cloud-init/SOURCES/0001-Fix-and-Improve-AlmaLinux-support.patch
Elkhan Mammadli 51bef461c2
Fix and Improve AlmaLinux support
Add a new patch to fix some module errors and improve AlmaLinux support

Signed-off-by: Elkhan Mammadli <elkhan.mammadli@protonmail.com>
2023-02-21 01:05:46 +04:00

520 lines
18 KiB
Diff

From 4ca71d349bb17d6e4e00077064f68053c24b176e Mon Sep 17 00:00:00 2001
From: Elkhan Mammadli <elkhan.mammadli@protonmail.com>
Date: Sun, 19 Feb 2023 15:57:36 +0400
Subject: [PATCH] Fix and Improve AlmaLinux support
- Fix cc_yum_add_repo module
- Fix cc_ntp module
- Add support for cc_ca_certs module
- Improve the AlmaLinux support in Cloud-init configuration
- Improve the AlmaLinux support in Cloud-init systemd services
- Add support to Rbx Cloud Datasource
Signed-off-by: Elkhan Mammadli <elkhan.mammadli@protonmail.com>
---
cloudinit/config/cc_ca_certs.py | 9 +++-
cloudinit/settings.py | 2 +-
cloudinit/sources/DataSourceRbxCloud.py | 2 +-
config/cloud.cfg.tmpl | 10 ++--
packages/pkg-deps.json | 14 ++++++
systemd/cloud-config.service.tmpl | 2 +-
systemd/cloud-final.service.tmpl | 4 +-
systemd/cloud-init-local.service.tmpl | 12 ++---
systemd/cloud-init.service.tmpl | 4 +-
templates/chrony.conf.almalinux.tmpl | 45 ++++++++++++++++++
templates/ntp.conf.almalinux.tmpl | 61 +++++++++++++++++++++++++
tests/unittests/test_net.py | 1 +
tests/unittests/test_render_cloudcfg.py | 2 +
tools/read-dependencies | 8 +++-
tools/run-container | 12 ++---
15 files changed, 161 insertions(+), 27 deletions(-)
create mode 100644 templates/chrony.conf.almalinux.tmpl
create mode 100644 templates/ntp.conf.almalinux.tmpl
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 6084cb4..55746ea 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -19,6 +19,13 @@ DEFAULT_CONFIG = {
"ca_cert_update_cmd": ["update-ca-certificates"],
}
DISTRO_OVERRIDES = {
+ "almalinux": {
+ "ca_cert_path": "/usr/share/pki/ca-trust-source/",
+ "ca_cert_filename": "anchors/cloud-init-ca-certs.crt",
+ "ca_cert_config": None,
+ "ca_cert_system_path": "/etc/pki/ca-trust/",
+ "ca_cert_update_cmd": ["update-ca-trust"],
+ },
"rhel": {
"ca_cert_path": "/usr/share/pki/ca-trust-source/",
"ca_cert_filename": "anchors/cloud-init-ca-certs.crt",
@@ -43,7 +50,7 @@ can be removed from the system with the configuration option
ca-certificates package is installed but not if the
ca-certificates-bundle package is installed.
