat.com>
+RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+The option NOZEROCONF=yes is not included by default in
+/etc/sysconfig/network, which is required by Overcloud instances. The
+patch also includes tests for the modifications.
+
+X-downstream-only: yes
+Resolves: rhbz#1653131
+
+Signed-off-by: Eduardo Otubo <otubo@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ cloudinit/net/sysconfig.py | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
+index e06ddee7..362e8d19 100644
+--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
+@@ -1038,7 +1038,16 @@ class Renderer(renderer.Renderer):
+         # Distros configuring /etc/sysconfig/network as a file e.g. Centos
+         if sysconfig_path.endswith("network"):
+             util.ensure_dir(os.path.dirname(sysconfig_path))
+-            netcfg = [_make_header(), "NETWORKING=yes"]
+            netcfg = []
+            for line in util.load_file(sysconfig_path, quiet=True).split("\n"):
+                if "cloud-init" in line:
+                    break
+                if not line.startswith(("NETWORKING=",
+                                        "IPV6_AUTOCONF=",
+                                        "NETWORKING_IPV6=")):
+                    netcfg.append(line)
+            # Now generate the cloud-init portion of sysconfig/network
+            netcfg.extend([_make_header(), "NETWORKING=yes"])
+             if network_state.use_ipv6:
+                 netcfg.append("NETWORKING_IPV6=yes")
+                 netcfg.append("IPV6_AUTOCONF=no")
+-- 
+2.31.1
+
--- a/SOURCES/0005-Remove-race-condition-between-cloud-init-and-Network.patch
+++ b/SOURCES/0005-Remove-race-condition-between-cloud-init-and-Network.patch
@ -0,0 +1,148 @@
+From 386f0a82bfdfd62e506bf4251c17263260d3250a Mon Sep 17 00:00:00 2001
+From: Eduardo Otubo <otubo@redhat.com>
+Date: Fri, 7 May 2021 13:36:14 +0200
+Subject: Remove race condition between cloud-init and NetworkManager
+
+Message-id: <20200302104635.11648-1-otubo@redhat.com>
+Patchwork-id: 94098
+O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Remove race condition between cloud-init and NetworkManager
+Bugzilla: 1807797
+RH-Acked-by: Cathy Avery <cavery@redhat.com>
+RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
+
+BZ: 1748015
+BRANCH: rhel7/master-18.5
+BREW: 26924611
+
+BZ: 1807797
+BRANCH: rhel820/master-18.5
+BREW: 26924957
+
+cloud-init service is set to start before NetworkManager service starts,
+but this does not avoid a race condition between them. NetworkManager
+starts before cloud-init can write `dns=none' to the file:
+/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager
+doesn't read the configuration and erases all resolv.conf values upon
+shutdown. On the next reboot neither cloud-init or NetworkManager will
+write anything to resolv.conf, leaving it blank.
+
+This patch introduces a NM reload (try-restart) at the end of cloud-init
+start up so it won't erase resolv.conf upon first shutdown.
+
+x-downstream-only: yes
+resolves: rhbz#1748015, rhbz#1807797 and rhbz#1804780
+
+Signed-off-by: Eduardo Otubo <otubo@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+This commit is a squash and also includes the folloowing commits:
+
+commit 316a17b7c02a87fa9b2981535be0b20d165adc46
+Author: Eduardo Otubo <otubo@redhat.com>
+Date:   Mon Jun 1 11:58:06 2020 +0200
+
+    Make cloud-init.service execute after network is up
+
+    RH-Author: Eduardo Otubo <otubo@redhat.com>
+    Message-id: <20200526090804.2047-1-otubo@redhat.com>
+    Patchwork-id: 96809
+    O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up
+    Bugzilla: 1803928
+    RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+    RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+    cloud-init.service needs to wait until network is fully up before
+    continuing executing and configuring its service.
+
+    Signed-off-by: Eduardo Otubo <otubo@redhat.com>
+
+    x-downstream-only: yes
+    Resolves: rhbz#1831646
+    Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+commit 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7
+Author: Eduardo Otubo <otubo@redhat.com>
+Date:   Thu May 28 08:44:08 2020 +0200
+
+    Remove race condition between cloud-init and NetworkManager
+
+    RH-Author: Eduardo Otubo <otubo@redhat.com>
+    Message-id: <20200327121911.17699-1-otubo@redhat.com>
+    Patchwork-id: 94453
+    O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager
+    Bugzilla: 1840648
+    RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+    RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+    RH-Acked-by: Cathy Avery <cavery@redhat.com>
+
+    cloud-init service is set to start before NetworkManager service starts,
+    but this does not avoid a race condition between them. NetworkManager
+    starts before cloud-init can write `dns=none' to the file:
+    /etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager
+    doesn't read the configuration and erases all resolv.conf values upon
+    shutdown. On the next reboot neither cloud-init or NetworkManager will
+    write anything to resolv.conf, leaving it blank.
+
+    This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init
+    start up so it won't erase resolv.conf upon first shutdown.
+
+    x-downstream-only: yes
+
+    Signed-off-by: Eduardo Otubo otubo@redhat.com
+    Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+
+commit e0b48a936433faea7f56dbc29dda35acf7d375f7
+Author: Eduardo Otubo <otubo@redhat.com>
+Date:   Thu May 28 08:44:06 2020 +0200
+
+    Enable ssh_deletekeys by default
+
+    RH-Author: Eduardo Otubo <otubo@redhat.com>
+    Message-id: <20200317091705.15715-1-otubo@redhat.com>
+    Patchwork-id: 94365
+    O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default
+    Bugzilla: 1814152
+    RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
+    RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+    The configuration option ssh_deletekeys will trigger the generation
+    of new ssh keys for every new instance deployed.
+
+    x-downstream-only: yes
+    resolves: rhbz#1814152
+
+    Signed-off-by: Eduardo Otubo <otubo@redhat.com>
+    Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ rhel/cloud.cfg                  | 2 +-
+ rhel/systemd/cloud-init.service | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
+index 82e8bf62..9ecba215 100644
+--- a/rhel/cloud.cfg
+++ b/rhel/cloud.cfg
+@@ -6,7 +6,7 @@ ssh_pwauth:   0
+ 
+ mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
+ resize_rootfs_tmp: /dev
+-ssh_deletekeys:   0
+ssh_deletekeys:   1
+ ssh_genkeytypes:  ~
+ syslog_fix_perms: ~
+ disable_vmware_customization: false
+diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service
+index d0023a05..0b3d796d 100644
+--- a/rhel/systemd/cloud-init.service
+++ b/rhel/systemd/cloud-init.service
+@@ -5,6 +5,7 @@ Wants=sshd-keygen.service
+ Wants=sshd.service
+ After=cloud-init-local.service
+ After=NetworkManager.service network.service
+After=NetworkManager-wait-online.service
+ Before=network-online.target
+ Before=sshd-keygen.service
+ Before=sshd.service
+-- 
+2.31.1
+
--- a/SOURCES/0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch
+++ b/SOURCES/0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch
@ -1,16 +1,17 @@
-From 5069e58c009bc8c689f00de35391ae6d860197a4 Mon Sep 17 00:00:00 2001
+From b545a0cbabe8924d048b7172b30e7aad59ed32d5 Mon Sep 17 00:00:00 2001
 From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
 Date: Thu, 20 May 2021 08:53:55 +0200
-Subject: [PATCH 1/2] rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and
- set in cloud.cfg
+Subject: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in
+ cloud.cfg

 RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 16: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in cloud.cfg
-RH-Commit: [1/1] 67a4904f4d7918be4c9b3c3dbf340b3ecb9e8786
-RH-Bugzilla: 1970909
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
+RH-MergeRequest: 10: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in cloud.cfg
+RH-Commit: [1/1] 6da989423b9b6e017afbac2f1af3649b0487310f
+RH-Bugzilla: 1957532
 RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+RH-Acked-by: Cathy Avery <cavery@redhat.com>
 RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>

 Currently genkeytypes in cloud.cfg is set to None, so together with
 ssh_deletekeys=1 cloudinit on first boot it will just delete the existing
@ -28,25 +29,24 @@ Also remove ssh_deletekeys in settings.py as we always need
 to 1 (and it also defaults to 1).

 Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
 ---
 cloudinit/settings.py | 2 --
 rhel/cloud.cfg        | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

 diff --git a/cloudinit/settings.py b/cloudinit/settings.py
-index 43a1490c..2acf2615 100644
+index 3c2145e9..71672e10 100644
 --- a/cloudinit/settings.py
 +++ b/cloudinit/settings.py
-@@ -49,8 +49,6 @@ CFG_BUILTIN = {
-     'def_log_file_mode': 0o600,
-     'log_cfgs': [],
-     'mount_default_fields': [None, None, 'auto', 'defaults,nofail', '0', '2'],
-    'ssh_deletekeys': False,
-    'ssh_genkeytypes': [],
-     'syslog_fix_perms': [],
-     'system_info': {
-         'paths': {
+@@ -52,8 +52,6 @@ CFG_BUILTIN = {
+     "def_log_file_mode": 0o600,
+     "log_cfgs": [],
+     "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"],
+-    "ssh_deletekeys": False,
+-    "ssh_genkeytypes": [],
+     "syslog_fix_perms": [],
+     "system_info": {
+         "paths": {
 diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
 index 9ecba215..cbee197a 100644
 --- a/rhel/cloud.cfg
@ -61,5 +61,5 @@ index 9ecba215..cbee197a 100644
 disable_vmware_customization: false
 
