config.yaml

@@ -5,12 +5,12 @@ actions:
       enabled: true
 
   - changelog_entry:
-      - name: "Elkhan Mammadli"
+      - name: "Eduard Abdullin"
-        email: "elkhan@almalinux.org"
+        email: "eabdullin@almalinux.org"
         line:
-          - "Add-AlmaLinux-OS-and-CloudLinux-OS-support-to.patch"
+          - "0001-Improvements-for-AlmaLinux-OS-and-CloudLinux-OS.patch"
 
   - add_files:
       - type: "patch"
-        name: "0001-Add-AlmaLinux-OS-and-CloudLinux-OS-support-to.patch"
+        name: "0001-Improvements-for-AlmaLinux-OS-and-CloudLinux-OS.patch"
-        number: 3100
+        number: 100

files/0001-Add-AlmaLinux-OS-and-CloudLinux-OS-support-to.patch

@@ -1,58 +0,0 @@
-From 8dacdbc12f018d8eb4a4a1be31a4b1943a61158a Mon Sep 17 00:00:00 2001
-From: eabdullin <eabdullin@almalinux.org>
-Date: Mon, 17 Mar 2025 16:31:19 +0300
-Subject: [PATCH] Add AlmaLinux OS and CloudLinux OS support to:
-
-Modules:
-- cc_resolv_conf
-
-Datasources:
-- Rbx Cloud Datasource
----
- cloudinit/config/cc_resolv_conf.py      | 2 ++
- cloudinit/settings.py                   | 2 +-
- cloudinit/sources/DataSourceRbxCloud.py | 2 +-
- 3 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/cloudinit/config/cc_resolv_conf.py b/cloudinit/config/cc_resolv_conf.py
-index 920c539..d506b2e 100644
---- a/cloudinit/config/cc_resolv_conf.py
-+++ b/cloudinit/config/cc_resolv_conf.py
-@@ -26,6 +26,8 @@ RESOLVE_CONFIG_TEMPLATE_MAP = {
- meta: MetaSchema = {
-     "id": "cc_resolv_conf",
-     "distros": [
-+        "almalinux",
-+        "cloudlinux",
-         "alpine",
-         "azurelinux",
-         "fedora",
-diff --git a/cloudinit/settings.py b/cloudinit/settings.py
-index ea7ac28..06c9c97 100644
---- a/cloudinit/settings.py
-+++ b/cloudinit/settings.py
-@@ -64,7 +64,7 @@ CFG_BUILTIN = {
-             "docs_dir": "/usr/share/doc/cloud-init/",
-             "templates_dir": "/etc/cloud/templates/",
-         },
--        "distro": "rhel",
-+        "distro": "almalinux",
-         "network": {"renderers": None},
-     },
-     "vendor_data": {"enabled": True, "prefix": []},
-diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py
-index 2fba114..1b1b667 100644
---- a/cloudinit/sources/DataSourceRbxCloud.py
-+++ b/cloudinit/sources/DataSourceRbxCloud.py
-@@ -60,7 +60,7 @@ def _sub_arp(cmd):
- 
- def gratuitous_arp(items, distro):
-     source_param = "-S"
--    if distro.name in ["fedora", "centos", "rhel"]:
-+    if distro.name in ["almalinux", "fedora", "centos", "cloudlinux", "rhel"]:
-         source_param = "-s"
-     for item in items:
-         try:
--- 
-2.39.5 (Apple Git-154)
-

files/0001-Improvements-for-AlmaLinux-OS-and-CloudLinux-OS.patch

@@ -0,0 +1,473 @@
+From 4650b8c8819bd6b9f6163567f2b8f8e94ee5ee3c Mon Sep 17 00:00:00 2001
+From: Elkhan Mammadli <elkhan.mammadli@protonmail.com>
+Date: Thu, 13 Mar 2025 18:23:03 +0400
+Subject: [PATCH] Improvements for AlmaLinux OS and CloudLinux OS
+
+- Fix cc_ntp module.
+- Add support to cc_ca_certs module.
+- Improve support for systemd integration.
