commit 941cd94f856a4c02d79d723bba822c4efe0262d8 Author: CentOS Sources Date: Fri May 21 10:11:36 2021 +0000 import cloud-init-20.3-10.el8_4.3 diff --git a/.cloud-init.metadata b/.cloud-init.metadata new file mode 100644 index 0000000..245563f --- /dev/null +++ b/.cloud-init.metadata @@ -0,0 +1 @@ +cbde66f717b7883c4ab64b145042de54f131afab SOURCES/cloud-init-20.3.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e8608c9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/cloud-init-20.3.tar.gz diff --git a/SOURCES/0001-Add-initial-redhat-setup.patch b/SOURCES/0001-Add-initial-redhat-setup.patch new file mode 100644 index 0000000..6f85c2d --- /dev/null +++ b/SOURCES/0001-Add-initial-redhat-setup.patch @@ -0,0 +1,546 @@ +From 25ea7a28d69518319ae1ed1b3cd510147868fd29 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:49:36 +0200 +Subject: Add initial redhat setup + +Rebase notes (18.5): +- added bash_completition file +- added cloud-id file + +Merged patches (20.3): +- 01900d0 changing ds-identify patch from /usr/lib to /usr/libexec +- 7f47ca3 Render the generator from template instead of cp + +Merged patches (19.4): +- 4ab5a61 Fix for network configuration not persisting after reboot +- 84cf125 Removing cloud-user from wheel +- 31290ab Adding gating tests for Azure, ESXi and AWS + +Merged patches (18.5): +- 2d6b469 add power-state-change module to cloud_final_modules +- 764159f Adding systemd mount options to wait for cloud-init +- da4d99e Adding disk_setup to rhel/cloud.cfg +- f5c6832 Enable cloud-init by default on vmware + +Conflicts: +cloudinit/config/cc_chef.py: + - Updated header documentation text + - Replacing double quotes by simple quotes + +setup.py: + - Adding missing cmdclass info + +Signed-off-by: Eduardo Otubo +--- + .gitignore | 1 + + cloudinit/config/cc_chef.py | 67 ++++- + cloudinit/settings.py | 7 +- + redhat/.gitignore | 1 + + redhat/Makefile | 71 +++++ + redhat/Makefile.common | 37 +++ + redhat/cloud-init-tmpfiles.conf | 1 + + redhat/cloud-init.spec.template | 517 ++++++++++++++++++++++++++++++++++ + redhat/gating.yaml | 9 + + redhat/rpmbuild/BUILD/.gitignore | 3 + + redhat/rpmbuild/RPMS/.gitignore | 3 + + redhat/rpmbuild/SOURCES/.gitignore | 3 + + redhat/rpmbuild/SPECS/.gitignore | 3 + + redhat/rpmbuild/SRPMS/.gitignore | 3 + + redhat/scripts/frh.py | 27 ++ + redhat/scripts/git-backport-diff | 327 +++++++++++++++++++++ + redhat/scripts/git-compile-check | 215 ++++++++++++++ + redhat/scripts/process-patches.sh | 77 +++++ + redhat/scripts/tarball_checksum.sh | 3 + + rhel/README.rhel | 5 + + rhel/cloud-init-tmpfiles.conf | 1 + + rhel/cloud.cfg | 69 +++++ + rhel/systemd/cloud-config.service | 18 ++ + rhel/systemd/cloud-config.target | 11 + + rhel/systemd/cloud-final.service | 19 ++ + rhel/systemd/cloud-init-local.service | 31 ++ + rhel/systemd/cloud-init.service | 25 ++ + rhel/systemd/cloud-init.target | 7 + + setup.py | 23 +- + tools/read-version | 28 +- + 30 files changed, 1562 insertions(+), 50 deletions(-) + create mode 100644 redhat/.gitignore + create mode 100644 redhat/Makefile + create mode 100644 redhat/Makefile.common + create mode 100644 redhat/cloud-init-tmpfiles.conf + create mode 100644 redhat/cloud-init.spec.template + create mode 100644 redhat/gating.yaml + create mode 100644 redhat/rpmbuild/BUILD/.gitignore + create mode 100644 redhat/rpmbuild/RPMS/.gitignore + create mode 100644 redhat/rpmbuild/SOURCES/.gitignore + create mode 100644 redhat/rpmbuild/SPECS/.gitignore + create mode 100644 redhat/rpmbuild/SRPMS/.gitignore + create mode 100755 redhat/scripts/frh.py + create mode 100755 redhat/scripts/git-backport-diff + create mode 100755 redhat/scripts/git-compile-check + create mode 100755 redhat/scripts/process-patches.sh + create mode 100755 redhat/scripts/tarball_checksum.sh + create mode 100644 rhel/README.rhel + create mode 100644 rhel/cloud-init-tmpfiles.conf + create mode 100644 rhel/cloud.cfg + create mode 100644 rhel/systemd/cloud-config.service + create mode 100644 rhel/systemd/cloud-config.target + create mode 100644 rhel/systemd/cloud-final.service + create mode 100644 rhel/systemd/cloud-init-local.service + create mode 100644 rhel/systemd/cloud-init.service + create mode 100644 rhel/systemd/cloud-init.target + +diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py +index aaf7136..97ef649 100644 +--- a/cloudinit/config/cc_chef.py ++++ b/cloudinit/config/cc_chef.py +@@ -6,7 +6,70 @@ + # + # This file is part of cloud-init. See LICENSE file for license information. + +-"""Chef: module that configures, starts and installs chef.""" ++""" ++Chef ++---- ++**Summary:** module that configures, starts and installs chef. ++ ++This module enables chef to be installed (from packages or ++from gems, or from omnibus). Before this occurs chef configurations are ++written to disk (validation.pem, client.pem, firstboot.json, client.rb), ++and needed chef folders/directories are created (/etc/chef and /var/log/chef ++and so-on). Then once installing proceeds correctly if configured chef will ++be started (in daemon mode or in non-daemon mode) and then once that has ++finished (if ran in non-daemon mode this will be when chef finishes ++converging, if ran in daemon mode then no further actions are possible since ++chef will have forked into its own process) then a post run function can ++run that can do finishing activities (such as removing the validation pem ++file). ++ ++**Internal name:** ``cc_chef`` ++ ++**Module frequency:** per always ++ ++**Supported distros:** all ++ ++**Config keys**:: ++ ++ chef: ++ directories: (defaulting to /etc/chef, /var/log/chef, /var/lib/chef, ++ /var/cache/chef, /var/backups/chef, /run/chef) ++ validation_cert: (optional string to be written to file validation_key) ++ special value 'system' means set use existing file ++ validation_key: (optional the path for validation_cert. default ++ /etc/chef/validation.pem) ++ firstboot_path: (path to write run_list and initial_attributes keys that ++ should also be present in this configuration, defaults ++ to /etc/chef/firstboot.json) ++ exec: boolean to run or not run chef (defaults to false, unless ++ a gem installed is requested ++ where this will then default ++ to true) ++ ++ chef.rb template keys (if falsey, then will be skipped and not ++ written to /etc/chef/client.rb) ++ ++ chef: ++ client_key: ++ encrypted_data_bag_secret: ++ environment: ++ file_backup_path: ++ file_cache_path: ++ json_attribs: ++ log_level: ++ log_location: ++ node_name: ++ omnibus_url: ++ omnibus_url_retries: ++ omnibus_version: ++ pid_file: ++ server_url: ++ show_time: ++ ssl_verify_mode: ++ validation_cert: ++ validation_key: ++ validation_name: ++""" + + import itertools + import json +@@ -31,7 +94,7 @@ CHEF_DIRS = tuple([ + '/var/lib/chef', + '/var/cache/chef', + '/var/backups/chef', +- '/var/run/chef', ++ '/run/chef', + ]) + REQUIRED_CHEF_DIRS = tuple([ + '/etc/chef', +diff --git a/cloudinit/settings.py b/cloudinit/settings.py +index ca4ffa8..3a04a58 100644 +--- a/cloudinit/settings.py ++++ b/cloudinit/settings.py +@@ -46,13 +46,16 @@ CFG_BUILTIN = { + ], + 'def_log_file': '/var/log/cloud-init.log', + 'log_cfgs': [], +- 'syslog_fix_perms': ['syslog:adm', 'root:adm', 'root:wheel', 'root:root'], ++ 'mount_default_fields': [None, None, 'auto', 'defaults,nofail', '0', '2'], ++ 'ssh_deletekeys': False, ++ 'ssh_genkeytypes': [], ++ 'syslog_fix_perms': [], + 'system_info': { + 'paths': { + 'cloud_dir': '/var/lib/cloud', + 'templates_dir': '/etc/cloud/templates/', + }, +- 'distro': 'ubuntu', ++ 'distro': 'rhel', + 'network': {'renderers': None}, + }, + 'vendor_data': {'enabled': True, 'prefix': []}, +diff --git a/rhel/README.rhel b/rhel/README.rhel +new file mode 100644 +index 0000000..aa29630 +--- /dev/null ++++ b/rhel/README.rhel +@@ -0,0 +1,5 @@ ++The following cloud-init modules are currently unsupported on this OS: ++ - apt_update_upgrade ('apt_update', 'apt_upgrade', 'apt_mirror', 'apt_preserve_sources_list', 'apt_old_mirror', 'apt_sources', 'debconf_selections', 'packages' options) ++ - byobu ('byobu_by_default' option) ++ - chef ++ - grub_dpkg +diff --git a/rhel/cloud-init-tmpfiles.conf b/rhel/cloud-init-tmpfiles.conf +new file mode 100644 +index 0000000..0c6d2a3 +--- /dev/null ++++ b/rhel/cloud-init-tmpfiles.conf +@@ -0,0 +1 @@ ++d /run/cloud-init 0700 root root - - +diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg +new file mode 100644 +index 0000000..82e8bf6 +--- /dev/null ++++ b/rhel/cloud.cfg +@@ -0,0 +1,69 @@ ++users: ++ - default ++ ++disable_root: 1 ++ssh_pwauth: 0 ++ ++mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] ++resize_rootfs_tmp: /dev ++ssh_deletekeys: 0 ++ssh_genkeytypes: ~ ++syslog_fix_perms: ~ ++disable_vmware_customization: false ++ ++cloud_init_modules: ++ - disk_setup ++ - migrator ++ - bootcmd ++ - write-files ++ - growpart ++ - resizefs ++ - set_hostname ++ - update_hostname ++ - update_etc_hosts ++ - rsyslog ++ - users-groups ++ - ssh ++ ++cloud_config_modules: ++ - mounts ++ - locale ++ - set-passwords ++ - rh_subscription ++ - yum-add-repo ++ - package-update-upgrade-install ++ - timezone ++ - puppet ++ - chef ++ - salt-minion ++ - mcollective ++ - disable-ec2-metadata ++ - runcmd ++ ++cloud_final_modules: ++ - rightscale_userdata ++ - scripts-per-once ++ - scripts-per-boot ++ - scripts-per-instance ++ - scripts-user ++ - ssh-authkey-fingerprints ++ - keys-to-console ++ - phone-home ++ - final-message ++ - power-state-change ++ ++system_info: ++ default_user: ++ name: cloud-user ++ lock_passwd: true ++ gecos: Cloud User ++ groups: [adm, systemd-journal] ++ sudo: ["ALL=(ALL) NOPASSWD:ALL"] ++ shell: /bin/bash ++ distro: rhel ++ paths: ++ cloud_dir: /var/lib/cloud ++ templates_dir: /etc/cloud/templates ++ ssh_svcname: sshd ++ ++# vim:syntax=yaml +diff --git a/rhel/systemd/cloud-config.service b/rhel/systemd/cloud-config.service +new file mode 100644 +index 0000000..f3dcd4b +--- /dev/null ++++ b/rhel/systemd/cloud-config.service +@@ -0,0 +1,18 @@ ++[Unit] ++Description=Apply the settings specified in cloud-config ++After=network-online.target cloud-config.target ++Wants=network-online.target cloud-config.target ++ConditionPathExists=!/etc/cloud/cloud-init.disabled ++ConditionKernelCommandLine=!cloud-init=disabled ++ ++[Service] ++Type=oneshot ++ExecStart=/usr/bin/cloud-init modules --mode=config ++RemainAfterExit=yes ++TimeoutSec=0 ++ ++# Output needs to appear in instance console output ++StandardOutput=journal+console ++ ++[Install] ++WantedBy=cloud-init.target +diff --git a/rhel/systemd/cloud-config.target b/rhel/systemd/cloud-config.target +new file mode 100644 +index 0000000..ae9b7d0 +--- /dev/null ++++ b/rhel/systemd/cloud-config.target +@@ -0,0 +1,11 @@ ++# cloud-init normally emits a "cloud-config" upstart event to inform third ++# parties that cloud-config is available, which does us no good when we're ++# using systemd. cloud-config.target serves as this synchronization point ++# instead. Services that would "start on cloud-config" with upstart can ++# instead use "After=cloud-config.target" and "Wants=cloud-config.target" ++# as appropriate. ++ ++[Unit] ++Description=Cloud-config availability ++Wants=cloud-init-local.service cloud-init.service ++After=cloud-init-local.service cloud-init.service +diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service +new file mode 100644 +index 0000000..739b7e3 +--- /dev/null ++++ b/rhel/systemd/cloud-final.service +@@ -0,0 +1,19 @@ ++[Unit] ++Description=Execute cloud user/final scripts ++After=network-online.target cloud-config.service rc-local.service ++Wants=network-online.target cloud-config.service ++ConditionPathExists=!