 -- 
-2.27.0
+2.31.1

--- a/SOURCES/ci-Add-native-NetworkManager-support-1224.patch
+++ b/SOURCES/ci-Add-native-NetworkManager-support-1224.patch
--- a/SOURCES/ci-Align-rhel-custom-files-with-upstream-1431.patch
+++ b/SOURCES/ci-Align-rhel-custom-files-with-upstream-1431.patch
@ -0,0 +1,257 @@
+From 5c99ba05086b1ec83ce7e0c64edb4add4b47d923 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Thu, 19 May 2022 11:14:39 +0200
+Subject: [PATCH 3/4] Align rhel custom files with upstream (#1431)
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 65: Align rhel custom files with upstream (#1431)
+RH-Commit: [1/2] 5d9067175688b1006472a477b0916b81c73d5e07
+RH-Bugzilla: 2082071
+RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
+RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+commit 9624758f91b61f4711e8d7b5c83075b5d23e0c43
+Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date:   Wed May 18 15:18:04 2022 +0200
+
+    Align rhel custom files with upstream (#1431)
+
+    So far RHEL had its own custom .service and cloud.cfg files,
+    that diverged from upstream. We always replaced the generated files
+    with the ones we had.
+
+    This caused only confusion and made it harder to rebase and backport
+    patches targeting these files.
+    At the same time, we are going to delete our custom downstream-only files
+    and use the ones generated by .tmpl.
+
+    The mapping is:
+    config/cloud.cfg.tmpl -> rhel/cloud.cfg
+    systemd/* -> rhel/systemd/*
+
+    Such rhel-specific files are open and available in the Centos repo:
+    https://gitlab.com/redhat/centos-stream/src/cloud-init
+
+    With this commit, we are also introducing modules in cloud.cfg that
+    were not in the default rhel cfg file, even though they should already
+    have been there with previous rebases and releases.
+    Anyways such modules support rhel as distro, and
+    therefore should cause no harm.
+
+    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+
+    RHBZ: 2082071
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ config/cloud.cfg.tmpl                   | 23 +++++++++++++++++++++++
+ systemd/cloud-config.service.tmpl       |  4 ++++
+ systemd/cloud-final.service.tmpl        | 13 +++++++++++++
+ systemd/cloud-init-local.service.tmpl   | 22 +++++++++++++++++++++-
+ systemd/cloud-init.service.tmpl         |  6 +++++-
+ tests/unittests/test_render_cloudcfg.py |  1 +
+ 6 files changed, 67 insertions(+), 2 deletions(-)
+
+diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
+index 86beee3c..f4d2fd14 100644
+--- a/config/cloud.cfg.tmpl
+++ b/config/cloud.cfg.tmpl
+@@ -34,7 +34,11 @@ disable_root: true
+ 
+ {% if variant in ["almalinux", "alpine", "amazon", "centos", "cloudlinux", "eurolinux",
+                   "fedora", "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %}
+{% if variant == "rhel" %}
+mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2']
+{% else %}
+ mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
+{% endif %}
+ {% if variant == "amazon" %}
+ resize_rootfs: noblock
+ {% endif %}
+@@ -66,6 +70,14 @@ network:
+   config: disabled
+ {% endif %}
+ 
+{% if variant == "rhel" %}
+# Default redhat settings:
+ssh_deletekeys:   true
+ssh_genkeytypes:  ['rsa', 'ecdsa', 'ed25519']
+syslog_fix_perms: ~
+disable_vmware_customization: false
+{% endif %}
+
+ # The modules that run in the 'init' stage
+ cloud_init_modules:
+  - migrator
+@@ -107,10 +119,15 @@ cloud_config_modules:
+ {% endif %}
+ {% if variant not in ["photon"] %}
+  - ssh-import-id
+{% if variant not in ["rhel"] %}
+  - keyboard
+{% endif %}
+  - locale
+ {% endif %}
+  - set-passwords
+{% if variant in ["rhel"] %}
+ - rh_subscription
+{% endif %}
+ {% if variant in ["rhel", "fedora", "photon"] %}
+ {% if variant not in ["photon"] %}
+  - spacewalk
+@@ -239,6 +256,10 @@ system_info:
+      name: ec2-user
+      lock_passwd: True
+      gecos: EC2 Default User
+{% elif variant == "rhel" %}
+     name: cloud-user
+     lock_passwd: true
+     gecos: Cloud User
+ {% else %}
+      name: {{ variant }}
+      lock_passwd: True
+@@ -254,6 +275,8 @@ system_info:
+      groups: [adm, sudo]
+ {% elif variant == "arch" %}
+      groups: [wheel, users]
+{% elif variant == "rhel" %}
+     groups: [adm, systemd-journal]
+ {% else %}
+      groups: [wheel, adm, systemd-journal]
+ {% endif %}
+diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl
+index 9d928ca2..d5568a6e 100644
+--- a/systemd/cloud-config.service.tmpl
+++ b/systemd/cloud-config.service.tmpl
+@@ -4,6 +4,10 @@ Description=Apply the settings specified in cloud-config
+ After=network-online.target cloud-config.target
+ After=snapd.seeded.service
+ Wants=network-online.target cloud-config.target
+{% if variant == "rhel" %}
+ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ConditionKernelCommandLine=!cloud-init=disabled
+{% endif %}
+ 
+ [Service]
+ Type=oneshot
+diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl
+index 8207b18c..85f423ac 100644
+--- a/systemd/cloud-final.service.tmpl
+++ b/systemd/cloud-final.service.tmpl
+@@ -7,6 +7,10 @@ After=multi-user.target
+ Before=apt-daily.service
+ {% endif %}
+ Wants=network-online.target cloud-config.service
+{% if variant == "rhel" %}
+ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ConditionKernelCommandLine=!cloud-init=disabled
+{% endif %}
+ 
+ 
+ [Service]
+@@ -15,7 +19,16 @@ ExecStart=/usr/bin/cloud-init modules --mode=final
+ RemainAfterExit=yes
+ TimeoutSec=0
+ KillMode=process
+{% if variant == "rhel" %}
+# Restart NetworkManager if it is present and running.
+ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \
+ out=$(systemctl show --property=SubState $u) || exit; \
+ [ "$out" = "SubState=running" ] || exit 0; \
+ systemctl reload-or-try-restart $u'
+{% else %}
+ TasksMax=infinity
+{% endif %}
+
+ 
+ # Output needs to appear in instance console output
+ StandardOutput=journal+console
+diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl
+index 7166f640..a6b82650 100644
+--- a/systemd/cloud-init-local.service.tmpl
+++ b/systemd/cloud-init-local.service.tmpl
+@@ -1,23 +1,43 @@
+ ## template:jinja
+ [Unit]
+ Description=Initial cloud-init job (pre-networking)
+-{% if variant in ["ubuntu", "unknown", "debian"] %}
+{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %}
+ DefaultDependencies=no
+ {% endif %}
+ Wants=network-pre.target
+ After=hv_kvp_daemon.service
+ After=systemd-remount-fs.service
+{% if variant == "rhel" %}
+Requires=dbus.socket
+After=dbus.socket
+{% endif %}
+ Before=NetworkManager.service
+{% if variant == "rhel" %}
+Before=network.service
+{% endif %}
+ Before=network-pre.target
+ Before=shutdown.target
+{% if variant == "rhel" %}
+Before=firewalld.target
+Conflicts=shutdown.target
+{% endif %}
+ {% if variant in ["ubuntu", "unknown", "debian"] %}
+ Before=sysinit.target
+ Conflicts=shutdown.target
+ {% endif %}
+ RequiresMountsFor=/var/lib/cloud
+{% if variant == "rhel" %}
+ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ConditionKernelCommandLine=!cloud-init=disabled
+{% endif %}
+ 
+ [Service]
+ Type=oneshot
+{% if variant == "rhel" %}
+ExecStartPre=/bin/mkdir -p /run/cloud-init
+ExecStartPre=/sbin/restorecon /run/cloud-init
+ExecStartPre=/usr/bin/touch /run/cloud-init/enabled
+{% endif %}
+ ExecStart=/usr/bin/cloud-init init --local
+ ExecStart=/bin/touch /run/cloud-init/network-config-ready
+ RemainAfterExit=yes
+diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl
+index e71e5679..c170aef7 100644
+--- a/systemd/cloud-init.service.tmpl
+++ b/systemd/cloud-init.service.tmpl
+@@ -1,7 +1,7 @@
+ ## template:jinja
+ [Unit]
+ Description=Initial cloud-init job (metadata service crawler)
+-{% if variant not in ["photon"] %}
+{% if variant not in ["photon", "rhel"] %}
+ DefaultDependencies=no
+ {% endif %}
+ Wants=cloud-init-local.service
+@@ -36,6 +36,10 @@ Before=shutdown.target
+ Conflicts=shutdown.target
+ {% endif %}
+ Before=systemd-user-sessions.service
+{% if variant == "rhel" %}
+ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ConditionKernelCommandLine=!cloud-init=disabled
+{% endif %}
+ 
+ [Service]
+ Type=oneshot
+diff --git a/tests/unittests/test_render_cloudcfg.py b/tests/unittests/test_render_cloudcfg.py
+index 30fbd1a4..9f95d448 100644
+--- a/tests/unittests/test_render_cloudcfg.py
+++ b/tests/unittests/test_render_cloudcfg.py
+@@ -68,6 +68,7 @@ class TestRenderCloudCfg:
+         default_user_exceptions = {
+             "amazon": "ec2-user",
+             "debian": "ubuntu",
+            "rhel": "cloud-user",
+             "unknown": "ubuntu",
+         }
+         default_user = system_cfg["system_info"]["default_user"]["name"]
+-- 
+2.35.3
+
--- a/SOURCES/ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch
+++ b/SOURCES/ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch
@ -1,262 +0,0 @@
-From 5bfe2ee2b063d87e6fd255d6c5e63123aa3f6de0 Mon Sep 17 00:00:00 2001
-From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date: Sat, 21 Aug 2021 13:55:53 +0200
-Subject: [PATCH] Fix home permissions modified by ssh module (SC-338) (#984)
-
-RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 9: Fix home permissions modified by ssh module
-RH-Commit: [1/1] ab55db88aa1bf2f77acaca5e76ffabbab72b1fb2 (eesposit/cloud-init-centos-)
-RH-Bugzilla: 1995843
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
-
-TESTED: By me and QA
-BREW: 39178085
-
-Fix home permissions modified by ssh module (SC-338) (#984)
-
-commit 7d3f5d750f6111c2716143364ea33486df67c927
-Author: James Falcon <therealfalcon@gmail.com>
-Date:   Fri Aug 20 17:09:49 2021 -0500
-
-    Fix home permissions modified by ssh module (SC-338) (#984)
-
-    Fix home permissions modified by ssh module
-
-    In #956, we updated the file and directory permissions for keys not in
-    the user's home directory. We also unintentionally modified the
-    permissions within the home directory as well. These should not change,
-    and this commit changes that back.
-
-    LP: #1940233
-
-Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
- cloudinit/ssh_util.py                         |  35 ++++-
- .../modules/test_ssh_keysfile.py              | 132 +++++++++++++++---
- 2 files changed, 146 insertions(+), 21 deletions(-)
-
-diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
-index b8a3c8f7..9ccadf09 100644
--- a/cloudinit/ssh_util.py
-+++ b/cloudinit/ssh_util.py
-@@ -321,23 +321,48 @@ def check_create_path(username, filename, strictmodes):
-         home_folder = os.path.dirname(user_pwent.pw_dir)
-         for directory in directories:
-             parent_folder += "/" + directory
-            if home_folder.startswith(parent_folder):
-+
-+            # security check, disallow symlinks in the AuthorizedKeysFile path.
-+            if os.path.islink(parent_folder):
-+                LOG.debug(
-+                    "Invalid directory. Symlink exists in path: %s",
-+                    parent_folder)
-+                return False
-+
-+            if os.path.isfile(parent_folder):
-+                LOG.debug(
-+                    "Invalid directory. File exists in path: %s",
-+                    parent_folder)
-+                return False
-+
-+            if (home_folder.startswith(parent_folder) or
-+                    parent_folder == user_pwent.pw_dir):
-                 continue
- 
-            if not os.path.isdir(parent_folder):
-+            if not os.path.exists(parent_folder):
-                 # directory does not exist, and permission so far are good:
-                 # create the directory, and make it accessible by everyone
-                 # but owned by root, as it might be used by many users.
-                 with util.SeLinuxGuard(parent_folder):
-                    os.makedirs(parent_folder, mode=0o755, exist_ok=True)
-                    util.chownbyid(parent_folder, root_pwent.pw_uid,
-                                   root_pwent.pw_gid)
-+                    mode = 0o755
-+                    uid = root_pwent.pw_uid
-+                    gid = root_pwent.pw_gid
-+                    if parent_folder.startswith(user_pwent.pw_dir):
-+                        mode = 0o700
-+                        uid = user_pwent.pw_uid
-+                        gid = user_pwent.pw_gid
-+                    os.makedirs(parent_folder, mode=mode, exist_ok=True)
-+                    util.chownbyid(parent_folder, uid, gid)
- 
-             permissions = check_permissions(username, parent_folder,
-                                             filename, False, strictmodes)
-             if not permissions:
-                 return False
- 
-+        if os.path.islink(filename) or os.path.isdir(filename):
-+            LOG.debug("%s is not a file!", filename)
-+            return False
-+
-         # check the file
-         if not os.path.exists(filename):
-             # if file does not exist: we need to create it, since the
-diff --git a/tests/integration_tests/modules/test_ssh_keysfile.py b/tests/integration_tests/modules/test_ssh_keysfile.py
-index f82d7649..3159feb9 100644
--- a/tests/integration_tests/modules/test_ssh_keysfile.py
-+++ b/tests/integration_tests/modules/test_ssh_keysfile.py
-@@ -10,10 +10,10 @@ TEST_USER1_KEYS = get_test_rsa_keypair('test1')
- TEST_USER2_KEYS = get_test_rsa_keypair('test2')
- TEST_DEFAULT_KEYS = get_test_rsa_keypair('test3')
- 
-USERDATA = """\
-+_USERDATA = """\
- #cloud-config
- bootcmd:
- - sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile /etc/ssh/authorized_keys %h/.ssh/authorized_keys2;' /etc/ssh/sshd_config
-+ - {bootcmd}
- ssh_authorized_keys:
-  - {default}
- users:
-@@ -24,27 +24,17 @@ users:
- - name: test_user2
-   ssh_authorized_keys:
-     - {user2}
-""".format(  # noqa: E501
-+""".format(
-+    bootcmd='{bootcmd}',
-     default=TEST_DEFAULT_KEYS.public_key,
-     user1=TEST_USER1_KEYS.public_key,
-     user2=TEST_USER2_KEYS.public_key,
- )
- 
- 
-@pytest.mark.ubuntu
-@pytest.mark.user_data(USERDATA)
-def test_authorized_keys(client: IntegrationInstance):
-    expected_keys = [
-        ('test_user1', '/home/test_user1/.ssh/authorized_keys2',
-         TEST_USER1_KEYS),
-        ('test_user2', '/home/test_user2/.ssh/authorized_keys2',
-         TEST_USER2_KEYS),
-        ('ubuntu', '/home/ubuntu/.ssh/authorized_keys2',
-         TEST_DEFAULT_KEYS),
-        ('root', '/root/.ssh/authorized_keys2', TEST_DEFAULT_KEYS),
-    ]
-
-+def common_verify(client, expected_keys):
-     for user, filename, keys in expected_keys:
-+        # Ensure key is in the key file
-         contents = client.read_from_file(filename)
-         if user in ['ubuntu', 'root']:
-             # Our personal public key gets added by pycloudlib
-@@ -83,3 +73,113 @@ def test_authorized_keys(client: IntegrationInstance):
-                     look_for_keys=False,
-                     allow_agent=False,
-                 )
-+
-+        # Ensure we haven't messed with any /home permissions
-+        # See LP: #1940233
-+        home_dir = '/home/{}'.format(user)
-+        home_perms = '755'
-+        if user == 'root':
-+            home_dir = '/root'
-+            home_perms = '700'
-+        assert '{} {}'.format(user, home_perms) == client.execute(
-+            'stat -c "%U %a" {}'.format(home_dir)
-+        )
-+        if client.execute("test -d {}/.ssh".format(home_dir)).ok:
-+            assert '{} 700'.format(user) == client.execute(
-+                'stat -c "%U %a" {}/.ssh'.format(home_dir)
-+            )
-+        assert '{} 600'.format(user) == client.execute(
-+            'stat -c "%U %a" {}'.format(filename)
-+        )
-+
-+        # Also ensure ssh-keygen works as expected
-+        client.execute('mkdir {}/.ssh'.format(home_dir))
-+        assert client.execute(
-+            "ssh-keygen -b 2048 -t rsa -f {}/.ssh/id_rsa -q -N ''".format(
-+                home_dir)
-+        ).ok
-+        assert client.execute('test -f {}/.ssh/id_rsa'.format(home_dir))
-+        assert client.execute('test -f {}/.ssh/id_rsa.pub'.format(home_dir))
-+
-+    assert 'root 755' == client.execute('stat -c "%U %a" /home')
-+
-+
-+DEFAULT_KEYS_USERDATA = _USERDATA.format(bootcmd='""')
-+
-+
-+@pytest.mark.ubuntu
-+@pytest.mark.user_data(DEFAULT_KEYS_USERDATA)
-+def test_authorized_keys_default(client: IntegrationInstance):
-+    expected_keys = [
-+        ('test_user1', '/home/test_user1/.ssh/authorized_keys',
-+         TEST_USER1_KEYS),
-+        ('test_user2', '/home/test_user2/.ssh/authorized_keys',
-+         TEST_USER2_KEYS),
-+        ('ubuntu', '/home/ubuntu/.ssh/authorized_keys',
-+         TEST_DEFAULT_KEYS),
-+        ('root', '/root/.ssh/authorized_keys', TEST_DEFAULT_KEYS),
-+    ]
-+    common_verify(client, expected_keys)
-+
-+
-+AUTHORIZED_KEYS2_USERDATA = _USERDATA.format(bootcmd=(
-+    "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile "
-+    "/etc/ssh/authorized_keys %h/.ssh/authorized_keys2;' "
-+    "/etc/ssh/sshd_config"))
-+
-+
-+@pytest.mark.ubuntu
-+@pytest.mark.user_data(AUTHORIZED_KEYS2_USERDATA)
-+def test_authorized_keys2(client: IntegrationInstance):
-+    expected_keys = [
-+        ('test_user1', '/home/test_user1/.ssh/authorized_keys2',
-+         TEST_USER1_KEYS),
-+        ('test_user2', '/home/test_user2/.ssh/authorized_keys2',
-+         TEST_USER2_KEYS),
-+        ('ubuntu', '/home/ubuntu/.ssh/authorized_keys2',
-+         TEST_DEFAULT_KEYS),
-+        ('root', '/root/.ssh/authorized_keys2', TEST_DEFAULT_KEYS),
-+    ]
-+    common_verify(client, expected_keys)
-+
-+
-+NESTED_KEYS_USERDATA = _USERDATA.format(bootcmd=(
-+    "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile "
-+    "/etc/ssh/authorized_keys %h/foo/bar/ssh/keys;' "
-+    "/etc/ssh/sshd_config"))
-+
-+
-+@pytest.mark.ubuntu
-+@pytest.mark.user_data(NESTED_KEYS_USERDATA)
-+def test_nested_keys(client: IntegrationInstance):
-+    expected_keys = [
-+        ('test_user1', '/home/test_user1/foo/bar/ssh/keys',
-+         TEST_USER1_KEYS),
-+        ('test_user2', '/home/test_user2/foo/bar/ssh/keys',
-+         TEST_USER2_KEYS),
-+        ('ubuntu', '/home/ubuntu/foo/bar/ssh/keys',
-+         TEST_DEFAULT_KEYS),
-+        ('root', '/root/foo/bar/ssh/keys', TEST_DEFAULT_KEYS),
-+    ]
-+    common_verify(client, expected_keys)
-+
-+
-+EXTERNAL_KEYS_USERDATA = _USERDATA.format(bootcmd=(
-+    "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile "
-+    "/etc/ssh/authorized_keys /etc/ssh/authorized_keys/%u/keys;' "
-+    "/etc/ssh/sshd_config"))
-+
-+
-+@pytest.mark.ubuntu
-+@pytest.mark.user_data(EXTERNAL_KEYS_USERDATA)
-+def test_external_keys(client: IntegrationInstance):
-+    expected_keys = [
-+        ('test_user1', '/etc/ssh/authorized_keys/test_user1/keys',
-+         TEST_USER1_KEYS),
-+        ('test_user2', '/etc/ssh/authorized_keys/test_user2/keys',
-+         TEST_USER2_KEYS),
-+        ('ubuntu', '/etc/ssh/authorized_keys/ubuntu/keys',
-+         TEST_DEFAULT_KEYS),
-+        ('root', '/etc/ssh/authorized_keys/root/keys', TEST_DEFAULT_KEYS),
-+    ]
-+    common_verify(client, expected_keys)
-- 
-2.27.0
-
--- a/SOURCES/ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch
+++ b/SOURCES/ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch
@ -1,103 +0,0 @@
-From 83394f05a01b5e1f8e520213537558c1cb5d9051 Mon Sep 17 00:00:00 2001
-From: Eduardo Otubo <otubo@redhat.com>
-Date: Thu, 1 Jul 2021 12:01:34 +0200
-Subject: [PATCH] Fix requiring device-number on EC2 derivatives (#836)
-
-RH-Author: Eduardo Otubo <otubo@redhat.com>
-RH-MergeRequest: 3: Fix requiring device-number on EC2 derivatives (#836)
-RH-Commit: [1/1] a0b7af14a2bc6480bb844a496007737b8807f666 (otubo/cloud-init-src)
-RH-Bugzilla: 1943511
-RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-
-commit 9bd19645a61586b82e86db6f518dd05c3363b17f
-Author: James Falcon <TheRealFalcon@users.noreply.github.com>
-Date:   Mon Mar 8 14:09:47 2021 -0600
-
-    Fix requiring device-number on EC2 derivatives (#836)
-
-    #342 (70dbccbb) introduced the ability to determine route-metrics based on
-    the `device-number` provided by the EC2 IMDS. Not all datasources that
-    subclass EC2 will have this attribute, so allow the old behavior if
-    `device-number` is not present.
-
-    LP: #1917875
-
-Signed-off-by: Eduardo Otubo <otubo@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
- cloudinit/sources/DataSourceEc2.py            |  3 +-
- .../unittests/test_datasource/test_aliyun.py  | 30 +++++++++++++++++++
- 2 files changed, 32 insertions(+), 1 deletion(-)
-
-diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
-index 1930a509..a2105dc7 100644
--- a/cloudinit/sources/DataSourceEc2.py
-+++ b/cloudinit/sources/DataSourceEc2.py
-@@ -765,13 +765,14 @@ def convert_ec2_metadata_network_config(
-         netcfg['ethernets'][nic_name] = dev_config
-         return netcfg
-     # Apply network config for all nics and any secondary IPv4/v6 addresses
-+    nic_idx = 0
-     for mac, nic_name in sorted(macs_to_nics.items()):
-         nic_metadata = macs_metadata.get(mac)
-         if not nic_metadata:
-             continue  # Not a physical nic represented in metadata
-         # device-number is zero-indexed, we want it 1-indexed for the
-         # multiplication on the following line
-        nic_idx = int(nic_metadata['device-number']) + 1
-+        nic_idx = int(nic_metadata.get('device-number', nic_idx)) + 1
-         dhcp_override = {'route-metric': nic_idx * 100}
-         dev_config = {'dhcp4': True, 'dhcp4-overrides': dhcp_override,
-                       'dhcp6': False,
-diff --git a/tests/unittests/test_datasource/test_aliyun.py b/tests/unittests/test_datasource/test_aliyun.py
-index eb2828d5..cab1ac2b 100644
--- a/tests/unittests/test_datasource/test_aliyun.py
-+++ b/tests/unittests/test_datasource/test_aliyun.py
-@@ -7,6 +7,7 @@ from unittest import mock
- 
- from cloudinit import helpers
- from cloudinit.sources import DataSourceAliYun as ay
-+from cloudinit.sources.DataSourceEc2 import convert_ec2_metadata_network_config
- from cloudinit.tests import helpers as test_helpers
- 
- DEFAULT_METADATA = {
-@@ -183,6 +184,35 @@ class TestAliYunDatasource(test_helpers.HttprettyTestCase):
-         self.assertEqual(ay.parse_public_keys(public_keys),
-                          public_keys['key-pair-0']['openssh-key'])
- 
-+    def test_route_metric_calculated_without_device_number(self):
-+        """Test that route-metric code works without `device-number`
-+
-+        `device-number` is part of EC2 metadata, but not supported on aliyun.
-+        Attempting to access it will raise a KeyError.
-+
-+        LP: #1917875
-+        """
-+        netcfg = convert_ec2_metadata_network_config(
-+            {"interfaces": {"macs": {
-+                "06:17:04:d7:26:09": {
-+                    "interface-id": "eni-e44ef49e",
-+                },
-+                "06:17:04:d7:26:08": {
-+                    "interface-id": "eni-e44ef49f",
-+                }
-+            }}},
-+            macs_to_nics={
-+                '06:17:04:d7:26:09': 'eth0',
-+                '06:17:04:d7:26:08': 'eth1',
-+            }
-+        )
-+
-+        met0 = netcfg['ethernets']['eth0']['dhcp4-overrides']['route-metric']
-+        met1 = netcfg['ethernets']['eth1']['dhcp4-overrides']['route-metric']
-+
-+        # route-metric numbers should be 100 apart
-+        assert 100 == abs(met0 - met1)
-+
- 
- class TestIsAliYun(test_helpers.CiTestCase):
-     ALIYUN_PRODUCT = 'Alibaba Cloud ECS'
-- 
-2.27.0
-
--- a/SOURCES/ci-Inhibit-sshd-keygen-.service-if-cloud-init-is-active.patch
+++ b/SOURCES/ci-Inhibit-sshd-keygen-.service-if-cloud-init-is-active.patch
@ -1,104 +0,0 @@
-From e6412be62079bbec5d67d178711ea42f21cafab8 Mon Sep 17 00:00:00 2001
-From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date: Tue, 12 Oct 2021 16:35:00 +0200
-Subject: [PATCH 1/2] Inhibit sshd-keygen@.service if cloud-init is active
- (#1028)
-
-RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 11: Add drop-in to prevent race with sshd-keygen service
-RH-Commit: [1/2] 77ba3f167e71c43847aa5b38e1833d84568ed5a7 (eesposit/cloud-init-centos-)
-RH-Bugzilla: 2002492
-RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-
-TESTED: by me and QA
-BREW: 40286693
-
-commit 02c71f097bca455a0f87d3e0a2af4d04b1cbd727
-Author: Ryan Harper <ryan.harper@canonical.com>
-Date:   Tue Oct 12 09:31:36 2021 -0500
-
-    Inhibit sshd-keygen@.service if cloud-init is active (#1028)
-
-    In some cloud-init enabled images the sshd-keygen@.service
-    may race with cloud-init and prevent ssh host keys from being
-    generated or generating host keys twice slowing boot and  consuming
-    additional entropy during boot.  This drop-in unit adds a condition to
-    the sshd-keygen@.service which prevents running if cloud-init is active.
-
-Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-
-Conflicts: minor conflict in setup.py (line 253), where we still use
-"/usr/lib/" instead of LIB
---
- packages/redhat/cloud-init.spec.in                    | 1 +
- packages/suse/cloud-init.spec.in                      | 1 +
- setup.py                                              | 5 ++++-
- systemd/disable-sshd-keygen-if-cloud-init-active.conf | 8 ++++++++
- 4 files changed, 14 insertions(+), 1 deletion(-)
- create mode 100644 systemd/disable-sshd-keygen-if-cloud-init-active.conf
-
-diff --git a/packages/redhat/cloud-init.spec.in b/packages/redhat/cloud-init.spec.in
-index 16138012..1491822b 100644
--- a/packages/redhat/cloud-init.spec.in
-+++ b/packages/redhat/cloud-init.spec.in
-@@ -175,6 +175,7 @@ fi
- 
- %if "%{init_system}" == "systemd"
- /usr/lib/systemd/system-generators/cloud-init-generator
-+%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
- %{_unitdir}/cloud-*
- %else
- %attr(0755, root, root) %{_initddir}/cloud-config
-diff --git a/packages/suse/cloud-init.spec.in b/packages/suse/cloud-init.spec.in
-index 004b875f..da8107b4 100644
--- a/packages/suse/cloud-init.spec.in
-+++ b/packages/suse/cloud-init.spec.in
-@@ -126,6 +126,7 @@ version_pys=$(cd "%{buildroot}" && find . -name version.py -type f)
- 
- %{_sysconfdir}/dhcp/dhclient-exit-hooks.d/hook-dhclient