+
+Signed-off-by: Andrew Lukoshko <alukoshko@almalinux.org>
+---
+ cloudinit/config/cc_ca_certs.py         |  8 ++++
+ cloudinit/config/cc_ntp.py              |  3 ++
+ cloudinit/config/cc_resolv_conf.py      |  2 +
+ cloudinit/settings.py                   |  2 +-
+ cloudinit/sources/DataSourceRbxCloud.py |  2 +-
+ systemd/cloud-config.service.tmpl       |  2 +-
+ systemd/cloud-final.service.tmpl        |  4 +-
+ systemd/cloud-init-local.service.tmpl   | 12 ++---
+ systemd/cloud-init.service.tmpl         |  4 +-
+ templates/chrony.conf.almalinux.tmpl    | 51 ++++++++++++++++++++
+ templates/chrony.conf.cloudlinux.tmpl   | 51 ++++++++++++++++++++
+ templates/ntp.conf.almalinux.tmpl       | 64 +++++++++++++++++++++++++
+ templates/ntp.conf.cloudlinux.tmpl      | 64 +++++++++++++++++++++++++
+ 13 files changed, 256 insertions(+), 13 deletions(-)
+ create mode 100644 templates/chrony.conf.almalinux.tmpl
+ create mode 100644 templates/chrony.conf.cloudlinux.tmpl
+ create mode 100644 templates/ntp.conf.almalinux.tmpl
+ create mode 100644 templates/ntp.conf.cloudlinux.tmpl
+
+diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
+index 8d3fd9a..4dd5843 100644
+--- a/cloudinit/config/cc_ca_certs.py
++++ b/cloudinit/config/cc_ca_certs.py
+@@ -57,6 +57,12 @@ for distro in (
+ ):
+     DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["opensuse"]
+ 
++for distro in (
++    "almalinux",
++    "cloudlinux",
++):
++    DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["rhel"]
++
+ MODULE_DESCRIPTION = """\
+ This module adds CA certificates to the system's CA store and updates any
+ related files using the appropriate OS-specific utility. The default CA
+@@ -72,6 +78,8 @@ configuration option ``remove_defaults``.
+     order to provide the ``update-ca-certificates`` command.
+ """
+ distros = [
++    "almalinux",
++    "cloudlinux",
+     "alpine",
+     "debian",
+     "fedora",
+diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py
+index 9eef24f..653db7d 100644
+--- a/cloudinit/config/cc_ntp.py
++++ b/cloudinit/config/cc_ntp.py
+@@ -227,6 +227,9 @@ for distro in ("opensuse-microos", "opensuse-tumbleweed", "opensuse-leap"):
+ for distro in ("sle_hpc", "sle-micro"):
+     DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["sles"]
+ 
++for distro in ("almalinux", "cloudlinux", "rocky"):
++    DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["rhel"]
++
+ # The schema definition for each cloud-config module is a strict contract for
+ # describing supported configuration parameters for each cloud-config section.
