diff --git a/.gitignore b/.gitignore index e261af4..8216a5e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1 @@ -*.rpm -*.tar.gz -results_cloud-init +24.4.tar.gz diff --git a/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch b/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch new file mode 100644 index 0000000..d691b94 --- /dev/null +++ b/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch @@ -0,0 +1,50 @@ +Enable ec2_utils to stop retrying to get ec2 metadata + +Signed-off-by: David Sloboda +Reviewed-by: Laurence Rochfort + +diff -ruN a/cloudinit/sources/helpers/openstack.py b/cloudinit/sources/helpers/openstack.py +--- a/cloudinit/sources/helpers/openstack.py 2018-04-02 12:51:20.053828637 -0700 ++++ b/cloudinit/sources/helpers/openstack.py 2018-04-02 12:33:20.000000000 -0700 +@@ -464,6 +464,16 @@ + + return results + ++def should_retry_cb(_request_args, cause): ++ try: ++ code = int(cause.code) ++ if code >= 400: ++ return False ++ except (TypeError, ValueError): ++ # Older versions of requests didn't have a code. ++ pass ++ return True ++ + + class MetadataReader(BaseReader): + def __init__(self, base_url, ssl_details=None, timeout=5, retries=5): +@@ -489,16 +499,6 @@ + return self._versions + + def _path_read(self, path, decode=False): +- def should_retry_cb(_request_args, cause): +- try: +- code = int(cause.code) +- if code >= 400: +- return False +- except (TypeError, ValueError): +- # Older versions of requests didn't have a code. +- pass +- return True +- + response = url_helper.readurl( + path, + retries=self.retries, +@@ -519,6 +519,7 @@ + ssl_details=self.ssl_details, + timeout=self.timeout, + retries=self.retries, ++ exception_cb=should_retry_cb, + ) + + diff --git a/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch b/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch new file mode 100644 index 0000000..2248cbf --- /dev/null +++ b/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch @@ -0,0 +1,136 @@ +From 37a6837813e418486af8cbef436ab82a8be3e3fa Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 06:06:30 -0800 +Subject: [PATCH] tests/unittests: add a new unit test for network manager net + activator (#4672) + +Some changes in behavior in network manager net activator was brought in with +the commit +d1d5166895da ("net/nm: check for presence of ifcfg files when nm connection files are absent") + +This change adds some unit tests that exercizes network manager activator's +bring_up_interface() method that tests failure scenarios as well as cases +where an ifcfg file is used to bring the interface up. + +Signed-off-by: Ani Sinha +(cherry picked from commit bb474df78bfe45ea5f05907eb710e8d5de764fc8) +Signed-off-by: Darren Archibald +--- + tests/unittests/test_net_activators.py | 101 +++++++++++++++++++++++++ + 1 file changed, 101 insertions(+) + +diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py +index 2a363ec..f95c8a7 100644 +--- a/tests/unittests/test_net_activators.py ++++ b/tests/unittests/test_net_activators.py +@@ -288,6 +288,107 @@ class TestActivatorsBringUp: + for call in m_subp.call_args_list: + assert call in expected_call_list + ++class TestNetworkManagerActivatorBringUp: ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=True, ++ ) ++ @patch("os.path.isfile") ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_nm_conn( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ There is no network manager connection file but ifcfg-rh plugin is ++ present and ifcfg interface config files are also present. In this ++ case, we should use ifcfg files. ++ """ ++ ++ def fake_isfile_no_nmconn(filename): ++ return False if filename.endswith(".nmconnection") else True ++ ++ m_isfile.side_effect = fake_isfile_no_nmconn ++ ++ expected_call_list = [ ++ ( ++ ( ++ [ ++ "nmcli", ++ "connection", ++ "load", ++ "".join( ++ [ ++ "/etc/sysconfig/network-scripts/ifcfg-eth0", ++ ] ++ ), ++ ], ++ ), ++ {}, ++ ), ++ ( ++ ( ++ [ ++ "nmcli", ++ "connection", ++ "up", ++ "filename", ++ "".join( ++ [ ++ "/etc/sysconfig/network-scripts/ifcfg-eth0", ++ ] ++ ), ++ ], ++ ), ++ {}, ++ ), ++ ] ++ ++ index = 0 ++ assert NetworkManagerActivator.bring_up_interface("eth0") ++ for call in m_subp.call_args_list: ++ assert call == expected_call_list[index] ++ index += 1 ++ ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=False, ++ ) ++ @patch("os.path.isfile") ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_plugin_no_nm_conn( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ The ifcfg-rh plugin is absent and nmconnection file is also ++ not present. In this case, we can't use ifcfg file and the ++ interface bring up should fail. ++ """ ++ ++ def fake_isfile_no_nmconn(filename): ++ return False if filename.endswith(".nmconnection") else True ++ ++ m_isfile.side_effect = fake_isfile_no_nmconn ++ assert not NetworkManagerActivator.bring_up_interface("eth0") ++ ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=True, ++ ) ++ @patch("os.path.isfile", return_value=False) ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_conn_file( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ Neither network manager connection files are present nor ++ ifcfg files are present. Even if ifcfg-rh plugin is present, ++ we can not bring up the interface. So bring_up_interface() ++ should fail. ++ """ ++ assert not NetworkManagerActivator.bring_up_interface("eth0") + + IF_UP_DOWN_BRING_DOWN_CALL_LIST: list = [ + ((["ifdown", "eth0"],), {}), +-- +2.31.1 + diff --git a/ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch b/ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch new file mode 100644 index 0000000..5d4085d --- /dev/null +++ b/ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch @@ -0,0 +1,1000 @@ +From 21696670a0cb3196d8b0ec9fd1ca0218beed828a Mon Sep 17 00:00:00 2001 +From: jinkangkang <1547182170@qq.com> +Date: Thu, 20 Feb 2025 10:55:05 +0800 +Subject: [PATCH] feat: aliyun datasource support crawl metadata at once + (#5942) + +RH-Author: Ani Sinha +RH-MergeRequest: 127: feat: aliyun datasource support crawl metadata at once (#5942) +RH-Jira: RHEL-88659 +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Acked-by: xiachen +RH-Commit: [1/1] e2b3c6e9a5bdcbaf1ead395d3776524b1b151260 (anisinha/cloud-init) + +Obtain metadata information from the new metadata path for better +performance. Fall back to old directory tree format on failure. + +Also: + +- Separate the Alibaba Cloud data source from ec2 and make it independent +- Use network card names to sort routing priorities +- Add vendor data support +- Streamline logic, made possible by separating the datasources + +Based on discussion in: GH-5838 + +(cherry picked from commit 27adc8e598991e0861f45274f91d9fb97cdec636) +Signed-off-by: Ani Sinha +--- + cloudinit/sources/DataSourceAliYun.py | 338 ++++++++++++++++++++++++- + cloudinit/sources/DataSourceEc2.py | 9 +- + cloudinit/sources/helpers/aliyun.py | 211 +++++++++++++++ + tests/unittests/sources/test_aliyun.py | 213 ++++++++++++---- + tests/unittests/sources/test_ec2.py | 10 - + 5 files changed, 704 insertions(+), 77 deletions(-) + create mode 100644 cloudinit/sources/helpers/aliyun.py + +diff --git a/cloudinit/sources/DataSourceAliYun.py b/cloudinit/sources/DataSourceAliYun.py +index d674e1fc0..000e15a84 100644 +--- a/cloudinit/sources/DataSourceAliYun.py ++++ b/cloudinit/sources/DataSourceAliYun.py +@@ -2,27 +2,43 @@ + + import copy + import logging +-from typing import List ++from typing import List, Union + + from cloudinit import dmi, sources ++from cloudinit import url_helper as uhelp ++from cloudinit import util + from cloudinit.event import EventScope, EventType +-from cloudinit.sources import DataSourceEc2 as EC2 +-from cloudinit.sources import DataSourceHostname, NicOrder ++from cloudinit.net.dhcp import NoDHCPLeaseError ++from cloudinit.net.ephemeral import EphemeralIPNetwork ++from cloudinit.sources import DataSourceHostname ++from cloudinit.sources.helpers import aliyun, ec2 + + LOG = logging.getLogger(__name__) + + ALIYUN_PRODUCT = "Alibaba Cloud ECS" + + +-class DataSourceAliYun(EC2.DataSourceEc2): ++class DataSourceAliYun(sources.DataSource): + + dsname = "AliYun" + metadata_urls = ["http://100.100.100.200"] + +- # The minimum supported metadata_version from the ec2 metadata apis ++ # The minimum supported metadata_version from the ecs metadata apis + min_metadata_version = "2016-01-01" + extended_metadata_versions: List[str] = [] + ++ # Setup read_url parameters per get_url_params. ++ url_max_wait = 240 ++ url_timeout = 50 ++ ++ # API token for accessing the metadata service ++ _api_token = None ++ # Used to cache calculated network cfg v1 ++ _network_config: Union[str, dict] = sources.UNSET ++ ++ # Whether we want to get network configuration from the metadata service. ++ perform_dhcp_setup = False ++ + # Aliyun metadata server security enhanced mode overwrite + @property + def imdsv2_token_put_header(self): +@@ -32,11 +48,9 @@ class DataSourceAliYun(EC2.DataSourceEc2): + super(DataSourceAliYun, self).