- %{_sysconfdir}/NetworkManager/dispatcher.d/hook-network-manager
-+%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
- 
- # Python code is here...
- %{python_sitelib}/*
-diff --git a/setup.py b/setup.py
-index d5cd01a4..ec03fa27 100755
--- a/setup.py
-+++ b/setup.py
-@@ -38,6 +38,7 @@ def is_generator(p):
- def pkg_config_read(library, var):
-     fallbacks = {
-         'systemd': {
-+            'systemdsystemconfdir': '/etc/systemd/system',
-             'systemdsystemunitdir': '/lib/systemd/system',
-             'systemdsystemgeneratordir': '/lib/systemd/system-generators',
-         }
-@@ -249,7 +250,9 @@ if not platform.system().endswith('BSD'):
-     data_files.extend([
-         (ETC + '/NetworkManager/dispatcher.d/',
-          ['tools/hook-network-manager']),
-        ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')])
-+        ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')]),
-+        (ETC + '/systemd/system/sshd-keygen@.service.d/',
-+         ['systemd/disable-sshd-keygen-if-cloud-init-active.conf']),
-     ])
- # Use a subclass for install that handles
- # adding on the right init system configuration files
-diff --git a/systemd/disable-sshd-keygen-if-cloud-init-active.conf b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
-new file mode 100644
-index 00000000..71e35876
--- /dev/null
-+++ b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
-@@ -0,0 +1,8 @@
-+# In some cloud-init enabled images the sshd-keygen template service may race
-+# with cloud-init during boot causing issues with host key generation.  This
-+# drop-in config adds a condition to sshd-keygen@.service if it exists and
-+# prevents the sshd-keygen units from running *if* cloud-init is going to run.
-+#
-+[Unit]
-+ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target
-+EOF
-- 
-2.27.0
-
--- a/SOURCES/ci-Remove-rhel-specific-files.patch
+++ b/SOURCES/ci-Remove-rhel-specific-files.patch
@ -0,0 +1,373 @@
+From d43f0d93386f123892451d923c2b3c6fe7130c39 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Thu, 19 May 2022 11:38:22 +0200
+Subject: [PATCH 4/4] Remove rhel specific files
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 65: Align rhel custom files with upstream (#1431)
+RH-Commit: [2/2] 5e31f0bcb500682e7746ccbd2e628c2ef339d6c6
+RH-Bugzilla: 2082071
+RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
+RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+Remove all files in rhel/ directory and related commands that copy
+and replace them with the generated ones.
+
+Also adjust setup.py, align it with upstream:
+- by default, after rhel 8.3 ds-identify is in /usr/libexec, so no need to move it manually
+- bash-completions work also in /usr/share, as upstream
+- udev also works in /lib/udev
+
+Also remove rhel/README since it is outdated (chef is used in cloud.cfg) and cloud-init-tmpfiles.conf,
+as it exists also in .distro.
+
+X-downstream-only: yes
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ redhat/cloud-init.spec.template       | 21 ++------
+ rhel/README.rhel                      |  5 --
+ rhel/cloud-init-tmpfiles.conf         |  1 -
+ rhel/cloud.cfg                        | 69 ---------------------------
+ rhel/systemd/cloud-config.service     | 18 -------
+ rhel/systemd/cloud-config.target      | 11 -----
+ rhel/systemd/cloud-final.service      | 24 ----------
+ rhel/systemd/cloud-init-local.service | 31 ------------
+ rhel/systemd/cloud-init.service       | 26 ----------
+ rhel/systemd/cloud-init.target        |  7 ---
+ setup.py                              | 28 ++++++++++-
+ 11 files changed, 31 insertions(+), 210 deletions(-)
+ delete mode 100644 rhel/README.rhel
+ delete mode 100644 rhel/cloud-init-tmpfiles.conf
+ delete mode 100644 rhel/cloud.cfg
+ delete mode 100644 rhel/systemd/cloud-config.service
+ delete mode 100644 rhel/systemd/cloud-config.target
+ delete mode 100644 rhel/systemd/cloud-final.service
+ delete mode 100644 rhel/systemd/cloud-init-local.service
+ delete mode 100644 rhel/systemd/cloud-init.service
+ delete mode 100644 rhel/systemd/cloud-init.target
+
+ 
+diff --git a/rhel/README.rhel b/rhel/README.rhel
+deleted file mode 100644
+index aa29630d..00000000
+--- a/rhel/README.rhel
+++ /dev/null
+@@ -1,5 +0,0 @@
+-The following cloud-init modules are currently unsupported on this OS:
+- - apt_update_upgrade ('apt_update', 'apt_upgrade', 'apt_mirror', 'apt_preserve_sources_list', 'apt_old_mirror', 'apt_sources', 'debconf_selections', 'packages' options)
+- - byobu ('byobu_by_default' option)
+- - chef
+- - grub_dpkg
+diff --git a/rhel/cloud-init-tmpfiles.conf b/rhel/cloud-init-tmpfiles.conf
+deleted file mode 100644
+index 0c6d2a3b..00000000
+--- a/rhel/cloud-init-tmpfiles.conf
+++ /dev/null
+@@ -1 +0,0 @@
+-d /run/cloud-init 0700 root root - -
+diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
+deleted file mode 100644
+index cbee197a..00000000
+--- a/rhel/cloud.cfg
+++ /dev/null
+@@ -1,69 +0,0 @@
+-users:
+- - default
+-
+-disable_root: 1
+-ssh_pwauth:   0
+-
+-mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
+-resize_rootfs_tmp: /dev
+-ssh_deletekeys:   1
+-ssh_genkeytypes:  ['rsa', 'ecdsa', 'ed25519']
+-syslog_fix_perms: ~
+-disable_vmware_customization: false
+-
+-cloud_init_modules:
+- - disk_setup
+- - migrator
+- - bootcmd
+- - write-files
+- - growpart
+- - resizefs
+- - set_hostname
+- - update_hostname
+- - update_etc_hosts
+- - rsyslog
+- - users-groups
+- - ssh
+-
+-cloud_config_modules:
+- - mounts
+- - locale
+- - set-passwords
+- - rh_subscription
+- - yum-add-repo
+- - package-update-upgrade-install
+- - timezone
+- - puppet
+- - chef
+- - salt-minion
+- - mcollective
+- - disable-ec2-metadata
+- - runcmd
+-
+-cloud_final_modules:
+- - rightscale_userdata
+- - scripts-per-once
+- - scripts-per-boot
+- - scripts-per-instance
+- - scripts-user
+- - ssh-authkey-fingerprints
+- - keys-to-console
+- - phone-home
+- - final-message
+- - power-state-change
+-
+-system_info:
+-  default_user:
+-    name: cloud-user
+-    lock_passwd: true
+-    gecos: Cloud User
+-    groups: [adm, systemd-journal]
+-    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+-    shell: /bin/bash
+-  distro: rhel
+-  paths:
+-    cloud_dir: /var/lib/cloud
+-    templates_dir: /etc/cloud/templates
+-  ssh_svcname: sshd
+-
+-# vim:syntax=yaml
+diff --git a/rhel/systemd/cloud-config.service b/rhel/systemd/cloud-config.service
+deleted file mode 100644
+index f3dcd4be..00000000
+--- a/rhel/systemd/cloud-config.service
+++ /dev/null
+@@ -1,18 +0,0 @@
+-[Unit]
+-Description=Apply the settings specified in cloud-config
+-After=network-online.target cloud-config.target
+-Wants=network-online.target cloud-config.target
+-ConditionPathExists=!/etc/cloud/cloud-init.disabled
+-ConditionKernelCommandLine=!cloud-init=disabled
+-
+-[Service]
+-Type=oneshot
+-ExecStart=/usr/bin/cloud-init modules --mode=config
+-RemainAfterExit=yes
+-TimeoutSec=0
+-
+-# Output needs to appear in instance console output
+-StandardOutput=journal+console
+-
+-[Install]
+-WantedBy=cloud-init.target
+diff --git a/rhel/systemd/cloud-config.target b/rhel/systemd/cloud-config.target
+deleted file mode 100644
+index ae9b7d02..00000000
+--- a/rhel/systemd/cloud-config.target
+++ /dev/null
+@@ -1,11 +0,0 @@
+-# cloud-init normally emits a "cloud-config" upstart event to inform third
+-# parties that cloud-config is available, which does us no good when we're
+-# using systemd.  cloud-config.target serves as this synchronization point
+-# instead.  Services that would "start on cloud-config" with upstart can
+-# instead use "After=cloud-config.target" and "Wants=cloud-config.target"
+-# as appropriate.
+-
+-[Unit]
+-Description=Cloud-config availability
+-Wants=cloud-init-local.service cloud-init.service
+-After=cloud-init-local.service cloud-init.service
+diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service
+deleted file mode 100644
+index e281c0cf..00000000
+--- a/rhel/systemd/cloud-final.service
+++ /dev/null
+@@ -1,24 +0,0 @@
+-[Unit]
+-Description=Execute cloud user/final scripts
+-After=network-online.target cloud-config.service rc-local.service
+-Wants=network-online.target cloud-config.service
+-ConditionPathExists=!/etc/cloud/cloud-init.disabled
+-ConditionKernelCommandLine=!cloud-init=disabled
+-
+-[Service]
+-Type=oneshot
+-ExecStart=/usr/bin/cloud-init modules --mode=final
+-RemainAfterExit=yes
+-TimeoutSec=0
+-KillMode=process
+-# Restart NetworkManager if it is present and running.
+-ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \
+- out=$(systemctl show --property=SubState $u) || exit; \
+- [ "$out" = "SubState=running" ] || exit 0; \
+- systemctl reload-or-try-restart $u'
+-
+-# Output needs to appear in instance console output
+-StandardOutput=journal+console
+-
+-[Install]
+-WantedBy=cloud-init.target
+diff --git a/rhel/systemd/cloud-init-local.service b/rhel/systemd/cloud-init-local.service
+deleted file mode 100644
+index 8f9f6c9f..00000000
+--- a/rhel/systemd/cloud-init-local.service
+++ /dev/null
+@@ -1,31 +0,0 @@
+-[Unit]
+-Description=Initial cloud-init job (pre-networking)
+-DefaultDependencies=no
+-Wants=network-pre.target
+-After=systemd-remount-fs.service
+-Requires=dbus.socket
+-After=dbus.socket
+-Before=NetworkManager.service network.service
+-Before=network-pre.target
+-Before=shutdown.target
+-Before=firewalld.target
+-Conflicts=shutdown.target
+-RequiresMountsFor=/var/lib/cloud
+-ConditionPathExists=!/etc/cloud/cloud-init.disabled
+-ConditionKernelCommandLine=!cloud-init=disabled
+-
+-[Service]
+-Type=oneshot
+-ExecStartPre=/bin/mkdir -p /run/cloud-init
+-ExecStartPre=/sbin/restorecon /run/cloud-init
+-ExecStartPre=/usr/bin/touch /run/cloud-init/enabled
+-ExecStart=/usr/bin/cloud-init init --local
+-ExecStart=/bin/touch /run/cloud-init/network-config-ready
+-RemainAfterExit=yes
+-TimeoutSec=0
+-
+-# Output needs to appear in instance console output
+-StandardOutput=journal+console
+-
+-[Install]
+-WantedBy=cloud-init.target
+diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service
+deleted file mode 100644
+index 0b3d796d..00000000
+--- a/rhel/systemd/cloud-init.service
+++ /dev/null
+@@ -1,26 +0,0 @@
+-[Unit]
+-Description=Initial cloud-init job (metadata service crawler)
+-Wants=cloud-init-local.service
+-Wants=sshd-keygen.service
+-Wants=sshd.service
+-After=cloud-init-local.service
+-After=NetworkManager.service network.service
+-After=NetworkManager-wait-online.service
+-Before=network-online.target
+-Before=sshd-keygen.service
+-Before=sshd.service
+-Before=systemd-user-sessions.service
+-ConditionPathExists=!/etc/cloud/cloud-init.disabled
+-ConditionKernelCommandLine=!cloud-init=disabled
+-
+-[Service]
+-Type=oneshot
+-ExecStart=/usr/bin/cloud-init init
+-RemainAfterExit=yes
+-TimeoutSec=0
+-
+-# Output needs to appear in instance console output
+-StandardOutput=journal+console
+-
+-[Install]
+-WantedBy=cloud-init.target
+diff --git a/rhel/systemd/cloud-init.target b/rhel/systemd/cloud-init.target
+deleted file mode 100644
+index 083c3b6f..00000000
+--- a/rhel/systemd/cloud-init.target
+++ /dev/null
+@@ -1,7 +0,0 @@
+-# cloud-init target is enabled by cloud-init-generator
+-# To disable it you can either:
+-#  a.) boot with kernel cmdline of 'cloud-init=disabled'
+-#  b.) touch a file /etc/cloud/cloud-init.disabled
+-[Unit]
+-Description=Cloud-init target
+-After=multi-user.target
+diff --git a/setup.py b/setup.py
+index 3c377eaa..a9132d2c 100755
+--- a/setup.py
+++ b/setup.py
+@@ -139,6 +139,21 @@ INITSYS_FILES = {
+     "sysvinit_deb": [f for f in glob("sysvinit/debian/*") if is_f(f)],
+     "sysvinit_openrc": [f for f in glob("sysvinit/gentoo/*") if is_f(f)],
+     "sysvinit_suse": [f for f in glob("sysvinit/suse/*") if is_f(f)],
+    "systemd": [
+        render_tmpl(f)
+        for f in (
+            glob("systemd/*.tmpl")
+            + glob("systemd/*.service")
+            + glob("systemd/*.socket")
+            + glob("systemd/*.target")
+        )
+        if (is_f(f) and not is_generator(f))
+    ],
+    "systemd.generators": [
+        render_tmpl(f, mode=0o755)
+        for f in glob("systemd/*")
+        if is_f(f) and is_generator(f)
+    ],
+     "upstart": [f for f in glob("upstart/*") if is_f(f)],
+ }
+ INITSYS_ROOTS = {
+@@ -148,6 +163,10 @@ INITSYS_ROOTS = {
+     "sysvinit_deb": "etc/init.d",
+     "sysvinit_openrc": "etc/init.d",
+     "sysvinit_suse": "etc/init.d",
+    "systemd": pkg_config_read("systemd", "systemdsystemunitdir"),
+    "systemd.generators": pkg_config_read(
+        "systemd", "systemdsystemgeneratordir"
+    ),
+     "upstart": "etc/init/",
+ }
+ INITSYS_TYPES = sorted([f.partition(".")[0] for f in INITSYS_ROOTS.keys()])
+@@ -262,13 +281,15 @@ data_files = [
+     (
+         USR_LIB_EXEC + "/cloud-init",
+         [
+            "tools/ds-identify",
+             "tools/hook-hotplug",
+             "tools/uncloud-init",
+             "tools/write-ssh-key-fingerprints",
+         ],
+     ),
+     (
+-        ETC + "/bash_completion.d", ["bash_completion/cloud-init"],
+        USR + "/share/bash-completion/completions",
+        ["bash_completion/cloud-init"],
+     ),
+     (USR + "/share/doc/cloud-init", [f for f in glob("doc/*") if is_f(f)]),
+     (
+@@ -287,7 +308,8 @@ if not platform.system().endswith("BSD"):
+                 ETC + "/NetworkManager/dispatcher.d/",
+                 ["tools/hook-network-manager"],
+             ),
+-            ("/usr/lib/udev/rules.d", [f for f in glob("udev/*.rules")]),
+            (ETC + "/dhcp/dhclient-exit-hooks.d/", ["tools/hook-dhclient"]),
+            (LIB + "/udev/rules.d", [f for f in glob("udev/*.rules")]),
+             (
+                 ETC + "/systemd/system/sshd-keygen@.service.d/",
+                 ["systemd/disable-sshd-keygen-if-cloud-init-active.conf"],
+@@ -317,6 +339,8 @@ setuptools.setup(
+     scripts=["tools/cloud-init-per"],
+     license="Dual-licensed under GPLv3 or Apache 2.0",
+     data_files=data_files,
+    install_requires=requirements,
+    cmdclass=cmdclass,
+     entry_points={
+         "console_scripts": [
+             "cloud-init = cloudinit.cmd.main:main",
+-- 
+2.35.3
+
--- a/SOURCES/ci-Revert-Add-native-NetworkManager-support-1224.patch
+++ b/SOURCES/ci-Revert-Add-native-NetworkManager-support-1224.patch
--- a/SOURCES/ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch
+++ b/SOURCES/ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch
@ -0,0 +1,75 @@
+From 02e7b89c157f8c3243f0d91cf5652cf27db44b72 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Mon, 8 Aug 2022 10:10:26 +0200
+Subject: [PATCH 2/2] Revert "Use Network-Manager and Netplan as default
+ renderers for RHEL and Fedora (#1465)"
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 81: Revert "Use Network-Manager and Netplan as default renderers for RHEL and Fedora (#1465)"
+RH-Commit: [2/2] 746b2e33356376e250b799261031676174e8ccc9
+RH-Bugzilla: 2107464 2110066 2117526 2104393 2098624
+RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
+
+As NM is reverted, remove also documentation and any trace of it.
+This reverts commit 13ded463a6a0b1b0bf0dffc0a997f006dd25c4f3.
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ config/cloud.cfg.tmpl             |  3 ---
+ doc/rtd/topics/network-config.rst | 12 +-----------
+ 2 files changed, 1 insertion(+), 14 deletions(-)
+
+diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
+index f4d2fd14..80ab4f96 100644
+--- a/config/cloud.cfg.tmpl
+++ b/config/cloud.cfg.tmpl
+@@ -353,7 +353,4 @@ system_info:
+ {% elif variant in ["dragonfly"] %}
+    network:
+       renderers: ['freebsd']
+-{% elif variant in ["rhel", "fedora"] %}
+-   network:
+-      renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni']
+ {% endif %}
+diff --git a/doc/rtd/topics/network-config.rst b/doc/rtd/topics/network-config.rst
+index f503caab..c461a3fe 100644
+--- a/doc/rtd/topics/network-config.rst
+++ b/doc/rtd/topics/network-config.rst
+@@ -188,15 +188,6 @@ generated configuration into an internal network configuration state. From
+ this state `Cloud-init`_ delegates rendering of the configuration to Distro
+ supported formats.  The following ``renderers`` are supported in cloud-init:
+ 
+-- **NetworkManager**
+-
+-`NetworkManager <https://networkmanager.dev>`_ is the standard Linux network
+-configuration tool suite. It supports a wide range of networking setups.
+-Configuration is typically stored in ``/etc/NetworkManager``.
+-
+-It is the default for a number of Linux distributions, notably Fedora;
+-CentOS/RHEL; and derivatives.
+-
+ - **ENI**
+ 
+ /etc/network/interfaces or ``ENI`` is supported by the ``ifupdown`` package
+@@ -224,7 +215,6 @@ is as follows:
+ - ENI
+ - Sysconfig
+ - Netplan
+-- NetworkManager
+ 
+ When applying the policy, `Cloud-init`_ checks if the current instance has the
+ correct binaries and paths to support the renderer.  The first renderer that
+@@ -233,7 +223,7 @@ supplying an updated configuration in cloud-config. ::
+ 
+   system_info:
+     network:
+-      renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd']
+      renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd']
+ 
+ 
+ Network Configuration Tools
+-- 
+2.27.0
+
--- a/SOURCES/ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch
+++ b/SOURCES/ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch
--- a/SOURCES/ci-Support-EC2-tags-in-instance-metadata-1309.patch
+++ b/SOURCES/ci-Support-EC2-tags-in-instance-metadata-1309.patch
@ -0,0 +1,164 @@
+From fbec3008305845072a787f46008bbb82d89dec53 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Mon, 30 May 2022 16:46:41 +0200
+Subject: [PATCH] Support EC2 tags in instance metadata (#1309)
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 70: Support EC2 tags in instance metadata (#1309)
+RH-Commit: [1/1] 2497547016173a4c6e7d3c900f80de390d445c44
+RH-Bugzilla: 2082686
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
+
+commit 40c52ce1f4049449b04f93226721f63af874c5c7
+Author: Eduardo Dobay <edudobay@users.noreply.github.com>
+Date:   Wed Apr 6 01:28:01 2022 -0300
+
+    Support EC2 tags in instance metadata (#1309)
+
+    Add support for newer EC2 metadata versions (up to 2021-03-23), so that
+    tags can be retrieved from the `ds.meta_data.tags` field, as well as
+    with any new fields that might have been added since the 2018-09-24
+    version.
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ cloudinit/sources/DataSourceEc2.py  |  5 +++--
+ doc/rtd/topics/datasources/ec2.rst  | 28 ++++++++++++++++++++++------
+ tests/unittests/sources/test_ec2.py | 26 +++++++++++++++++++++++++-
+ tools/.github-cla-signers           |  1 +
+ 4 files changed, 51 insertions(+), 9 deletions(-)
+
+diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
+index 03b3870c..a030b498 100644
+--- a/cloudinit/sources/DataSourceEc2.py
+++ b/cloudinit/sources/DataSourceEc2.py
+@@ -61,8 +61,9 @@ class DataSourceEc2(sources.DataSource):
+     min_metadata_version = "2009-04-04"
+ 
+     # Priority ordered list of additional metadata versions which will be tried
+-    # for extended metadata content. IPv6 support comes in 2016-09-02
+-    extended_metadata_versions = ["2018-09-24", "2016-09-02"]
+    # for extended metadata content. IPv6 support comes in 2016-09-02.
+    # Tags support comes in 2021-03-23.
+    extended_metadata_versions = ["2021-03-23", "2018-09-24", "2016-09-02"]
+ 
+     # Setup read_url parameters per get_url_params.
+     url_max_wait = 120
+diff --git a/doc/rtd/topics/datasources/ec2.rst b/doc/rtd/topics/datasources/ec2.rst
+index 94e4158d..77232269 100644
+--- a/doc/rtd/topics/datasources/ec2.rst
+++ b/doc/rtd/topics/datasources/ec2.rst
+@@ -38,11 +38,26 @@ Userdata is accessible via the following URL:
+     GET http://169.254.169.254/2009-04-04/user-data
+     1234,fred,reboot,true | 4512,jimbo, | 173,,,
+ 
+-Note that there are multiple versions of this data provided, cloud-init
+-by default uses **2009-04-04** but newer versions can be supported with
+-relative ease (newer versions have more data exposed, while maintaining
+-backward compatibility with the previous versions).
+-Version **2016-09-02** is required for secondary IP address support.
+Note that there are multiple EC2 Metadata versions of this data provided
+to instances. cloud-init will attempt to use the most recent API version it
+supports in order to get latest API features and instance-data. If a given
+API version is not exposed to the instance, those API features will be
+unavailable to the instance.
+
+
++----------------+----------------------------------------------------------+
++ EC2 version    | supported instance-data/feature                          |
++================+==========================================================+
++ **2021-03-23** | Required for Instance tag support. This feature must be  |
+|                | enabled individually on each instance.  See the          |
+|                | `EC2 tags user guide`_.                                  |
++----------------+----------------------------------------------------------+
+| **2016-09-02** | Required for secondary IP address support.               |
++----------------+----------------------------------------------------------+
+| **2009-04-04** | Minimum supports EC2 API version for meta-data and       |
+|                | user-data.                                               |
++----------------+----------------------------------------------------------+
+
+ 
+ To see which versions are supported from your cloud provider use the following
+ URL:
+@@ -71,7 +86,7 @@ configuration (in `/etc/cloud/cloud.cfg` or `/etc/cloud/cloud.cfg.d/`).
+ 
+ The settings that may be configured are:
+ 
+- * **metadata_urls**: This list of urls will be searched for an Ec2
+ * **metadata_urls**: This list of urls will be searched for an EC2
+    metadata service. The first entry that successfully returns a 200 response
+    for <url>/<version>/meta-data/instance-id will be selected.
+    (default: ['http://169.254.169.254', 'http://instance-data:8773']).
+@@ -121,4 +136,5 @@ Notes
+    For example: the primary NIC will have a DHCP route-metric of 100,
+    the next NIC will be 200.
+ 
+.. _EC2 tags user guide: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS
+ .. vi: textwidth=79
+diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py
+index b376660d..7c8a5ea5 100644
+--- a/tests/unittests/sources/test_ec2.py
+++ b/tests/unittests/sources/test_ec2.py
+@@ -210,6 +210,17 @@ SECONDARY_IP_METADATA_2018_09_24 = {
+ 
+ M_PATH_NET = "cloudinit.sources.DataSourceEc2.net."
+ 
+TAGS_METADATA_2021_03_23 = {
+    **DEFAULT_METADATA,
+    "tags": {
+        "instance": {
+            "Environment": "production",
+            "Application": "test",
+            "TagWithoutValue": "",
+        }
+    },
+}
+
+ 
+ def _register_ssh_keys(rfunc, base_url, keys_data):
+     """handle ssh key inconsistencies.
+@@ -670,7 +681,7 @@ class TestEc2(test_helpers.HttprettyTestCase):
+         logs_with_redacted = [log for log in all_logs if REDACT_TOK in log]
+         logs_with_token = [log for log in all_logs if "API-TOKEN" in log]
+         self.assertEqual(1, len(logs_with_redacted_ttl))
+-        self.assertEqual(81, len(logs_with_redacted))
+        self.assertEqual(83, len(logs_with_redacted))
+         self.assertEqual(0, len(logs_with_token))
+ 
+     @mock.patch("cloudinit.net.dhcp.maybe_perform_dhcp_discovery")
+@@ -811,6 +822,19 @@ class TestEc2(test_helpers.HttprettyTestCase):
+         )
+         self.assertIn("Crawl of metadata service took", self.logs.getvalue())
+ 
+    def test_get_instance_tags(self):
+        ds = self._setup_ds(
+            platform_data=self.valid_platform_data,
+            sys_cfg={"datasource": {"Ec2": {"strict_id": False}}},
+            md={"md": TAGS_METADATA_2021_03_23},
+        )
+        self.assertTrue(ds.get_data())
+        self.assertIn("tags", ds.metadata)
+        self.assertIn("instance", ds.metadata["tags"])
+        instance_tags = ds.metadata["tags"]["instance"]
+        self.assertEqual(instance_tags["Application"], "test")
+        self.assertEqual(instance_tags["Environment"], "production")
+
+ 
+ class TestGetSecondaryAddresses(test_helpers.CiTestCase):
+ 
+diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers
+index ac157a2f..9f71ea0c 100644
+--- a/tools/.github-cla-signers
+++ b/tools/.github-cla-signers
+@@ -26,6 +26,7 @@ dermotbradley
+ dhensby
+ eandersson
+ eb3095
+edudobay
+ emmanuelthome
+ eslerm
+ esposem
+-- 
+2.27.0
+
--- a/SOURCES/ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch
+++ b/SOURCES/ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch
@ -0,0 +1,110 @@
+From 13ded463a6a0b1b0bf0dffc0a997f006dd25c4f3 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Thu, 19 May 2022 15:51:27 +0200
+Subject: [PATCH 2/4] Use Network-Manager and Netplan as default renderers for
+ RHEL and Fedora (#1465)
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 57: Add native NetworkManager support (#1224)
+RH-Commit: [2/2] f2f977564bea496b0d76c0cef242959d03c2c73e
+RH-Bugzilla: 2059872
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
+RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
+
+commit 7703aa98b89c8daba207c28a0422268ead10019a
+Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date:   Thu May 19 15:05:01 2022 +0200
+
+    Use Network-Manager and Netplan as default renderers for RHEL and Fedora (#1465)
+
+    This is adapted from Neal Gompa's PR:
+    https://github.com/canonical/cloud-init/pull/1435
+
+    The only difference is that we are not modifying renderers.py (thus
+    modifying the priority of all distros), but just tweaking cloud.cfg to
+    apply this change to Fedora and RHEL. Other distros can optionally
+    add themselves afterwards.
+
+            net: Prefer Netplan and NetworkManager renderers by default
+
+            NetworkManager is used by default on a variety of Linux distributions,
+            and exists as a cross-distribution network management service.
+
+            Additionally, add information about the NetworkManager renderer to
