From 25dc8023e0bfb131e6e8171e78bb5939a29525e0 Mon Sep 17 00:00:00 2001 From: Elkhan Mammadli Date: Thu, 13 Mar 2025 18:23:03 +0400 Subject: [PATCH] fix: fix and improve almalinux and cloudlinux support - Fix cc_ntp module. - Add support to cc_ca_certs module. - Improve support for systemd integration. Signed-off-by: Elkhan Mammadli --- cloudinit/config/cc_ca_certs.py | 8 ++++ cloudinit/config/cc_ntp.py | 3 ++ cloudinit/settings.py | 2 +- systemd/cloud-config.service.tmpl | 2 +- systemd/cloud-final.service.tmpl | 4 +- systemd/cloud-init-local.service.tmpl | 12 ++--- systemd/cloud-init.service.tmpl | 4 +- templates/chrony.conf.almalinux.tmpl | 51 +++++++++++++++++++++ templates/chrony.conf.cloudlinux.tmpl | 51 +++++++++++++++++++++ templates/ntp.conf.almalinux.tmpl | 64 +++++++++++++++++++++++++++ templates/ntp.conf.cloudlinux.tmpl | 64 +++++++++++++++++++++++++++ 11 files changed, 253 insertions(+), 12 deletions(-) create mode 100644 templates/chrony.conf.almalinux.tmpl create mode 100644 templates/chrony.conf.cloudlinux.tmpl create mode 100644 templates/ntp.conf.almalinux.tmpl create mode 100644 templates/ntp.conf.cloudlinux.tmpl diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index 8d3fd9a..4dd5843 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -57,6 +57,12 @@ for distro in ( ): DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["opensuse"] +for distro in ( + "almalinux", + "cloudlinux", +): + DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["rhel"] + MODULE_DESCRIPTION = """\ This module adds CA certificates to the system's CA store and updates any related files using the appropriate OS-specific utility. The default CA @@ -72,6 +78,8 @@ configuration option ``remove_defaults``. order to provide the ``update-ca-certificates`` command. """ distros = [ + "almalinux", + "cloudlinux", "alpine", "debian", "fedora", diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py index 9eef24f..653db7d 100644 --- a/cloudinit/config/cc_ntp.py +++ b/cloudinit/config/cc_ntp.py @@ -227,6 +227,9 @@ for distro in ("opensuse-microos", "opensuse-tumbleweed", "opensuse-leap"): for distro in ("sle_hpc", "sle-micro"): DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["sles"] +for distro in ("almalinux", "cloudlinux", "rocky"): + DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["rhel"] + # The schema definition for each cloud-config module is a strict contract for # describing supported configuration parameters for each cloud-config section. # It allows cloud-config to validate and alert users to invalid or ignored diff --git a/cloudinit/settings.py b/cloudinit/settings.py index 3a581e5..def6d4b 100644 --- a/cloudinit/settings.py +++ b/cloudinit/settings.py @@ -61,7 +61,7 @@ CFG_BUILTIN = { "cloud_dir": "/var/lib/cloud", "templates_dir": "/etc/cloud/templates/", }, - "distro": "rhel", + "distro": "almalinux", "network": {"renderers": None}, }, "vendor_data": {"enabled": True, "prefix": []}, diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl index 76e50ae..047969a 100644 --- a/systemd/cloud-config.service.tmpl +++ b/systemd/cloud-config.service.tmpl @@ -5,7 +5,7 @@ After=network-online.target cloud-config.target After=snapd.seeded.service Before=systemd-user-sessions.service Wants=network-online.target cloud-config.target -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl index 85f423a..578c7f4 100644 --- a/systemd/cloud-final.service.tmpl +++ b/systemd/cloud-final.service.tmpl @@ -7,7 +7,7 @@ After=multi-user.target Before=apt-daily.service {% endif %} Wants=network-online.target cloud-config.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} @@ -19,7 +19,7 @@ ExecStart=/usr/bin/cloud-init modules --mode=final RemainAfterExit=yes TimeoutSec=0 KillMode=process -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} # Restart NetworkManager if it is present and running. ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ out=$(systemctl show --property=SubState $u) || exit; \ diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl index 6f3f9d8..3f56494 100644 --- a/systemd/cloud-init-local.service.tmpl +++ b/systemd/cloud-init-local.service.tmpl @@ -1,23 +1,23 @@ ## template:jinja [Unit] Description=Initial cloud-init job (pre-networking) -{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %} +{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel"] %} DefaultDependencies=no {% endif %} Wants=network-pre.target After=hv_kvp_daemon.service After=systemd-remount-fs.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Requires=dbus.socket After=dbus.socket {% endif %} Before=NetworkManager.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Before=network.service {% endif %} Before=network-pre.target Before=shutdown.target -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Before=firewalld.target Conflicts=shutdown.target {% endif %} @@ -26,14 +26,14 @@ Before=sysinit.target Conflicts=shutdown.target {% endif %} RequiresMountsFor=/var/lib/cloud -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} [Service] Type=oneshot -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ExecStartPre=/bin/mkdir -p /run/cloud-init ExecStartPre=/sbin/restorecon /run/cloud-init ExecStartPre=/usr/bin/touch /run/cloud-init/enabled diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl index 26d2e39..71f867e 100644 --- a/systemd/cloud-init.service.tmpl +++ b/systemd/cloud-init.service.tmpl @@ -1,7 +1,7 @@ ## template:jinja [Unit] Description=Initial cloud-init job (metadata service crawler) -{% if variant not in ["photon", "rhel"] %} +{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %} DefaultDependencies=no {% endif %} Wants=cloud-init-local.service @@ -38,7 +38,7 @@ Conflicts=shutdown.target Before=shutdown.target Conflicts=shutdown.target {% endif %} -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} diff --git a/templates/chrony.conf.almalinux.tmpl b/templates/chrony.conf.almalinux.tmpl new file mode 100644 index 0000000..43b1f5d --- /dev/null +++ b/templates/chrony.conf.almalinux.tmpl @@ -0,0 +1,51 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/templates/chrony.conf.cloudlinux.tmpl b/templates/chrony.conf.cloudlinux.tmpl new file mode 100644 index 0000000..43b1f5d --- /dev/null +++ b/templates/chrony.conf.cloudlinux.tmpl @@ -0,0 +1,51 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/templates/ntp.conf.almalinux.tmpl b/templates/ntp.conf.almalinux.tmpl new file mode 100644 index 0000000..6d166aa --- /dev/null +++ b/templates/ntp.conf.almalinux.tmpl @@ -0,0 +1,64 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/templates/ntp.conf.cloudlinux.tmpl b/templates/ntp.conf.cloudlinux.tmpl new file mode 100644 index 0000000..6d166aa --- /dev/null +++ b/templates/ntp.conf.cloudlinux.tmpl @@ -0,0 +1,64 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats -- 2.48.1