__init__(sys_cfg, distro, paths) + self.default_update_events = copy.deepcopy(self.default_update_events) + self.default_update_events[EventScope.NETWORK].add(EventType.BOOT) +- self._fallback_nic_order = NicOrder.NIC_NAME + + def _unpickle(self, ci_pkl_version: int) -> None: + super()._unpickle(ci_pkl_version) +- self._fallback_nic_order = NicOrder.NIC_NAME + + def get_hostname(self, fqdn=False, resolve_ip=False, metadata_only=False): + hostname = self.metadata.get("hostname") +@@ -51,9 +65,315 @@ class DataSourceAliYun(EC2.DataSourceEc2): + + def _get_cloud_name(self): + if _is_aliyun(): +- return EC2.CloudNames.ALIYUN ++ return self.dsname.lower() ++ return "NO_ALIYUN_METADATA" ++ ++ @property ++ def platform(self): ++ return self.dsname.lower() ++ ++ # IMDSv2 related parameters from the ecs metadata api document ++ @property ++ def api_token_route(self): ++ return "latest/api/token" ++ ++ @property ++ def imdsv2_token_ttl_seconds(self): ++ return "21600" ++ ++ @property ++ def imdsv2_token_redact(self): ++ return [self.imdsv2_token_put_header, self.imdsv2_token_req_header] ++ ++ @property ++ def imdsv2_token_req_header(self): ++ return self.imdsv2_token_put_header + "-ttl-seconds" ++ ++ @property ++ def network_config(self): ++ """Return a network config dict for rendering ENI or netplan files.""" ++ if self._network_config != sources.UNSET: ++ return self._network_config ++ ++ result = {} ++ iface = self.distro.fallback_interface ++ net_md = self.metadata.get("network") ++ if isinstance(net_md, dict): ++ result = aliyun.convert_ecs_metadata_network_config( ++ net_md, ++ fallback_nic=iface, ++ full_network_config=util.get_cfg_option_bool( ++ self.ds_cfg, "apply_full_imds_network_config", True ++ ), ++ ) + else: +- return EC2.CloudNames.NO_EC2_METADATA ++ LOG.warning("Metadata 'network' key not valid: %s.", net_md) ++ return result ++ self._network_config = result ++ return self._network_config ++ ++ def _maybe_fetch_api_token(self, mdurls): ++ """Get an API token for ECS Instance Metadata Service. ++ ++ On ECS. IMDS will always answer an API token, set ++ HttpTokens=optional (default) when create instance will not forcefully ++ use the security-enhanced mode (IMDSv2). ++ ++ https://api.alibabacloud.com/api/Ecs/2014-05-26/RunInstances ++ """ ++ ++ urls = [] ++ url2base = {} ++ url_path = self.api_token_route ++ request_method = "PUT" ++ for url in mdurls: ++ cur = "{0}/{1}".format(url, url_path) ++ urls.append(cur) ++ url2base[cur] = url ++ ++ # use the self._imds_exception_cb to check for Read errors ++ LOG.debug("Fetching Ecs IMDSv2 API Token") ++ ++ response = None ++ url = None ++ url_params = self.get_url_params() ++ try: ++ url, response = uhelp.wait_for_url( ++ urls=urls, ++ max_wait=url_params.max_wait_seconds, ++ timeout=url_params.timeout_seconds, ++ status_cb=LOG.warning, ++ headers_cb=self._get_headers, ++ exception_cb=self._imds_exception_cb, ++ request_method=request_method, ++ headers_redact=self.imdsv2_token_redact, ++ connect_synchronously=False, ++ ) ++ except uhelp.UrlError: ++ # We use the raised exception to interupt the retry loop. ++ # Nothing else to do here. ++ pass ++ ++ if url and response: ++ self._api_token = response ++ return url2base[url] ++ ++ # If we get here, then wait_for_url timed out, waiting for IMDS ++ # or the IMDS HTTP endpoint is disabled ++ return None ++ ++ def wait_for_metadata_service(self): ++ mcfg = self.ds_cfg ++ mdurls = mcfg.get("metadata_urls", self.metadata_urls) ++ ++ # try the api token path first ++ metadata_address = self._maybe_fetch_api_token(mdurls) ++ ++ if metadata_address: ++ self.metadata_address = metadata_address ++ LOG.debug("Using metadata source: '%s'", self.metadata_address) ++ else: ++ LOG.warning("IMDS's HTTP endpoint is probably disabled") ++ return bool(metadata_address) ++ ++ def crawl_metadata(self): ++ """Crawl metadata service when available. ++ ++ @returns: Dictionary of crawled metadata content containing the keys: ++ meta-data, user-data, vendor-data and dynamic. ++ """ ++ if not self.wait_for_metadata_service(): ++ return {} ++ redact = self.imdsv2_token_redact ++ crawled_metadata = {} ++ exc_cb = self._refresh_stale_aliyun_token_cb ++ exc_cb_ud = self._skip_or_refresh_stale_aliyun_token_cb ++ skip_cb = None ++ exe_cb_whole_meta = self._skip_json_path_meta_path_aliyun_cb ++ try: ++ crawled_metadata["user-data"] = aliyun.get_instance_data( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exc_cb_ud, ++ item_name="user-data", ++ ) ++ crawled_metadata["vendor-data"] = aliyun.get_instance_data( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exc_cb_ud, ++ item_name="vendor-data", ++ ) ++ try: ++ result = aliyun.get_instance_meta_data( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exe_cb_whole_meta, ++ ) ++ crawled_metadata["meta-data"] = result ++ except Exception: ++ util.logexc( ++ LOG, ++ "Faild read json meta-data from %s " ++ "fall back directory tree style", ++ self.metadata_address, ++ ) ++ crawled_metadata["meta-data"] = ec2.get_instance_metadata( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exc_cb, ++ retrieval_exception_ignore_cb=skip_cb, ++ ) ++ except Exception: ++ util.logexc( ++ LOG, ++ "Failed reading from metadata address %s", ++ self.metadata_address, ++ ) ++ return {} ++ return crawled_metadata ++ ++ def _refresh_stale_aliyun_token_cb(self, msg, exception): ++ """Exception handler for Ecs to refresh token if token is stale.""" ++ if isinstance(exception, uhelp.UrlError) and exception.code == 401: ++ # With _api_token as None, _get_headers will _refresh_api_token. ++ LOG.debug("Clearing cached Ecs API token due to expiry") ++ self._api_token = None ++ return True # always retry ++ ++ def _skip_retry_on_codes(self, status_codes, cause): ++ """Returns False if cause.code is in status_codes.""" ++ return cause.code not in status_codes ++ ++ def _skip_or_refresh_stale_aliyun_token_cb(self, msg, exception): ++ """Callback will not retry on SKIP_USERDATA_VENDORDATA_CODES or ++ if no token is available.""" ++ retry = self._skip_retry_on_codes(ec2.SKIP_USERDATA_CODES, exception) ++ if not retry: ++ return False # False raises exception ++ return self._refresh_stale_aliyun_token_cb(msg, exception) ++ ++ def _skip_json_path_meta_path_aliyun_cb(self, msg, exception): ++ """Callback will not retry of whole meta_path is not found""" ++ if isinstance(exception, uhelp.UrlError) and exception.code == 404: ++ LOG.warning("whole meta_path is not found, skipping") ++ return False ++ return self._refresh_stale_aliyun_token_cb(msg, exception) ++ ++ def _get_data(self): ++ if self.cloud_name != self.dsname.lower(): ++ return False ++ if self.perform_dhcp_setup: # Setup networking in init-local stage. ++ if util.is_FreeBSD(): ++ LOG.debug("FreeBSD doesn't support running dhclient with -sf") ++ return False ++ try: ++ with EphemeralIPNetwork( ++ self.distro, ++ self.distro.fallback_interface, ++ ipv4=True, ++ ipv6=False, ++ ) as netw: ++ self._crawled_metadata = self.crawl_metadata() ++ LOG.debug( ++ "Crawled metadata service%s", ++ f" {netw.state_msg}" if netw.state_msg else "", ++ ) ++ ++ except NoDHCPLeaseError: ++ return False ++ else: ++ self._crawled_metadata = self.crawl_metadata() ++ if not self._crawled_metadata or not isinstance( ++ self._crawled_metadata, dict ++ ): ++ return False ++ self.metadata = self._crawled_metadata.get("meta-data", {}) ++ self.userdata_raw = self._crawled_metadata.get("user-data", {}) ++ self.vendordata_raw = self._crawled_metadata.get("vendor-data", {}) ++ return True ++ ++ def _refresh_api_token(self, seconds=None): ++ """Request new metadata API token. ++ @param seconds: The lifetime of the token in seconds ++ ++ @return: The API token or None if unavailable. ++ """ ++ ++ if seconds is None: ++ seconds = self.imdsv2_token_ttl_seconds ++ ++ LOG.debug("Refreshing Ecs metadata API token") ++ request_header = {self.imdsv2_token_req_header: seconds} ++ token_url = "{}/{}".format(self.metadata_address, self.api_token_route) ++ try: ++ response = uhelp.readurl( ++ token_url, ++ headers=request_header, ++ headers_redact=self.imdsv2_token_redact, ++ request_method="PUT", ++ ) ++ except uhelp.UrlError as e: ++ LOG.warning( ++ "Unable to get API token: %s raised exception %s", token_url, e ++ ) ++ return None ++ return response.contents ++ ++ def _get_headers(self, url=""): ++ """Return a dict of headers for accessing a url. ++ ++ If _api_token is unset on AWS, attempt to refresh the token via a PUT ++ and then return the updated token header. ++ """ ++ ++ request_token_header = { ++ self.imdsv2_token_req_header: self.imdsv2_token_ttl_seconds ++ } ++ if self.api_token_route in url: ++ return request_token_header ++ if not self._api_token: ++ # If we don't yet have an API token, get one via a PUT against ++ # api_token_route. This _api_token may get unset by a 403 due ++ # to an invalid or expired token ++ self._api_token = self._refresh_api_token() ++ if not self._api_token: ++ return {} ++ return {self.imdsv2_token_put_header: self._api_token} ++ ++ def _imds_exception_cb(self, msg, exception=None): ++ """Fail quickly on proper AWS if IMDSv2 rejects API token request ++ ++ Guidance from Amazon is that if IMDSv2 had disabled token requests ++ by returning a 403, or cloud-init malformed requests resulting in ++ other 40X errors, we want the datasource detection to fail quickly ++ without retries as those symptoms will likely not be resolved by ++ retries. ++ ++ Exceptions such as requests.ConnectionError due to IMDS being ++ temporarily unroutable or unavailable will still retry due to the ++ callsite wait_for_url. ++ """ ++ if isinstance(exception, uhelp.UrlError): ++ # requests.ConnectionError will have exception.code == None ++ if exception.code and exception.code >= 400: ++ if exception.code == 403: ++ LOG.warning( ++ "Ecs IMDS endpoint returned a 403 error. " ++ "HTTP endpoint is disabled. Aborting." ++ ) ++ else: ++ LOG.warning( ++ "Fatal error while requesting Ecs IMDSv2 API tokens" ++ ) ++ raise exception + + + def _is_aliyun(): +diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py +index 10837df6a..0b763b52b 100644 +--- a/cloudinit/sources/DataSourceEc2.py ++++ b/cloudinit/sources/DataSourceEc2.py +@@ -34,7 +34,6 @@ STRICT_ID_DEFAULT = "warn" + + + class CloudNames: +- ALIYUN = "aliyun" + AWS = "aws" + BRIGHTBOX = "brightbox" + ZSTACK = "zstack" +@@ -54,7 +53,7 @@ def skip_404_tag_errors(exception): + + + # Cloud platforms that support IMDSv2 style metadata server +-IDMSV2_SUPPORTED_CLOUD_PLATFORMS = [CloudNames.AWS, CloudNames.ALIYUN] ++IDMSV2_SUPPORTED_CLOUD_PLATFORMS = [CloudNames.AWS] + + # Only trigger hook-hotplug on NICs with Ec2 drivers. Avoid triggering + # it on docker virtual NICs and the like. LP: #1946003 +@@ -768,11 +767,6 @@ def warn_if_necessary(cfgval, cfg): + warnings.show_warning("non_ec2_md", cfg, mode=True, sleep=sleep) + + +-def identify_aliyun(data): +- if data["product_name"] == "Alibaba Cloud ECS": +- return CloudNames.ALIYUN +- +- + def identify_aws(data): + # data is a dictionary returned by _collect_platform_data. + uuid_str = data["uuid"] +@@ -821,7 +815,6 @@ def identify_platform(): + identify_zstack, + identify_e24cloud, + identify_outscale, +- identify_aliyun, + lambda x: CloudNames.UNKNOWN, + ) + for checker in checks: +diff --git a/cloudinit/sources/helpers/aliyun.py b/cloudinit/sources/helpers/aliyun.py +new file mode 100644 +index 000000000..201ceb04b +--- /dev/null ++++ b/cloudinit/sources/helpers/aliyun.py +@@ -0,0 +1,211 @@ ++# This file is part of cloud-init. See LICENSE file for license information. ++ ++import logging ++from typing import MutableMapping ++ ++from cloudinit import net, url_helper, util ++from cloudinit.sources.helpers import ec2 ++ ++LOG = logging.getLogger(__name__) ++ ++ ++def get_instance_meta_data( ++ api_version="latest", ++ metadata_address="http://100.100.100.200", ++ ssl_details=None, ++ timeout=5, ++ retries=5, ++ headers_cb=None, ++ headers_redact=None, ++ exception_cb=None, ++): ++ ud_url = url_helper.combine_url(metadata_address, api_version) ++ ud_url = url_helper.combine_url(ud_url, "meta-data/all") ++ response = url_helper.read_file_or_url( ++ ud_url, ++ ssl_details=ssl_details, ++ timeout=timeout, ++ retries=retries, ++ exception_cb=exception_cb, ++ headers_cb=headers_cb, ++ headers_redact=headers_redact, ++ ) ++ meta_data_raw: object = util.load_json(response.contents) ++ ++ # meta_data_raw is a json object with the following format get ++ # by`meta-data/all` ++ # { ++ # "sub-private-ipv4-list": "", ++ # "dns-conf": { ++ # "nameservers": "100.100.2.136\r\n100.100.2.138" ++ # }, ++ # "zone-id": "cn-hangzhou-i", ++ # "instance": { ++ # "instance-name": "aliyun_vm_test", ++ # "instance-type": "ecs.g7.xlarge" ++ # }, ++ # "disks": { ++ # "bp1cikh4di1xxxx": { ++ # "name": "disk_test", ++ # "id": "d-bp1cikh4di1lf7pxxxx" ++ # } ++ # }, ++ # "instance-id": "i-bp123", ++ # "eipv4": "47.99.152.7", ++ # "private-ipv4": "192.168.0.9", ++ # "hibernation": { ++ # "configured": "false" ++ # }, ++ # "vpc-id": "vpc-bp1yeqg123", ++ # "mac": "00:16:3e:30:3e:ca", ++ # "source-address": "http://mirrors.cloud.aliyuncs.com", ++ # "vswitch-cidr-block": "192.168.0.0/24", ++ # "network": { ++ # "interfaces": { ++ # "macs": { ++ # "00:16:3e:30:3e:ca": { ++ # "vpc-cidr-block": "192.168.0.0/16", ++ # "netmask": "255.255.255.0" ++ # } ++ # } ++ # } ++ # }, ++ # "network-type": "vpc", ++ # "hostname": "aliyun_vm_test", ++ # "region-id": "cn-hangzhou", ++ # "ntp-conf": { ++ # "ntp-servers": "ntp1.aliyun.com\r\nntp2.aliyun.com" ++ # }, ++ # } ++ # Note: For example, in the values of dns conf: the `nameservers` ++ # key is a string, the format is the same as the response from the ++ # `meta-data/dns-conf/nameservers` endpoint. we use the same ++ # serialization method to ensure consistency between ++ # the two methods (directory tree and json path). ++ def _process_dict_values(d): ++ if isinstance(d, dict): ++ return {k: _process_dict_values(v) for k, v in d.items()} ++ elif isinstance(d, list): ++ return [_process_dict_values(item) for item in d] ++ else: ++ return ec2.MetadataLeafDecoder()("", d) ++ ++ return _process_dict_values(meta_data_raw) ++ ++ ++def get_instance_data( ++ api_version="latest", ++ metadata_address="http://100.100.100.200", ++ ssl_details=None, ++ timeout=5, ++ retries=5, ++ headers_cb=None, ++ headers_redact=None, ++ exception_cb=None, ++ item_name=None, ++): ++ ud_url = url_helper.combine_url(metadata_address, api_version) ++ ud_url = url_helper.combine_url(ud_url, item_name) ++ data = b"" ++ support_items_list = ["user-data", "vendor-data"] ++ if item_name not in support_items_list: ++ LOG.error( ++ "aliyun datasource not support the item %s", ++ item_name, ++ ) ++ return data ++ try: ++ response = url_helper.read_file_or_url( ++ ud_url, ++ ssl_details=ssl_details, ++ timeout=timeout, ++ retries=retries, ++ exception_cb=exception_cb, ++ headers_cb=headers_cb, ++ headers_redact=headers_redact, ++ ) ++ data = response.contents ++ except Exception: ++ util.logexc(LOG, "Failed fetching %s from url %s", item_name, ud_url) ++ return data ++ ++ ++def convert_ecs_metadata_network_config( ++ network_md, ++ macs_to_nics=None, ++ fallback_nic=None, ++ full_network_config=True, ++): ++ """Convert ecs metadata to network config version 2 data dict. ++ ++ @param: network_md: 'network' portion of ECS metadata. ++ generally formed as {"interfaces": {"macs": {}} where ++ 'macs' is a dictionary with mac address as key: ++ @param: macs_to_nics: Optional dict of mac addresses and nic names. If ++ not provided, get_interfaces_by_mac is called to get it from the OS. ++ @param: fallback_nic: Optionally provide the primary nic interface name. ++ This nic will be guaranteed to minimally have a dhcp4 configuration. ++ @param: full_network_config: Boolean set True to configure all networking ++ presented by IMDS. This includes rendering secondary IPv4 and IPv6 ++ addresses on all NICs and rendering network config on secondary NICs. ++ If False, only the primary nic will be configured and only with dhcp ++ (IPv4/IPv6). ++ ++ @return A dict of network config version 2 based on the metadata and macs. ++ """ ++ netcfg: MutableMapping = {"version": 2, "ethernets": {}} ++ if not macs_to_nics: ++ macs_to_nics = net.get_interfaces_by_mac() ++ macs_metadata = network_md["interfaces"]["macs"] ++ ++ if not full_network_config: ++ for mac, nic_name in macs_to_nics.items(): ++ if nic_name == fallback_nic: ++ break ++ dev_config: MutableMapping = { ++ "dhcp4": True, ++ "dhcp6": False, ++ "match": {"macaddress": mac.lower()}, ++ "set-name": nic_name, ++ } ++ nic_metadata = macs_metadata.get(mac) ++ if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured ++ dev_config["dhcp6"] = True ++ netcfg["ethernets"][nic_name] = dev_config ++ return netcfg ++ nic_name_2_mac_map = dict() ++ for mac, nic_name in macs_to_nics.items(): ++ nic_metadata = macs_metadata.get(mac) ++ if not nic_metadata: ++ continue # Not a physical nic represented in metadata ++ nic_name_2_mac_map[nic_name] = mac ++ ++ # sorted by nic_name ++ orderd_nic_name_list = sorted( ++ nic_name_2_mac_map.keys(), key=net.natural_sort_key ++ ) ++ for nic_idx, nic_name in enumerate(orderd_nic_name_list): ++ nic_mac = nic_name_2_mac_map[nic_name] ++ nic_metadata = macs_metadata.get(nic_mac) ++ dhcp_override = {"route-metric": (nic_idx + 1) * 100} ++ dev_config = { ++ "dhcp4": True, ++ "dhcp4-overrides": dhcp_override, ++ "dhcp6": False, ++ "match": {"macaddress": nic_mac.lower()}, ++ "set-name": nic_name, ++ } ++ if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured ++ dev_config["dhcp6"] = True ++ dev_config["dhcp6-overrides"] = dhcp_override ++ ++ netcfg["ethernets"][nic_name] = dev_config ++ # Remove route-metric dhcp overrides and routes / routing-policy if only ++ # one nic configured ++ if len(netcfg["ethernets"]) == 1: ++ for nic_name in netcfg["ethernets"].keys(): ++ netcfg["ethernets"][nic_name].pop("dhcp4-overrides") ++ netcfg["ethernets"][nic_name].pop("dhcp6-overrides", None) ++ netcfg["ethernets"][nic_name].pop("routes", None) ++ netcfg["ethernets"][nic_name].pop("routing-policy", None) ++ return netcfg +diff --git a/tests/unittests/sources/test_aliyun.py b/tests/unittests/sources/test_aliyun.py +index 2639302b2..2d61ff8af 100644 +--- a/tests/unittests/sources/test_aliyun.py ++++ b/tests/unittests/sources/test_aliyun.py +@@ -9,46 +9,93 @@ import responses + + from cloudinit import helpers + from cloudinit.sources import DataSourceAliYun as ay +-from cloudinit.sources.DataSourceEc2 import convert_ec2_metadata_network_config ++from cloudinit.sources.helpers.aliyun import ( ++ convert_ecs_metadata_network_config, ++) ++from cloudinit.util import load_json + from tests.unittests import helpers as test_helpers + +-DEFAULT_METADATA = { +- "instance-id": "aliyun-test-vm-00", +- "eipv4": "10.0.0.1", +- "hostname": "test-hostname", +- "image-id": "m-test", +- "launch-index": "0", +- "mac": "00:16:3e:00:00:00", +- "network-type": "vpc", +- "private-ipv4": "192.168.0.1", +- "serial-number": "test-string", +- "vpc-cidr-block": "192.168.0.0/16", +- "vpc-id": "test-vpc", +- "vswitch-id": "test-vpc", +- "vswitch-cidr-block": "192.168.0.0/16", +- "zone-id": "test-zone-1", +- "ntp-conf": { +- "ntp_servers": [ +- "ntp1.aliyun.com", +- "ntp2.aliyun.com", +- "ntp3.aliyun.com", +- ] +- }, +- "source-address": [ +- "http://mirrors.aliyun.com", +- "http://mirrors.aliyuncs.com", +- ], +- "public-keys": { +- "key-pair-1": {"openssh-key": "ssh-rsa AAAAB3..."}, +- "key-pair-2": {"openssh-key": "ssh-rsa AAAAB3..."}, ++DEFAULT_METADATA_RAW = r"""{ ++ "disks": { ++ "bp15spwwhlf8bbbn7xxx": { ++ "id": "d-bp15spwwhlf8bbbn7xxx", ++ "name": "" ++ } ++ }, ++ "dns-conf": { ++ "nameservers": [ ++ "100.100.2.136", ++ "100.100.2.138" ++ ] ++ }, ++ "hibernation": { ++ "configured": "false" ++ }, ++ "instance": { ++ "instance-name": "aliyun-test-vm-00", ++ "instance-type": "ecs.g8i.large", ++ "last-host-landing-time": "2024-11-17 10:02:41", ++ "max-netbw-egress": "2560000", ++ "max-netbw-ingress": "2560000", ++ "virtualization-solution": "ECS Virt", ++ "virtualization-solution-version": "2.0" ++ }, ++ "network": { ++ "interfaces": { ++ "macs": { ++ "00:16:3e:14:59:58": { ++ "gateway": "172.16.101.253", ++ "netmask": "255.255.255.0", ++ "network-interface-id": "eni-bp13i3ed90icgdgaxxxx" ++ } ++ } ++ } ++ }, ++ "ntp-conf": { ++ "ntp-servers": [ ++ "ntp1.aliyun.com", ++ "ntp1.cloud.aliyuncs.com" ++ ] ++ }, ++ "public-keys": { ++ "0": { ++ "openssh-key": "ssh-rsa AAAAB3Nza" + }, +-} ++ "skp-bp1test": { ++ "openssh-key": "ssh-rsa AAAAB3Nza" ++ } ++ }, ++ "eipv4": "121.66.77.88", ++ "hostname": "aliyun-test-vm-00", ++ "image-id": "ubuntu_24_04_x64_20G_alibase_20241016.vhd", ++ "instance-id": "i-bp15ojxppkmsnyjxxxxx", ++ "mac": "00:16:3e:14:59:58", ++ "network-type": "vpc", ++ "owner-account-id": "123456", ++ "private-ipv4": "172.16.111.222", ++ "region-id": "cn-hangzhou", ++ "serial-number": "3ca05955-a892-46b3-a6fc-xxxxxx", ++ "source-address": "http://mirrors.cloud.aliyuncs.com", ++ "sub-private-ipv4-list": "172.16.101.215", ++ "vpc-cidr-block": "172.16.0.0/12", ++ "vpc-id": "vpc-bp1uwvjta7txxxxxxx", ++ "vswitch-cidr-block": "172.16.101.0/24", ++ "vswitch-id": "vsw-bp12cibmw6078qv123456", ++ "zone-id": "cn-hangzhou-j" ++}""" ++ ++DEFAULT_METADATA = load_json(DEFAULT_METADATA_RAW) + + DEFAULT_USERDATA = """\ + #cloud-config + + hostname: localhost""" + ++DEFAULT_VENDORDATA = """\ ++#cloud-config ++bootcmd: ++- echo hello world > /tmp/vendor""" ++ + + class TestAliYunDatasource(test_helpers.ResponsesTestCase): + def setUp(self): +@@ -67,6 +114,10 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + def default_userdata(self): + return DEFAULT_USERDATA + ++ @property ++ def default_vendordata(self): ++ return DEFAULT_VENDORDATA ++ + @property + def metadata_url(self): + return ( +@@ -78,12 +129,29 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + + "/" + ) + ++ @property ++ def metadata_all_url(self): ++ return ( ++ os.path.join( ++ self.metadata_address, ++ self.ds.min_metadata_version, ++ "meta-data", ++ ) ++ + "/all" ++ ) ++ + @property + def userdata_url(self): + return os.path.join( + self.metadata_address, self.ds.min_metadata_version, "user-data" + ) + ++ @property ++ def vendordata_url(self): ++ return os.path.join( ++ self.metadata_address, self.ds.min_metadata_version, "vendor-data" ++ ) ++ + # EC2 provides an instance-identity document which must return 404 here + # for this test to pass. + @property +@@ -133,9 +201,17 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + register = functools.partial(self.responses.add, responses.GET) + register_helper(register, base_url, data) + +- def regist_default_server(self): ++ def regist_default_server(self, register_json_meta_path=True): + self.register_mock_metaserver(self.metadata_url, self.default_metadata) ++ if register_json_meta_path: ++ self.register_mock_metaserver( ++ self.metadata_all_url, DEFAULT_METADATA_RAW ++ ) + self.register_mock_metaserver(self.userdata_url, self.default_userdata) ++ self.register_mock_metaserver( ++ self.vendordata_url, self.default_userdata ++ ) ++ + self.register_mock_metaserver(self.identity_url, self.default_identity) + self.responses.add(responses.PUT, self.token_url, "API-TOKEN") + +@@ -175,7 +251,25 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + self._test_get_iid() + self._test_host_name() + self.assertEqual("aliyun", self.ds.cloud_name) +- self.assertEqual("ec2", self.ds.platform) ++ self.assertEqual("aliyun", self.ds.platform) ++ self.assertEqual( ++ "metadata (http://100.100.100.200)", self.ds.subplatform ++ ) ++ ++ @mock.patch("cloudinit.sources.DataSourceEc2.util.is_resolvable") ++ @mock.patch("cloudinit.sources.DataSourceAliYun._is_aliyun") ++ def test_with_mock_server_without_json_path(self, m_is_aliyun, m_resolv): ++ m_is_aliyun.return_value = True ++ self.regist_default_server(register_json_meta_path=False) ++ ret = self.ds.get_data() ++ self.assertEqual(True, ret) ++ self.assertEqual(1, m_is_aliyun.call_count) ++ self._test_get_data() ++ self._test_get_sshkey() ++ self._test_get_iid() ++ self._test_host_name() ++ self.assertEqual("aliyun", self.ds.cloud_name) ++ self.assertEqual("aliyun", self.ds.platform) + self.assertEqual( + "metadata (http://100.100.100.200)", self.ds.subplatform + ) +@@ -221,7 +315,7 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + self._test_get_iid() + self._test_host_name() + self.assertEqual("aliyun", self.ds.cloud_name) +- self.assertEqual("ec2", self.ds.platform) ++ self.assertEqual("aliyun", self.ds.platform) + self.assertEqual( + "metadata (http://100.100.100.200)", self.ds.subplatform + ) +@@ -272,31 +366,28 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + public_keys["key-pair-0"]["openssh-key"], + ) + +- def test_route_metric_calculated_without_device_number(self): +- """Test