+            the cloud-init documentation.
+
+            Because Netplan can be explicitly used to manage NetworkManager,
+            it needs to be preferred before NetworkManager.
+
+            This change is a follow-up to #1224, which added the native
+            NetworkManager renderer.
+            This patch has been deployed on Fedora's cloud-init package throughout
+            the development of Fedora Linux 36 to verify that it works.
+
+            This should also make it tremendously easier for Linux distributions
+            to use cloud-init because now a standard configuration is supported
+            by default.
+
+            Signed-off-by: Neal Gompa <ngompa13@gmail.com>
+
+    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ config/cloud.cfg.tmpl             |  3 +++
+ doc/rtd/topics/network-config.rst | 12 +++++++++++-
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
+index fb4b456c..86beee3c 100644
+--- a/config/cloud.cfg.tmpl
+++ b/config/cloud.cfg.tmpl
+@@ -330,4 +330,7 @@ system_info:
+ {% elif variant in ["dragonfly"] %}
+    network:
+       renderers: ['freebsd']
+{% elif variant in ["rhel", "fedora"] %}
+   network:
+      renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni']
+ {% endif %}
+diff --git a/doc/rtd/topics/network-config.rst b/doc/rtd/topics/network-config.rst
+index c461a3fe..f503caab 100644
+--- a/doc/rtd/topics/network-config.rst
+++ b/doc/rtd/topics/network-config.rst
+@@ -188,6 +188,15 @@ generated configuration into an internal network configuration state. From
+ this state `Cloud-init`_ delegates rendering of the configuration to Distro
+ supported formats.  The following ``renderers`` are supported in cloud-init:
+ 
+- **NetworkManager**
+
+`NetworkManager <https://networkmanager.dev>`_ is the standard Linux network
+configuration tool suite. It supports a wide range of networking setups.
+Configuration is typically stored in ``/etc/NetworkManager``.
+
+It is the default for a number of Linux distributions, notably Fedora;
+CentOS/RHEL; and derivatives.
+
+ - **ENI**
+ 
+ /etc/network/interfaces or ``ENI`` is supported by the ``ifupdown`` package
+@@ -215,6 +224,7 @@ is as follows:
+ - ENI
+ - Sysconfig
+ - Netplan
+- NetworkManager
+ 
+ When applying the policy, `Cloud-init`_ checks if the current instance has the
+ correct binaries and paths to support the renderer.  The first renderer that
+@@ -223,7 +233,7 @@ supplying an updated configuration in cloud-config. ::
+ 
+   system_info:
+     network:
+-      renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd']
+      renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd']
+ 
+ 
+ Network Configuration Tools
+-- 
+2.35.3
+
--- a/SOURCES/ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch
+++ b/SOURCES/ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch
@ -1,97 +0,0 @@
-From 2a6b3b5afb20a7856ad81b3ec3da621571c3bec3 Mon Sep 17 00:00:00 2001
-From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date: Wed, 20 Oct 2021 10:41:36 +0200
-Subject: [PATCH] cc_ssh.py: fix private key group owner and permissions
- (#1070)
-
-RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 12: cc_ssh.py: fix private key group owner and permissions (#1070)
-RH-Commit: [1/1] b2dc9cfd18ac0a8e1e22a37b1585d22dbde11536 (eesposit/cloud-init-centos-)
-RH-Bugzilla: 2015974
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-
-commit ee296ced9c0a61b1484d850b807c601bcd670ec1
-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date:   Tue Oct 19 21:32:10 2021 +0200
-
-    cc_ssh.py: fix private key group owner and permissions (#1070)
-
-    When default host keys are created by sshd-keygen (/etc/ssh/ssh_host_*_key)
-    in RHEL/CentOS/Fedora, openssh it performs the following:
-
-    // create new keys
-    if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
-            exit 1
-    fi
-
-    // sanitize permissions
-    /usr/bin/chgrp ssh_keys $KEY
-    /usr/bin/chmod 640 $KEY
-    /usr/bin/chmod 644 $KEY.pub
-    Note that the group ssh_keys exists only in RHEL/CentOS/Fedora.
-
-    Now that we disable sshd-keygen to allow only cloud-init to create
-    them, we miss the "sanitize permissions" part, where we set the group
-    owner as ssh_keys and the private key mode to 640.
-
-    According to https://bugzilla.redhat.com/show_bug.cgi?id=2013644#c8, failing
-    to set group ownership and permissions like openssh does makes the RHEL openscap
-    tool generate an error.
-
-    Signed-off-by: Emanuele Giuseppe Esposito eesposit@redhat.com
-
-    RHBZ: 2013644
-
-Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
- cloudinit/config/cc_ssh.py |  7 +++++++
- cloudinit/util.py          | 14 ++++++++++++++
- 2 files changed, 21 insertions(+)
-
-diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py
-index 05a16dbc..4e986c55 100755
--- a/cloudinit/config/cc_ssh.py
-+++ b/cloudinit/config/cc_ssh.py
-@@ -240,6 +240,13 @@ def handle(_name, cfg, cloud, log, _args):
-                 try:
-                     out, err = subp.subp(cmd, capture=True, env=lang_c)
-                     sys.stdout.write(util.decode_binary(out))
-+
-+                    gid = util.get_group_id("ssh_keys")
-+                    if gid != -1:
-+                        # perform same "sanitize permissions" as sshd-keygen
-+                        os.chown(keyfile, -1, gid)
-+                        os.chmod(keyfile, 0o640)
-+                        os.chmod(keyfile + ".pub", 0o644)
-                 except subp.ProcessExecutionError as e:
-                     err = util.decode_binary(e.stderr).lower()
-                     if (e.exit_code == 1 and
-diff --git a/cloudinit/util.py b/cloudinit/util.py
-index 343976ad..fe37ae89 100644
--- a/cloudinit/util.py
-+++ b/cloudinit/util.py
-@@ -1831,6 +1831,20 @@ def chmod(path, mode):
-             os.chmod(path, real_mode)
- 
- 
-+def get_group_id(grp_name: str) -> int:
-+    """
-+    Returns the group id of a group name, or -1 if no group exists
-+
-+    @param grp_name: the name of the group
-+    """
-+    gid = -1
-+    try:
-+        gid = grp.getgrnam(grp_name).gr_gid
-+    except KeyError:
-+        LOG.debug("Group %s is not a valid group name", grp_name)
-+    return gid
-+
-+
- def get_permissions(path: str) -> int:
-     """
-     Returns the octal permissions of the file/folder pointed by the path,
-- 
-2.27.0
-
--- a/SOURCES/ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch
+++ b/SOURCES/ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch
@ -1,87 +0,0 @@
-From e0eca40388080dabf6598c0d9653ea50ae10c984 Mon Sep 17 00:00:00 2001
-From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date: Tue, 7 Dec 2021 10:04:43 +0100
-Subject: [PATCH] cloudinit/net: handle two different routes for the same ip
- (#1124)
-
-RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 15: cloudinit/net: handle two different routes for the same ip (#1124)
-RH-Commit: [1/1] b623a76ccd642e22e8d9c4aebc26f0b0cec8118b (eesposit/cloud-init-centos-)
-RH-Bugzilla: 2028031
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
-
-commit 0e25076b34fa995161b83996e866c0974cee431f
-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date:   Mon Dec 6 18:34:26 2021 +0100
-
-    cloudinit/net: handle two different routes for the same ip (#1124)
-
-    If we set a dhcp server side like this:
-    $ cat /var/tmp/cloud-init/cloud-init-dhcp-f0rie5tm/dhcp.leases
-    lease {
-    ...
-    option classless-static-routes 31.169.254.169.254 0.0.0.0,31.169.254.169.254
-        10.112.143.127,22.10.112.140 0.0.0.0,0 10.112.140.1;
-    ...
-    }
-    cloud-init fails to configure the routes via 'ip route add' because to there are
-    two different routes for 169.254.169.254:
-
-    $ ip -4 route add 192.168.1.1/32 via 0.0.0.0 dev eth0
-    $ ip -4 route add 192.168.1.1/32 via 10.112.140.248 dev eth0
-
-    But NetworkManager can handle such scenario successfully as it uses "ip route append".
-    So change cloud-init to also use "ip route append" to fix the issue:
-
-    $ ip -4 route append 192.168.1.1/32 via 0.0.0.0 dev eth0
-    $ ip -4 route append 192.168.1.1/32 via 10.112.140.248 dev eth0
-
-    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-
-    RHBZ: #2003231
-
-Conflicts:
-    cloudinit/net/tests/test_init.py: a mock call in
-    test_ephemeral_ipv4_network_with_rfc3442_static_routes is not
-    present downstream.
-
-Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
- cloudinit/net/__init__.py        | 2 +-
- cloudinit/net/tests/test_init.py | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py
-index de65e7af..4bdc1bda 100644
--- a/cloudinit/net/__init__.py
-+++ b/cloudinit/net/__init__.py
-@@ -1076,7 +1076,7 @@ class EphemeralIPv4Network(object):
-             if gateway != "0.0.0.0/0":
-                 via_arg = ['via', gateway]
-             subp.subp(
-                ['ip', '-4', 'route', 'add', net_address] + via_arg +
-+                ['ip', '-4', 'route', 'append', net_address] + via_arg +
-                 ['dev', self.interface], capture=True)
-             self.cleanup_cmds.insert(
-                 0, ['ip', '-4', 'route', 'del', net_address] + via_arg +
-diff --git a/cloudinit/net/tests/test_init.py b/cloudinit/net/tests/test_init.py
-index 0535387a..6754df8d 100644
--- a/cloudinit/net/tests/test_init.py
-+++ b/cloudinit/net/tests/test_init.py
-@@ -715,10 +715,10 @@ class TestEphemeralIPV4Network(CiTestCase):
-                 ['ip', '-family', 'inet', 'link', 'set', 'dev', 'eth0', 'up'],
-                 capture=True),
-             mock.call(
-                ['ip', '-4', 'route', 'add', '169.254.169.254/32',
-+                ['ip', '-4', 'route', 'append', '169.254.169.254/32',
-                  'via', '192.168.2.1', 'dev', 'eth0'], capture=True),
-             mock.call(
-                ['ip', '-4', 'route', 'add', '0.0.0.0/0',
-+                ['ip', '-4', 'route', 'append', '0.0.0.0/0',
-                  'via', '192.168.2.1', 'dev', 'eth0'], capture=True)]
-         expected_teardown_calls = [
-             mock.call(
-- 
-2.27.0
-
--- a/SOURCES/ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch
+++ b/SOURCES/ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch
@ -1,174 +0,0 @@
-From 83f3d481c5f0d962bff5bacfd2c323529754869e Mon Sep 17 00:00:00 2001
-From: Amy Chen <xiachen@redhat.com>
-Date: Thu, 2 Dec 2021 18:11:08 +0800
-Subject: [PATCH] fix error on upgrade caused by new vendordata2 attributes
-
-RH-Author: xiachen <None>
-RH-MergeRequest: 14: fix error on upgrade caused by new vendordata2 attributes
-RH-Commit: [1/1] ef14db399cd1fe6e4ba847d98acee15fef8021de (xiachen/cloud-init-centos)
-RH-Bugzilla: 2028381
-RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-
-commit d132356cc361abef2d90d4073438f3ab759d5964
-Author: James Falcon <TheRealFalcon@users.noreply.github.com>
-Date:   Mon Apr 19 11:31:28 2021 -0500
-
-    fix error on upgrade caused by new vendordata2 attributes (#869)
-
-    In #777, we added 'vendordata2' and 'vendordata2_raw' attributes to
-    the DataSource class, but didn't use the upgrade framework to deal
-    with an unpickle after upgrade. This commit adds the necessary
-    upgrade code.
-
-    Additionally, added a smaller-scope upgrade test to our integration
-    tests that will be run on every CI run so we catch these issues
-    immediately in the future.
-
-    LP: #1922739
-
-Signed-off-by: Amy Chen <xiachen@redhat.com>
---
- cloudinit/sources/__init__.py           | 12 +++++++++++-
- cloudinit/tests/test_upgrade.py         |  4 ++++
- tests/integration_tests/clouds.py       |  4 ++--
- tests/integration_tests/test_upgrade.py | 25 ++++++++++++++++++++++++-
- 4 files changed, 41 insertions(+), 4 deletions(-)
-
-diff --git a/cloudinit/sources/__init__.py b/cloudinit/sources/__init__.py
-index 1ad1880d..7d74f8d9 100644
--- a/cloudinit/sources/__init__.py
-+++ b/cloudinit/sources/__init__.py
-@@ -24,6 +24,7 @@ from cloudinit import util
- from cloudinit.atomic_helper import write_json
- from cloudinit.event import EventType
- from cloudinit.filters import launch_index
-+from cloudinit.persistence import CloudInitPickleMixin
- from cloudinit.reporting import events
- 
- DSMODE_DISABLED = "disabled"
-@@ -134,7 +135,7 @@ URLParams = namedtuple(
-     'URLParms', ['max_wait_seconds', 'timeout_seconds', 'num_retries'])
- 
- 
-class DataSource(metaclass=abc.ABCMeta):
-+class DataSource(CloudInitPickleMixin, metaclass=abc.ABCMeta):
- 
-     dsmode = DSMODE_NETWORK
-     default_locale = 'en_US.UTF-8'
-@@ -196,6 +197,8 @@ class DataSource(metaclass=abc.ABCMeta):
-     # non-root users
-     sensitive_metadata_keys = ('merged_cfg', 'security-credentials',)
- 
-+    _ci_pkl_version = 1
-+
-     def __init__(self, sys_cfg, distro, paths, ud_proc=None):
-         self.sys_cfg = sys_cfg
-         self.distro = distro
-@@ -218,6 +221,13 @@ class DataSource(metaclass=abc.ABCMeta):
-         else:
-             self.ud_proc = ud_proc
- 
-+    def _unpickle(self, ci_pkl_version: int) -> None:
-+        """Perform deserialization fixes for Paths."""
-+        if not hasattr(self, 'vendordata2'):
-+            self.vendordata2 = None
-+        if not hasattr(self, 'vendordata2_raw'):
-+            self.vendordata2_raw = None
-+
-     def __str__(self):
-         return type_utils.obj_name(self)
- 
-diff --git a/cloudinit/tests/test_upgrade.py b/cloudinit/tests/test_upgrade.py
-index f79a2536..71cea616 100644
--- a/cloudinit/tests/test_upgrade.py
-+++ b/cloudinit/tests/test_upgrade.py
-@@ -43,3 +43,7 @@ class TestUpgrade:
-     def test_blacklist_drivers_set_on_networking(self, previous_obj_pkl):
-         """We always expect Networking.blacklist_drivers to be initialised."""
-         assert previous_obj_pkl.distro.networking.blacklist_drivers is None
-+
-+    def test_vendordata_exists(self, previous_obj_pkl):
-+        assert previous_obj_pkl.vendordata2 is None
-+        assert previous_obj_pkl.vendordata2_raw is None
-\ No newline at end of file
-diff --git a/tests/integration_tests/clouds.py b/tests/integration_tests/clouds.py
-index 9527a413..1d0b9d83 100644
--- a/tests/integration_tests/clouds.py
-+++ b/tests/integration_tests/clouds.py
-@@ -100,14 +100,14 @@ class IntegrationCloud(ABC):
-             # Even if we're using the default key, it may still have a
-             # different name in the clouds, so we need to set it separately.
-             self.cloud_instance.key_pair.name = settings.KEYPAIR_NAME
-        self._released_image_id = self._get_initial_image()
-+        self.released_image_id = self._get_initial_image()
-         self.snapshot_id = None
- 
-     @property
-     def image_id(self):
-         if self.snapshot_id:
-             return self.snapshot_id
-        return self._released_image_id
-+        return self.released_image_id
- 
-     def emit_settings_to_log(self) -> None:
-         log.info(
-diff --git a/tests/integration_tests/test_upgrade.py b/tests/integration_tests/test_upgrade.py
-index c20cb3c1..48e0691b 100644
--- a/tests/integration_tests/test_upgrade.py
-+++ b/tests/integration_tests/test_upgrade.py
-@@ -1,4 +1,5 @@
- import logging
-+import os
- import pytest
- import time
- from pathlib import Path
-@@ -8,6 +9,8 @@ from tests.integration_tests.conftest import (
-     get_validated_source,
-     session_start_time,
- )
-+from tests.integration_tests.instances import CloudInitSource
-+
- 
- log = logging.getLogger('integration_testing')
- 
-@@ -63,7 +66,7 @@ def test_upgrade(session_cloud: IntegrationCloud):
-         return  # type checking doesn't understand that skip raises
- 
-     launch_kwargs = {
-        'image_id': session_cloud._get_initial_image(),
-+        'image_id': session_cloud.released_image_id,
-     }
- 
-     image = ImageSpecification.from_os_image()
-@@ -93,6 +96,26 @@ def test_upgrade(session_cloud: IntegrationCloud):
-         instance.install_new_cloud_init(source, take_snapshot=False)
-         instance.execute('hostname something-else')
-         _restart(instance)
-+        assert instance.execute('cloud-init status --wait --long').ok
-         _output_to_compare(instance, after_path, netcfg_path)
- 
-     log.info('Wrote upgrade test logs to %s and %s', before_path, after_path)
-+
-+
-+@pytest.mark.ci
-+@pytest.mark.ubuntu
-+def test_upgrade_package(session_cloud: IntegrationCloud):
-+    if get_validated_source(session_cloud) != CloudInitSource.DEB_PACKAGE:
-+        not_run_message = 'Test only supports upgrading to build deb'
-+        if os.environ.get('TRAVIS'):
-+            # If this isn't running on CI, we should know
-+            pytest.fail(not_run_message)
-+        else:
-+            pytest.skip(not_run_message)
-+
-+    launch_kwargs = {'image_id': session_cloud.released_image_id}
-+
-+    with session_cloud.launch(launch_kwargs=launch_kwargs) as instance:
-+        instance.install_deb()
-+        instance.restart()
-+        assert instance.execute('cloud-init status --wait --long').ok
-- 
-2.27.0
-
--- a/SOURCES/ci-remove-unnecessary-EOF-string-in-disable-sshd-keygen.patch
+++ b/SOURCES/ci-remove-unnecessary-EOF-string-in-disable-sshd-keygen.patch
@ -1,45 +0,0 @@
-From ec9c280ad24900ad078a0f371fa8b4f5f407ee90 Mon Sep 17 00:00:00 2001
-From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date: Tue, 26 Oct 2021 21:52:45 +0200
-Subject: [PATCH] remove unnecessary EOF string in
- disable-sshd-keygen-if-cloud-init-active.conf (#1075)
-
-RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 13: remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075)
-RH-Commit: [1/1] 4c01a4bb86a73df3212bb4cf0388b2df707eddc4 (eesposit/cloud-init-centos-)
-RH-Bugzilla: 2016305
-RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-
-commit a8380a125d40ff0ae88f2ba25a518346f2063a1a
-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date:   Tue Oct 26 16:15:47 2021 +0200
-
-    remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075)
-
-    Running 'systemd-analyze verify cloud-init-local.service'
-    triggers the following warning:
-
-    disable-sshhd-keygen-if-cloud-init-active.conf:8: Missing '=', ignoring line.
-
-    The string "EOF" is probably a typo, so remove it.
-
-    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-
-Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
- systemd/disable-sshd-keygen-if-cloud-init-active.conf | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/systemd/disable-sshd-keygen-if-cloud-init-active.conf b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
-index 71e35876..1a5d7a5a 100644
--- a/systemd/disable-sshd-keygen-if-cloud-init-active.conf
-+++ b/systemd/disable-sshd-keygen-if-cloud-init-active.conf
-@@ -5,4 +5,3 @@
- #
- [Unit]
- ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target
-EOF
-- 
-2.27.0
-
--- a/SOURCES/ci-setup.py-adjust-udev-rules-default-path-1513.patch
+++ b/SOURCES/ci-setup.py-adjust-udev-rules-default-path-1513.patch
@ -0,0 +1,57 @@
+From ed7060ac1d5003f70fc3da4d6006a1a958a47b04 Mon Sep 17 00:00:00 2001
+From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date: Mon, 20 Jun 2022 10:31:14 +0200
+Subject: [PATCH 2/2] setup.py: adjust udev/rules default path (#1513)
+
+RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+RH-MergeRequest: 80: setup.py: adjust udev/rules default path (#1513)
+RH-Commit: [2/2] 2cb64b004acbe1b6a30f943b0da51d2d1f2f0d50 (eesposit/cloud-init)
+RH-Bugzilla: 2096269
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
+
+commit 70715125f3af118ae242770e61064c24f41e9a02
+Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Date:   Thu Jun 16 20:39:42 2022 +0200
+
+    setup.py: adjust udev/rules default path (#1513)
+
+    RHEL must put cloudinit .rules files in /usr/lib/udev/rules.d
+    This place is a rhel standard and since it is used by all packages
+    cannot be modified.
+
+    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+
+Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+---
+ setup.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index a9132d2c..fdf27cd7 100755
+--- a/setup.py
+++ b/setup.py
+@@ -302,6 +302,11 @@ data_files = [
+     ),
+ ]
+ if not platform.system().endswith("BSD"):
+
+    RULES_PATH = LIB
+    if os.path.isfile("/etc/redhat-release"):
+        RULES_PATH = "/usr/lib"
+
+     data_files.extend(
+         [
+             (
+@@ -309,7 +314,7 @@ if not platform.system().endswith("BSD"):
+                 ["tools/hook-network-manager"],
+             ),
+             (ETC + "/dhcp/dhclient-exit-hooks.d/", ["tools/hook-dhclient"]),
+-            (LIB + "/udev/rules.d", [f for f in glob("udev/*.rules")]),
+            (RULES_PATH + "/udev/rules.d", [f for f in glob("udev/*.rules")]),
+             (
+                 ETC + "/systemd/system/sshd-keygen@.service.d/",
+                 ["systemd/disable-sshd-keygen-if-cloud-init-active.conf"],
+-- 
+2.31.1
+
--- a/SOURCES/ci-ssh-util-allow-cloudinit-to-merge-all-ssh-keys-into-.patch
+++ b/SOURCES/ci-ssh-util-allow-cloudinit-to-merge-all-ssh-keys-into-.patch
@ -1,651 +0,0 @@
-From 857009723f14e9ad2f5f4c8614d72982b00ec27d Mon Sep 17 00:00:00 2001
-From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date: Mon, 12 Jul 2021 21:47:37 +0200
-Subject: [PATCH 2/2] ssh-util: allow cloudinit to merge all ssh keys into a
- custom user file, defined in AuthorizedKeysFile (#937)
-
-RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 5: ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937)
-RH-Commit: [1/1] 3ed352e47c34e2ed2a1f9f5d68bc8b8f9a1365a6 (eesposit/cloud-init-centos-)
-RH-Bugzilla: 1979099
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-
-Conflicts: upstream patch modifies tests/integration_tests/util.py, that is
-not present in RHEL.
-
-commit 9b52405c6f0de5e00d5ee9c1d13540425d8f6bf5
-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date:   Mon Jul 12 20:21:02 2021 +0200
-
-    ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937)
-
-    This patch aims to fix LP1911680, by analyzing the files provided
-    in sshd_config and merge all keys into an user-specific file. Also
-    introduces additional tests to cover this specific case.
-
-    The file is picked by analyzing the path given in AuthorizedKeysFile.
-
-    If it points inside the current user folder (path is /home/user/*), it
-    means it is an user-specific file, so we can copy all user-keys there.
-    If it contains a %u or %h, it means that there will be a specific
-    authorized_keys file for each user, so we can copy all user-keys there.
-    If no path points to an user-specific file, for example when only
-    /etc/ssh/authorized_keys is given, default to ~/.ssh/authorized_keys.
-    Note that if there are more than a single user-specific file, the last
-    one will be picked.
-
-    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-    Co-authored-by: James Falcon <therealfalcon@gmail.com>
-
-    LP: #1911680
-    RHBZ:1862967
-
-Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
- cloudinit/ssh_util.py                         |  22 +-
- .../assets/keys/id_rsa.test1                  |  38 +++
- .../assets/keys/id_rsa.test1.pub              |   1 +
- .../assets/keys/id_rsa.test2                  |  38 +++
- .../assets/keys/id_rsa.test2.pub              |   1 +
- .../assets/keys/id_rsa.test3                  |  38 +++
- .../assets/keys/id_rsa.test3.pub              |   1 +
- .../modules/test_ssh_keysfile.py              |  85 ++++++
- tests/unittests/test_sshutil.py               | 246 +++++++++++++++++-
- 9 files changed, 456 insertions(+), 14 deletions(-)
- create mode 100644 tests/integration_tests/assets/keys/id_rsa.test1
- create mode 100644 tests/integration_tests/assets/keys/id_rsa.test1.pub
- create mode 100644 tests/integration_tests/assets/keys/id_rsa.test2
- create mode 100644 tests/integration_tests/assets/keys/id_rsa.test2.pub
- create mode 100644 tests/integration_tests/assets/keys/id_rsa.test3
- create mode 100644 tests/integration_tests/assets/keys/id_rsa.test3.pub
- create mode 100644 tests/integration_tests/modules/test_ssh_keysfile.py
-
-diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
-index c08042d6..89057262 100644
--- a/cloudinit/ssh_util.py
-+++ b/cloudinit/ssh_util.py
-@@ -252,13 +252,15 @@ def render_authorizedkeysfile_paths(value, homedir, username):
- def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG):
-     (ssh_dir, pw_ent) = users_ssh_info(username)
-     default_authorizedkeys_file = os.path.join(ssh_dir, 'authorized_keys')
-+    user_authorizedkeys_file = default_authorizedkeys_file
-     auth_key_fns = []
-     with util.SeLinuxGuard(ssh_dir, recursive=True):
-         try:
-             ssh_cfg = parse_ssh_config_map(sshd_cfg_file)
-+            key_paths = ssh_cfg.get("authorizedkeysfile",
-+                                    "%h/.ssh/authorized_keys")
-             auth_key_fns = render_authorizedkeysfile_paths(
-                ssh_cfg.get("authorizedkeysfile", "%h/.ssh/authorized_keys"),
-                pw_ent.pw_dir, username)
-+                key_paths, pw_ent.pw_dir, username)
- 
-         except (IOError, OSError):
-             # Give up and use a default key filename
-@@ -267,8 +269,22 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG):
-                         "config from %r, using 'AuthorizedKeysFile' file "
-                         "%r instead", DEF_SSHD_CFG, auth_key_fns[0])
- 
-+    # check if one of the keys is the user's one
-+    for key_path, auth_key_fn in zip(key_paths.split(), auth_key_fns):
-+        if any([
-+            '%u' in key_path,
-+            '%h' in key_path,
-+            auth_key_fn.startswith('{}/'.format(pw_ent.pw_dir))
-+        ]):
-+            user_authorizedkeys_file = auth_key_fn
-+
-+    if user_authorizedkeys_file != default_authorizedkeys_file:
-+        LOG.debug(
-+            "AuthorizedKeysFile has an user-specific authorized_keys, "
-+            "using %s", user_authorizedkeys_file)
-+
-     # always store all the keys in the user's private file
-    return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns))