/etc/cloud/cloud-init.disabled ++ConditionKernelCommandLine=!cloud-init=disabled ++ ++[Service] ++Type=oneshot ++ExecStart=/usr/bin/cloud-init modules --mode=final ++RemainAfterExit=yes ++TimeoutSec=0 ++KillMode=process ++ ++# Output needs to appear in instance console output ++StandardOutput=journal+console ++ ++[Install] ++WantedBy=cloud-init.target +diff --git a/rhel/systemd/cloud-init-local.service b/rhel/systemd/cloud-init-local.service +new file mode 100644 +index 0000000..8f9f6c9 +--- /dev/null ++++ b/rhel/systemd/cloud-init-local.service +@@ -0,0 +1,31 @@ ++[Unit] ++Description=Initial cloud-init job (pre-networking) ++DefaultDependencies=no ++Wants=network-pre.target ++After=systemd-remount-fs.service ++Requires=dbus.socket ++After=dbus.socket ++Before=NetworkManager.service network.service ++Before=network-pre.target ++Before=shutdown.target ++Before=firewalld.target ++Conflicts=shutdown.target ++RequiresMountsFor=/var/lib/cloud ++ConditionPathExists=!/etc/cloud/cloud-init.disabled ++ConditionKernelCommandLine=!cloud-init=disabled ++ ++[Service] ++Type=oneshot ++ExecStartPre=/bin/mkdir -p /run/cloud-init ++ExecStartPre=/sbin/restorecon /run/cloud-init ++ExecStartPre=/usr/bin/touch /run/cloud-init/enabled ++ExecStart=/usr/bin/cloud-init init --local ++ExecStart=/bin/touch /run/cloud-init/network-config-ready ++RemainAfterExit=yes ++TimeoutSec=0 ++ ++# Output needs to appear in instance console output ++StandardOutput=journal+console ++ ++[Install] ++WantedBy=cloud-init.target +diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service +new file mode 100644 +index 0000000..d0023a0 +--- /dev/null ++++ b/rhel/systemd/cloud-init.service +@@ -0,0 +1,25 @@ ++[Unit] ++Description=Initial cloud-init job (metadata service crawler) ++Wants=cloud-init-local.service ++Wants=sshd-keygen.service ++Wants=sshd.service ++After=cloud-init-local.service ++After=NetworkManager.service network.service ++Before=network-online.target ++Before=sshd-keygen.service ++Before=sshd.service ++Before=systemd-user-sessions.service ++ConditionPathExists=!/etc/cloud/cloud-init.disabled ++ConditionKernelCommandLine=!cloud-init=disabled ++ ++[Service] ++Type=oneshot ++ExecStart=/usr/bin/cloud-init init ++RemainAfterExit=yes ++TimeoutSec=0 ++ ++# Output needs to appear in instance console output ++StandardOutput=journal+console ++ ++[Install] ++WantedBy=cloud-init.target +diff --git a/rhel/systemd/cloud-init.target b/rhel/systemd/cloud-init.target +new file mode 100644 +index 0000000..083c3b6 +--- /dev/null ++++ b/rhel/systemd/cloud-init.target +@@ -0,0 +1,7 @@ ++# cloud-init target is enabled by cloud-init-generator ++# To disable it you can either: ++# a.) boot with kernel cmdline of 'cloud-init=disabled' ++# b.) touch a file /etc/cloud/cloud-init.disabled ++[Unit] ++Description=Cloud-init target ++After=multi-user.target +diff --git a/setup.py b/setup.py +index cbacf48..d5cd01a 100755 +--- a/setup.py ++++ b/setup.py +@@ -125,14 +125,6 @@ INITSYS_FILES = { + 'sysvinit_deb': [f for f in glob('sysvinit/debian/*') if is_f(f)], + 'sysvinit_openrc': [f for f in glob('sysvinit/gentoo/*') if is_f(f)], + 'sysvinit_suse': [f for f in glob('sysvinit/suse/*') if is_f(f)], +- 'systemd': [render_tmpl(f) +- for f in (glob('systemd/*.tmpl') + +- glob('systemd/*.service') + +- glob('systemd/*.target')) +- if (is_f(f) and not is_generator(f))], +- 'systemd.generators': [ +- render_tmpl(f, mode=0o755) +- for f in glob('systemd/*') if is_f(f) and is_generator(f)], + 'upstart': [f for f in glob('upstart/*') if is_f(f)], + } + INITSYS_ROOTS = { +@@ -142,9 +134,6 @@ INITSYS_ROOTS = { + 'sysvinit_deb': 'etc/init.d', + 'sysvinit_openrc': 'etc/init.d', + 'sysvinit_suse': 'etc/init.d', +- 'systemd': pkg_config_read('systemd', 'systemdsystemunitdir'), +- 'systemd.generators': pkg_config_read('systemd', +- 'systemdsystemgeneratordir'), + 'upstart': 'etc/init/', + } + INITSYS_TYPES = sorted([f.partition(".")[0] for f in INITSYS_ROOTS.keys()]) +@@ -245,14 +234,11 @@ if not in_virtualenv(): + INITSYS_ROOTS[k] = "/" + INITSYS_ROOTS[k] + + data_files = [ +- (ETC + '/cloud', [render_tmpl("config/cloud.cfg.tmpl")]), ++ (ETC + '/bash_completion.d', ['bash_completion/cloud-init']), + (ETC + '/cloud/cloud.cfg.d', glob('config/cloud.cfg.d/*')), + (ETC + '/cloud/templates', glob('templates/*')), +- (USR_LIB_EXEC + '/cloud-init', ['tools/ds-identify', +- 'tools/uncloud-init', ++ (USR_LIB_EXEC + '/cloud-init', ['tools/uncloud-init', + 'tools/write-ssh-key-fingerprints']), +- (USR + '/share/bash-completion/completions', +- ['bash_completion/cloud-init']), + (USR + '/share/doc/cloud-init', [f for f in glob('doc/*') if is_f(f)]), + (USR + '/share/doc/cloud-init/examples', + [f for f in glob('doc/examples/*') if is_f(f)]), +@@ -263,8 +249,7 @@ if not platform.system().endswith('BSD'): + data_files.extend([ + (ETC + '/NetworkManager/dispatcher.d/', + ['tools/hook-network-manager']), +- (ETC + '/dhcp/dhclient-exit-hooks.d/', ['tools/hook-dhclient']), +- (LIB + '/udev/rules.d', [f for f in glob('udev/*.rules')]) ++ ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')]) + ]) + # Use a subclass for install that handles + # adding on the right init system configuration files +@@ -286,8 +271,6 @@ setuptools.setup( + scripts=['tools/cloud-init-per'], + license='Dual-licensed under GPLv3 or Apache 2.0', + data_files=data_files, +- install_requires=requirements, +- cmdclass=cmdclass, + entry_points={ + 'console_scripts': [ + 'cloud-init = cloudinit.cmd.main:main', +diff --git a/tools/read-version b/tools/read-version +index 02c9064..79755f7 100755 +--- a/tools/read-version ++++ b/tools/read-version +@@ -71,32 +71,8 @@ version_long = None + is_release_branch_ci = ( + os.environ.get("TRAVIS_PULL_REQUEST_BRANCH", "").startswith("upstream/") + ) +-if is_gitdir(_tdir) and which("git") and not is_release_branch_ci: +- flags = [] +- if use_tags: +- flags = ['--tags'] +- cmd = ['git', 'describe', '--abbrev=8', '--match=[0-9]*'] + flags +- +- try: +- version = tiny_p(cmd).strip() +- except RuntimeError: +- version = None +- +- if version is None or not version.startswith(src_version): +- sys.stderr.write("git describe version (%s) differs from " +- "cloudinit.version (%s)\n" % (version, src_version)) +- sys.stderr.write( +- "Please get the latest upstream tags.