that route-metric code works without `device-number` +- +- `device-number` is part of EC2 metadata, but not supported on aliyun. +- Attempting to access it will raise a KeyError. +- +- LP: #1917875 +- """ +- netcfg = convert_ec2_metadata_network_config( ++ def test_route_metric_calculated_with_multiple_network_cards(self): ++ """Test that route-metric code works with multiple network cards""" ++ netcfg = convert_ecs_metadata_network_config( + { + "interfaces": { + "macs": { +- "06:17:04:d7:26:09": { +- "interface-id": "eni-e44ef49e", ++ "00:16:3e:14:59:58": { ++ "ipv6-gateway": "2408:xxxxx", ++ "ipv6s": "[2408:xxxxxx]", ++ "network-interface-id": "eni-bp13i1xxxxx", + }, +- "06:17:04:d7:26:08": { +- "interface-id": "eni-e44ef49f", ++ "00:16:3e:39:43:27": { ++ "gateway": "172.16.101.253", ++ "netmask": "255.255.255.0", ++ "network-interface-id": "eni-bp13i2xxxx", + }, + } + } + }, +- mock.Mock(), + macs_to_nics={ +- "06:17:04:d7:26:09": "eth0", +- "06:17:04:d7:26:08": "eth1", ++ "00:16:3e:14:59:58": "eth0", ++ "00:16:3e:39:43:27": "eth1", + }, + ) + +@@ -314,6 +405,28 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + netcfg["ethernets"]["eth1"].keys() + ) + ++ # eth0 network meta-data have ipv6s info, ipv6 should True ++ met0_dhcp6 = netcfg["ethernets"]["eth0"]["dhcp6"] ++ assert met0_dhcp6 is True ++ ++ netcfg = convert_ecs_metadata_network_config( ++ { ++ "interfaces": { ++ "macs": { ++ "00:16:3e:14:59:58": { ++ "gateway": "172.16.101.253", ++ "netmask": "255.255.255.0", ++ "network-interface-id": "eni-bp13ixxxx", ++ } ++ } ++ } ++ }, ++ macs_to_nics={"00:16:3e:14:59:58": "eth0"}, ++ ) ++ met0 = netcfg["ethernets"]["eth0"] ++ # single network card would have no dhcp4-overrides ++ assert "dhcp4-overrides" not in met0 ++ + + class TestIsAliYun(test_helpers.CiTestCase): + ALIYUN_PRODUCT = "Alibaba Cloud ECS" +diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py +index b28afc52f..c3d33dfc9 100644 +--- a/tests/unittests/sources/test_ec2.py ++++ b/tests/unittests/sources/test_ec2.py +@@ -1709,16 +1709,6 @@ class TestIdentifyPlatform: + ) + assert ec2.CloudNames.AWS == ec2.identify_platform() + +- @mock.patch("cloudinit.sources.DataSourceEc2._collect_platform_data") +- def test_identify_aliyun(self, m_collect): +- """aliyun should be identified if product name equals to +- Alibaba Cloud ECS +- """ +- m_collect.return_value = self.collmock( +- product_name="Alibaba Cloud ECS" +- ) +- assert ec2.CloudNames.ALIYUN == ec2.identify_platform() +- + @mock.patch("cloudinit.sources.DataSourceEc2._collect_platform_data") + def test_identify_zstack(self, m_collect): + """zstack should be identified if chassis-asset-tag +-- +2.39.3 + diff --git a/cloud-init.spec b/cloud-init.spec index a934f7b..d4fc45a 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -6,7 +6,7 @@ Name: cloud-init Version: 24.4 -Release: 3%{?dist}.2 +Release: 6.0.1%{?dist}.1 Summary: Cloud instance init scripts License: Apache-2.0 OR GPL-3.0-only URL: https://github.com/canonical/cloud-init @@ -26,10 +26,27 @@ Patch8: ci-Use-log_with_downgradable_level-for-user-password-wa.patch Patch9: ci-net-sysconfig-do-not-remove-all-existing-settings-of.patch # For RHEL-81896 - DataSourceNoCloudNet network configuration is ineffective [rhel-10] Patch10: ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch +# For RHEL-88659 - cloudinit backport optimization features on Alibaba Cloud +Patch11: ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch # For RHEL-100617 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-10.1] -Patch11: ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch +Patch12: ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch # For RHEL-100617 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-10.1] -Patch12: ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch +Patch13: ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch + +# Oracle patches +Patch100: 0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch +Patch101: ignore-enslaved-interface.patch +Patch102: ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch +Patch103: 0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch + +# Oracle specific patches (preferred prefix: "ol" or "orabugNNNNNNNN") +Patch1001: orabug30435672-003-cloud-init-collect-logs.patch +Patch1002: orabug30435672-004-ol-cloud-config.patch +Patch1003: orabug30435672-006-cc_spacewalk.py.patch +Patch1005: orabug32183938-009-missing-sshd-services.patch +Patch1006: orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch +Patch1007: orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch +Patch1008: orabug37065979-DataSourceOracle-network-getdata-retries.patch BuildArch: noarch @@ -177,6 +194,18 @@ elif [ $1 -eq 2 ]; then # there will be stale systemd config /bin/systemctl is-enabled cloud-config.service >/dev/null 2>&1 && /bin/systemctl reenable cloud-config.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-final.service >/dev/null 2>&1 && + /bin/systemctl reenable cloud-final.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-init.service >/dev/null 2>&1 && + /bin/systemctl reenable cloud-init.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-init-local.service >/dev/null 2>&1 && + /bin/systemctl reenable cloud-init-local.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-init.target >/dev/null 2>&1 && + /bin/systemctl reenable cloud-init.target >/dev/null 2>&1 || : fi %preun %systemd_preun cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service @@ -223,7 +252,7 @@ fi /usr/lib/systemd/system-generators/cloud-init-generator %{_unitdir}/cloud-init-hotplugd.service %{_unitdir}/cloud-init-hotplugd.socket -%{_unitdir}/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf +%config(noreplace) %{_unitdir}/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf %{_tmpfilesdir}/%{name}.conf %{python3_sitelib}/* %{_libexecdir}/%{name} @@ -235,13 +264,40 @@ fi %changelog -* Mon Jul 14 2025 Craig Guiller - 24.4-3.2 +* Wed Feb 04 2026 EL Errata - 24.4-6.0.1.el10_1.1 +- NetworkManagerActivator brings up interface failed when using sysconfig renderer [RHEL-18981] +- Include module cc_write_files_deferred in config template [Orabug: 36959464] +- Fix Oracle Datasource network, getdata methods and increase retries [Orabug: 37065979] +- Fix log file permission [Orabug: 35302969] +- Update detection logic for OL distros in config template [Orabug: 34845400] +- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938] +- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938] +- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] +- limit permissions [Orabug: 31352433] +- Changes to ignore all enslaved interfaces [Orabug: 30092148] +- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch: + 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata + 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader + Resolves: Oracle-Bug:41660 (Bugzilla) +- added OL to list of known distros + +* Wed Dec 10 2025 Miroslav Rezanina - 24.4-6.el10_1.1 +- ci-downstream-Do-not-override-changes-in-disable-sshd-k.patch [RHEL-128905] +- Resolves: RHEL-128905 + ([rhel-10] cloud-init upgrade is overwriting modifications in disable-sshd-keygen-if-cloud-init-active.conf [rhel-10.1.z]) + +* Fri Jul 04 2025 Miroslav Rezanina - 24.4-6 - ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100617] - ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch [RHEL-100617] - Resolves: RHEL-100617 (CVE-2024-6174 cloud-init: From CVEorg collector [rhel-10.1]) -* Wed Jul 02 2025 David Sloboda - 24.4-3.1 +* Mon May 12 2025 Miroslav Rezanina - 24.4-5 +- ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch [RHEL-88659] +- Resolves: RHEL-88659 + (cloudinit backport optimization features on Alibaba Cloud) + +* Tue Mar 18 2025 Miroslav Rezanina - 24.4-4 - ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch [RHEL-81896] - Resolves: RHEL-81896 (DataSourceNoCloudNet network configuration is ineffective [rhel-10]) @@ -488,3 +544,4 @@ fi * Wed Feb 16 2022 Charalampos Stratakis - 21.3-6 - Remove redundant dependencies on nose and mock + diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 1ef7242..0000000 --- a/gating.