"""
-distros = ["alpine", "debian", "ubuntu", "rhel"]
+distros = ["almalinux", "alpine", "debian", "ubuntu", "rhel"]
meta: MetaSchema = {
"id": "cc_ca_certs",
diff --git a/cloudinit/settings.py b/cloudinit/settings.py
index 71672e1..e8224f8 100644
--- a/cloudinit/settings.py
+++ b/cloudinit/settings.py
@@ -58,7 +58,7 @@ CFG_BUILTIN = {
"cloud_dir": "/var/lib/cloud",
"templates_dir": "/etc/cloud/templates/",
},
- "distro": "rhel",
+ "distro": "almalinux",
"network": {"renderers": None},
},
"vendor_data": {"enabled": True, "prefix": []},
diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py
index 14ac77e..7cd14a1 100644
--- a/cloudinit/sources/DataSourceRbxCloud.py
+++ b/cloudinit/sources/DataSourceRbxCloud.py
@@ -55,7 +55,7 @@ def _sub_arp(cmd):
def gratuitous_arp(items, distro):
source_param = "-S"
- if distro.name in ["fedora", "centos", "rhel"]:
+ if distro.name in ["almalinux", "fedora", "centos", "rhel"]:
source_param = "-s"
for item in items:
try:
diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
index 80ab4f9..ce63c1b 100644
--- a/config/cloud.cfg.tmpl
+++ b/config/cloud.cfg.tmpl
@@ -34,7 +34,7 @@ disable_root: true
{% if variant in ["almalinux", "alpine", "amazon", "centos", "cloudlinux", "eurolinux",
"fedora", "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %}
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2']
{% else %}
mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
@@ -70,7 +70,7 @@ network:
config: disabled
{% endif %}
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
# Default redhat settings:
ssh_deletekeys: true
ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']
@@ -119,7 +119,7 @@ cloud_config_modules:
{% endif %}
{% if variant not in ["photon"] %}
- ssh-import-id
-{% if variant not in ["rhel"] %}
+{% if variant not in ["almalinux", "rhel"] %}
- keyboard
{% endif %}
- locale
@@ -128,7 +128,7 @@ cloud_config_modules:
{% if variant in ["rhel"] %}
- rh_subscription
{% endif %}
-{% if variant in ["rhel", "fedora", "photon"] %}
+{% if variant in ["almalinux", "rhel", "fedora", "photon"] %}
{% if variant not in ["photon"] %}
- spacewalk
{% endif %}
@@ -275,7 +275,7 @@ system_info:
groups: [adm, sudo]
{% elif variant == "arch" %}
groups: [wheel, users]
-{% elif variant == "rhel" %}
+{% elif variant in ["almalinux", "rhel"] %}
groups: [adm, systemd-journal]
{% else %}
groups: [wheel, adm, systemd-journal]
diff --git a/packages/pkg-deps.json b/packages/pkg-deps.json
index eaf1346..0c22fd4 100644
--- a/packages/pkg-deps.json
+++ b/packages/pkg-deps.json
@@ -13,6 +13,20 @@
"procps"
]
},
+ "almalinux" : {
+ "build-requires" : [
+ "python3-devel"
+ ],
+ "requires" : [
+ "e2fsprogs",
+ "iproute",
+ "net-tools",
+ "procps",
+ "rsyslog",
+ "shadow-utils",
+ "sudo"
+ ]
+ },
"centos" : {
"build-requires" : [
"python3-devel"
diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl
index d5568a6..4b88f83 100644
--- a/systemd/cloud-config.service.tmpl
+++ b/systemd/cloud-config.service.tmpl
@@ -4,7 +4,7 @@ Description=Apply the settings specified in cloud-config
After=network-online.target cloud-config.target
After=snapd.seeded.service
Wants=network-online.target cloud-config.target
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
ConditionPathExists=!/etc/cloud/cloud-init.disabled
ConditionKernelCommandLine=!cloud-init=disabled
{% endif %}
diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl
index 85f423a..aa5990c 100644
--- a/systemd/cloud-final.service.tmpl
+++ b/systemd/cloud-final.service.tmpl
@@ -7,7 +7,7 @@ After=multi-user.target
Before=apt-daily.service
{% endif %}
Wants=network-online.target cloud-config.service
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
ConditionPathExists=!/etc/cloud/cloud-init.disabled
ConditionKernelCommandLine=!cloud-init=disabled
{% endif %}
@@ -19,7 +19,7 @@ ExecStart=/usr/bin/cloud-init modules --mode=final
RemainAfterExit=yes
TimeoutSec=0
KillMode=process
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
# Restart NetworkManager if it is present and running.
ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \
out=$(systemctl show --property=SubState $u) || exit; \
diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl
index a6b8265..29ac717 100644
--- a/systemd/cloud-init-local.service.tmpl
+++ b/systemd/cloud-init-local.service.tmpl
@@ -1,23 +1,23 @@
## template:jinja
[Unit]
Description=Initial cloud-init job (pre-networking)
-{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %}
+{% if variant in ["almalinux", "ubuntu", "unknown", "debian", "rhel" ] %}
DefaultDependencies=no
{% endif %}
Wants=network-pre.target
After=hv_kvp_daemon.service
After=systemd-remount-fs.service
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
Requires=dbus.socket
After=dbus.socket
{% endif %}
Before=NetworkManager.service
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
Before=network.service
{% endif %}
Before=network-pre.target
Before=shutdown.target
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
Before=firewalld.target
Conflicts=shutdown.target
{% endif %}
@@ -26,14 +26,14 @@ Before=sysinit.target
Conflicts=shutdown.target
{% endif %}
RequiresMountsFor=/var/lib/cloud
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
ConditionPathExists=!/etc/cloud/cloud-init.disabled
ConditionKernelCommandLine=!cloud-init=disabled
{% endif %}
[Service]
Type=oneshot
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
ExecStartPre=/bin/mkdir -p /run/cloud-init
ExecStartPre=/sbin/restorecon /run/cloud-init
ExecStartPre=/usr/bin/touch /run/cloud-init/enabled
diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl
index c170aef..08da708 100644
--- a/systemd/cloud-init.service.tmpl
+++ b/systemd/cloud-init.service.tmpl
@@ -1,7 +1,7 @@
## template:jinja
[Unit]
Description=Initial cloud-init job (metadata service crawler)
-{% if variant not in ["photon", "rhel"] %}
+{% if variant not in ["almalinux", "photon", "rhel"] %}
DefaultDependencies=no
{% endif %}
Wants=cloud-init-local.service
@@ -36,7 +36,7 @@ Before=shutdown.target
Conflicts=shutdown.target
{% endif %}
Before=systemd-user-sessions.service
-{% if variant == "rhel" %}
+{% if variant in ["almalinux", "rhel"] %}
ConditionPathExists=!/etc/cloud/cloud-init.disabled
ConditionKernelCommandLine=!cloud-init=disabled
{% endif %}
diff --git a/templates/chrony.conf.almalinux.tmpl b/templates/chrony.conf.almalinux.tmpl
new file mode 100644
index 0000000..5b3542e
--- /dev/null
+++ b/templates/chrony.conf.almalinux.tmpl
@@ -0,0 +1,45 @@
+## template:jinja
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
diff --git a/templates/ntp.conf.almalinux.tmpl b/templates/ntp.conf.almalinux.tmpl
new file mode 100644
index 0000000..62b4776
--- /dev/null
+++ b/templates/ntp.conf.almalinux.tmpl
@@ -0,0 +1,61 @@
+## template:jinja
+
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface. This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+#broadcast 192.168.1.255 autokey # broadcast server
+#broadcastclient # broadcast client
+#broadcast 224.0.1.1 autokey # multicast server
+#multicastclient 224.0.1.1 # multicast client
+#manycastserver 239.255.254.254 # manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