\n" +- "As an example, this can be done with the following:\n" +- "$ git remote add upstream https://git.launchpad.net/cloud-init\n" +- "$ git fetch upstream --tags\n" +- ) +- sys.exit(1) +- +- version_long = tiny_p(cmd + ["--long"]).strip() +-else: +- version = src_version +- version_long = None ++version = src_version ++version_long = None + + # version is X.Y.Z[+xxx.gHASH] + # version_long is None or X.Y.Z-xxx-gHASH +-- +1.8.3.1 + diff --git a/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch b/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch new file mode 100644 index 0000000..ffa06c2 --- /dev/null +++ b/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch @@ -0,0 +1,278 @@ +From d9024cd3bd3bf09b05eb75ba3d81bd15f519c9f8 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:49:46 +0200 +Subject: Do not write NM_CONTROLLED=no in generated interface config files + +Conflicts 20.3: + - Not appplying patch on cloudinit/net/sysconfig.py since it now has a +mechanism to identify if cloud-init is running on RHEL, having the +correct settings for NM_CONTROLLED. + +X-downstream-only: true +Signed-off-by: Eduardo Otubo +Signed-off-by: Ryan McCabe +--- + cloudinit/net/sysconfig.py | 2 +- + tests/unittests/test_net.py | 30 ------------------------------ + 2 files changed, 1 insertion(+), 31 deletions(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index 0a5d481..23e467d 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -277,7 +277,7 @@ class Renderer(renderer.Renderer): + # details about this) + + iface_defaults = { +- 'rhel': {'ONBOOT': True, 'USERCTL': False, 'NM_CONTROLLED': False, ++ 'rhel': {'ONBOOT': True, 'USERCTL': False, + 'BOOTPROTO': 'none'}, + 'suse': {'BOOTPROTO': 'static', 'STARTMODE': 'auto'}, + } +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 54cc846..9985a97 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -535,7 +535,6 @@ GATEWAY=172.19.3.254 + HWADDR=fa:16:3e:ed:9a:59 + IPADDR=172.19.1.34 + NETMASK=255.255.252.0 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -633,7 +632,6 @@ IPADDR=172.19.1.34 + IPADDR1=10.0.0.10 + NETMASK=255.255.252.0 + NETMASK1=255.255.255.0 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -754,7 +752,6 @@ IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64" + IPV6INIT=yes + IPV6_DEFAULTGW=2001:DB8::1 + NETMASK=255.255.252.0 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -882,7 +879,6 @@ NETWORK_CONFIGS = { + BOOTPROTO=none + DEVICE=eth1 + HWADDR=cf:d6:af:48:e8:80 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no"""), +@@ -899,7 +895,6 @@ NETWORK_CONFIGS = { + IPADDR=192.168.21.3 + NETMASK=255.255.255.0 + METRIC=10000 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no"""), +@@ -1028,7 +1023,6 @@ NETWORK_CONFIGS = { + IPV6ADDR=2001:1::1/64 + IPV6INIT=yes + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1622,7 +1616,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + DHCPV6C=yes + IPV6INIT=yes + MACADDR=aa:bb:cc:dd:ee:ff +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Bond + USERCTL=no"""), +@@ -1630,7 +1623,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + BOOTPROTO=dhcp + DEVICE=bond0.200 + DHCLIENT_SET_DEFAULT_ROUTE=no +- NM_CONTROLLED=no + ONBOOT=yes + PHYSDEV=bond0 + TYPE=Ethernet +@@ -1647,7 +1639,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + IPV6_DEFAULTGW=2001:4800:78ff:1b::1 + MACADDR=bb:bb:bb:bb:bb:aa + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + PRIO=22 + STP=no +@@ -1657,7 +1648,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + BOOTPROTO=none + DEVICE=eth0 + HWADDR=c0:d6:9f:2c:e8:80 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no"""), +@@ -1674,7 +1664,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + MTU=1500 + NETMASK=255.255.255.0 + NETMASK1=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + PHYSDEV=eth0 + TYPE=Ethernet +@@ -1685,7 +1674,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + DEVICE=eth1 + HWADDR=aa:d6:9f:2c:e8:80 + MASTER=bond0 +- NM_CONTROLLED=no + ONBOOT=yes + SLAVE=yes + TYPE=Ethernet +@@ -1695,7 +1683,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + DEVICE=eth2 + HWADDR=c0:bb:9f:2c:e8:80 + MASTER=bond0 +- NM_CONTROLLED=no + ONBOOT=yes + SLAVE=yes + TYPE=Ethernet +@@ -1705,7 +1692,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + BRIDGE=br0 + DEVICE=eth3 + HWADDR=66:bb:9f:2c:e8:80 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no"""), +@@ -1714,7 +1700,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + BRIDGE=br0 + DEVICE=eth4 + HWADDR=98:bb:9f:2c:e8:80 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no"""), +@@ -1723,7 +1708,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + DEVICE=eth5 + DHCLIENT_SET_DEFAULT_ROUTE=no + HWADDR=98:bb:9f:2c:e8:8a +- NM_CONTROLLED=no + ONBOOT=no + TYPE=Ethernet + USERCTL=no"""), +@@ -2177,7 +2161,6 @@ iface bond0 inet6 static + MTU=9000 + NETMASK=255.255.255.0 + NETMASK1=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Bond + USERCTL=no +@@ -2187,7 +2170,6 @@ iface bond0 inet6 static + DEVICE=bond0s0 + HWADDR=aa:bb:cc:dd:e8:00 + MASTER=bond0 +- NM_CONTROLLED=no + ONBOOT=yes + SLAVE=yes + TYPE=Ethernet +@@ -2209,7 +2191,6 @@ iface bond0 inet6 static + DEVICE=bond0s1 + HWADDR=aa:bb:cc:dd:e8:01 + MASTER=bond0 +- NM_CONTROLLED=no + ONBOOT=yes + SLAVE=yes + TYPE=Ethernet +@@ -2266,7 +2247,6 @@ iface bond0 inet6 static + BOOTPROTO=none + DEVICE=en0 + HWADDR=aa:bb:cc:dd:e8:00 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no"""), +@@ -2283,7 +2263,6 @@ iface bond0 inet6 static + MTU=2222 + NETMASK=255.255.255.0 + NETMASK1=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + PHYSDEV=en0 + TYPE=Ethernet +@@ -2349,7 +2328,6 @@ iface bond0 inet6 static + DEVICE=br0 + IPADDR=192.168.2.2 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + PRIO=22 + STP=no +@@ -2363,7 +2341,6 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:00 + IPV6ADDR=2001:1::100/96 + IPV6INIT=yes +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -2375,7 +2352,6 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:01 + IPV6ADDR=2001:1::101/96 + IPV6INIT=yes +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -2469,7 +2445,6 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:00 + IPADDR=192.168.1.2 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=no + TYPE=Ethernet + USERCTL=no +@@ -2479,7 +2454,6 @@ iface bond0 inet6 static + DEVICE=eth1 + HWADDR=52:54:00:12:34:aa + MTU=1480 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -2488,7 +2462,6 @@ iface bond0 inet6 static + BOOTPROTO=none + DEVICE=eth2 + HWADDR=52:54:00:12:34:ff +- NM_CONTROLLED=no + ONBOOT=no + TYPE=Ethernet + USERCTL=no +@@ -2905,7 +2878,6 @@ class TestRhelSysConfigRendering(CiTestCase): + BOOTPROTO=dhcp + DEVICE=eth1000 + HWADDR=07-1c-c6-75-a4-be +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -3026,7 +2998,6 @@ GATEWAY=10.0.2.2 + HWADDR=52:54:00:12:34:00 + IPADDR=10.0.2.15 + NETMASK=255.255.255.0 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -3096,7 +3067,6 @@ USERCTL=no + # + BOOTPROTO=dhcp + DEVICE=eth0 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +-- +1.8.3.1 + diff --git a/SOURCES/0003-limit-permissions-on-def_log_file.patch b/SOURCES/0003-limit-permissions-on-def_log_file.patch new file mode 100644 index 0000000..7ec19f6 --- /dev/null +++ b/SOURCES/0003-limit-permissions-on-def_log_file.patch @@ -0,0 +1,68 @@ +From de22eafc9046b8ea6fddda7440df5a05f5a40607 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:49:53 +0200 +Subject: limit permissions on def_log_file + +This sets a default mode of 0600 on def_log_file, and makes this +configurable via the def_log_file_mode option in cloud.cfg. + +LP: #1541196 +Resolves: rhbz#1424612 +X-approved-upstream: true + +Signed-off-by: Eduardo Otubo +--- + cloudinit/settings.py | 1 + + cloudinit/stages.py | 3 ++- + doc/examples/cloud-config.txt | 4 ++++ + 3 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/settings.py b/cloudinit/settings.py +index 3a04a58..439eee0 100644 +--- a/cloudinit/settings.py ++++ b/cloudinit/settings.py +@@ -45,6 +45,7 @@ CFG_BUILTIN = { + 'None', + ], + 'def_log_file': '/var/log/cloud-init.log', ++ 'def_log_file_mode': 0o600, + 'log_cfgs': [], + 'mount_default_fields': [None, None, 'auto', 'defaults,nofail', '0', '2'], + 'ssh_deletekeys': False, +diff --git a/cloudinit/stages.py b/cloudinit/stages.py +index 765f4aa..d769375 100644 +--- a/cloudinit/stages.py ++++ b/cloudinit/stages.py +@@ -147,8 +147,9 @@ class Init(object): + def _initialize_filesystem(self): + util.ensure_dirs(self._initial_subdirs()) + log_file = util.get_cfg_option_str(self.cfg, 'def_log_file') ++ log_file_mode = util.get_cfg_option_int(self.cfg, 'def_log_file_mode') + if log_file: +- util.ensure_file(log_file) ++ util.ensure_file(log_file, mode=log_file_mode) + perms = self.cfg.get('syslog_fix_perms') + if not perms: + perms = {} +diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt +index f3ae5e6..b5b1fdd 100644 +--- a/doc/examples/cloud-config.txt ++++ b/doc/examples/cloud-config.txt +@@ -414,10 +414,14 @@ timezone: US/Eastern + # if syslog_fix_perms is a list, it will iterate through and use the + # first pair that does not raise error. + # ++# 'def_log_file' will be created with mode 'def_log_file_mode', which ++# is specified as a numeric value and defaults to 0600. ++# + # the default values are '/var/log/cloud-init.log' and 'syslog:adm' + # the value of 'def_log_file' should match what is configured in logging + # if either is empty, then no change of ownership will be done + def_log_file: /var/log/my-logging-file.log ++def_log_file_mode: 0600 + syslog_fix_perms: syslog:root + + # you can set passwords for a user or multiple users +-- +1.8.3.1 + diff --git a/SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch b/SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch new file mode 100644 index 0000000..ad8c142 --- /dev/null +++ b/SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch @@ -0,0 +1,36 @@ +From bb87d9a83ddbc5bf84fbdab9c58dedc0c9629eea Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:51:34 +0200 +Subject: sysconfig: Don't write BOOTPROTO=dhcp for ipv6 dhcp + +Don't write BOOTPROTO=dhcp for ipv6 dhcp, as BOOTPROTO applies +only to ipv4. Explicitly write IPV6_AUTOCONF=no for dhcp on ipv6. + +X-downstream-only: yes + +Resolves: rhbz#1519271 +Signed-off-by: Ryan McCabe + +Merged patches (19.4): +- 6444df4 sysconfig: Don't disable IPV6_AUTOCONF + +Signed-off-by: Eduardo Otubo +--- + tests/unittests/test_net.