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- !Policy -product_versions: - - rhel-10 -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: 3rd-azure-ci.brew-build.tier1.functional} - - !PassingTestCaseRule {test_case_name: 3rd-esxi-x86_64.brew-build.tier1.functional} - - !PassingTestCaseRule {test_case_name: s1-aws-ci.brew-build.tier1.functional} - - !PassingTestCaseRule {test_case_name: 3rd-openstack-cloudinit-ci.brew-build.tier1.functional} diff --git a/ignore-enslaved-interface.patch b/ignore-enslaved-interface.patch new file mode 100644 index 0000000..cfefbe4 --- /dev/null +++ b/ignore-enslaved-interface.patch @@ -0,0 +1,44 @@ +From e7aba0f0ccd6f023667f41385f25044a94428ed3 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 05:56:06 -0800 +Subject: [PATCH] ignore enslaved interface + + Changes to ignore all enslaved interfaces. + https://jira.oci.oraclecorp.com/browse/LINUX-1947 + + Orabug: 30092148 + + Signed-off-by: Si-Wei Liu + Signed-off-by: Darren Archibald +--- + cloudinit/net/__init__.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py +index c0888f5..b093796 100644 +--- a/cloudinit/net/__init__.py ++++ b/cloudinit/net/__init__.py +@@ -335,6 +335,10 @@ def is_netfail_standby(devname, driver=None): + return True + + ++def is_slave(devname): ++ return os.path.exists(sys_dev_path(devname, "master")) ++ ++ + def is_renamed(devname): + """ + /* interface name assignment types (sysfs name_assign_type attribute) */ +@@ -1054,6 +1058,9 @@ def get_interfaces( + if is_bridge(name): + filtered_logger("Ignoring bridge interface: %s", name) + continue ++ if is_slave(name): ++ filtered_logger("Ignoring bridge interface: %s", name) ++ continue + if filter_vlan and is_vlan(name): + continue + if is_bond(name): +-- +2.31.1 + diff --git a/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch b/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch new file mode 100644 index 0000000..c8b89d8 --- /dev/null +++ b/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch @@ -0,0 +1,26 @@ +From 8735577c8a683407e94abed0cfccc3aacbb9aa47 Mon Sep 17 00:00:00 2001 +From: Si-Wei Liu +Date: Wed, 10 Jun 2020 20:59:29 -0400 +Subject: [PATCH] sysconfig: add Oracle Linux variant to known distros + +otherwise anything sysconfig breaks on Oracle Linux. + +JIRA: https://jira.oci.oraclecorp.com/browse/LINUX-6128 + +Signed-off-by: Si-Wei Liu +--- + cloudinit/net/sysconfig.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index e94590f..55b7db5 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -35,6 +35,7 @@ + "suse", + "TencentOS", + "virtuozzo", ++ "ol", + ] + + diff --git a/orabug30435672-003-cloud-init-collect-logs.patch b/orabug30435672-003-cloud-init-collect-logs.patch new file mode 100644 index 0000000..4a82f7e --- /dev/null +++ b/orabug30435672-003-cloud-init-collect-logs.patch @@ -0,0 +1,72 @@ +From c6d9e755b6233e98764678bb86a1bc45df168df2 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Thu, 29 Aug 2024 04:00:14 -0700 +Subject: [PATCH] Update cloud-init collect-logs for Oracle Linux + +Updating the code to collect triage logs with OL distro specic methods. + +Orabug: 30435672 + +Signed-off-by: Vijay Balakrishna +Reviewed-by: Si-Wei Liu +Acked-by: Joe Kennedy +Reviewed-by: Laurence Rochfort +Signed-off-by: Rajesh Harekal + +diff -urN a/cloudinit/cmd/devel/logs.py b/cloudinit/cmd/devel/logs.py +--- a/cloudinit/cmd/devel/logs.py 2025-01-27 15:12:24.357097951 -0800 ++++ b/cloudinit/cmd/devel/logs.py 2025-01-27 15:50:44.097173379 -0800 +@@ -21,7 +21,7 @@ + from cloudinit.stages import Init + from cloudinit.subp import ProcessExecutionError, subp + from cloudinit.temp_utils import tempdir +-from cloudinit.util import copy, get_config_logfiles, write_file ++from cloudinit.util import copy, get_config_logfiles, write_file, system_info + + LOG = cast(loggers.CustomLoggerType, logging.getLogger(__name__)) + +@@ -214,13 +214,23 @@ + file_path=log_dir / "version", + msg="cloud-init --version", + ) +- dpkg_ver = _write_command_output_to_file( +- cmd=["dpkg-query", "--show", "-f=${Version}\n", "cloud-init"], +- file_path=log_dir / "dpkg-version", +- msg="dpkg version", +- ) +- if not version: +- version = dpkg_ver or "not-available" ++ if system_info()['variant'] == "ol": ++ rpm_ver = _write_command_output_to_file( ++ cmd=["rpm", "-q", "--queryformat", ++ "[%{VERSION}-%{RELEASE}.%{ARCH}]\n", "cloud-init"], ++ file_path=log_dir / "rpm-version", ++ msg="rpm version", ++ ) ++ if not version: ++ version = rpm_ver if rpm_ver else "not-available" ++ else: ++ dpkg_ver = _write_command_output_to_file( ++ cmd=["dpkg-query", "--show", "-f=${Version}\n", "cloud-init"], ++ file_path=log_dir / "dpkg-version", ++ msg="dpkg version", ++ ) ++ if not version: ++ version = dpkg_ver if dpkg_ver else "not-available" + + + def _collect_system_logs( + +diff -urN a/cloudinit/util.py b/cloudinit/util.py +--- a/cloudinit/util.py 2025-01-27 16:02:32.019230892 -0800 ++++ b/cloudinit/util.py 2025-01-27 16:03:05.491012873 -0800 +@@ -629,6 +629,7 @@ + "suse", + "tencentos", + "virtuozzo", ++ "ol", + ): + variant = linux_dist + elif linux_dist in ("ubuntu", "linuxmint", "mint"): + diff --git a/orabug30435672-004-ol-cloud-config.patch b/orabug30435672-004-ol-cloud-config.patch new file mode 100644 index 0000000..5958b77 --- /dev/null +++ b/orabug30435672-004-ol-cloud-config.patch @@ -0,0 +1,112 @@ +From 250aa45f74e29b95f81b24811c972369605bd24e Mon Sep 17 00:00:00 2001 +From: Vijay Balakrishna +Date: Tue, 5 Nov 2019 16:00:21 -0500 +Subject: [PATCH] Add static cloud.cfg file for OL7. + +Adding OL specific cloud.cfg file to enable updates cloud-init +config file independently, adding newly verified ntp module. + +Orabug: 30435672 + +Signed-off-by: Vijay Balakrishna +Signed-off-by: Si-Wei Liu +Acked-by: Joe Kennedy +Reviewed-by: Laurence Rochfort + +--- + ol/README.ol | 6 ++++++ + ol/cloud.cfg | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 75 insertions(+) + create mode 100644 ol/README.ol + create mode 100644 ol/cloud.cfg + +diff --git a/ol/README.ol b/ol/README.ol +new file mode 100644 +index 0000000..f59d559 +--- /dev/null ++++ b/ol/README.ol +@@ -0,0 +1,6 @@ ++The following cloud-init modules are currently unsupported on this OS: ++ - apt_update_upgrade ('apt_update', 'apt_upgrade', 'apt_mirror', 'apt_preserve_sources_list', 'apt_old_mirror', 'apt_sources', 'debconf_selections', 'packages' options) ++ - byobu ('byobu_by_default' option) ++ - chef ++ - grub_dpkg ++ - rh_subscription +diff --git a/ol/cloud.cfg b/ol/cloud.cfg +new file mode 100644 +index 0000000..2ee1fb3 +--- /dev/null ++++ b/ol/cloud.cfg +@@ -0,0 +1,69 @@ ++users: ++ - default ++ ++disable_root: 1 ++ssh_pwauth: 0 ++ ++mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] ++resize_rootfs_tmp: /dev ++ssh_deletekeys: 0 ++ssh_genkeytypes: ~ ++syslog_fix_perms: ~ ++disable_vmware_customization: false ++ ++cloud_init_modules: ++ - disk_setup ++ - migrator ++ - bootcmd ++ - write-files ++ - growpart ++ - resizefs ++ - set_hostname ++ - update_hostname ++ - update_etc_hosts ++ - rsyslog ++ - users-groups ++ - ssh ++ ++cloud_config_modules: ++ - mounts ++ - locale ++ - set-passwords ++ - ntp ++ - yum-add-repo ++ - package-update-upgrade-install ++ - timezone ++ - puppet ++ - chef ++ - salt-minion ++ - mcollective ++ - disable-ec2-metadata ++ - runcmd ++ ++cloud_final_modules: ++ - rightscale_userdata ++ - scripts-per-once ++ - scripts-per-boot ++ - scripts-per-instance ++ - scripts-user ++ - ssh-authkey-fingerprints ++ - keys-to-console ++ - phone-home ++ - final-message ++ - power-state-change ++ ++system_info: ++ default_user: ++ name: cloud-user ++ lock_passwd: true ++ gecos: Cloud User ++ groups: [adm, systemd-journal] ++ sudo: ["ALL=(ALL) NOPASSWD:ALL"] ++ shell: /bin/bash ++ distro: rhel ++ paths: ++ cloud_dir: /var/lib/cloud ++ templates_dir: /etc/cloud/templates ++ ssh_svcname: sshd ++ ++# vim:syntax=yaml +-- +1.8.3.1 + diff --git a/orabug30435672-006-cc_spacewalk.py.patch b/orabug30435672-006-cc_spacewalk.py.patch new file mode 100644 index 0000000..0130c01 --- /dev/null +++ b/orabug30435672-006-cc_spacewalk.py.patch @@ -0,0 +1,51 @@ +From 2b92e042bb8a4510abec38fcfc302d8de1e28f37 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 06:55:32 -0800 +Subject: [PATCH] spacewalk: fix CA cert file path for Oracle Linux + +Update the CA cert file that is available in Oracle Linux to register with ULN. + +Orabug: 30435672 + +Signed-off-by: Si-Wei Liu +Signed-off-by: Vijay Balakrishna +Acked-by: Joe Kennedy +Reviewed-by: Laurence Rochfort +Signed-off-by: Darren Archibald +Signed-off-by: Rajesh Harekal + +diff -urN a/cloudinit/config/cc_spacewalk.py b/cloudinit/config/cc_spacewalk.py +--- a/cloudinit/config/cc_spacewalk.py 2025-01-28 10:51:15.364254013 -0800 ++++ b/cloudinit/config/cc_spacewalk.py 