-+    return (user_authorizedkeys_file, parse_authorized_keys(auth_key_fns))
- 
- 
- def setup_user_keys(keys, username, options=None):
-diff --git a/tests/integration_tests/assets/keys/id_rsa.test1 b/tests/integration_tests/assets/keys/id_rsa.test1
-new file mode 100644
-index 00000000..bd4c822e
--- /dev/null
-+++ b/tests/integration_tests/assets/keys/id_rsa.test1
-@@ -0,0 +1,38 @@
-+-----BEGIN OPENSSH PRIVATE KEY-----
-+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
-+NhAAAAAwEAAQAAAYEAtRlG96aJ23URvAgO/bBsuLl+lquc350aSwV98/i8vlvOn5GVcHye
-+t/rXQg4lZ4s0owG3kWyQFY8nvTk+G+UNU8fN0anAzBDi+4MzsejkF9scjTMFmXVrIpICqV
-+3bYQNjPv6r+ubQdkD01du3eB9t5/zl84gtshp0hBdofyz8u1/A25s7fVU67GyI7PdKvaS+
-+yvJSInZnb2e9VQzfJC+qAnN7gUZatBKjdgUtJeiUUeDaVnaS17b0aoT9iBO0sIcQtOTBlY
-+lCjFt1TAMLZ64Hj3SfGZB7Yj0Z+LzFB2IWX1zzsjI68YkYPKOSL/NYhQU9e55kJQ7WnngN
-+HY/2n/A7dNKSFDmgM5c9IWgeZ7fjpsfIYAoJ/CAxFIND+PEHd1gCS6xoEhaUVyh5WH/Xkw
-+Kv1nx4AiZ2BFCE+75kySRLZUJ+5y0r3DU5ktMXeURzVIP7pu0R8DCul+GU+M/+THyWtAEO
-+geaNJ6fYpo2ipDhbmTYt3kk2lMIapRxGBFs+37sdAAAFgGGJssNhibLDAAAAB3NzaC1yc2
-+EAAAGBALUZRvemidt1EbwIDv2wbLi5fparnN+dGksFffP4vL5bzp+RlXB8nrf610IOJWeL
-+NKMBt5FskBWPJ705PhvlDVPHzdGpwMwQ4vuDM7Ho5BfbHI0zBZl1ayKSAqld22EDYz7+q/
-+rm0HZA9NXbt3gfbef85fOILbIadIQXaH8s/LtfwNubO31VOuxsiOz3Sr2kvsryUiJ2Z29n
-+vVUM3yQvqgJze4FGWrQSo3YFLSXolFHg2lZ2kte29GqE/YgTtLCHELTkwZWJQoxbdUwDC2
-+euB490nxmQe2I9Gfi8xQdiFl9c87IyOvGJGDyjki/zWIUFPXueZCUO1p54DR2P9p/wO3TS
-+khQ5oDOXPSFoHme346bHyGAKCfwgMRSDQ/jxB3dYAkusaBIWlFcoeVh/15MCr9Z8eAImdg
-+RQhPu+ZMkkS2VCfuctK9w1OZLTF3lEc1SD+6btEfAwrpfhlPjP/kx8lrQBDoHmjSen2KaN
-+oqQ4W5k2Ld5JNpTCGqUcRgRbPt+7HQAAAAMBAAEAAAGBAJJCTOd70AC2ptEGbR0EHHqADT
-+Wgefy7A94tHFEqxTy0JscGq/uCGimaY7kMdbcPXT59B4VieWeAC2cuUPP0ZHQSfS5ke7oT
-+tU3N47U+0uBVbNS4rUAH7bOo2o9wptnOA5x/z+O+AARRZ6tEXQOd1oSy4gByLf2Wkh2QTi
-+vP6Hln1vlFgKEzcXg6G8fN3MYWxKRhWmZM3DLERMvorlqqSBLcs5VvfZfLKcsKWTExioAq
-+KgwEjYm8T9+rcpsw1xBus3j9k7wCI1Sus6PCDjq0pcYKLMYM7p8ygnU2tRYrOztdIxgWRA
-+w/1oenm1Mqq2tV5xJcBCwCLOGe6SFwkIRywOYc57j5McH98Xhhg9cViyyBdXy/baF0mro+
-+qPhOsWDxqwD4VKZ9UmQ6O8kPNKcc7QcIpFJhcO0g9zbp/MT0KueaWYrTKs8y4lUkTT7Xz6
-++MzlR122/JwlAbBo6Y2kWtB+y+XwBZ0BfyJsm2czDhKm7OI5KfuBNhq0tFfKwOlYBq4QAA
-+AMAyvUof1R8LLISkdO3EFTKn5RGNkPPoBJmGs6LwvU7NSjjLj/wPQe4jsIBc585tvbrddp
-+60h72HgkZ5tqOfdeBYOKqX0qQQBHUEvI6M+NeQTQRev8bCHMLXQ21vzpClnrwNzlja359E
-+uTRfiPRwIlyPLhOUiClBDSAnBI9h82Hkk3zzsQ/xGfsPB7iOjRbW69bMRSVCRpeweCVmWC
-+77DTsEOq69V2TdljhQNIXE5OcOWonIlfgPiI74cdd+dLhzc/AAAADBAO1/JXd2kYiRyNkZ
-+aXTLcwiSgBQIYbobqVP3OEtTclr0P1JAvby3Y4cCaEhkenx+fBqgXAku5lKM+U1Q9AEsMk
-+cjIhaDpb43rU7GPjMn4zHwgGsEKd5pC1yIQ2PlK+cHanAdsDjIg+6RR+fuvid/mBeBOYXb
-+Py0sa3HyekLJmCdx4UEyNASoiNaGFLQVAqo+RACsXy6VMxFH5dqDYlvwrfUQLwxJmse9Vb
-+GEuuPAsklNugZqssC2XOIujFVUpslduQAAAMEAwzVHQVtsc3icCSzEAARpDTUdTbI29OhB
-+/FMBnjzS9/3SWfLuBOSm9heNCHs2jdGNb8cPdKZuY7S9Fx6KuVUPyTbSSYkjj0F4fTeC9g
-+0ym4p4UWYdF67WSWwLORkaG8K0d+G/CXkz8hvKUg6gcZWKBHAE1ROrHu1nsc8v7mkiKq4I
-+bnTw5Q9TgjbWcQWtgPq0wXyyl/K8S1SFdkMCTOHDD0RQ+jTV2WNGVwFTodIRHenX+Rw2g4
-+CHbTWbsFrHR1qFAAAACmphbWVzQG5ld3Q=
-+-----END OPENSSH PRIVATE KEY-----
-diff --git a/tests/integration_tests/assets/keys/id_rsa.test1.pub b/tests/integration_tests/assets/keys/id_rsa.test1.pub
-new file mode 100644
-index 00000000..3d2e26e1
--- /dev/null
-+++ b/tests/integration_tests/assets/keys/id_rsa.test1.pub
-@@ -0,0 +1 @@
-+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1GUb3ponbdRG8CA79sGy4uX6Wq5zfnRpLBX3z+Ly+W86fkZVwfJ63+tdCDiVnizSjAbeRbJAVjye9OT4b5Q1Tx83RqcDMEOL7gzOx6OQX2xyNMwWZdWsikgKpXdthA2M+/qv65tB2QPTV27d4H23n/OXziC2yGnSEF2h/LPy7X8Dbmzt9VTrsbIjs90q9pL7K8lIidmdvZ71VDN8kL6oCc3uBRlq0EqN2BS0l6JRR4NpWdpLXtvRqhP2IE7SwhxC05MGViUKMW3VMAwtnrgePdJ8ZkHtiPRn4vMUHYhZfXPOyMjrxiRg8o5Iv81iFBT17nmQlDtaeeA0dj/af8Dt00pIUOaAzlz0haB5nt+Omx8hgCgn8IDEUg0P48Qd3WAJLrGgSFpRXKHlYf9eTAq/WfHgCJnYEUIT7vmTJJEtlQn7nLSvcNTmS0xd5RHNUg/um7RHwMK6X4ZT4z/5MfJa0AQ6B5o0np9imjaKkOFuZNi3eSTaUwhqlHEYEWz7fux0= test1@host
-diff --git a/tests/integration_tests/assets/keys/id_rsa.test2 b/tests/integration_tests/assets/keys/id_rsa.test2
-new file mode 100644
-index 00000000..5854d901
--- /dev/null
-+++ b/tests/integration_tests/assets/keys/id_rsa.test2
-@@ -0,0 +1,38 @@
-+-----BEGIN OPENSSH PRIVATE KEY-----
-+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
-+NhAAAAAwEAAQAAAYEAvK50D2PWOc4ikyHVRJS6tDhqzjL5cKiivID4p1X8BYCVw83XAEGO
-+LnItUyVXHNADlh6fpVq1NY6A2JVtygoPF6ZFx8ph7IWMmnhDdnxLLyGsbhd1M1tiXJD/R+
-+3WnGHRJ4PKrQavMLgqHRrieV3QVVfjFSeo6jX/4TruP6ZmvITMZWJrXaGphxJ/pPykEdkO
-+i8AmKU9FNviojyPS2nNtj9B/635IdgWvrd7Vf5Ycsw9MR55LWSidwa856RH62Yl6LpEGTH
-+m1lJiMk1u88JPSqvohhaUkLKkFpcQwcB0m76W1KOyllJsmX8bNXrlZsI+WiiYI7Xl5vQm2
-+17DEuNeavtPAtDMxu8HmTg2UJ55Naxehbfe2lx2k5kYGGw3i1O1OVN2pZ2/OB71LucYd/5
-+qxPaz03wswcGOJYGPkNc40vdES/Scc7Yt8HsnZuzqkyOgzn0HiUCzoYUYLYTpLf+yGmwxS
-+yAEY056aOfkCsboKHOKiOmlJxNaZZFQkX1evep4DAAAFgC7HMbUuxzG1AAAAB3NzaC1yc2
-+EAAAGBALyudA9j1jnOIpMh1USUurQ4as4y+XCooryA+KdV/AWAlcPN1wBBji5yLVMlVxzQ
-+A5Yen6VatTWOgNiVbcoKDxemRcfKYeyFjJp4Q3Z8Sy8hrG4XdTNbYlyQ/0ft1pxh0SeDyq
-+0GrzC4Kh0a4nld0FVX4xUnqOo1/+E67j+mZryEzGVia12hqYcSf6T8pBHZDovAJilPRTb4
-+qI8j0tpzbY/Qf+t+SHYFr63e1X+WHLMPTEeeS1koncGvOekR+tmJei6RBkx5tZSYjJNbvP
-+CT0qr6IYWlJCypBaXEMHAdJu+ltSjspZSbJl/GzV65WbCPloomCO15eb0JttewxLjXmr7T
-+wLQzMbvB5k4NlCeeTWsXoW33tpcdpOZGBhsN4tTtTlTdqWdvzge9S7nGHf+asT2s9N8LMH
-+BjiWBj5DXONL3REv0nHO2LfB7J2bs6pMjoM59B4lAs6GFGC2E6S3/shpsMUsgBGNOemjn5
-+ArG6ChziojppScTWmWRUJF9Xr3qeAwAAAAMBAAEAAAGASj/kkEHbhbfmxzujL2/P4Sfqb+
-+aDXqAeGkwujbs6h/fH99vC5ejmSMTJrVSeaUo6fxLiBDIj6UWA0rpLEBzRP59BCpRL4MXV
-+RNxav/+9nniD4Hb+ug0WMhMlQmsH71ZW9lPYqCpfOq7ec8GmqdgPKeaCCEspH7HMVhfYtd
-+eHylwAC02lrpz1l5/h900sS5G9NaWR3uPA+xbzThDs4uZVkSidjlCNt1QZhDSSk7jA5n34
-+qJ5UTGu9WQDZqyxWKND+RIyQuFAPGQyoyCC1FayHO2sEhT5qHuumL14Mn81XpzoXFoKyql
-+rhBDe+pHhKArBYt92Evch0k1ABKblFxtxLXcvk4Fs7pHi+8k4+Cnazej2kcsu1kURlMZJB
-+w2QT/8BV4uImbH05LtyscQuwGzpIoxqrnHrvg5VbohStmhoOjYybzqqW3/M0qhkn5JgTiy
-+dJcHRJisRnAcmbmEchYtLDi6RW1e022H4I9AFXQqyr5HylBq6ugtWcFCsrcX8ibZ8xAAAA
-+wQCAOPgwae6yZLkrYzRfbxZtGKNmhpI0EtNSDCHYuQQapFZJe7EFENs/VAaIiiut0yajGj
-+c3aoKcwGIoT8TUM8E3GSNW6+WidUOC7H6W+/6N2OYZHRBACGz820xO+UBCl2oSk+dLBlfr
-+IQzBGUWn5uVYCs0/2nxfCdFyHtMK8dMF/ypbdG+o1rXz5y9b7PVG6Mn+o1Rjsdkq7VERmy
-+Pukd8hwATOIJqoKl3TuFyBeYFLqe+0e7uTeswQFw17PF31VjAAAADBAOpJRQb8c6qWqsvv
-+vkve0uMuL0DfWW0G6+SxjPLcV6aTWL5xu0Grd8uBxDkkHU/CDrAwpchXyuLsvbw21Eje/u
-+U5k9nLEscWZwcX7odxlK+EfAY2Bf5+Hd9bH5HMzTRJH8KkWK1EppOLPyiDxz4LZGzPLVyv
-+/1PgSuvXkSWk1KIE4SvSemyxGX2tPVI6uO+URqevfnPOS1tMB7BMQlgkR6eh4bugx9UYx9
-+mwlXonNa4dN0iQxZ7N4rKFBbT/uyB2bQAAAMEAzisnkD8k9Tn8uyhxpWLHwb03X4ZUUHDV
-+zu15e4a8dZ+mM8nHO986913Xz5JujlJKkGwFTvgWkIiR2zqTEauZHARH7gANpaweTm6lPd
-+E4p2S0M3ulY7xtp9lCFIrDhMPPkGq8SFZB6qhgucHcZSRLq6ZDou3S2IdNOzDTpBtkhRCS
-+0zFcdTLh3zZweoy8HGbW36bwB6s1CIL76Pd4F64i0Ms9CCCU6b+E5ArFhYQIsXiDbgHWbD
-+tZRSm2GEgnDGAvAAAACmphbWVzQG5ld3Q=
-+-----END OPENSSH PRIVATE KEY-----
-diff --git a/tests/integration_tests/assets/keys/id_rsa.test2.pub b/tests/integration_tests/assets/keys/id_rsa.test2.pub
-new file mode 100644
-index 00000000..f3831a57
--- /dev/null
-+++ b/tests/integration_tests/assets/keys/id_rsa.test2.pub
-@@ -0,0 +1 @@
-+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8rnQPY9Y5ziKTIdVElLq0OGrOMvlwqKK8gPinVfwFgJXDzdcAQY4uci1TJVcc0AOWHp+lWrU1joDYlW3KCg8XpkXHymHshYyaeEN2fEsvIaxuF3UzW2JckP9H7dacYdEng8qtBq8wuCodGuJ5XdBVV+MVJ6jqNf/hOu4/pma8hMxlYmtdoamHEn+k/KQR2Q6LwCYpT0U2+KiPI9Lac22P0H/rfkh2Ba+t3tV/lhyzD0xHnktZKJ3BrznpEfrZiXoukQZMebWUmIyTW7zwk9Kq+iGFpSQsqQWlxDBwHSbvpbUo7KWUmyZfxs1euVmwj5aKJgjteXm9CbbXsMS415q+08C0MzG7weZODZQnnk1rF6Ft97aXHaTmRgYbDeLU7U5U3alnb84HvUu5xh3/mrE9rPTfCzBwY4lgY+Q1zjS90RL9Jxzti3weydm7OqTI6DOfQeJQLOhhRgthOkt/7IabDFLIARjTnpo5+QKxugoc4qI6aUnE1plkVCRfV696ngM= test2@host
-diff --git a/tests/integration_tests/assets/keys/id_rsa.test3 b/tests/integration_tests/assets/keys/id_rsa.test3
-new file mode 100644
-index 00000000..2596c762
--- /dev/null
-+++ b/tests/integration_tests/assets/keys/id_rsa.test3
-@@ -0,0 +1,38 @@
-+-----BEGIN OPENSSH PRIVATE KEY-----
-+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
-+NhAAAAAwEAAQAAAYEApPG4MdkYQKD57/qreFrh9GRC22y66qZOWZWRjC887rrbvBzO69hV
-+yJpTIXleJEvpWiHYcjMR5G6NNFsnNtZ4fxDqmSc4vcFj53JsE/XNqLKq6psXadCb5vkNpG
-+bxA+Z5bJlzJ969PgJIIEbgc86sei4kgR2MuPWqtZbY5GkpNCTqWuLYeFK+14oFruA2nyWH
-+9MOIRDHK/d597psHy+LTMtymO7ZPhO571abKw6jvvwiSeDxVE9kV7KAQIuM9/S3gftvgQQ
-+ron3GL34pgmIabdSGdbfHqGDooryJhlbquJZELBN236KgRNTCAjVvUzjjQr1eRP3xssGwV
-+O6ECBGCQLl/aYogAgtwnwj9iXqtfiLK3EwlgjquU4+JQ0CVtLhG3gIZB+qoMThco0pmHTr
-+jtfQCwrztsBBFunSa2/CstuV1mQ5O5ZrZ6ACo9yPRBNkns6+CiKdtMtCtzi3k2RDz9jpYm
-+Pcak03Lr7IkdC1Tp6+jA+//yPHSO1o4CqW89IQzNAAAFgEUd7lZFHe5WAAAAB3NzaC1yc2
-+EAAAGBAKTxuDHZGECg+e/6q3ha4fRkQttsuuqmTlmVkYwvPO6627wczuvYVciaUyF5XiRL
-+6Voh2HIzEeRujTRbJzbWeH8Q6pknOL3BY+dybBP1zaiyquqbF2nQm+b5DaRm8QPmeWyZcy
-+fevT4CSCBG4HPOrHouJIEdjLj1qrWW2ORpKTQk6lri2HhSvteKBa7gNp8lh/TDiEQxyv3e
-+fe6bB8vi0zLcpju2T4Tue9WmysOo778Ikng8VRPZFeygECLjPf0t4H7b4EEK6J9xi9+KYJ
-+iGm3UhnW3x6hg6KK8iYZW6riWRCwTdt+ioETUwgI1b1M440K9XkT98bLBsFTuhAgRgkC5f
-+2mKIAILcJ8I/Yl6rX4iytxMJYI6rlOPiUNAlbS4Rt4CGQfqqDE4XKNKZh0647X0AsK87bA
-+QRbp0mtvwrLbldZkOTuWa2egAqPcj0QTZJ7OvgoinbTLQrc4t5NkQ8/Y6WJj3GpNNy6+yJ
-+HQtU6evowPv/8jx0jtaOAqlvPSEMzQAAAAMBAAEAAAGAGaqbdPZJNdVWzyb8g6/wtSzc0n
-+Qq6dSTIJGLonq/So69HpqFAGIbhymsger24UMGvsXBfpO/1wH06w68HWZmPa+OMeLOi4iK
-+WTuO4dQ/+l5DBlq32/lgKSLcIpb6LhcxEdsW9j9Mx1dnjc45owun/yMq/wRwH1/q/nLIsV
-+JD3R9ZcGcYNDD8DWIm3D17gmw+qbG7hJES+0oh4n0xS2KyZpm7LFOEMDVEA8z+hE/HbryQ
-+vjD1NC91n+qQWD1wKfN3WZDRwip3z1I5VHMpvXrA/spHpa9gzHK5qXNmZSz3/dfA1zHjCR
-+2dHjJnrIUH8nyPfw8t+COC+sQBL3Nr0KUWEFPRM08cOcQm4ctzg17aDIZBONjlZGKlReR8
-+1zfAw84Q70q2spLWLBLXSFblHkaOfijEbejIbaz2UUEQT27WD7RHAORdQlkx7eitk66T9d
-+DzIq/cpYhm5Fs8KZsh3PLldp9nsHbD2Oa9J9LJyI4ryuIW0mVwRdvPSiiYi3K+mDCpAAAA
-+wBe+ugEEJ+V7orb1f4Zez0Bd4FNkEc52WZL4CWbaCtM+ZBg5KnQ6xW14JdC8IS9cNi/I5P
-+yLsBvG4bWPLGgQruuKY6oLueD6BFnKjqF6ACUCiSQldh4BAW1nYc2U48+FFvo3ZQyudFSy
-+QEFlhHmcaNMDo0AIJY5Xnq2BG3nEX7AqdtZ8hhenHwLCRQJatDwSYBHDpSDdh9vpTnGp/2
-+0jBz25Ko4UANzvSAc3sA4yN3jfpoM366TgdNf8x3g1v7yljQAAAMEA0HSQjzH5nhEwB58k
-+mYYxnBYp1wb86zIuVhAyjZaeinvBQSTmLow8sXIHcCVuD3CgBezlU2SX5d9YuvRU9rcthi
-+uzn4wWnbnzYy4SwzkMJXchUAkumFVD8Hq5TNPh2Z+033rLLE08EhYypSeVpuzdpFoStaS9
-+3DUZA2bR/zLZI9MOVZRUcYImNegqIjOYHY8Sbj3/0QPV6+WpUJFMPvvedWhfaOsRMTA6nr
-+VLG4pxkrieVl0UtuRGbzD/exXhXVi7AAAAwQDKkJj4ez/+KZFYlZQKiV0BrfUFcgS6ElFM
-+2CZIEagCtu8eedrwkNqx2FUX33uxdvUTr4c9I3NvWeEEGTB9pgD4lh1x/nxfuhyGXtimFM
-+GnznGV9oyz0DmKlKiKSEGwWf5G+/NiiCwwVJ7wsQQm7TqNtkQ9b8MhWWXC7xlXKUs7dmTa
-+e8AqAndCCMEnbS1UQFO/R5PNcZXkFWDggLQ/eWRYKlrXgdnUgH6h0saOcViKpNJBUXb3+x
-+eauhOY52PS/BcAAAAKamFtZXNAbmV3dAE=
-+-----END OPENSSH PRIVATE KEY-----
-diff --git a/tests/integration_tests/assets/keys/id_rsa.test3.pub b/tests/integration_tests/assets/keys/id_rsa.test3.pub
-new file mode 100644
-index 00000000..057db632
--- /dev/null
-+++ b/tests/integration_tests/assets/keys/id_rsa.test3.pub
-@@ -0,0 +1 @@
-+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCk8bgx2RhAoPnv+qt4WuH0ZELbbLrqpk5ZlZGMLzzuutu8HM7r2FXImlMheV4kS+laIdhyMxHkbo00Wyc21nh/EOqZJzi9wWPncmwT9c2osqrqmxdp0Jvm+Q2kZvED5nlsmXMn3r0+AkggRuBzzqx6LiSBHYy49aq1ltjkaSk0JOpa4th4Ur7XigWu4DafJYf0w4hEMcr93n3umwfL4tMy3KY7tk+E7nvVpsrDqO+/CJJ4PFUT2RXsoBAi4z39LeB+2+BBCuifcYvfimCYhpt1IZ1t8eoYOiivImGVuq4lkQsE3bfoqBE1MICNW9TOONCvV5E/fGywbBU7oQIEYJAuX9piiACC3CfCP2Jeq1+IsrcTCWCOq5Tj4lDQJW0uEbeAhkH6qgxOFyjSmYdOuO19ALCvO2wEEW6dJrb8Ky25XWZDk7lmtnoAKj3I9EE2Sezr4KIp20y0K3OLeTZEPP2OliY9xqTTcuvsiR0LVOnr6MD7//I8dI7WjgKpbz0hDM0= test3@host
-diff --git a/tests/integration_tests/modules/test_ssh_keysfile.py b/tests/integration_tests/modules/test_ssh_keysfile.py
-new file mode 100644
-index 00000000..f82d7649
--- /dev/null
-+++ b/tests/integration_tests/modules/test_ssh_keysfile.py
-@@ -0,0 +1,85 @@
-+import paramiko
-+import pytest
-+from io import StringIO
-+from paramiko.ssh_exception import SSHException
-+
-+from tests.integration_tests.instances import IntegrationInstance
-+from tests.integration_tests.util import get_test_rsa_keypair
-+
-+TEST_USER1_KEYS = get_test_rsa_keypair('test1')
-+TEST_USER2_KEYS = get_test_rsa_keypair('test2')
-+TEST_DEFAULT_KEYS = get_test_rsa_keypair('test3')
-+
-+USERDATA = """\
-+#cloud-config
-+bootcmd:
-+ - sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile /etc/ssh/authorized_keys %h/.ssh/authorized_keys2;' /etc/ssh/sshd_config
-+ssh_authorized_keys:
-+ - {default}
-+users:
-+- default
-+- name: test_user1
-+  ssh_authorized_keys:
-+    - {user1}
-+- name: test_user2
-+  ssh_authorized_keys:
-+    - {user2}
-+""".format(  # noqa: E501
-+    default=TEST_DEFAULT_KEYS.public_key,
-+    user1=TEST_USER1_KEYS.public_key,
-+    user2=TEST_USER2_KEYS.public_key,
-+)
-+
-+
-+@pytest.mark.ubuntu
-+@pytest.mark.user_data(USERDATA)
-+def test_authorized_keys(client: IntegrationInstance):
-+    expected_keys = [
-+        ('test_user1', '/home/test_user1/.ssh/authorized_keys2',
-+         TEST_USER1_KEYS),
-+        ('test_user2', '/home/test_user2/.ssh/authorized_keys2',
-+         TEST_USER2_KEYS),
-+        ('ubuntu', '/home/ubuntu/.ssh/authorized_keys2',
-+         TEST_DEFAULT_KEYS),
-+        ('root', '/root/.ssh/authorized_keys2', TEST_DEFAULT_KEYS),
-+    ]
-+
-+    for user, filename, keys in expected_keys:
-+        contents = client.read_from_file(filename)
-+        if user in ['ubuntu', 'root']:
-+            # Our personal public key gets added by pycloudlib
-+            lines = contents.split('\n')
-+            assert len(lines) == 2
-+            assert keys.public_key.strip() in contents
-+        else:
-+            assert contents.strip() == keys.public_key.strip()
-+
-+        # Ensure we can actually connect
-+        ssh = paramiko.SSHClient()
-+        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
-+        paramiko_key = paramiko.RSAKey.from_private_key(StringIO(
-+            keys.private_key))
-+
-+        # Will fail with AuthenticationException if
-+        # we cannot connect
-+        ssh.connect(
-+            client.instance.ip,
-+            username=user,
-+            pkey=paramiko_key,
-+            look_for_keys=False,
-+            allow_agent=False,
-+        )
-+
-+        # Ensure other uses can't connect using our key
-+        other_users = [u[0] for u in expected_keys if u[2] != keys]
-+        for other_user in other_users:
-+            with pytest.raises(SSHException):
-+                print('trying to connect as {} with key from {}'.format(
-+                    other_user, user))
-+                ssh.connect(
-+                    client.instance.ip,
-+                    username=other_user,
-+                    pkey=paramiko_key,
-+                    look_for_keys=False,
-+                    allow_agent=False,
-+                )
-diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
-index fd1d1bac..bcb8044f 100644
--- a/tests/unittests/test_sshutil.py
-+++ b/tests/unittests/test_sshutil.py
-@@ -570,20 +570,33 @@ class TestBasicAuthorizedKeyParse(test_helpers.CiTestCase):
-             ssh_util.render_authorizedkeysfile_paths(
-                 "%h/.keys", "/homedirs/bobby", "bobby"))
- 
-+    def test_all(self):
-+        self.assertEqual(
-+            ["/homedirs/bobby/.keys", "/homedirs/bobby/.secret/keys",
-+             "/keys/path1", "/opt/bobby/keys"],
-+            ssh_util.render_authorizedkeysfile_paths(
-+                "%h/.keys .secret/keys /keys/path1 /opt/%u/keys",
-+                "/homedirs/bobby", "bobby"))
-+
- 
- class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
- 
-     @patch("cloudinit.ssh_util.pwd.getpwnam")
-     def test_multiple_authorizedkeys_file_order1(self, m_getpwnam):
-        fpw = FakePwEnt(pw_name='bobby', pw_dir='/home2/bobby')
-+        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
-         m_getpwnam.return_value = fpw
-        authorized_keys = self.tmp_path('authorized_keys')
-+        user_ssh_folder = "%s/.ssh" % fpw.pw_dir
-+
-+        # /tmp/home2/bobby/.ssh/authorized_keys = rsa
-+        authorized_keys = self.tmp_path('authorized_keys', dir=user_ssh_folder)
-         util.write_file(authorized_keys, VALID_CONTENT['rsa'])
- 
-        user_keys = self.tmp_path('user_keys')
-+        # /tmp/home2/bobby/.ssh/user_keys = dsa
-+        user_keys = self.tmp_path('user_keys', dir=user_ssh_folder)
-         util.write_file(user_keys, VALID_CONTENT['dsa'])
- 
-        sshd_config = self.tmp_path('sshd_config')
-+        # /tmp/sshd_config
-+        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
-         util.write_file(
-             sshd_config,
-             "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys)
-@@ -593,33 +606,244 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase):
-             fpw.pw_name, sshd_config)
-         content = ssh_util.update_authorized_keys(auth_key_entries, [])
- 
-        self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
-+        self.assertEqual(user_keys, auth_key_fn)
-         self.assertTrue(VALID_CONTENT['rsa'] in content)
-         self.assertTrue(VALID_CONTENT['dsa'] in content)
- 
-     @patch("cloudinit.ssh_util.pwd.getpwnam")
-     def test_multiple_authorizedkeys_file_order2(self, m_getpwnam):
-        fpw = FakePwEnt(pw_name='suzie', pw_dir='/home/suzie')
-+        fpw = FakePwEnt(pw_name='suzie', pw_dir='/tmp/home/suzie')
-         m_getpwnam.return_value = fpw
-        authorized_keys = self.tmp_path('authorized_keys')
-+        user_ssh_folder = "%s/.ssh" % fpw.pw_dir
-+
-+        # /tmp/home/suzie/.ssh/authorized_keys = rsa
-+        authorized_keys = self.tmp_path('authorized_keys', dir=user_ssh_folder)
-         util.write_file(authorized_keys, VALID_CONTENT['rsa'])
- 
-        user_keys = self.tmp_path('user_keys')
-+        # /tmp/home/suzie/.ssh/user_keys = dsa
-+        user_keys = self.tmp_path('user_keys', dir=user_ssh_folder)
-         util.write_file(user_keys, VALID_CONTENT['dsa'])
- 
-        sshd_config = self.tmp_path('sshd_config')
-+        # /tmp/sshd_config
-+        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
-         util.write_file(
-             sshd_config,
-            "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys)
-+            "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys)
-         )
- 
-         (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-            fpw.pw_name, sshd_config
-+            fpw.pw_name, sshd_config)
-+        content = ssh_util.update_authorized_keys(auth_key_entries, [])
-+
-+        self.assertEqual(authorized_keys, auth_key_fn)
-+        self.assertTrue(VALID_CONTENT['rsa'] in content)
-+        self.assertTrue(VALID_CONTENT['dsa'] in content)
-+
-+    @patch("cloudinit.ssh_util.pwd.getpwnam")
-+    def test_multiple_authorizedkeys_file_local_global(self, m_getpwnam):
-+        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
-+        m_getpwnam.return_value = fpw
-+        user_ssh_folder = "%s/.ssh" % fpw.pw_dir
-+
-+        # /tmp/home2/bobby/.ssh/authorized_keys = rsa
-+        authorized_keys = self.tmp_path('authorized_keys', dir=user_ssh_folder)
-+        util.write_file(authorized_keys, VALID_CONTENT['rsa'])
-+
-+        # /tmp/home2/bobby/.ssh/user_keys = dsa
-+        user_keys = self.tmp_path('user_keys', dir=user_ssh_folder)
-+        util.write_file(user_keys, VALID_CONTENT['dsa'])
-+
-+        # /tmp/etc/ssh/authorized_keys = ecdsa
-+        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys',
-+                                               dir="/tmp")
-+        util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])
-+
-+        # /tmp/sshd_config
-+        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
-+        util.write_file(
-+            sshd_config,
-+            "AuthorizedKeysFile %s %s %s" % (authorized_keys_global,
-+                                             user_keys, authorized_keys)
-+        )
-+
-+        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-+            fpw.pw_name, sshd_config)
-+        content = ssh_util.update_authorized_keys(auth_key_entries, [])
-+
-+        self.assertEqual(authorized_keys, auth_key_fn)
-+        self.assertTrue(VALID_CONTENT['rsa'] in content)
-+        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
-+        self.assertTrue(VALID_CONTENT['dsa'] in content)
-+
-+    @patch("cloudinit.ssh_util.pwd.getpwnam")
-+    def test_multiple_authorizedkeys_file_local_global2(self, m_getpwnam):
-+        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
-+        m_getpwnam.return_value = fpw
-+        user_ssh_folder = "%s/.ssh" % fpw.pw_dir
-+
-+        # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa
-+        authorized_keys = self.tmp_path('authorized_keys2',
-+                                        dir=user_ssh_folder)
-+        util.write_file(authorized_keys, VALID_CONTENT['rsa'])
-+
-+        # /tmp/home2/bobby/.ssh/user_keys3 = dsa
-+        user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder)
-+        util.write_file(user_keys, VALID_CONTENT['dsa'])
-+
-+        # /tmp/etc/ssh/authorized_keys = ecdsa
-+        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys',
-+                                               dir="/tmp")
-+        util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])
-+
-+        # /tmp/sshd_config
-+        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
-+        util.write_file(
-+            sshd_config,
-+            "AuthorizedKeysFile %s %s %s" % (authorized_keys_global,
-+                                             authorized_keys, user_keys)
-+        )
-+
-+        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-+            fpw.pw_name, sshd_config)
-+        content = ssh_util.update_authorized_keys(auth_key_entries, [])
-+
-+        self.assertEqual(user_keys, auth_key_fn)
-+        self.assertTrue(VALID_CONTENT['rsa'] in content)
-+        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
-+        self.assertTrue(VALID_CONTENT['dsa'] in content)
-+
-+    @patch("cloudinit.ssh_util.pwd.getpwnam")
-+    def test_multiple_authorizedkeys_file_global(self, m_getpwnam):
-+        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
-+        m_getpwnam.return_value = fpw
-+
-+        # /tmp/etc/ssh/authorized_keys = rsa
-+        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys',
-+                                               dir="/tmp")
-+        util.write_file(authorized_keys_global, VALID_CONTENT['rsa'])
-+
-+        # /tmp/sshd_config
-+        sshd_config = self.tmp_path('sshd_config')
-+        util.write_file(
-+            sshd_config,
-+            "AuthorizedKeysFile %s" % (authorized_keys_global)
-         )
-+
-+        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-+            fpw.pw_name, sshd_config)
-         content = ssh_util.update_authorized_keys(auth_key_entries, [])
- 
-         self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn)
-         self.assertTrue(VALID_CONTENT['rsa'] in content)
-+
-+    @patch("cloudinit.ssh_util.pwd.getpwnam")
-+    def test_multiple_authorizedkeys_file_multiuser(self, m_getpwnam):
-+        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home2/bobby')
-+        m_getpwnam.return_value = fpw
-+        user_ssh_folder = "%s/.ssh" % fpw.pw_dir
-+        # /tmp/home2/bobby/.ssh/authorized_keys2 = rsa
-+        authorized_keys = self.tmp_path('authorized_keys2',
-+                                        dir=user_ssh_folder)
-+        util.write_file(authorized_keys, VALID_CONTENT['rsa'])
-+        # /tmp/home2/bobby/.ssh/user_keys3 = dsa
-+        user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder)
-+        util.write_file(user_keys, VALID_CONTENT['dsa'])
-+
-+        fpw2 = FakePwEnt(pw_name='suzie', pw_dir='/tmp/home/suzie')
-+        user_ssh_folder = "%s/.ssh" % fpw2.pw_dir
-+        # /tmp/home/suzie/.ssh/authorized_keys2 = ssh-xmss@openssh.com
-+        authorized_keys2 = self.tmp_path('authorized_keys2',
-+                                         dir=user_ssh_folder)
-+        util.write_file(authorized_keys2,
-+                        VALID_CONTENT['ssh-xmss@openssh.com'])
-+
-+        # /tmp/etc/ssh/authorized_keys = ecdsa
-+        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys2',
-+                                               dir="/tmp")
-+        util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])
-+
-+        # /tmp/sshd_config
-+        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
-+        util.write_file(
-+            sshd_config,
-+            "AuthorizedKeysFile %s %%h/.ssh/authorized_keys2 %s" %
-+            (authorized_keys_global, user_keys)
-+        )
-+
-+        # process first user
-+        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-+            fpw.pw_name, sshd_config)
-+        content = ssh_util.update_authorized_keys(auth_key_entries, [])
-+
-+        self.assertEqual(user_keys, auth_key_fn)
-+        self.assertTrue(VALID_CONTENT['rsa'] in content)
-+        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
-+        self.assertTrue(VALID_CONTENT['dsa'] in content)
-+        self.assertFalse(VALID_CONTENT['ssh-xmss@openssh.com'] in content)
-+
-+        m_getpwnam.return_value = fpw2
-+        # process second user
-+        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-+            fpw2.pw_name, sshd_config)
-+        content = ssh_util.update_authorized_keys(auth_key_entries, [])
-+
-+        self.assertEqual(authorized_keys2, auth_key_fn)
-+        self.assertTrue(VALID_CONTENT['ssh-xmss@openssh.com'] in content)
-+        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
-+        self.assertTrue(VALID_CONTENT['dsa'] in content)
-+        self.assertFalse(VALID_CONTENT['rsa'] in content)
-+
-+    @patch("cloudinit.ssh_util.pwd.getpwnam")
-+    def test_multiple_authorizedkeys_file_multiuser2(self, m_getpwnam):
-+        fpw = FakePwEnt(pw_name='bobby', pw_dir='/tmp/home/bobby')
-+        m_getpwnam.return_value = fpw
-+        user_ssh_folder = "%s/.ssh" % fpw.pw_dir
-+        # /tmp/home/bobby/.ssh/authorized_keys2 = rsa
-+        authorized_keys = self.tmp_path('authorized_keys2',
-+                                        dir=user_ssh_folder)