+ # It allows cloud-config to validate and alert users to invalid or ignored
+diff --git a/cloudinit/config/cc_resolv_conf.py b/cloudinit/config/cc_resolv_conf.py
+index aa88919..4eb1d76 100644
+--- a/cloudinit/config/cc_resolv_conf.py
++++ b/cloudinit/config/cc_resolv_conf.py
+@@ -57,7 +57,9 @@ meta: MetaSchema = {
+     "title": "Configure resolv.conf",
+     "description": MODULE_DESCRIPTION,
+     "distros": [
++        "almalinux",
+         "alpine",
++        "cloudlinux",
+         "fedora",
+         "mariner",
+         "opensuse",
+diff --git a/cloudinit/settings.py b/cloudinit/settings.py
+index 3a581e5..def6d4b 100644
+--- a/cloudinit/settings.py
++++ b/cloudinit/settings.py
+@@ -61,7 +61,7 @@ CFG_BUILTIN = {
+             "cloud_dir": "/var/lib/cloud",
+             "templates_dir": "/etc/cloud/templates/",
+         },
+-        "distro": "rhel",
++        "distro": "almalinux",
+         "network": {"renderers": None},
+     },
+     "vendor_data": {"enabled": True, "prefix": []},
+diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py
+index 9214f1b..14880ec 100644
+--- a/cloudinit/sources/DataSourceRbxCloud.py
++++ b/cloudinit/sources/DataSourceRbxCloud.py
+@@ -60,7 +60,7 @@ def _sub_arp(cmd):
+ 
+ def gratuitous_arp(items, distro):
+     source_param = "-S"
+-    if distro.name in ["fedora", "centos", "rhel"]:
++    if distro.name in ["almalinux", "fedora", "centos", "cloudlinux", "rhel"]:
+         source_param = "-s"
+     for item in items:
+         try:
+diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl
+index 76e50ae..047969a 100644
+--- a/systemd/cloud-config.service.tmpl
++++ b/systemd/cloud-config.service.tmpl
+@@ -5,7 +5,7 @@ After=network-online.target cloud-config.target
+ After=snapd.seeded.service
+ Before=systemd-user-sessions.service
+ Wants=network-online.target cloud-config.target
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ ConditionKernelCommandLine=!cloud-init=disabled
+ {% endif %}
+diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl
+index 85f423a..578c7f4 100644
+--- a/systemd/cloud-final.service.tmpl
++++ b/systemd/cloud-final.service.tmpl
+@@ -7,7 +7,7 @@ After=multi-user.target
+ Before=apt-daily.service
+ {% endif %}
+ Wants=network-online.target cloud-config.service
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ ConditionKernelCommandLine=!cloud-init=disabled
+ {% endif %}
+@@ -19,7 +19,7 @@ ExecStart=/usr/bin/cloud-init modules --mode=final
+ RemainAfterExit=yes
+ TimeoutSec=0
+ KillMode=process
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ # Restart NetworkManager if it is present and running.
+ ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \
+  out=$(systemctl show --property=SubState $u) || exit; \
+diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl
+index 6f3f9d8..3f56494 100644
+--- a/systemd/cloud-init-local.service.tmpl
++++ b/systemd/cloud-init-local.service.tmpl
+@@ -1,23 +1,23 @@
+ ## template:jinja
+ [Unit]
+ Description=Initial cloud-init job (pre-networking)
+-{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %}
++{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel"] %}
+ DefaultDependencies=no
+ {% endif %}
+ Wants=network-pre.target
+ After=hv_kvp_daemon.service
+ After=systemd-remount-fs.service
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ Requires=dbus.socket
+ After=dbus.socket
+ {% endif %}
+ Before=NetworkManager.service
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ Before=network.service
+ {% endif %}
+ Before=network-pre.target
+ Before=shutdown.target
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ Before=firewalld.target
+ Conflicts=shutdown.target
+ {% endif %}
+@@ -26,14 +26,14 @@ Before=sysinit.target
+ Conflicts=shutdown.target
+ {% endif %}
+ RequiresMountsFor=/var/lib/cloud
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ ConditionKernelCommandLine=!cloud-init=disabled
+ {% endif %}
+ 
+ [Service]
+ Type=oneshot
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ ExecStartPre=/bin/mkdir -p /run/cloud-init
+ ExecStartPre=/sbin/restorecon /run/cloud-init
+ ExecStartPre=/usr/bin/touch /run/cloud-init/enabled
+diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl
+index 26d2e39..71f867e 100644
+--- a/systemd/cloud-init.service.tmpl
++++ b/systemd/cloud-init.service.tmpl
+@@ -1,7 +1,7 @@
+ ## template:jinja
+ [Unit]
+ Description=Initial cloud-init job (metadata service crawler)
+-{% if variant not in ["photon", "rhel"] %}
++{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %}
+ DefaultDependencies=no
+ {% endif %}
+ Wants=cloud-init-local.service
+@@ -38,7 +38,7 @@ Conflicts=shutdown.target
+ Before=shutdown.target
+ Conflicts=shutdown.target
+ {% endif %}
+-{% if variant == "rhel" %}
++{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
+ ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ ConditionKernelCommandLine=!cloud-init=disabled
+ {% endif %}
+diff --git a/templates/chrony.conf.almalinux.tmpl b/templates/chrony.conf.almalinux.tmpl
+new file mode 100644
+index 0000000..43b1f5d
+--- /dev/null
++++ b/templates/chrony.conf.almalinux.tmpl
+@@ -0,0 +1,51 @@
++## template:jinja
++# Use public servers from the pool.ntp.org project.