2025-01-28 10:53:56.899893366 -0800 +@@ -3,7 +3,7 @@ + + import logging + +-from cloudinit import subp ++from cloudinit import subp, util + from cloudinit.cloud import Cloud + from cloudinit.config import Config + from cloudinit.config.schema import MetaSchema +@@ -21,6 +21,7 @@ + distros = ["redhat", "fedora", "openeuler"] + required_packages = ["rhn-setup"] + def_ca_cert_path = "/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" ++ol_ca_cert_path = "/usr/share/rhn/ULN-CA-CERT" + + + def is_registered(): +@@ -74,9 +75,14 @@ + # Need to have this installed before further things will work. + cloud.distro.install_packages(required_packages) + if not is_registered(): ++ if util.system_info()['variant'] == "ol": ++ cert = ol_ca_cert_path ++ else: ++ cert = def_ca_cert_path + do_register( + spacewalk_server, + cloud.datasource.get_hostname(fqdn=True).hostname, ++ ca_cert_path=cert, + proxy=cfg.get("proxy"), + activation_key=cfg.get("activation_key"), + ) diff --git a/orabug32183938-009-missing-sshd-services.patch b/orabug32183938-009-missing-sshd-services.patch new file mode 100644 index 0000000..fc78fa2 --- /dev/null +++ b/orabug32183938-009-missing-sshd-services.patch @@ -0,0 +1,31 @@ +cloud-init service file is missing sshd required services +Orabug: 32183938 + +in the systemd sshd-keygen.target file, the following services are listed: +[Unit] +Wants=sshd-keygen@rsa.service +Wants=sshd-keygen@ecdsa.service +Wants=sshd-keygen@ed25519.service + +Need to add the following to the cloud-init service file: +Before=sshd-keygen@rsa.service +Before=sshd-keygen@ecdsa.service +Before=sshd-keygen@ed25519.service + +Signed-off-by: Isaac Chen +Signed-off-by: Rajesh Harekal + +diff -urN cloud-init-24.4/systemd/cloud-init.service.tmpl.orig cloud-init-24.4/systemd/cloud-init.service.tmpl +--- cloud-init-24.4/systemd/cloud-init.service.tmpl 2025-01-28 11:13:57.339346352 -0800 ++++ cloud-init-24.4/systemd/cloud-init.service.tmpl 2025-01-28 11:14:31.587669418 -0800 +@@ -28,7 +28,9 @@ + After=dbus.service + {% endif %} + Before=network-online.target +-Before=sshd-keygen.service ++Before=sshd-keygen@rsa.service ++Before=sshd-keygen@ecdsa.service ++Before=sshd-keygen@ed25519.service + Before=sshd.service + Before=systemd-user-sessions.service + {% if variant in ["ubuntu", "unknown", "debian"] %} diff --git a/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch b/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch new file mode 100644 index 0000000..7cb4fb0 --- /dev/null +++ b/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch @@ -0,0 +1,22 @@ +cloud-init service file is missing sshd required services +Orabug: 32183938 + +This patch is the supplement of patch orabug32183938-009, where changes +to cloud-init.service also need to be added to files in rhel/systemd. + +Signed-off-by: Isaac Chen + +diff -up cloud-init-19.4/systemd/cloud-init.service.tmpl.orig cloud-init-19.4/systemd/cloud-init.service.tmpl +--- cloud-init-19.4/systemd/cloud-init.service.tmpl.orig 2020-12-11 19:59:37.331277979 -0800 ++++ cloud-init-19.4/systemd/cloud-init.service.tmpl 2020-12-11 20:00:38.867459043 -0800 +@@ -5,7 +5,9 @@ + DefaultDependencies=no + {% endif %} + Wants=cloud-init-local.service +-Wants=sshd-keygen.service ++Wants=sshd-keygen@rsa.service ++Wants=sshd-keygen@ecdsa.service ++Wants=sshd-keygen@ed25519.service + Wants=sshd.service + After=cloud-init-local.service + After=systemd-networkd-wait-online.service diff --git a/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch b/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch new file mode 100644 index 0000000..9909a4b --- /dev/null +++ b/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch @@ -0,0 +1,267 @@ +From 1042542db662f362fc74469e1c24df4eb08bf346 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Thu, 29 Aug 2024 04:26:17 -0700 +Subject: [PATCH] Add Oracle to distro detection logic in cloud.cfg.tmpl + +Oracle Linux is being detected as "ol" variant by cloud-init. +This patch adds "ol" to the list of supported variants, and applies needed settings to it. +You can notice that variant "ol" is being set as distro "rhel" in a couple of places, +that is expected as this designated that base distro for "ol" is "rhel" ( which is true ) + +The main reason for this change is that cloud-init package dropped hardcoded configs that set OL as rhel +and to make cloud-init behave on OL systems as expected we need to add "ol" designation to supported list. + +Orabug: 34845400 +Signed-off-by: Alex Burmashev +Signed-off-by: Darren Archibald +--- + cloudinit/distros/__init__.py | 1 + + cloudinit/sources/DataSourceRbxCloud.py | 2 +- + config/cloud.cfg.tmpl | 43 +++++++++++++++++-------- + systemd/cloud-final.service | 4 ++- + systemd/cloud-init-local.service.tmpl | 12 ++++--- + systemd/cloud-init.service.tmpl | 8 +++-- + systemd/cloud-init-generator.tmpl | 1 +++-- + tests/unittests/test_util.py | 1 + + 7 files changed, 50 insertions(+), 21 deletions(-) + +diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py +index 9c4d6b2..47629c6 100644 +--- a/cloudinit/distros/__init__.py ++++ b/cloudinit/distros/__init__.py +@@ -79,6 +79,7 @@ OSFAMILIES = { + "rhel", + "rocky", + "virtuozzo", ++ "ol", + ], + "suse": [ + "opensuse", +diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py +index 6729e84..2265ddb 100644 +--- a/cloudinit/sources/DataSourceRbxCloud.py ++++ b/cloudinit/sources/DataSourceRbxCloud.py +@@ -60,7 +60,7 @@ def _sub_arp(cmd): + + def gratuitous_arp(items, distro): + source_param = "-S" +- if distro.name in ["fedora", "centos", "rhel"]: ++ if distro.name in ["fedora", "centos", "rhel", "ol"]: + source_param = "-s" + for item in items: + try: +diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl +index a470120..f440830 100644 +--- a/config/cloud.cfg.tmpl ++++ b/config/cloud.cfg.tmpl +@@ -59,10 +59,10 @@ + {% endif %} + + {%- if variant in ["alpine", "amazon", "fedora", "OpenCloudOS", "openeuler", +- "openmandriva", "photon", "TencentOS"] or is_rhel %} ++ "openmandriva", "photon", "TencentOS", "ol"] or is_rhel %} + +-{% if is_rhel %} +-mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.after=cloud-init-network.service,_netdev', '0', '2'] ++{% if variant in ["ol"] or is_rhel %} ++mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.after=cloud-init.service,_netdev', '0', '2'] + {% else %} + mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2'] + {% endif %} +@@ -166,18 +166,20 @@ + - ubuntu_pro + {% endif %} + {% elif variant in ["azurelinux", "fedora", "mariner", "openeuler", +- "openmandriva", "photon"] or is_rhel %} ++ "openmandriva", "photon", "ol"] or is_rhel %} + {% if is_rhel %} + - rh_subscription + {% endif %} +-{% if variant not in ["azurelinux", "mariner", "photon"] %} ++{% if variant not in ["azurelinux", "mariner", "photon", "ol"] %} + - spacewalk + {% endif %} + - yum_add_repo + {% elif variant == "suse" %} + - zypper_add_repo + {% endif %} ++{% if variant not in ["ol"] %} + - ntp ++{% endif %} + - timezone + {% if variant not in ["azurelinux"] %} + - disable_ec2_metadata +@@ -207,6 +209,8 @@ + {% if variant not in ["azurelinux"] %} + - mcollective + - salt_minion ++{% endif %} ++{% if variant not in ["azurelinux", "ol"] %} + - reset_rmc + {% endif %} + - scripts_vendor +@@ -230,6 +234,8 @@ + "OpenCloudOS", "openeuler", "openmandriva", "photon", "suse", + "TencentOS", "ubuntu"] or is_rhel %} + distro: {{ variant }} ++{% elif variant == "ol" %} ++ distro: rhel + {% elif variant == "dragonfly" %} + distro: dragonflybsd + {% else %} +@@ -238,7 +244,9 @@ + {% endif %} + # Default user name + that default users groups (if added/used) + default_user: +-{% if variant in usernames %} ++{% if variant == "ol" %} ++ name: cloud-user ++{% elif variant in usernames %} + name: {{ usernames[variant] }} + {% else %} + name: {{ variant }} +@@ -246,11 +254,13 @@ + {% if variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "debian", "fedora", + "gentoo", "mariner", "OpenCloudOS", "openeuler", + "openmandriva", "photon", "suse", "TencentOS", "ubuntu", +- "unknown"] ++ "unknown", "ol"] + or is_bsd or is_rhel %} + lock_passwd: True + {% endif %} +-{% if variant in gecos %} ++{% if variant == "ol" %} ++ gecos: Cloud User ++{% elif variant in gecos %} + gecos: {{ gecos[variant] }} + {% else %} + gecos: {{ variant }} Cloud User +@@ -328,7 +338,7 @@ + {% if variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "debian", "fedora", + "gentoo", "mariner", "OpenCloudOS", "openeuler", + "openmandriva", "photon", "suse", "TencentOS", "ubuntu", +- "unknown"] ++ "unknown", "ol"] + or is_rhel %} + # Other config here will be given to the distro class and/or path classes + paths: +@@ -375,7 +385,7 @@ + ssh_svcname: ssh + {% elif variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "fedora", + "gentoo", "mariner", "OpenCloudOS", "openeuler", +- "openmandriva", "photon", "suse", "TencentOS"] ++ "openmandriva", "photon", "suse", "TencentOS", "ol"] + or is_rhel %} + ssh_svcname: sshd + {% endif %} + +diff --git a/systemd/cloud-final.service b/systemd/cloud-final.service +index ab3daed..1c69dde 100644 +--- a/systemd/cloud-final.service ++++ b/systemd/cloud-final.service +@@ -3,7 +3,6 @@ + Description=Cloud-init: Final Stage + After=network-online.target time-sync.target cloud-config.service rc-local.service + After=multi-user.target +-Before=apt-daily.service + Wants=network-online.target cloud-config.service + ConditionPathExists=!