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 9985a97..2cc57fe 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1614,6 +1614,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + BOOTPROTO=none + DEVICE=bond0 + DHCPV6C=yes ++ IPV6_AUTOCONF=no + IPV6INIT=yes + MACADDR=aa:bb:cc:dd:ee:ff + ONBOOT=yes +-- +1.8.3.1 + diff --git a/SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch b/SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch new file mode 100644 index 0000000..08474eb --- /dev/null +++ b/SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch @@ -0,0 +1,57 @@ +From 9c6562c6d3516df8d11aa7cf7cd9cc62e5c91a70 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:51:37 +0200 +Subject: DataSourceAzure.py: use hostnamectl to set hostname + +RH-Author: Vitaly Kuznetsov +Message-id: <20180417130754.12918-3-vkuznets@redhat.com> +Patchwork-id: 79659 +O-Subject: [RHEL7.6/7.5.z cloud-init PATCH 2/2] DataSourceAzure.py: use hostnamectl to set hostname +Bugzilla: 1568717 +RH-Acked-by: Eduardo Otubo +RH-Acked-by: Mohammed Gamal +RH-Acked-by: Cathy Avery + +The right way to set hostname in RHEL7 is: + + $ hostnamectl set-hostname HOSTNAME + +DataSourceAzure, however, uses: + $ hostname HOSTSNAME + +instead and this causes problems. We can't simply change +'BUILTIN_DS_CONFIG' in DataSourceAzure.py as 'hostname' is being used +for both getting and setting the hostname. + +Long term, this should be fixed in a different way. Cloud-init +has distro-specific hostname setting/getting (see +cloudinit/distros/rhel.py) and DataSourceAzure.py needs to be switched +to use these. + +Resolves: rhbz#1434109 + +X-downstream-only: yes + +Signed-off-by: Eduardo Otubo +Signed-off-by: Vitaly Kuznetsov +Signed-off-by: Miroslav Rezanina +--- + cloudinit/sources/DataSourceAzure.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py +index f3c6452..1c214db 100755 +--- a/cloudinit/sources/DataSourceAzure.py ++++ b/cloudinit/sources/DataSourceAzure.py +@@ -258,7 +258,7 @@ def get_hostname(hostname_command='hostname'): + + + def set_hostname(hostname, hostname_command='hostname'): +- subp.subp([hostname_command, hostname]) ++ util.subp(['hostnamectl', 'set-hostname', str(hostname)]) + + + @azure_ds_telemetry_reporter +-- +1.8.3.1 + diff --git a/SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch b/SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch new file mode 100644 index 0000000..02058ba --- /dev/null +++ b/SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch @@ -0,0 +1,65 @@ +From bdcad981ac530277529d1c77fb5e9e6f89409bd8 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:51:44 +0200 +Subject: include 'NOZEROCONF=yes' in /etc/sysconfig/network + +RH-Author: Eduardo Otubo +Message-id: <20190320114559.23708-1-otubo@redhat.com> +Patchwork-id: 84937 +O-Subject: [RHEL-7.7 cloud-init PATCH] include 'NOZEROCONF=yes' in /etc/sysconfig/network +Bugzilla: 1653131 +RH-Acked-by: Cathy Avery +RH-Acked-by: Mohammed Gamal +RH-Acked-by: Vitaly Kuznetsov + +The option NOZEROCONF=yes is not included by default in +/etc/sysconfig/network, which is required by Overcloud instances. The +patch also includes tests for the modifications. + +X-downstream-only: yes +Resolves: rhbz#1653131 + +Signed-off-by: Eduardo Otubo +Signed-off-by: Miroslav Rezanina +--- + cloudinit/net/sysconfig.py | 11 ++++++++++- + tests/unittests/test_net.py | 1 - + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index 23e467d..af093dd 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -888,7 +888,16 @@ class Renderer(renderer.Renderer): + # Distros configuring /etc/sysconfig/network as a file e.g. Centos + if sysconfig_path.endswith('network'): + util.ensure_dir(os.path.dirname(sysconfig_path)) +- netcfg = [_make_header(), 'NETWORKING=yes'] ++ netcfg = [] ++ for line in util.load_file(sysconfig_path, quiet=True).split('\n'): ++ if 'cloud-init' in line: ++ break ++ if not line.startswith(('NETWORKING=', ++ 'IPV6_AUTOCONF=', ++ 'NETWORKING_IPV6=')): ++ netcfg.append(line) ++ # Now generate the cloud-init portion of sysconfig/network ++ netcfg.extend([_make_header(), 'NETWORKING=yes']) + if network_state.use_ipv6: + netcfg.append('NETWORKING_IPV6=yes') + netcfg.append('IPV6_AUTOCONF=no') +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 2cc57fe..9985a97 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1614,7 +1614,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + BOOTPROTO=none + DEVICE=bond0 + DHCPV6C=yes +- IPV6_AUTOCONF=no + IPV6INIT=yes + MACADDR=aa:bb:cc:dd:ee:ff + ONBOOT=yes +-- +1.8.3.1 + diff --git a/SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch b/SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch new file mode 100644 index 0000000..816a799 --- /dev/null +++ b/SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch @@ -0,0 +1,162 @@ +From a52c7b659c6569c78aad4b92303f289009da476c Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:51:50 +0200 +Subject: Remove race condition between cloud-init and NetworkManager + +Message-id: <20200302104635.11648-1-otubo@redhat.com> +Patchwork-id: 94098 +O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Remove race condition between cloud-init and NetworkManager +Bugzilla: 1807797 +RH-Acked-by: Cathy Avery +RH-Acked-by: Mohammed Gamal + +BZ: 1748015 +BRANCH: rhel7/master-18.5 +BREW: 26924611 + +BZ: 1807797 +BRANCH: rhel820/master-18.5 +BREW: 26924957 + +cloud-init service is set to start before NetworkManager service starts, +but this does not avoid a race condition between them. NetworkManager +starts before cloud-init can write `dns=none' to the file: +/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager +doesn't read the configuration and erases all resolv.conf values upon +shutdown. On the next reboot neither cloud-init or NetworkManager will +write anything to resolv.conf, leaving it blank. + +This patch introduces a NM reload (try-restart) at the end of cloud-init +start up so it won't erase resolv.conf upon first shutdown. + +x-downstream-only: yes +resolves: rhbz#1748015, rhbz#1807797 and rhbz#1804780 + +Signed-off-by: Eduardo Otubo +Signed-off-by: Miroslav Rezanina + +This commit is a squash and also includes the folloowing commits: + +commit 316a17b7c02a87fa9b2981535be0b20d165adc46 +Author: Eduardo Otubo +Date: Mon Jun 1 11:58:06 2020 +0200 + + Make cloud-init.service execute after network is up + + RH-Author: Eduardo Otubo + Message-id: <20200526090804.2047-1-otubo@redhat.com> + Patchwork-id: 96809 + O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up + Bugzilla: 1803928 + RH-Acked-by: Vitaly Kuznetsov + RH-Acked-by: Miroslav Rezanina + + cloud-init.service needs to wait until network is fully up before + continuing executing and configuring its service. + + Signed-off-by: Eduardo Otubo + + x-downstream-only: yes + Resolves: rhbz#1831646 + Signed-off-by: Miroslav Rezanina + +commit 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7 +Author: Eduardo Otubo +Date: Thu May 28 08:44:08 2020 +0200 + + Remove race condition between cloud-init and NetworkManager + + RH-Author: Eduardo Otubo + Message-id: <20200327121911.17699-1-otubo@redhat.com> + Patchwork-id: 94453 + O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager + Bugzilla: 1840648 + RH-Acked-by: Vitaly Kuznetsov + RH-Acked-by: Miroslav Rezanina + RH-Acked-by: Cathy Avery + + cloud-init service is set to start before NetworkManager service starts, + but this does not avoid a race condition between them. NetworkManager + starts before cloud-init can write `dns=none' to the file: + /etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager + doesn't read the configuration and erases all resolv.conf values upon + shutdown. On the next reboot neither cloud-init or NetworkManager will + write anything to resolv.conf, leaving it blank. + + This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init + start up so it won't erase resolv.conf upon first shutdown. + + x-downstream-only: yes + + Signed-off-by: Eduardo Otubo otubo@redhat.com + Signed-off-by: Miroslav Rezanina + +commit e0b48a936433faea7f56dbc29dda35acf7d375f7 +Author: Eduardo Otubo +Date: Thu May 28 08:44:06 2020 +0200 + + Enable ssh_deletekeys by default + + RH-Author: Eduardo Otubo + Message-id: <20200317091705.15715-1-otubo@redhat.com> + Patchwork-id: 94365 + O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default + Bugzilla: 1814152 + RH-Acked-by: Mohammed Gamal + RH-Acked-by: Vitaly Kuznetsov + + The configuration option ssh_deletekeys will trigger the generation + of new ssh keys for every new instance deployed. + + x-downstream-only: yes + resolves: rhbz#1814152 + + Signed-off-by: Eduardo Otubo + Signed-off-by: Miroslav Rezanina +--- + rhel/cloud.cfg | 2 +- + rhel/systemd/cloud-final.service | 2 ++ + rhel/systemd/cloud-init.service | 1 + + 3 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg +index 82e8bf6..9ecba21 100644 +--- a/rhel/cloud.cfg ++++ b/rhel/cloud.cfg +@@ -6,7 +6,7 @@ ssh_pwauth: 0 + + mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] + resize_rootfs_tmp: /dev +-ssh_deletekeys: 0 ++ssh_deletekeys: 1 + ssh_genkeytypes: ~ + syslog_fix_perms: ~ + disable_vmware_customization: false +diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service +index 739b7e3..05add07 100644 +--- a/rhel/systemd/cloud-final.service ++++ b/rhel/systemd/cloud-final.service +@@ -11,6 +11,8 @@ ExecStart=/usr/bin/cloud-init modules --mode=final + RemainAfterExit=yes + TimeoutSec=0 + KillMode=process ++ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service" ++ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service + + # Output needs to appear in instance console output + StandardOutput=journal+console +diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service +index d0023a0..0b3d796 100644 +--- a/rhel/systemd/cloud-init.service ++++ b/rhel/systemd/cloud-init.service +@@ -5,6 +5,7 @@ Wants=sshd-keygen.service + Wants=sshd.service + After=cloud-init-local.service + After=NetworkManager.service network.service ++After=NetworkManager-wait-online.service + Before=network-online.target + Before=sshd-keygen.service + Before=sshd.service +-- +1.8.3.1 + diff --git a/SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch b/SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch new file mode 100644 index 0000000..c3f45ff --- /dev/null +++ b/SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch @@ -0,0 +1,496 @@ +From c3a1b3a5d7abe51a1facbdae71aca4b2bca7d6aa Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Wed, 28 Oct 2020 20:43:33 +0100 +Subject: [PATCH 2/3] Add config modules for controlling IBM PowerVM RMC. + (#584) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 12: Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init +RH-Commit: [1/1] d175c3607a8d4f473573ba0ce42e0f311dbc31ed (eterrell/cloud-init) +RH-Bugzilla: 1886430 + +commit f99d4f96b00a9cfec1c721d364cbfd728674e5dc (upstream/master) +Author: Aman306 <45781773+Aman306@users.noreply.github.com> +Date: Wed Oct 28 23:36:09 2020 +0530 + + Add config modules for controlling IBM PowerVM RMC. (#584) + + Reliable Scalable Cluster Technology (RSCT) is a set of software + components that together provide a comprehensive clustering + environment(RAS features) for IBM PowerVM based virtual machines. RSCT + includes the Resource Monitoring and Control (RMC) subsystem. RMC is a + generalized framework used for managing, monitoring, and manipulating + resources. RMC runs as a daemon process on individual machines and needs + creation of unique node id and restarts during VM boot. + + LP: #1895979 + + Co-authored-by: Scott Moser + +Signed-off-by: Eduardo Otubo +--- + cloudinit/config/cc_refresh_rmc_and_interface.py | 159 +++++++++++++++++++++ + cloudinit/config/cc_reset_rmc.py | 143 ++++++++++++++++++ + config/cloud.cfg.tmpl | 2 + + .../test_handler_refresh_rmc_and_interface.py | 109 ++++++++++++++ + tools/.github-cla-signers | 1 + + 5 files changed, 414 insertions(+) + create mode 100644 cloudinit/config/cc_refresh_rmc_and_interface.py + create mode 100644 cloudinit/config/cc_reset_rmc.py + create mode 100644 tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py + +diff --git