index 591241b..05aa3f9 100644
--- a/tests/unittests/test_net.py
+++ b/tests/unittests/test_net.py
@@ -6254,6 +6254,7 @@ class TestNetRenderers(CiTestCase):
def test_sysconfig_available_uses_variant_mapping(self, m_info, m_avail):
m_avail.return_value = True
variants = [
+ "almalinux",
"suse",
"centos",
"eurolinux",
diff --git a/tests/unittests/test_render_cloudcfg.py b/tests/unittests/test_render_cloudcfg.py
index 9f95d44..f1844e9 100644
--- a/tests/unittests/test_render_cloudcfg.py
+++ b/tests/unittests/test_render_cloudcfg.py
@@ -9,6 +9,7 @@ from tests.unittests.helpers import cloud_init_project_dir
# TODO(Look to align with tools.render-cloudcfg or cloudinit.distos.OSFAMILIES)
DISTRO_VARIANTS = [
+ "almalinux",
"amazon",
"arch",
"centos",
@@ -66,6 +67,7 @@ class TestRenderCloudCfg:
system_cfg = util.load_yaml(stream.read())
default_user_exceptions = {
+ "almalinux": "almalinux",
"amazon": "ec2-user",
"debian": "ubuntu",
"rhel": "cloud-user",
diff --git a/tools/read-dependencies b/tools/read-dependencies
index efa5879..7888c8f 100755
--- a/tools/read-dependencies
+++ b/tools/read-dependencies
@@ -22,6 +22,7 @@ DEFAULT_REQUIREMENTS = 'requirements.txt'
# Map the appropriate package dir needed for each distro choice
DISTRO_PKG_TYPE_MAP = {
+ 'almalinux': 'redhat',
'centos': 'redhat',
'eurolinux': 'redhat',
'miraclelinux': 'redhat',
@@ -68,6 +69,7 @@ ZYPPER_INSTALL = [
'--auto-agree-with-licenses']
DRY_DISTRO_INSTALL_PKG_CMD = {
+ 'almalinux': ['yum', 'install', '--assumeyes'],
'rocky': ['yum', 'install', '--assumeyes'],
'centos': ['yum', 'install', '--assumeyes'],
'eurolinux': ['yum', 'install', '--assumeyes'],
@@ -76,6 +78,7 @@ DRY_DISTRO_INSTALL_PKG_CMD = {
}
DISTRO_INSTALL_PKG_CMD = {
+ 'almalinux': MAYBE_RELIABLE_YUM_INSTALL,
'rocky': MAYBE_RELIABLE_YUM_INSTALL,
'eurolinux': MAYBE_RELIABLE_YUM_INSTALL,
'miraclelinux': MAYBE_RELIABLE_YUM_INSTALL,
@@ -90,6 +93,7 @@ DISTRO_INSTALL_PKG_CMD = {
# List of base system packages required to enable ci automation
CI_SYSTEM_BASE_PKGS = {
+ 'almalinux': ['python3-tox'],
'common': ['make', 'sudo', 'tar'],
'eurolinux': ['python3-tox'],
'miraclelinux': ['python3-tox'],
@@ -285,10 +289,10 @@ def pkg_install(pkg_list, distro, test_distro=False, dry_run=False):
cmd = DRY_DISTRO_INSTALL_PKG_CMD[distro]
install_cmd.extend(cmd)
- if distro in ['centos', 'redhat', 'rocky', 'eurolinux']:
+ if distro in ['almalinux', 'centos', 'redhat', 'rocky', 'eurolinux']:
# CentOS and Redhat need epel-release to access oauthlib and jsonschema
subprocess.check_call(install_cmd + ['epel-release'])
- if distro in ['suse', 'opensuse', 'redhat', 'rocky', 'centos', 'eurolinux']:
+ if distro in ['almalinux', 'suse', 'opensuse', 'redhat', 'rocky', 'centos', 'eurolinux']:
pkg_list.append('rpm-build')
subprocess.check_call(install_cmd + pkg_list)
diff --git a/tools/run-container b/tools/run-container
index e049dfd..02088aa 100755
--- a/tools/run-container
+++ b/tools/run-container
@@ -102,7 +102,7 @@ inject_cloud_init(){
}
local t=${gitdir%/*}
case "$t" in
- */worktrees)
+ */worktrees)
if [ -f "${t%worktrees}/config" ]; then
gitdir="${t%worktrees}"
fi
@@ -191,7 +191,7 @@ os_info() {
get_os_info() {
# run inside container, set OS_NAME, OS_VERSION
- # example OS_NAME are centos, debian, opensuse, rockylinux
+ # example OS_NAME are almalinux, centos, debian, opensuse, rockylinux
[ -n "${OS_NAME:-}" -a -n "${OS_VERSION:-}" ] && return 0
if [ -f /etc/os-release ]; then
OS_NAME=$(sh -c '. /etc/os-release; echo $ID')
@@ -247,7 +247,7 @@ apt_install() {
install_packages() {
get_os_info || return
case "$OS_NAME" in
- centos|rocky*) yum_install "$@";;
+ almalinux|centos|rocky*) yum_install "$@";;
opensuse) zypper_install "$@";;
debian|ubuntu) apt_install "$@";;
*) error "Do not know how to install packages on ${OS_NAME}";
@@ -486,16 +486,16 @@ main() {
local build_pkg="" build_srcpkg="" pkg_ext="" distflag=""
case "$OS_NAME" in
- centos|rocky) distflag="--distro=redhat";;
+ almalinux|centos|rocky) distflag="--distro=redhat";;
opensuse) distflag="--distro=suse";;
esac
case "$OS_NAME" in
debian|ubuntu)
- build_pkg="./packages/bddeb -d"
+ build_pkg="./packages/bddeb -d"
build_srcpkg="./packages/bddeb -S -d"
pkg_ext=".deb";;
- centos|opensuse|rocky)
+ almalinux|centos|opensuse|rocky)
build_pkg="./packages/brpm $distflag"
build_srcpkg="./packages/brpm $distflag --srpm"
pkg_ext=".rpm";;
--
2.39.2