-+        util.write_file(authorized_keys, VALID_CONTENT['rsa'])
-+        # /tmp/home/bobby/.ssh/user_keys3 = dsa
-+        user_keys = self.tmp_path('user_keys3', dir=user_ssh_folder)
-+        util.write_file(user_keys, VALID_CONTENT['dsa'])
-+
-+        fpw2 = FakePwEnt(pw_name='badguy', pw_dir='/tmp/home/badguy')
-+        user_ssh_folder = "%s/.ssh" % fpw2.pw_dir
-+        # /tmp/home/badguy/home/bobby = ""
-+        authorized_keys2 = self.tmp_path('home/bobby', dir="/tmp/home/badguy")
-+
-+        # /tmp/etc/ssh/authorized_keys = ecdsa
-+        authorized_keys_global = self.tmp_path('etc/ssh/authorized_keys2',
-+                                               dir="/tmp")
-+        util.write_file(authorized_keys_global, VALID_CONTENT['ecdsa'])
-+
-+        # /tmp/sshd_config
-+        sshd_config = self.tmp_path('sshd_config', dir="/tmp")
-+        util.write_file(
-+            sshd_config,
-+            "AuthorizedKeysFile %s %%h/.ssh/authorized_keys2 %s %s" %
-+            (authorized_keys_global, user_keys, authorized_keys2)
-+        )
-+
-+        # process first user
-+        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-+            fpw.pw_name, sshd_config)
-+        content = ssh_util.update_authorized_keys(auth_key_entries, [])
-+
-+        self.assertEqual(user_keys, auth_key_fn)
-+        self.assertTrue(VALID_CONTENT['rsa'] in content)
-+        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
-+        self.assertTrue(VALID_CONTENT['dsa'] in content)
-+
-+        m_getpwnam.return_value = fpw2
-+        # process second user
-+        (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys(
-+            fpw2.pw_name, sshd_config)
-+        content = ssh_util.update_authorized_keys(auth_key_entries, [])
-+
-+        # badguy should not take the key from the other user!
-+        self.assertEqual(authorized_keys2, auth_key_fn)
-+        self.assertTrue(VALID_CONTENT['ecdsa'] in content)
-         self.assertTrue(VALID_CONTENT['dsa'] in content)
-+        self.assertFalse(VALID_CONTENT['rsa'] in content)
- 
- # vi: ts=4 expandtab
-- 
-2.27.0
-
--- a/SOURCES/ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch
+++ b/SOURCES/ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch
@ -1,86 +0,0 @@
-From ce346f6057377c7bb9b89703fb8855ccf4947a61 Mon Sep 17 00:00:00 2001
-From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date: Wed, 8 Sep 2021 16:08:12 +0200
-Subject: [PATCH] ssh_utils.py: ignore when sshd_config options are not
- key/value pairs
-
-RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-MergeRequest: 10: ssh_utils.py: ignore when sshd_config options are not key/value pairs
-RH-Commit: [1/1] 546081571e8b6b1415aae1a04660137070532fae (eesposit/cloud-init-centos-)
-RH-Bugzilla: 2002302
-RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
-RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-
-TESTED: by me
-BREW: 39622506
-
-commit 2ce857248162957a785af61c135ca8433fdbbcde
-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Date:   Wed Sep 8 02:08:36 2021 +0200
-
-    ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007)
-
-    As specified in #LP 1845552,
-    In cloudinit/ssh_util.py, in parse_ssh_config_lines(), we attempt to
-    parse each line of sshd_config. This function expects each line to
-    be one of the following forms:
-
-        \# comment
-        key value
-        key=value
-
-    However, options like DenyGroups and DenyUsers are specified to
-    *optionally* accepts values in sshd_config.
-    Cloud-init should comply to this and skip the option if a value
-    is not provided.
-
-    Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-
-Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
- cloudinit/ssh_util.py           | 8 +++++++-
- tests/unittests/test_sshutil.py | 8 ++++++++
- 2 files changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
-index 9ccadf09..33679dcc 100644
--- a/cloudinit/ssh_util.py
-+++ b/cloudinit/ssh_util.py
-@@ -484,7 +484,13 @@ def parse_ssh_config_lines(lines):
-         try:
-             key, val = line.split(None, 1)
-         except ValueError:
-            key, val = line.split('=', 1)
-+            try:
-+                key, val = line.split('=', 1)
-+            except ValueError:
-+                LOG.debug(
-+                    "sshd_config: option \"%s\" has no key/value pair,"
-+                    " skipping it", line)
-+                continue
-         ret.append(SshdConfigLine(line, key, val))
-     return ret
- 
-diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
-index a66788bf..08e20050 100644
--- a/tests/unittests/test_sshutil.py
-+++ b/tests/unittests/test_sshutil.py
-@@ -525,6 +525,14 @@ class TestUpdateSshConfigLines(test_helpers.CiTestCase):
-         self.assertEqual([self.pwauth], result)
-         self.check_line(lines[-1], self.pwauth, "no")
- 
-+    def test_option_without_value(self):
-+        """Implementation only accepts key-value pairs."""
-+        extended_exlines = self.exlines.copy()
-+        denyusers_opt = "DenyUsers"
-+        extended_exlines.append(denyusers_opt)
-+        lines = ssh_util.parse_ssh_config_lines(list(extended_exlines))
-+        self.assertNotIn(denyusers_opt, str(lines))
-+
-     def test_single_option_updated(self):
-         """A single update should have change made and line updated."""
-         opt, val = ("UsePAM", "no")
-- 
-2.27.0
-
--- a/SOURCES/ci-write-passwords-only-to-serial-console-lock-down-clo.patch
+++ b/SOURCES/ci-write-passwords-only-to-serial-console-lock-down-clo.patch
@ -1,371 +0,0 @@
-From f9564bd4477782e8cffe4be1d3c31c0338fb03b1 Mon Sep 17 00:00:00 2001
-From: Eduardo Otubo <otubo@redhat.com>
-Date: Mon, 5 Jul 2021 14:07:21 +0200
-Subject: [PATCH 1/2] write passwords only to serial console, lock down
- cloud-init-output.log (#847)
-
-RH-Author: Eduardo Otubo <otubo@redhat.com>
-RH-MergeRequest: 4: write passwords only to serial console, lock down cloud-init-output.log (#847)
-RH-Commit: [1/1] 7543b3458c01ea988e987336d84510157c00390d (otubo/cloud-init-src)
-RH-Bugzilla: 1945892
-RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
-RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
-
-commit b794d426b9ab43ea9d6371477466070d86e10668
-Author: Daniel Watkins <oddbloke@ubuntu.com>
-Date:   Fri Mar 19 10:06:42 2021 -0400
-
-    write passwords only to serial console, lock down cloud-init-output.log (#847)
-
-    Prior to this commit, when a user specified configuration which would
-    generate random passwords for users, cloud-init would cause those
-    passwords to be written to the serial console by emitting them on
-    stderr.  In the default configuration, any stdout or stderr emitted by
-    cloud-init is also written to `/var/log/cloud-init-output.log`.  This
-    file is world-readable, meaning that those randomly-generated passwords
-    were available to be read by any user with access to the system.  This
-    presents an obvious security issue.
-
-    This commit responds to this issue in two ways:
-
-    * We address the direct issue by moving from writing the passwords to
-      sys.stderr to writing them directly to /dev/console (via
-      util.multi_log); this means that the passwords will never end up in
-      cloud-init-output.log
-    * To avoid future issues like this, we also modify the logging code so
-      that any files created in a log sink subprocess will only be
-      owner/group readable and, if it exists, will be owned by the adm
-      group.  This results in `/var/log/cloud-init-output.log` no longer
-      being world-readable, meaning that if there are other parts of the
-      codebase that are emitting sensitive data intended for the serial
-      console, that data is no longer available to all users of the system.
-
-    LP: #1918303
-
-Signed-off-by: Eduardo Otubo <otubo@redhat.com>
-Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
- cloudinit/config/cc_set_passwords.py          |  5 +-
- cloudinit/config/tests/test_set_passwords.py  | 40 +++++++++----
- cloudinit/tests/test_util.py                  | 56 +++++++++++++++++++
- cloudinit/util.py                             | 38 +++++++++++--
- .../modules/test_set_password.py              | 24 ++++++++
- tests/integration_tests/test_logging.py       | 22 ++++++++
- tests/unittests/test_util.py                  |  4 ++
- 7 files changed, 173 insertions(+), 16 deletions(-)
- create mode 100644 tests/integration_tests/test_logging.py
-
-diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
-index d6b5682d..433de751 100755
--- a/cloudinit/config/cc_set_passwords.py
-+++ b/cloudinit/config/cc_set_passwords.py
-@@ -78,7 +78,6 @@ password.
- """
- 
- import re
-import sys
- 
- from cloudinit.distros import ug_util
- from cloudinit import log as logging
-@@ -214,7 +213,9 @@ def handle(_name, cfg, cloud, log, args):
-         if len(randlist):
-             blurb = ("Set the following 'random' passwords\n",
-                      '\n'.join(randlist))
-            sys.stderr.write("%s\n%s\n" % blurb)
-+            util.multi_log(
-+                "%s\n%s\n" % blurb, stderr=False, fallback_to_stdout=False
-+            )
- 
-         if expire:
-             expired_users = []
-diff --git a/cloudinit/config/tests/test_set_passwords.py b/cloudinit/config/tests/test_set_passwords.py
-index daa1ef51..bbe2ee8f 100644
--- a/cloudinit/config/tests/test_set_passwords.py
-+++ b/cloudinit/config/tests/test_set_passwords.py
-@@ -74,10 +74,6 @@ class TestSetPasswordsHandle(CiTestCase):
- 
-     with_logs = True
- 
-    def setUp(self):
-        super(TestSetPasswordsHandle, self).setUp()
-        self.add_patch('cloudinit.config.cc_set_passwords.sys.stderr', 'm_err')
-
-     def test_handle_on_empty_config(self, *args):
-         """handle logs that no password has changed when config is empty."""
-         cloud = self.tmp_cloud(distro='ubuntu')
-@@ -129,10 +125,12 @@ class TestSetPasswordsHandle(CiTestCase):
-             mock.call(['pw', 'usermod', 'ubuntu', '-p', '01-Jan-1970'])],
-             m_subp.call_args_list)
- 
-+    @mock.patch(MODPATH + "util.multi_log")
-     @mock.patch(MODPATH + "util.is_BSD")
-     @mock.patch(MODPATH + "subp.subp")
-    def test_handle_on_chpasswd_list_creates_random_passwords(self, m_subp,
-                                                              m_is_bsd):
-+    def test_handle_on_chpasswd_list_creates_random_passwords(
-+        self, m_subp, m_is_bsd, m_multi_log
-+    ):
-         """handle parses command set random passwords."""
-         m_is_bsd.return_value = False
-         cloud = self.tmp_cloud(distro='ubuntu')
-@@ -146,10 +144,32 @@ class TestSetPasswordsHandle(CiTestCase):
-         self.assertIn(
-             'DEBUG: Handling input for chpasswd as list.',
-             self.logs.getvalue())
-        self.assertNotEqual(
-            [mock.call(['chpasswd'],
-             '\n'.join(valid_random_pwds) + '\n')],
-            m_subp.call_args_list)
-+
-+        self.assertEqual(1, m_subp.call_count)
-+        args, _kwargs = m_subp.call_args
-+        self.assertEqual(["chpasswd"], args[0])
-+
-+        stdin = args[1]
-+        user_pass = {
-+            user: password
-+            for user, password
-+            in (line.split(":") for line in stdin.splitlines())
-+        }
-+
-+        self.assertEqual(1, m_multi_log.call_count)
-+        self.assertEqual(
-+            mock.call(mock.ANY, stderr=False, fallback_to_stdout=False),
-+            m_multi_log.call_args
-+        )
-+
-+        self.assertEqual(set(["root", "ubuntu"]), set(user_pass.keys()))
-+        written_lines = m_multi_log.call_args[0][0].splitlines()
-+        for password in user_pass.values():
-+            for line in written_lines:
-+                if password in line:
-+                    break
-+            else:
-+                self.fail("Password not emitted to console")
- 
- 
- # vi: ts=4 expandtab
-diff --git a/cloudinit/tests/test_util.py b/cloudinit/tests/test_util.py
-index b7a302f1..e811917e 100644
--- a/cloudinit/tests/test_util.py
-+++ b/cloudinit/tests/test_util.py
-@@ -851,4 +851,60 @@ class TestEnsureFile:
-         assert "ab" == kwargs["omode"]
- 
- 
-+@mock.patch("cloudinit.util.grp.getgrnam")
-+@mock.patch("cloudinit.util.os.setgid")
-+@mock.patch("cloudinit.util.os.umask")
-+class TestRedirectOutputPreexecFn:
-+    """This tests specifically the preexec_fn used in redirect_output."""
-+
-+    @pytest.fixture(params=["outfmt", "errfmt"])
-+    def preexec_fn(self, request):
-+        """A fixture to gather the preexec_fn used by redirect_output.
-+
-+        This enables simpler direct testing of it, and parameterises any tests
-+        using it to cover both the stdout and stderr code paths.
-+        """
-+        test_string = "| piped output to invoke subprocess"
-+        if request.param == "outfmt":
-+            args = (test_string, None)
-+        elif request.param == "errfmt":
-+            args = (None, test_string)
-+        with mock.patch("cloudinit.util.subprocess.Popen") as m_popen:
-+            util.redirect_output(*args)
-+
-+        assert 1 == m_popen.call_count
-+        _args, kwargs = m_popen.call_args
-+        assert "preexec_fn" in kwargs, "preexec_fn not passed to Popen"
-+        return kwargs["preexec_fn"]
-+
-+    def test_preexec_fn_sets_umask(
-+        self, m_os_umask, _m_setgid, _m_getgrnam, preexec_fn
-+    ):
-+        """preexec_fn should set a mask that avoids world-readable files."""
-+        preexec_fn()
-+
-+        assert [mock.call(0o037)] == m_os_umask.call_args_list
-+
-+    def test_preexec_fn_sets_group_id_if_adm_group_present(
-+        self, _m_os_umask, m_setgid, m_getgrnam, preexec_fn
-+    ):
-+        """We should setgrp to adm if present, so files are owned by them."""
-+        fake_group = mock.Mock(gr_gid=mock.sentinel.gr_gid)
-+        m_getgrnam.return_value = fake_group
-+
-+        preexec_fn()
-+
-+        assert [mock.call("adm")] == m_getgrnam.call_args_list
-+        assert [mock.call(mock.sentinel.gr_gid)] == m_setgid.call_args_list
-+
-+    def test_preexec_fn_handles_absent_adm_group_gracefully(
-+        self, _m_os_umask, m_setgid, m_getgrnam, preexec_fn
-+    ):
-+        """We should handle an absent adm group gracefully."""
-+        m_getgrnam.side_effect = KeyError("getgrnam(): name not found: 'adm'")
-+
-+        preexec_fn()
-+
-+        assert 0 == m_setgid.call_count
-+
- # vi: ts=4 expandtab
-diff --git a/cloudinit/util.py b/cloudinit/util.py
-index 769f3425..4e0a72db 100644
--- a/cloudinit/util.py
-+++ b/cloudinit/util.py
-@@ -359,7 +359,7 @@ def find_modules(root_dir):
- 
- 
- def multi_log(text, console=True, stderr=True,
-              log=None, log_level=logging.DEBUG):
-+              log=None, log_level=logging.DEBUG, fallback_to_stdout=True):
-     if stderr:
-         sys.stderr.write(text)
-     if console:
-@@ -368,7 +368,7 @@ def multi_log(text, console=True, stderr=True,
-             with open(conpath, 'w') as wfh:
-                 wfh.write(text)
-                 wfh.flush()
-        else:
-+        elif fallback_to_stdout:
-             # A container may lack /dev/console (arguably a container bug).  If
-             # it does not exist, then write output to stdout.  this will result
-             # in duplicate stderr and stdout messages if stderr was True.
-@@ -623,6 +623,26 @@ def redirect_output(outfmt, errfmt, o_out=None, o_err=None):
-     if not o_err:
-         o_err = sys.stderr
- 
-+    # pylint: disable=subprocess-popen-preexec-fn
-+    def set_subprocess_umask_and_gid():
-+        """Reconfigure umask and group ID to create output files securely.
-+
-+        This is passed to subprocess.Popen as preexec_fn, so it is executed in
-+        the context of the newly-created process.  It:
-+
-+        * sets the umask of the process so created files aren't world-readable
-+        * if an adm group exists in the system, sets that as the process' GID
-+          (so that the created file(s) are owned by root:adm)
-+        """
-+        os.umask(0o037)
-+        try:
-+            group_id = grp.getgrnam("adm").gr_gid
-+        except KeyError:
-+            # No adm group, don't set a group
-+            pass
-+        else:
-+            os.setgid(group_id)
-+
-     if outfmt:
-         LOG.debug("Redirecting %s to %s", o_out, outfmt)
-         (mode, arg) = outfmt.split(" ", 1)
-@@ -632,7 +652,12 @@ def redirect_output(outfmt, errfmt, o_out=None, o_err=None):
-                 owith = "wb"
-             new_fp = open(arg, owith)
-         elif mode == "|":
-            proc = subprocess.Popen(arg, shell=True, stdin=subprocess.PIPE)
-+            proc = subprocess.Popen(
-+                arg,
-+                shell=True,
-+                stdin=subprocess.PIPE,
-+                preexec_fn=set_subprocess_umask_and_gid,
-+            )
-             new_fp = proc.stdin
-         else:
-             raise TypeError("Invalid type for output format: %s" % outfmt)
-@@ -654,7 +679,12 @@ def redirect_output(outfmt, errfmt, o_out=None, o_err=None):
-                 owith = "wb"
-             new_fp = open(arg, owith)
-         elif mode == "|":
-            proc = subprocess.Popen(arg, shell=True, stdin=subprocess.PIPE)
-+            proc = subprocess.Popen(
-+                arg,
-+                shell=True,
-+                stdin=subprocess.PIPE,
-+                preexec_fn=set_subprocess_umask_and_gid,
-+            )
-             new_fp = proc.stdin
-         else:
-             raise TypeError("Invalid type for error format: %s" % errfmt)
-diff --git a/tests/integration_tests/modules/test_set_password.py b/tests/integration_tests/modules/test_set_password.py
-index b13f76fb..d7cf91a5 100644
--- a/tests/integration_tests/modules/test_set_password.py
-+++ b/tests/integration_tests/modules/test_set_password.py
-@@ -116,6 +116,30 @@ class Mixin:
-         # Which are not the same
-         assert shadow_users["harry"] != shadow_users["dick"]
- 
-+    def test_random_passwords_not_stored_in_cloud_init_output_log(
-+        self, class_client
-+    ):
-+        """We should not emit passwords to the in-instance log file.
-+
-+        LP: #1918303
-+        """
-+        cloud_init_output = class_client.read_from_file(
-+            "/var/log/cloud-init-output.log"
-+        )
-+        assert "dick:" not in cloud_init_output
-+        assert "harry:" not in cloud_init_output
-+
-+    def test_random_passwords_emitted_to_serial_console(self, class_client):
-+        """We should emit passwords to the serial console. (LP: #1918303)"""
-+        try:
-+            console_log = class_client.instance.console_log()
-+        except NotImplementedError:
-+            # Assume that an exception here means that we can't use the console
-+            # log
-+            pytest.skip("NotImplementedError when requesting console log")
-+        assert "dick:" in console_log
-+        assert "harry:" in console_log
-+
-     def test_explicit_password_set_correctly(self, class_client):
-         """Test that an explicitly-specified password is set correctly."""
-         shadow_users, _ = self._fetch_and_parse_etc_shadow(class_client)
-diff --git a/tests/integration_tests/test_logging.py b/tests/integration_tests/test_logging.py
-new file mode 100644
-index 00000000..b31a0434
--- /dev/null
-+++ b/tests/integration_tests/test_logging.py
-@@ -0,0 +1,22 @@
-+"""Integration tests relating to cloud-init's logging."""
-+
-+
-+class TestVarLogCloudInitOutput:
-+    """Integration tests relating to /var/log/cloud-init-output.log."""
-+
-+    def test_var_log_cloud_init_output_not_world_readable(self, client):
-+        """
-+        The log can contain sensitive data, it shouldn't be world-readable.
-+
-+        LP: #1918303
-+        """
-+        # Check the file exists
-+        assert client.execute("test -f /var/log/cloud-init-output.log").ok
-+
-+        # Check its permissions are as we expect
-+        perms, user, group = client.execute(
-+            "stat -c %a:%U:%G /var/log/cloud-init-output.log"
-+        ).split(":")
-+        assert "640" == perms
-+        assert "root" == user
-+        assert "adm" == group
-diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py
-index 857629f1..e5292001 100644
--- a/tests/unittests/test_util.py
-+++ b/tests/unittests/test_util.py
-@@ -572,6 +572,10 @@ class TestMultiLog(helpers.FilesystemMockingTestCase):
-         util.multi_log(logged_string)
-         self.assertEqual(logged_string, self.stdout.getvalue())
- 
-+    def test_logs_dont_go_to_stdout_if_fallback_to_stdout_is_false(self):
-+        util.multi_log('something', fallback_to_stdout=False)
-+        self.assertEqual('', self.stdout.getvalue())
-+
-     def test_logs_go_to_log_if_given(self):
-         log = mock.MagicMock()
-         logged_string = 'something very important'
-- 
-2.27.0
-
--- a/SPECS/cloud-init.spec
+++ b/SPECS/cloud-init.spec
@ -1,8 +1,16 @@
+%{!?license: %global license %%doc}
+
+# The only reason we are archful is because dmidecode is ExclusiveArch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1067089
+%global debug_package %{nil}
+
 Name:           cloud-init
-Version:        21.1
-Release:        15%{?dist}
+Version:        22.1
+Release:        5%{?dist}
 Summary:        Cloud instance init scripts
-License:        ASL 2.0 or GPLv3
+
+Group:          System Environment/Base
+License:        GPLv3
 URL:            http://launchpad.net/cloud-init
 Source0:        https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz
 Source1:        cloud-init-tmpfiles.conf
@ -10,32 +18,33 @@ Source1:        cloud-init-tmpfiles.conf
 Patch0001: 0001-Add-initial-redhat-setup.patch
 Patch0002: 0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch
 Patch0003: 0003-limit-permissions-on-def_log_file.patch
-# For bz#1970909 - [cloud-init] From RHEL 82+ cloud-init no longer displays sshd keys fingerprints from instance launched from a backup image[rhel-9]
-Patch4: ci-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch
-# For bz#1943511 - [Aliyun][RHEL9.0][cloud-init] cloud-init service failed to start with Alibaba instance
-Patch5: ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch
-# For bz#1945892 - CVE-2021-3429 cloud-init: randomly generated passwords logged in clear-text to world-readable file [rhel-9.0]
-Patch6: ci-write-passwords-only-to-serial-console-lock-down-clo.patch
-# For bz#1979099 - [cloud-init]Customize ssh AuthorizedKeysFile causes login failure[RHEL-9.0]
-Patch7: ci-ssh-util-allow-cloudinit-to-merge-all-ssh-keys-into-.patch
-# For bz#1979099 - [cloud-init]Customize ssh AuthorizedKeysFile causes login failure[RHEL-9.0]
-Patch8: ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch
-# For bz#1995843 - [cloudinit]  Fix home permissions modified by ssh module
-Patch9: ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch
-# For bz#2002302 - cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9]
-Patch10: ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch
-# For bz#2002492 - util.py[WARNING]: Failed generating key type rsa to file /etc/ssh/ssh_host_rsa_key
-Patch11: ci-Inhibit-sshd-keygen-.service-if-cloud-init-is-active.patch
-# For bz#2015974 - cloud-init fails to set host key permissions correctly
-Patch12: ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch
-# For bz#2016305 - disable-sshd-keygen-if-cloud-init-active.conf:8: Missing '=', ignoring line
-Patch13: ci-remove-unnecessary-EOF-string-in-disable-sshd-keygen.patch
-# For bz#2028381 - cloud-init.service fails to start after package update
-Patch14: ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch
-# For bz#2028031 - [RHEL-9] Above 19.2 of cloud-init fails to configure routes when configuring static and default routes to the same destination IP
-Patch15: ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch
-
-# Source-git patches
+Patch0004: 0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
+Patch0005: 0005-Remove-race-condition-between-cloud-init-and-Network.patch
+Patch0006: 0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch
+# For bz#2059872 - [RHEL-8]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles
+Patch7: ci-Add-native-NetworkManager-support-1224.patch
+# For bz#2059872 - [RHEL-8]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles
+Patch8: ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch
+# For bz#2082071 - Align cloud.cfg file and systemd with cloud-init upstream .tmpl files
+Patch9: ci-Align-rhel-custom-files-with-upstream-1431.patch
+# For bz#2082071 - Align cloud.cfg file and systemd with cloud-init upstream .tmpl files
+Patch10: ci-Remove-rhel-specific-files.patch
+# For bz#2082686 - [cloud][init] Add support for reading tags from instance metadata
+Patch11: ci-Support-EC2-tags-in-instance-metadata-1309.patch
+# For bz#2096269 - Adjust udev/rules default path[RHEL-8]
+Patch12: ci-setup.py-adjust-udev-rules-default-path-1513.patch
+# For bz#2107464 - [RHEL-8.7] Cannot run sysconfig when changing the priority of network renderers
+# For bz#2110066 - DNS integration with OpenStack/cloud-init/NetworkManager is not working
+# For bz#2117526 - [RHEL8.7] Revert patch of configuring networking by NM keyfiles
+# For bz#2104393 - [RHEL-8.7]Failed to config static IP and IPv6 according to VMware Customization Config File
+# For bz#2098624 - [RHEL-8.7] IPv6 not workable when cloud-init configure network using NM keyfiles
+Patch13: ci-Revert-Add-native-NetworkManager-support-1224.patch
+# For bz#2107464 - [RHEL-8.7] Cannot run sysconfig when changing the priority of network renderers
+# For bz#2110066 - DNS integration with OpenStack/cloud-init/NetworkManager is not working
+# For bz#2117526 - [RHEL8.7] Revert patch of configuring networking by NM keyfiles
+# For bz#2104393 - [RHEL-8.7]Failed to config static IP and IPv6 according to VMware Customization Config File
+# For bz#2098624 - [RHEL-8.7] IPv6 not workable when cloud-init configure network using NM keyfiles
+Patch14: ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch

 BuildArch:      noarch

@ -47,18 +56,20 @@ BuildRequires:  systemd
 # For tests
 BuildRequires:  iproute
 BuildRequires:  python3-configobj
-# https://bugzilla.redhat.com/show_bug.cgi?id=1695953
-BuildRequires:  python3-distro
-# https://bugzilla.redhat.com/show_bug.cgi?id=1417029
+# # https://bugzilla.redhat.com/show_bug.cgi?id=1417029
 BuildRequires:  python3-httpretty >= 0.8.14-2
 BuildRequires:  python3-jinja2
 BuildRequires:  python3-jsonpatch
+BuildRequires:  python3-jsonschema
+BuildRequires:  python3-mock
+BuildRequires:  python3-nose
 BuildRequires:  python3-oauthlib
 BuildRequires:  python3-prettytable
 BuildRequires:  python3-pyserial
 BuildRequires:  python3-PyYAML
 BuildRequires:  python3-requests
 BuildRequires:  python3-six
+BuildRequires:  python3-unittest2
 # dnf is needed to make cc_ntp unit tests work
 # https://bugs.launchpad.net/cloud-init/+bug/1721573
 BuildRequires:  /usr/bin/dnf
@ -69,10 +80,9 @@ Requires:       libselinux-python3
 Requires:       policycoreutils-python3
 Requires:       procps
 Requires:       python3-configobj
-# https://bugzilla.redhat.com/show_bug.cgi?id=1695953
-Requires:       python3-distro
 Requires:       python3-jinja2
 Requires:       python3-jsonpatch
+Requires:       python3-jsonschema
 Requires:       python3-oauthlib
 Requires:       python3-prettytable
 Requires:       python3-pyserial
@ -83,9 +93,10 @@ Requires:       shadow-utils
 Requires:       util-linux
 Requires:       xfsprogs
 Requires:       dhcp-client
-# https://bugzilla.redhat.com/show_bug.cgi?id=2032524
+# https://bugzilla.redhat.com/show_bug.cgi?id=2039697
 Requires:       gdisk
 Requires:       openssl
+Requires:       python3-netifaces

 %{?systemd_requires}

@ -109,12 +120,6 @@ sed -i -e 's|#!/usr/bin/env python|#!/usr/bin/env python3|' \
 %install
 %py3_install --

-%if 0%{?fedora}
-python3 tools/render-cloudcfg --variant fedora > $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg
-%elif 0%{?rhel}
-cp -p rhel/cloud.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg
-%endif
-
 sed -i "s,@@PACKAGED_VERSION@@,%{version}-%{release}," $RPM_BUILD_ROOT/%{python3_sitelib}/cloudinit/version.py

 mkdir -p $RPM_BUILD_ROOT/var/lib/cloud
@ -124,9 +129,6 @@ mkdir -p $RPM_BUILD_ROOT/run/cloud-init
 mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir}
 cp -p %{SOURCE1} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf

-# We supply our own config file since our software differs from Ubuntu's.
-cp -p rhel/cloud.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg
-
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rsyslog.d
 cp -p tools/21-cloudinit.conf $RPM_BUILD_ROOT/%{_sysconfdir}/rsyslog.d/21-cloudinit.conf

@ -134,16 +136,9 @@ cp -p tools/21-cloudinit.conf $RPM_BUILD_ROOT/%{_sysconfdir}/rsyslog.d/21-cloudi
 mv $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/hook-network-manager \
   $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/cloud-init-azure-hook

-# Install our own systemd units (rhbz#1440831)
-mkdir -p $RPM_BUILD_ROOT%{_unitdir}
-cp rhel/systemd/* $RPM_BUILD_ROOT%{_unitdir}/
-
-[ ! -d $RPM_BUILD_ROOT%{_systemdgeneratordir} ] && mkdir -p $RPM_BUILD_ROOT%{_systemdgeneratordir}
-python3 tools/render-cloudcfg --variant rhel systemd/cloud-init-generator.tmpl > $RPM_BUILD_ROOT%{_systemdgeneratordir}/cloud-init-generator
-chmod 755 $RPM_BUILD_ROOT%{_systemdgeneratordir}/cloud-init-generator
-
-[ ! -d $RPM_BUILD_ROOT/usr/lib/%{name} ] && mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name}
-cp -p tools/ds-identify $RPM_BUILD_ROOT%{_libexecdir}/%{name}/ds-identify
+[ ! -d $RPM_BUILD_ROOT/usr/lib/systemd/system-generators ] && mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system-generators
+python3 tools/render-cloudcfg --variant rhel systemd/cloud-init-generator.tmpl > $RPM_BUILD_ROOT/usr/lib/systemd/system-generators/cloud-init-generator
+chmod 755 $RPM_BUILD_ROOT/usr/lib/systemd/system-generators/cloud-init-generator

 # installing man pages
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1/
@ -198,10 +193,8 @@ fi
 %postun
 %systemd_postun cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service

-
 %files
 %license LICENSE
-%doc ChangeLog rhel/README.rhel
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg
 %dir               %{_sysconfdir}/cloud/cloud.cfg.d
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/*.cfg
@ -211,6 +204,8 @@ fi
 %{_unitdir}/cloud-config.service
 %{_unitdir}/cloud-config.target
 %{_unitdir}/cloud-final.service
+%{_unitdir}/cloud-init-hotplugd.service
+%{_unitdir}/cloud-init-hotplugd.socket
 %{_unitdir}/cloud-init-local.service
 %{_unitdir}/cloud-init.service
 %{_unitdir}/cloud-init.target
@ -223,203 +218,464 @@ fi
 %dir %verify(not mode) /run/cloud-init
 %dir /var/lib/cloud
 /etc/NetworkManager/dispatcher.d/cloud-init-azure-hook
+/etc/dhcp/dhclient-exit-hooks.d/hook-dhclient
 %{_udevrulesdir}/66-azure-ephemeral.rules
-%{_sysconfdir}/bash_completion.d/cloud-init
+%{_datadir}/bash-completion/completions/cloud-init
 %{_bindir}/cloud-id
-%{_libexecdir}/%{name}/ds-identify
-%{_systemdgeneratordir}/cloud-init-generator
+/usr/lib/systemd/system-generators/cloud-init-generator
 %{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf

+
 %dir %{_sysconfdir}/rsyslog.d
 %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf

 %changelog
-* Thu Jan 13 2022 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-15
- ci-Add-gdisk-and-openssl-as-deps-to-fix-UEFI-Azure-init.patch [bz#2032524]
- Resolves: bz#2032524
-  ([RHEL9] [Azure] cloud-init fails to configure the system)
+* Wed Aug 17 2022 Jon Maloy <jmaloy@redhat.com> - 22.1-5
+- ci-Revert-Add-native-NetworkManager-support-1224.patch [bz#2107464 bz#2110066 bz#2117526 bz#2104393 bz#2098624]
+- ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch [bz#2107464 bz#2110066 bz#2117526 bz#2104393 bz#2098624]
+- Resolves: bz#2107464
+  ([RHEL-8.7] Cannot run sysconfig when changing the priority of network renderers)
+- Resolves: bz#2110066
+  (DNS integration with OpenStack/cloud-init/NetworkManager is not working)
+- Resolves: bz#2117526
+  ([RHEL8.7] Revert patch of configuring networking by NM keyfiles)
+- Resolves: bz#2104393
+  ([RHEL-8.7]Failed to config static IP and IPv6 according to VMware Customization Config File)
+- Resolves: bz#2098624
+  ([RHEL-8.7] IPv6 not workable when cloud-init configure network using NM keyfiles)

-* Tue Dec 14 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-14
- ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch [bz#2028031]
- Resolves: bz#2028031
-  ([RHEL-9] Above 19.2 of cloud-init fails to configure routes when configuring static and default routes to the same destination IP)
+* Tue Jul 12 2022 Miroslav Rezanina <mrezanin@redhat.com> - 22.1-4
+- ci-cloud-init.spec-adjust-path-for-66-azure-ephemeral.r.patch [bz#2096269]
+- ci-setup.py-adjust-udev-rules-default-path-1513.patch [bz#2096269]
+- Resolves: bz#2096269
+  (Adjust udev/rules default path[RHEL-8])

-* Mon Dec 06 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-13
- ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch [bz#2028381]
- Resolves: bz#2028381
+* Thu Jun 23 2022 Jon Maloy <jmaloy@redhat.com> - 22.1-3
+- ci-Support-EC2-tags-in-instance-metadata-1309.patch [bz#2082686]
+- Resolves: bz#2082686
+  ([cloud][init] Add support for reading tags from instance metadata)
+
+* Tue May 31 2022 Jon Maloy <jmaloy@redhat.com> - 22.1-2
+- ci-Add-native-NetworkManager-support-1224.patch [bz#2059872]
+- ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch [bz#2059872]
+- ci-Align-rhel-custom-files-with-upstream-1431.patch [bz#2082071]
+- ci-Remove-rhel-specific-files.patch [bz#2082071]
+- Resolves: bz#2059872
+  ([RHEL-8]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles)
+- Resolves: bz#2082071
+  (Align cloud.cfg file and systemd with cloud-init upstream .tmpl files)
+
+* Mon Apr 25 2022 Amy Chen <xiachen@redhat.com> - 22.1-1
+- Rebaes to 22.1 [bz#2065544]
+- Resolves: bz#2065544
+  ([RHEL-8.7.0] cloud-init rebase to 22.1)
+
+* Fri Apr 01 2022 Camilla Conte <cconte@redhat.com> - 21.1-15
+- ci-Detect-a-Python-version-change-and-clear-the-cache-8.patch [bz#1935826]
+- ci-Fix-MIME-policy-failure-on-python-version-upgrade-93.patch [bz#1935826]
+
+* Fri Feb 25 2022 Jon Maloy <jmaloy@redhat.com> - 21.1-14
+- ci-Fix-IPv6-netmask-format-for-sysconfig-1215.patch [bz#2046540]
+- Resolves: bz#2046540
+  (cloud-init writes route6-$DEVICE config with a HEX netmask. ip route does not like : Error: inet6 prefix is expected rather than "fd00:fd00:fd00::/ffff:ffff:ffff:ffff::".)
+
+* Tue Jan 25 2022 Jon Maloy <jmaloy@redhat.com> - 21.1-13
+- ci-Add-flexibility-to-IMDS-api-version-793.patch [bz#2023940]
+- ci-Azure-helper-Ensure-Azure-http-handler-sleeps-betwee.patch [bz#2023940]
+- ci-azure-Removing-ability-to-invoke-walinuxagent-799.patch [bz#2023940]
+- ci-Azure-eject-the-provisioning-iso-before-reporting-re.patch [bz#2023940]
+- ci-Azure-Retrieve-username-and-hostname-from-IMDS-865.patch [bz#2023940]
+- ci-Azure-Retry-net-metadata-during-nic-attach-for-non-t.patch [bz#2023940]
+- ci-Azure-adding-support-for-consuming-userdata-from-IMD.patch [bz#2023940]
+- Resolves: bz#2023940
+  ([RHEL-8] Support for provisioning Azure VM with userdata)
+
+* Wed Jan 19 2022 Jon Maloy <jmaloy@redhat.com> - 21.1-12
+- ci-Add-gdisk-and-openssl-as-deps-to-fix-UEFI-Azure-init.patch [bz#2039697]
+- ci-Datasource-for-VMware-953.patch [bz#2026587]
+- ci-Change-netifaces-dependency-to-0.10.4-965.patch [bz#2026587]
+- ci-Update-dscheck_VMware-s-rpctool-check-970.patch [bz#2026587]
+- ci-Revert-unnecesary-lcase-in-ds-identify-978.patch [bz#2026587]
+- ci-Add-netifaces-package-as-a-Requires-in-cloud-init.sp.patch [bz#2026587]
+- Resolves: bz#2039697
+  ([RHEL8] [Azure] cloud-init fails to configure the system)
+- Resolves: bz#2026587
+  ([cloud-init][RHEL8] Support for cloud-init datasource 'cloud-init-vmware-guestinfo')
+
+* Wed Dec 08 2021 Jon Maloy <jmaloy@redhat.com> - 21.1-11
+- ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch [bz#2028028]
+- Resolves: bz#2028028
+  ([RHEL-8] Above 19.2 of cloud-init fails to configure routes when configuring static and default routes to the same destination IP)
+
+* Mon Dec 06 2021 Jon Maloy <jmaloy@redhat.com> - 21.1-10
+- ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch [bz#2021538]
+- Resolves: bz#2021538
  (cloud-init.service fails to start after package update)