++# Please consider joining the pool (http://www.pool.ntp.org/join.html).
++{% if pools %}# pools
++{% endif %}
++{% for pool in pools -%}
++pool {{pool}} iburst
++{% endfor %}
++{%- if servers %}# servers
++{% endif %}
++{% for server in servers -%}
++server {{server}} iburst
++{% endfor %}
++{% for peer in peers -%}
++peer {{peer}}
++{% endfor %}
++{% for a in allow -%}
++allow {{a}}
++{% endfor %}
++
++# Record the rate at which the system clock gains/losses time.
++driftfile /var/lib/chrony/drift
++
++# Allow the system clock to be stepped in the first three updates
++# if its offset is larger than 1 second.
++makestep 1.0 3
++
++# Enable kernel synchronization of the real-time clock (RTC).
++rtcsync
++
++# Enable hardware timestamping on all interfaces that support it.
++#hwtimestamp *
++
++# Increase the minimum number of selectable sources required to adjust
++# the system clock.
++#minsources 2
++
++# Allow NTP client access from local network.
++#allow 192.168.0.0/16
++
++# Serve time even if not synchronized to a time source.
++#local stratum 10
++
++# Specify file containing keys for NTP authentication.
++#keyfile /etc/chrony.keys
++
++# Specify directory for log files.
++logdir /var/log/chrony
++
++# Select which information is logged.
++#log measurements statistics tracking
+diff --git a/templates/chrony.conf.cloudlinux.tmpl b/templates/chrony.conf.cloudlinux.tmpl
+new file mode 100644
+index 0000000..43b1f5d
+--- /dev/null
++++ b/templates/chrony.conf.cloudlinux.tmpl
+@@ -0,0 +1,51 @@
++## template:jinja
++# Use public servers from the pool.ntp.org project.
++# Please consider joining the pool (http://www.pool.ntp.org/join.html).
++{% if pools %}# pools
++{% endif %}
++{% for pool in pools -%}
++pool {{pool}} iburst
++{% endfor %}
++{%- if servers %}# servers
++{% endif %}
++{% for server in servers -%}
++server {{server}} iburst
++{% endfor %}
++{% for peer in peers -%}
++peer {{peer}}
++{% endfor %}
++{% for a in allow -%}
++allow {{a}}
++{% endfor %}
++
++# Record the rate at which the system clock gains/losses time.
++driftfile /var/lib/chrony/drift
++
++# Allow the system clock to be stepped in the first three updates
++# if its offset is larger than 1 second.
++makestep 1.0 3
++
++# Enable kernel synchronization of the real-time clock (RTC).
++rtcsync
++
++# Enable hardware timestamping on all interfaces that support it.
++#hwtimestamp *
++
++# Increase the minimum number of selectable sources required to adjust
++# the system clock.
++#minsources 2
++
++# Allow NTP client access from local network.
++#allow 192.168.0.0/16
++
++# Serve time even if not synchronized to a time source.
++#local stratum 10
++
++# Specify file containing keys for NTP authentication.
++#keyfile /etc/chrony.keys
++
++# Specify directory for log files.
++logdir /var/log/chrony
++
++# Select which information is logged.
++#log measurements statistics tracking
+diff --git a/templates/ntp.conf.almalinux.tmpl b/templates/ntp.conf.almalinux.tmpl
+new file mode 100644
+index 0000000..6d166aa
+--- /dev/null
++++ b/templates/ntp.conf.almalinux.tmpl
+@@ -0,0 +1,64 @@
++## template:jinja
++
++# For more information about this file, see the man pages
++# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
++
++driftfile /var/lib/ntp/drift
++
++# Permit time synchronization with our time source, but do not
++# permit the source to query or modify the service on this system.