/etc/cloud/cloud-init.disabled + ConditionKernelCommandLine=!cloud-init=disabled + +diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl +index 3a1ca7f..4750c36 100644 +--- a/systemd/cloud-init-local.service.tmpl ++++ b/systemd/cloud-init-local.service.tmpl +@@ -2,19 +2,21 @@ + [Unit] + # https://docs.cloud-init.io/en/latest/explanation/boot.html + Description=Cloud-init: Local Stage (pre-network) +-{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel"] %} ++{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel", "ol"] %} + DefaultDependencies=no + {% endif %} + Wants=network-pre.target ++{% if variant not in ["ol"] %} + After=hv_kvp_daemon.service +-{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ++{% endif %} ++{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} + Requires=dbus.socket + After=dbus.socket + {% endif %} + After=systemd-remount-fs.service + Before=network-pre.target + Before=shutdown.target +-{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ++{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} + Before=firewalld.target + {% endif %} + {% if variant in ["ubuntu", "unknown", "debian"] %} +@@ -28,7 +30,7 @@ + + [Service] + Type=oneshot +-{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ++{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} + ExecStartPre=/sbin/restorecon /run/cloud-init + {% endif %} + ExecStart=/usr/bin/cloud-init init --local +diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl +index 90d45f2..2e1ce48 100644 +--- a/systemd/cloud-init.service.tmpl ++++ b/systemd/cloud-init.service.tmpl +@@ -2,7 +2,7 @@ + [Unit] + # https://docs.cloud-init.io/en/latest/explanation/boot.html + Description=Cloud-init: Network Stage +-{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %} ++{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel", "ol"] %} + DefaultDependencies=no + {% endif %} + Wants=cloud-init-local.service +@@ -11,13 +11,15 @@ + Wants=sshd-keygen@ed25519.service + Wants=sshd.service + After=cloud-init-local.service ++{% if variant not in ["ol"] %} + After=systemd-networkd-wait-online.service ++{% endif %} + {% if variant in ["ubuntu", "unknown", "debian"] %} + After=networking.service + {% endif %} + {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", + "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", +- "suse", "TencentOS", "virtuozzo"] %} ++ "suse", "TencentOS", "virtuozzo", "ol"] %} + + After=NetworkManager.service + After=NetworkManager-wait-online.service + +diff --git a/systemd/cloud-init-generator.tmpl b/systemd/cloud-init-generator.tmpl +--- a/systemd/cloud-init-generator.tmpl ++++ b/systemd/cloud-init-generator.tmpl +@@ -21,7 +21,7 @@ + CLOUD_SYSTEM_TARGET="/lib/systemd/system/cloud-init.target" + {% endif %} + {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", +- "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo"] %} ++ "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo", "ol"] %} + dsidentify="/usr/libexec/cloud-init/ds-identify" + {% elif variant == "benchmark" %} + dsidentify="/bin/true" + +diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py +index b534a1a..49087ad 100644 +--- a/tests/unittests/test_util.py ++++ b/tests/unittests/test_util.py +@@ -1334,6 +1334,7 @@ class TestGetVariant: + ({"system": "linux", "dist": ("sles",)}, "suse"), + ({"system": "linux", "dist": ("sle_hpc",)}, "suse"), + ({"system": "linux", "dist": ("my_distro",)}, "linux"), ++ ({"system": "linux", "dist": ("ol",)}, "ol"), + ({"system": "Windows", "dist": ("dontcare",)}, "windows"), + ({"system": "Darwin", "dist": ("dontcare",)}, "darwin"), + ({"system": "Freebsd", "dist": ("dontcare",)}, "freebsd"), +-- +2.31.1 + diff --git a/orabug37065979-DataSourceOracle-network-getdata-retries.patch b/orabug37065979-DataSourceOracle-network-getdata-retries.patch new file mode 100644 index 0000000..5a2835e --- /dev/null +++ b/orabug37065979-DataSourceOracle-network-getdata-retries.patch @@ -0,0 +1,115 @@ +Patch to adapt DataSourceOracle and make it functional for OCI. +Also includes setting for retries and timeouts previously provided by +a separate patch to help PCA instances get IMDS data. + +Orabug: 37065979 + +Signed-off-by: Rajesh Harekal +--- +diff -git a/cloudinit/sources/DataSourceOracle.py b/cloudinit/sources/DataSourceOracle.py +--- a/cloudinit/sources/DataSourceOracle.py 2025-03-07 16:04:37.773216485 -0800 ++++ a/cloudinit/sources/DataSourceOracle.py 2025-03-07 16:32:33.174574170 -0800 +@@ -15,6 +15,7 @@ + + import base64 + import ipaddress ++import os + import json + import logging + import time +@@ -32,6 +33,8 @@ + + LOG = logging.getLogger(__name__) + ++ISCSI_IBFT_PATH='/sys/firmware/acpi/tables/iBFT' ++ + BUILTIN_DS_CONFIG = { + # Don't use IMDS to configure secondary NICs by default + "configure_secondary_nics": False, +@@ -135,8 +138,8 @@ + perform_dhcp_setup = True + + # Careful...these can be overridden in __init__ +- url_max_wait = 30 +- url_timeout = 5 ++ url_max_wait = 180 ++ url_timeout = 20 + + def __init__(self, sys_cfg, *args, **kwargs): + super(DataSourceOracle, self).__init__(sys_cfg, *args, **kwargs) +@@ -149,7 +152,7 @@ + ] + ) + self._network_config_source = KlibcOracleNetworkConfigSource() +- self._network_config: dict = {"config": [], "version": 1} ++ self._network_config = sources.UNSET + + url_params = self.get_url_params() + self.url_max_wait = url_params.max_wait_seconds +@@ -274,7 +277,7 @@ + + def _is_iscsi_root(self) -> bool: + """Return whether we are on a iscsi machine.""" +- return self._network_config_source.is_applicable() ++ return self._network_config_source.is_applicable() or bool(os.path.exists(ISCSI_IBFT_PATH)) + + def _get_iscsi_config(self) -> dict: + return self._network_config_source.render_config() +@@ -294,34 +297,31 @@ + + set_primary = False + # this is v1 +- if self._is_iscsi_root(): +- self._network_config = self._get_iscsi_config() +- if not self._has_network_config(): +- LOG.warning( +- "Could not obtain network configuration from initramfs. " +- "Falling back to IMDS." ++ if self._network_config == sources.UNSET: ++ # this is v1 ++ if not self._has_network_config(): ++ self._network_config = self.distro.generate_fallback_config() ++ set_primary = True ++ ++ set_secondary = self.ds_cfg.get( ++ "configure_secondary_nics", ++ BUILTIN_DS_CONFIG["configure_secondary_nics"], + ) +- set_primary = True +- +- set_secondary = self.ds_cfg.get( +- "configure_secondary_nics", +- BUILTIN_DS_CONFIG["configure_secondary_nics"], +- ) +- if set_primary or set_secondary: +- try: +- # Mutate self._network_config to include primary and/or +- # secondary VNICs +- self._add_network_config_from_opc_imds(set_primary) +- except Exception: +- util.logexc( +- LOG, +- "Failed to parse IMDS network configuration!", +- ) ++ if set_primary or set_secondary: ++ try: ++ # Mutate self._network_config to include primary and/or ++ # secondary VNICs ++ self._add_network_config_from_opc_imds(set_primary) ++ except Exception: ++ util.logexc( ++ LOG, ++ "Failed to parse IMDS network configuration!", ++ ) + +- # we need to verify that the nic selected is not a netfail over +- # device and, if it is a netfail master, then we need to avoid +- # emitting any match by mac +- _ensure_netfailover_safe(self._network_config) ++ # we need to verify that the nic selected is not a netfail over ++ # device and, if it is a netfail master, then we need to avoid ++ # emitting any match by mac ++ _ensure_netfailover_safe(self._network_config) + + return self._network_config +