-* Mon Nov 01 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-12
- ci-remove-unnecessary-EOF-string-in-disable-sshd-keygen.patch [bz#2016305]
- Resolves: bz#2016305
-  (disable-sshd-keygen-if-cloud-init-active.conf:8: Missing '=', ignoring line)
-
-* Tue Oct 26 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-11
- ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch [bz#2015974]
- Resolves: bz#2015974
+* Mon Oct 25 2021 Jon Maloy <jmaloy@redhat.com> - 21.1-9
+- ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch [bz#2013644]
+- Resolves: bz#2013644
  (cloud-init fails to set host key permissions correctly)

-* Mon Oct 18 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-10
- ci-Inhibit-sshd-keygen-.service-if-cloud-init-is-active.patch [bz#2002492]
- ci-add-the-drop-in-also-in-the-files-section-of-cloud-i.patch [bz#2002492]
- Resolves: bz#2002492
-  (util.py[WARNING]: Failed generating key type rsa to file /etc/ssh/ssh_host_rsa_key)
+* Thu Sep 23 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-8
+- ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch [bz#1862933]
+- Resolves: bz#1862933
+  (cloud-init fails with ValueError: need more than 1 value to unpack[rhel-8])

-* Fri Sep 10 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-9
- ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch [bz#2002302]
- Resolves: bz#2002302
-  (cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9])
-
-* Fri Sep 03 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-8
- ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch [bz#1995843]
- Resolves: bz#1995843
+* Fri Aug 27 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-7
+- ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch [bz#1995840]
+- Resolves: bz#1995840
  ([cloudinit]  Fix home permissions modified by ssh module)

-* Mon Aug 16 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-7
- ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch [bz#1979099]
- ci-Report-full-specific-version-with-cloud-init-version.patch [bz#1971002]
- Resolves: bz#1979099
-  ([cloud-init]Customize ssh AuthorizedKeysFile causes login failure[RHEL-9.0])
- Resolves: bz#1971002
-  (cloud-init should report full specific full version with "cloud-init --version" [rhel-9])
-
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 21.1-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Wed Aug 11 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-6
+- ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch [bz#1862967]
+- Resolves: bz#1862967
+  ([cloud-init]Customize ssh AuthorizedKeysFile causes login failure)

 * Fri Aug 06 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-5
- ci-Add-dhcp-client-as-a-dependency.patch [bz#1964900]
- Resolves: bz#1964900
-  ([Azure][RHEL-9] cloud-init must require dhcp-client on Azure)
+- ci-Add-dhcp-client-as-a-dependency.patch [bz#1977385]
+- Resolves: bz#1977385
+  ([Azure][RHEL-8] cloud-init must require dhcp-client on Azure)

-* Thu Jul 15 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-4
- ci-write-passwords-only-to-serial-console-lock-down-clo.patch [bz#1945892]
- ci-ssh-util-allow-cloudinit-to-merge-all-ssh-keys-into-.patch [bz#1979099]
- Resolves: bz#1945892
-  (CVE-2021-3429 cloud-init: randomly generated passwords logged in clear-text to world-readable file [rhel-9.0])
- Resolves: bz#1979099
-  ([cloud-init]Customize ssh AuthorizedKeysFile causes login failure[RHEL-9.0])
+* Mon Jul 19 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-4
+- ci-ssh-util-allow-cloudinit-to-merge-all-ssh-keys-into-.patch [bz#1862967]
+- Resolves: bz#1862967
+  ([cloud-init]Customize ssh AuthorizedKeysFile causes login failure)

-* Fri Jul 02 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-3
- ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch [bz#1943511]
- Resolves: bz#1943511
-  ([Aliyun][RHEL9.0][cloud-init] cloud-init service failed to start with Alibaba instance)
+* Mon Jul 12 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-3
+- ci-write-passwords-only-to-serial-console-lock-down-clo.patch [bz#1945891]
+- Resolves: bz#1945891
+  (CVE-2021-3429 cloud-init: randomly generated passwords logged in clear-text to world-readable file [rhel-8])

-* Mon Jun 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-2
- ci-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch [bz#1970909]
- ci-Use-_systemdgeneratordir-macro-for-cloud-init-genera.patch [bz#1971480]
- Resolves: bz#1970909
-  ([cloud-init] From RHEL 82+ cloud-init no longer displays sshd keys fingerprints from instance launched from a backup image[rhel-9])
- Resolves: bz#1971480
-  (Use systemdgenerators macro in spec file)
+* Fri Jun 11 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-2
+- ci-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch [bz#1957532]
+- ci-cloud-init.spec.template-update-systemd_postun-param.patch [bz#1952089]
+- Resolves: bz#1957532
+  ([cloud-init] From RHEL 82+ cloud-init no longer displays sshd keys fingerprints from instance launched from a backup image)
+- Resolves: bz#1952089
+  (cloud-init brew build fails on Fedora 33)

-* Thu Jun 10 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-1
- Rebase to 21.1 [bz#1958209]
- Resolves: bz#1958209
-  ([RHEL-9.0] Rebase cloud-init to 21.1)
+* Thu May 27 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-1.el8
+- Rebaes to 21.1 [bz#1958174]
+- Resolves: bz#1958174
+  ([RHEL-8.5.0] Rebase cloud-init to 21.1)

-* Wed Apr 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.4-5
- Removing python-mock dependency
- Resolves: bz#1922323
+* Thu May 13 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-10.el8_4.3
+- ci-get_interfaces-don-t-exclude-Open-vSwitch-bridge-bon.patch [bz#1957135]
+- ci-net-exclude-OVS-internal-interfaces-in-get_interface.patch [bz#1957135]
+- Resolves: bz#1957135
+  (Intermittent failure to start cloud-init due to failure to detect macs [rhel-8.4.0.z])

-* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 20.4-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Tue Apr 06 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-10.el8_4.1
+- ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch [bz#1942699]
+- Resolves: bz#1942699
+  ([Aliyun][RHEL8.4][cloud-init] cloud-init service failed to start with Alibaba instance [rhel-8.4.0.z])

-* Wed Apr 07 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.4-3.el9
- ci-Removing-python-nose-and-python-tox-as-dependency.patch [bz#1916777 bz#1918892]
- Resolves: bz#1916777
-  (cloud-init requires python-nose)
- Resolves: bz#1918892
-  (cloud-init requires tox)
+* Tue Feb 02 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-10.el8
+- ci-fix-a-typo-in-man-page-cloud-init.1-752.patch [bz#1913127]
+- Resolves: bz#1913127
+  (A typo in cloud-init man page)

-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Tue Jan 26 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-9.el8
+- ci-DataSourceAzure-update-password-for-defuser-if-exist.patch [bz#1900892]
+- ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch [bz#1919972]
+- Resolves: bz#1900892
+  ([Azure] Update existing user password RHEL8x)
+- Resolves: bz#1919972
+  ([RHEL-8.4] ssh keys can be shared across users giving potential root access)

-* Thu Dec 03 2020 Eduardo Otubo <otubo@redhat.com> - 20.4-2
- Updated to 20.4 [bz#1902250]
+* Thu Jan 21 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-8.el8
+- ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch [bz#1859695]
+- Resolves: bz#1859695
+  ([Cloud-init] DHCPv6 assigned address is not added to VM's interface)

-* Mon Sep 07 2020 Eduardo Otubo <otubo@redhat.com> - 19.4-7
- Fix execution fail with backtrace
+* Tue Jan 05 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-7.el8
+- ci-Report-full-specific-version-with-cloud-init-version.patch [bz#1898949]
+- Resolves: bz#1898949
+  (cloud-init should report full specific full version with "cloud-init --version")

-* Mon Sep 07 2020 Eduardo Otubo <otubo@redhat.com> - 19.4-6
- Adding missing patches to spec file
+* Mon Dec 14 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-6.el8
+- ci-Installing-man-pages-in-the-correct-place-with-corre.patch [bz#1612573]
+- ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch [bz#1859695]
+- ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch [bz#1898943]
+- ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch [bz#1862967]
+- Resolves: bz#1612573
+  (Man page scan results for cloud-init)
+- Resolves: bz#1859695
+  ([Cloud-init] DHCPv6 assigned address is not added to VM's interface)
+- Resolves: bz#1898943
+  ([rhel-8]cloud-final.service fails if NetworkManager not installed.)
+- Resolves: bz#1862967
+  ([cloud-init]Customize ssh AuthorizedKeysFile causes login failure)

-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 19.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+* Fri Nov 27 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-5.el8
+- ci-network-Fix-type-and-respect-name-when-rendering-vla.patch [bz#1881462]
+- Resolves: bz#1881462
+  ([rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection)

-* Mon May 25 2020 Miro Hrončok <mhroncok@redhat.com> - 19.4-4
- Rebuilt for Python 3.9
+* Tue Nov 24 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-4.el8
+- ci-Changing-permission-of-cloud-init-generator-to-755.patch [bz#1897528]
+- Resolves: bz#1897528
+  (Change permission on ./systemd/cloud-init-generator.tmpl to 755 instead of 771)

-* Tue Apr 14 2020 Eduardo Otubo <otubo@redhat.com> - 19.4-3
- Fix BZ#1798729 - CVE-2020-8632 cloud-init: Too short random password length
-  in cc_set_password in config/cc_set_passwords.py
- Fix BZ#1798732 - CVE-2020-8631 cloud-init: Use of random.choice when
-  generating random password
+* Fri Nov 13 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-3.el8
+- ci--Removing-net-tools-dependency.patch [bz#1881871]
+- ci--Adding-man-pages-to-Red-Hat-spec-file.patch [bz#1612573]
+- Resolves: bz#1881871
+  (Remove net-tools legacy dependency from spec file)
+- Resolves: bz#1612573
+  (Man page scan results for cloud-init)

-* Sun Feb 23 2020 Dusty Mabe <dusty@dustymabe.com> - 19.4-2
- Fix sed substitutions for unittest2 and assertItemsEqual
- Fix failing unittests by including `BuildRequires: passwd`
-    - The unittests started failing because of upstream commit
-      7c07af2 where cloud-init can now support using `usermod` to
-      lock an account if `passwd` isn't installed. Since `passwd`
-      wasn't installed in our mock buildroot it was choosing to
-      use `usermod` and the unittests were failing. See:
-      https://github.com/canonical/cloud-init/commit/7c07af2
- Add missing files to package
-    - /usr/bin/cloud-id
-    - /usr/share/bash-completion/completions/cloud-init
+* Tue Nov 03 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20.3-2.el8
+- ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch [bz#1889635]
+- ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch [bz#1886430]
+- Resolves: bz#1886430
+  (Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init)
+- Resolves: bz#1889635
+  (Add support for ipv6_autoconf on cloud-init-20.3)

-* Fri Feb 14 2020 Eduardo Otubo <otubo@redhat.com> - 19.4-1
- Updated to 19.4
- Rebasing the Fedora specific patches but removing patches that don't apply anymore
+* Fri Oct 23 2020 Eduardo Otubo <otubo@redhat.com> - 20.3-1.el8
+- Rebase to cloud-init 20.3 [bz#1885185]
+- Resolves: bz#1885185
+  ([RHEL-8.4.0] cloud-init rebase to 20.3)

-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 17.1-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+* Wed Sep 02 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-11.el8
+- ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1794664]
+- Resolves: bz#1794664
+  ([RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init)

-* Fri Nov 08 2019 Miro Hrončok <mhroncok@redhat.com> - 17.1-14
- Drop unneeded build dependency on python3-unittest2
+* Mon Aug 31 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-10.el8
+- ci-Changing-notation-of-subp-call.patch [bz#1839662]
+- Resolves: bz#1839662
+  ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform)

-* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 17.1-13
- Rebuilt for Python 3.8.0rc1 (#1748018)
+* Mon Aug 24 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-9.el8
+- ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1794664]
+- ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1794664]
+- ci-Detect-kernel-version-before-swap-file-creation-428.patch [bz#1794664]
+- Resolves: bz#1794664
+  ([RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init)

-* Sun Aug 18 2019 Miro Hrončok <mhroncok@redhat.com> - 17.1-12
- Rebuilt for Python 3.8
+* Mon Aug 17 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-8.el8
+- ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch [bz#1839662]
+- ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch [bz#1833874]
+- Resolves: bz#1833874
+  ([rhel-8.3]using root user error should cause a non-zero exit code)
+- Resolves: bz#1839662
+  ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform)

-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 17.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+* Fri Jun 26 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-7.el8
+- Fixing cloud-init-generator permissions [bz#1834173]
+- Resolves: bz#1834173
+  ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator)

-* Tue Apr 23 2019 Björn Esser <besser82@fedoraproject.org> - 17.1-10
- Add patch to replace platform.dist() [RH:1695953]
- Add (Build)Requires: python3-distro
+* Thu Jun 25 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-6.el8
+- ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1822343]
+- Resolves: bz#1822343
+  ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log)

-* Tue Apr 23 2019 Björn Esser <besser82@fedoraproject.org> - 17.1-9
- Fix %%systemd_postun macro [RH:1695953]
- Add patch to fix failing test for EPOCHREALTIME bash env [RH:1695953]
+* Wed Jun 24 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-5.el8
+- ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1822343]
+- ci-Render-the-generator-from-template-instead-of-cp.patch [bz#1834173]
+- ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch [bz#1834173]
+- ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch [bz#1834173]
+- Resolves: bz#1822343
+  ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log)
+- Resolves: bz#1834173
+  ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator)

-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 17.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+* Tue Jun 09 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-4.el8
+- ci-changing-ds-identify-patch-from-usr-lib-to-usr-libex.patch [bz#1834173]
+- Resolves: bz#1834173
+  ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator)

-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 17.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+* Mon Jun 01 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-3.el8
+- ci-Make-cloud-init.service-execute-after-network-is-up.patch [bz#1803928]
+- Resolves: bz#1803928
+  ([RHEL8.3] Race condition of starting cloud-init and NetworkManager)

-* Mon Jun 18 2018 Miro Hrončok <mhroncok@redhat.com> - 17.1-6
- Rebuilt for Python 3.7
+* Thu May 28 2020 Miroslav Rezanina <mrezanin@redhat.com> - 19.4-2.el8
+- ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812171]
+- ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812174]
+- ci-Enable-ssh_deletekeys-by-default.patch [bz#1814152]
+- ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1840648]
+- Resolves: bz#1812171
+  (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-8])
+- Resolves: bz#1812174
+  (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-8])
+- Resolves: bz#1814152
+  (CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-8])
+- Resolves: bz#1840648
+  ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok))

-* Sat Apr 21 2018 Lars Kellogg-Stedman <lars@redhat.com> - 17.1-5
- Enable dhcp on EC2 interfaces with only local ipv4 addresses [RH:1569321]
-  (cherry pick upstream commit eb292c1)
+* Mon Apr 20 2020 Miroslav Rezanina <mrezanin@redhat.coM> - 19.4-1.el8.1
+- Rebase to cloud-init 19.4 [bz#1811912]
+- Resolves: bz#1811912
+  ([RHEL-8.2.1] cloud-init rebase to 19.4)

-* Mon Mar 26 2018 Patrick Uiterwijk <puiterwijk@redhat.com> - 17.1-4
- Make sure the patch does not add infinitely many entries
+* Tue Mar 10 2020 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-12.el8
+- ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1807797]
+- Resolves: bz#1807797
+  ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok))

-* Mon Mar 26 2018 Patrick Uiterwijk <puiterwijk@redhat.com> - 17.1-3
- Add patch to retain old values of /etc/sysconfig/network
+* Thu Feb 20 2020 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-11.el8
+- ci-azure-avoid-re-running-cloud-init-when-instance-id-i.patch [bz#1788684]
+- ci-net-skip-bond-interfaces-in-get_interfaces.patch [bz#1768770]
+- ci-net-add-is_master-check-for-filtering-device-list.patch [bz#1768770]
+- Resolves: bz#1768770
+  (cloud-init complaining about enslaved mac)
+- Resolves: bz#1788684
+  ([RHEL-8] cloud-init Azure byte swap (hyperV Gen2 Only))

-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+* Thu Feb 13 2020 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-10.el8
+- ci-cmd-main.py-Fix-missing-modules-init-key-in-modes-di.patch [bz#1802140]
+- Resolves: bz#1802140
+  ([cloud-init][RHEL8.2]cloud-init cloud-final.service fail with KeyError: 'modules-init' after upgrade to version 18.2-1.el7_6.1 in RHV)

-* Wed Oct  4 2017 Garrett Holmstrom <gholms@fedoraproject.org> - 17.1-1
- Updated to 17.1
+* Tue Jan 28 2020 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-9.el8
+- ci-Removing-cloud-user-from-wheel.patch [bz#1785648]
+- Resolves: bz#1785648
+  ([RHEL8]cloud-user added to wheel group and sudoers.d causes 'sudo -v' prompts for passphrase)
+
+* Fri Nov 22 2019 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-8.el8
+- ci-Fix-for-network-configuration-not-persisting-after-r.patch [bz#1706482]
+- ci-util-json.dumps-on-python-2.7-will-handle-UnicodeDec.patch [bz#1744718]
+- Resolves: bz#1706482
+  ([cloud-init][RHVM]cloud-init network configuration does not persist reboot [RHEL 8.2.0])
+- Resolves: bz#1744718
+  ([cloud-init][RHEL8][OpenStack] cloud-init can't persist instance-data.json)
+
+* Mon Jul 15 2019 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-7.el8
+- Fixing TPS [bz#1729864]
+- Resolves: bz#1729864
+ (cloud-init tps fail)
+
+* Thu Jul 04 2019 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-6.el8
+- ci-Revert-azure-ensure-that-networkmanager-hook-script-.patch [bz#1692914]
+- ci-Azure-Return-static-fallback-address-as-if-failed-to.patch [bz#1691986]
+- Resolves: bz#1691986
+  ([Azure] [RHEL 8.1] Cloud-init fixes to support fast provisioning for Azure)
+- Resolves: bz#1692914
+  ([8.1] [WALA][cloud] cloud-init dhclient-hook script has some unexpected side-effects on Azure)
+
+* Mon Jun 03 2019 Miroslav Rezanina <mrezanin@redhat.com> - 18.5-4.el8
+- ci-Azure-Ensure-platform-random_seed-is-always-serializ.patch [bz#1691986]
+- ci-DatasourceAzure-add-additional-logging-for-azure-dat.patch [bz#1691986]
+- ci-Azure-Changes-to-the-Hyper-V-KVP-Reporter.patch [bz#1691986]
+- ci-DataSourceAzure-Adjust-timeout-for-polling-IMDS.patch [bz#1691986]
+- ci-cc_mounts-check-if-mount-a-on-no-change-fstab-path.patch [bz#1691986]
+- Resolves: bz#1691986
+  ([Azure] [RHEL 8.1] Cloud-init fixes to support fast provisioning for Azure)
+
+* Tue Apr 16 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 18.5-3.el8
+- ci-Adding-gating-tests-for-Azure-ESXi-and-AWS.patch [bz#1682786]
+- Resolves: bz#1682786
+  (cloud-init changes blocked until gating tests are added)
+
+* Wed Apr 10 2019 Danilo C. L. de Paula <ddepaula@redhat.com> - 18.5-2
+- Adding gating.yaml file
+- Resolves: rhbz#1682786
+  (cloud-init changes blocked until gating tests are added)
+
+
+* Wed Apr 10 2019 Danilo de Paula <ddepaula@redhat.com: - 18.5-1.el8
+- Rebase to cloud-init 18.5
+- Resolves: bz#1687563
+  (cloud-init 18.5 rebase for fast provisioning on Azure [RHEL 8.0.1])
+
+* Wed Jan 23 2019 Miroslav Rezanina <mrezanin@redhat.com> - 18.2-6.el8
+- ci-net-Make-sysconfig-renderer-compatible-with-Network-.patch [bz#1602784]
+- Resolves: bz#1602784
+  (cloud-init: Sometimes image boots fingerprints is configured, there's a network device present but it's not configured)
+
+* Fri Jan 18 2019 Miroslav Rezanina <mrezanin@redhat.com> - 18.2-5.el8
+- ci-Fix-string-missmatch-when-mounting-ntfs.patch [bz#1664227]
+- Resolves: bz#1664227
+  ([Azure]String missmatch causes the /dev/sdb1 mounting failed after stop&start VM)
+
+* Thu Jan 10 2019 Miroslav Rezanina <mrezanin@redhat.com> - 18.2-4.el8
+- ci-Enable-cloud-init-by-default-on-vmware.patch [bz#1644335]
+- Resolves: bz#1644335
+  ([ESXi][RHEL8.0]Enable cloud-init by default on VMware)
+
+* Wed Nov 28 2018 Miroslav Rezanina <mrezanin@redhat.com> - 18.2-3.el8
+- ci-Adding-systemd-mount-options-to-wait-for-cloud-init.patch [bz#1615599]
+- ci-Azure-Ignore-NTFS-mount-errors-when-checking-ephemer.patch [bz#1615599]
+- ci-azure-Add-reported-ready-marker-file.patch [bz#1615599]
+- ci-Adding-disk_setup-to-rhel-cloud.cfg.patch [bz#1615599]
+- Resolves: bz#1615599
+  ([Azure] cloud-init fails to mount /dev/sdb1 after stop(deallocate)&&start VM)
+
+* Tue Nov 06 2018 Miroslav Rezanina <mrezanin@redhat.com> - 18.2-2.el7
+- Revert "remove 'tee' command from logging configuration" [bz#1626117]
+- Resolves: rhbz#1626117]
+  (cloud-init-0.7.9-9 doesn't feed cloud-init-output.log)
+
+* Fri Jun 29 2018 Miroslav Rezanina <mrezanin@redhat.com> - 18.2-1.el7
+- Rebase to 18.2 [bz#1515909]
+  Resolves: rhbz#1515909
+
+* Tue Feb 13 2018 Ryan McCabe <rmccabe@redhat.com> 0.7.9-24
+- Set DHCP_HOSTNAME on Azure to allow for the hostname to be
+  published correctly when bouncing the network.
+  Resolves: rhbz#1434109
+
+* Mon Jan 15 2018 Ryan McCabe <rmccabe@redhat.com> 0.7.9-23
+- Fix a bug tha caused cloud-init to fail as a result of trying
+  to rename bonds.
+  Resolves: rhbz#1512247
+
+* Mon Jan 15 2018 Ryan McCabe <rmccabe@redhat.com> 0.7.9-22
+- Apply patch from -21
+  Resolves: rhbz#1489270
+
+* Mon Jan 15 2018 Ryan McCabe <rmccabe@redhat.com> 0.7.9-21
+- sysconfig: Fix a potential traceback introduced in the
+  0.7.9-17 build
+  Resolves: rhbz#1489270
+
+* Sun Dec 17 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-20
+- sysconfig: Correct rendering for dhcp on ipv6
+  Resolves: rhbz#1519271
+
+* Thu Nov 30 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-19
+- sysconfig: Fix rendering of default gateway for ipv6
+  Resolves: rhbz#1492726
+
+* Fri Nov 24 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-18
+- Start the cloud-init init local service after the dbus socket is created
+  so that the hostnamectl command works.
+  Resolves: rhbz#1450521
+
+* Tue Nov 21 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-17
+- Correctly render DNS and DOMAIN for sysconfig
+  Resolves: rhbz#1489270
+
+* Mon Nov 20 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-16
+- Disable NetworkManager management of resolv.conf if nameservers
+  are specified by configuration.
+  Resolves: rhbz#1454491
+
+* Mon Nov 13 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-15
+- Fix a null reference error in the rh_subscription module
+  Resolves: rhbz#1498974
+
+* Mon Nov 13 2017 Ryan McCabe <rmccabe@redhat.com> 0-7.9-14
+- Include gateway if it's included in subnet configration
+  Resolves: rhbz#1492726
+
+* Sun Nov 12 2017 Ryan McCabe <rmccabe@redhat.com> 0-7.9-13
+- Do proper cleanup of systemd units when upgrading from versions
+  0.7.9-3 through 0.7.9-8.
+  Resolves: rhbz#1465730
+
+* Thu Nov 09 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-12
+- Prevent Azure NM and dhclient hooks from running when cloud-init is
+  disabled (rhbz#1474226)
+
+* Tue Oct 31 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-11
+- Fix rendering of multiple static IPs per interface file
+  Resolves: rhbz#bz1497954

 * Tue Sep 26 2017 Ryan McCabe <rmccabe@redhat.com> 0.7.9-10
 - AliCloud: Add support for the Alibaba Cloud datasource (rhbz#1482547)