++restrict default kod nomodify notrap nopeer noquery
++restrict -6 default kod nomodify notrap nopeer noquery
++
++# Permit all access over the loopback interface.  This could
++# be tightened as well, but to do so would effect some of
++# the administrative functions.
++restrict 127.0.0.1
++restrict -6 ::1
++
++# Hosts on local network are less restricted.
++#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
++
++# Use public servers from the pool.ntp.org project.
++# Please consider joining the pool (http://www.pool.ntp.org/join.html).
++{% if pools %}# pools
++{% endif %}
++{% for pool in pools -%}
++pool {{pool}} iburst
++{% endfor %}
++{%- if servers %}# servers
++{% endif %}
++{% for server in servers -%}
++server {{server}} iburst
++{% endfor %}
++{% for peer in peers -%}
++peer {{peer}}
++{% endfor %}
++
++#broadcast 192.168.1.255 autokey	# broadcast server
++#broadcastclient			# broadcast client
++#broadcast 224.0.1.1 autokey		# multicast server
++#multicastclient 224.0.1.1		# multicast client
++#manycastserver 239.255.254.254		# manycast server
++#manycastclient 239.255.254.254 autokey # manycast client
++
++# Enable public key cryptography.
++#crypto
++
++includefile /etc/ntp/crypto/pw
++
++# Key file containing the keys and key identifiers used when operating
++# with symmetric key cryptography.
++keys /etc/ntp/keys
++
++# Specify the key identifiers which are trusted.
++#trustedkey 4 8 42
++
++# Specify the key identifier to use with the ntpdc utility.
++#requestkey 8
++
++# Specify the key identifier to use with the ntpq utility.
++#controlkey 8
++
++# Enable writing of statistics records.
++#statistics clockstats cryptostats loopstats peerstats
+diff --git a/templates/ntp.conf.cloudlinux.tmpl b/templates/ntp.conf.cloudlinux.tmpl
+new file mode 100644
+index 0000000..6d166aa
+--- /dev/null
++++ b/templates/ntp.conf.cloudlinux.tmpl
+@@ -0,0 +1,64 @@
++## template:jinja
++
++# For more information about this file, see the man pages
++# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
++
++driftfile /var/lib/ntp/drift
++
++# Permit time synchronization with our time source, but do not
++# permit the source to query or modify the service on this system.
++restrict default kod nomodify notrap nopeer noquery
++restrict -6 default kod nomodify notrap nopeer noquery
++
++# Permit all access over the loopback interface.  This could
++# be tightened as well, but to do so would effect some of
++# the administrative functions.
++restrict 127.0.0.1
++restrict -6 ::1
++
++# Hosts on local network are less restricted.
++#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
++
++# Use public servers from the pool.ntp.org project.
++# Please consider joining the pool (http://www.pool.ntp.org/join.html).
++{% if pools %}# pools
++{% endif %}
++{% for pool in pools -%}
++pool {{pool}} iburst
++{% endfor %}
++{%- if servers %}# servers
++{% endif %}
++{% for server in servers -%}
++server {{server}} iburst
++{% endfor %}
++{% for peer in peers -%}
++peer {{peer}}
++{% endfor %}
++
++#broadcast 192.168.1.255 autokey	# broadcast server
++#broadcastclient			# broadcast client
++#broadcast 224.0.1.1 autokey		# multicast server
++#multicastclient 224.0.1.1		# multicast client
++#manycastserver 239.255.254.254		# manycast server
++#manycastclient 239.255.254.254 autokey # manycast client
++
++# Enable public key cryptography.
++#crypto
++
++includefile /etc/ntp/crypto/pw
++
++# Key file containing the keys and key identifiers used when operating
++# with symmetric key cryptography.
++keys /etc/ntp/keys
++
++# Specify the key identifiers which are trusted.
++#trustedkey 4 8 42
++
++# Specify the key identifier to use with the ntpdc utility.
++#requestkey 8
++
++# Specify the key identifier to use with the ntpq utility.
++#controlkey 8
++
++# Enable writing of statistics records.
++#statistics clockstats cryptostats loopstats peerstats
+-- 
+2.43.5
+