a/cloudinit/config/cc_refresh_rmc_and_interface.py b/cloudinit/config/cc_refresh_rmc_and_interface.py +new file mode 100644 +index 0000000..146758a +--- /dev/null ++++ b/cloudinit/config/cc_refresh_rmc_and_interface.py +@@ -0,0 +1,159 @@ ++# (c) Copyright IBM Corp. 2020 All Rights Reserved ++# ++# Author: Aman Kumar Sinha ++# ++# This file is part of cloud-init. See LICENSE file for license information. ++ ++""" ++Refresh IPv6 interface and RMC ++------------------------------ ++**Summary:** Ensure Network Manager is not managing IPv6 interface ++ ++This module is IBM PowerVM Hypervisor specific ++ ++Reliable Scalable Cluster Technology (RSCT) is a set of software components ++that together provide a comprehensive clustering environment(RAS features) ++for IBM PowerVM based virtual machines. RSCT includes the Resource ++Monitoring and Control (RMC) subsystem. RMC is a generalized framework used ++for managing, monitoring, and manipulating resources. RMC runs as a daemon ++process on individual machines and needs creation of unique node id and ++restarts during VM boot. ++More details refer ++https://www.ibm.com/support/knowledgecenter/en/SGVKBA_3.2/admin/bl503_ovrv.htm ++ ++This module handles ++- Refreshing RMC ++- Disabling NetworkManager from handling IPv6 interface, as IPv6 interface ++ is used for communication between RMC daemon and PowerVM hypervisor. ++ ++**Internal name:** ``cc_refresh_rmc_and_interface`` ++ ++**Module frequency:** per always ++ ++**Supported distros:** RHEL ++ ++""" ++ ++from cloudinit import log as logging ++from cloudinit.settings import PER_ALWAYS ++from cloudinit import util ++from cloudinit import subp ++from cloudinit import netinfo ++ ++import errno ++ ++frequency = PER_ALWAYS ++ ++LOG = logging.getLogger(__name__) ++# Ensure that /opt/rsct/bin has been added to standard PATH of the ++# distro. The symlink to rmcctrl is /usr/sbin/rsct/bin/rmcctrl . ++RMCCTRL = 'rmcctrl' ++ ++ ++def handle(name, _cfg, _cloud, _log, _args): ++ if not subp.which(RMCCTRL): ++ LOG.debug("No '%s' in path, disabled", RMCCTRL) ++ return ++ ++ LOG.debug( ++ 'Making the IPv6 up explicitly. ' ++ 'Ensuring IPv6 interface is not being handled by NetworkManager ' ++ 'and it is restarted to re-establish the communication with ' ++ 'the hypervisor') ++ ++ ifaces = find_ipv6_ifaces() ++ ++ # Setting NM_CONTROLLED=no for IPv6 interface ++ # making it down and up ++ ++ if len(ifaces) == 0: ++ LOG.debug("Did not find any interfaces with ipv6 addresses.") ++ else: ++ for iface in ifaces: ++ refresh_ipv6(iface) ++ disable_ipv6(sysconfig_path(iface)) ++ restart_network_manager() ++ ++ ++def find_ipv6_ifaces(): ++ info = netinfo.netdev_info() ++ ifaces = [] ++ for iface, data in info.items(): ++ if iface == "lo": ++ LOG.debug('Skipping localhost interface') ++ if len(data.get("ipv4", [])) != 0: ++ # skip this interface, as it has ipv4 addrs ++ continue ++ ifaces.append(iface) ++ return ifaces ++ ++ ++def refresh_ipv6(interface): ++ # IPv6 interface is explicitly brought up, subsequent to which the ++ # RMC services are restarted to re-establish the communication with ++ # the hypervisor. ++ subp.subp(['ip', 'link', 'set', interface, 'down']) ++ subp.subp(['ip', 'link', 'set', interface, 'up']) ++ ++ ++def sysconfig_path(iface): ++ return '/etc/sysconfig/network-scripts/ifcfg-' + iface ++ ++ ++def restart_network_manager(): ++ subp.subp(['systemctl', 'restart', 'NetworkManager']) ++ ++ ++def disable_ipv6(iface_file): ++ # Ensuring that the communication b/w the hypervisor and VM is not ++ # interrupted due to NetworkManager. For this purpose, as part of ++ # this function, the NM_CONTROLLED is explicitly set to No for IPV6 ++ # interface and NetworkManager is restarted. ++ try: ++ contents = util.load_file(iface_file) ++ except IOError as e: ++ if e.errno == errno.ENOENT: ++ LOG.debug("IPv6 interface file %s does not exist\n", ++ iface_file) ++ else: ++ raise e ++ ++ if 'IPV6INIT' not in contents: ++ LOG.debug("Interface file %s did not have IPV6INIT", iface_file) ++ return ++ ++ LOG.debug("Editing interface file %s ", iface_file) ++ ++ # Dropping any NM_CONTROLLED or IPV6 lines from IPv6 interface file. ++ lines = contents.splitlines() ++ lines = [line for line in lines if not search(line)] ++ lines.append("NM_CONTROLLED=no") ++ ++ with open(iface_file, "w") as fp: ++ fp.write("\n".join(lines) + "\n") ++ ++ ++def search(contents): ++ # Search for any NM_CONTROLLED or IPV6 lines in IPv6 interface file. ++ return( ++ contents.startswith("IPV6ADDR") or ++ contents.startswith("IPADDR6") or ++ contents.startswith("IPV6INIT") or ++ contents.startswith("NM_CONTROLLED")) ++ ++ ++def refresh_rmc(): ++ # To make a healthy connection between RMC daemon and hypervisor we ++ # refresh RMC. With refreshing RMC we are ensuring that making IPv6 ++ # down and up shouldn't impact communication between RMC daemon and ++ # hypervisor. ++ # -z : stop Resource Monitoring & Control subsystem and all resource ++ # managers, but the command does not return control to the user ++ # until the subsystem and all resource managers are stopped. ++ # -s : start Resource Monitoring & Control subsystem. ++ try: ++ subp.subp([RMCCTRL, '-z']) ++ subp.subp([RMCCTRL, '-s']) ++ except Exception: ++ util.logexc(LOG, 'Failed to refresh the RMC subsystem.') ++ raise +diff --git a/cloudinit/config/cc_reset_rmc.py b/cloudinit/config/cc_reset_rmc.py +new file mode 100644 +index 0000000..1cd7277 +--- /dev/null ++++ b/cloudinit/config/cc_reset_rmc.py +@@ -0,0 +1,143 @@ ++# (c) Copyright IBM Corp. 2020 All Rights Reserved ++# ++# Author: Aman Kumar Sinha ++# ++# This file is part of cloud-init. See LICENSE file for license information. ++ ++ ++""" ++Reset RMC ++------------ ++**Summary:** reset rsct node id ++ ++Reset RMC module is IBM PowerVM Hypervisor specific ++ ++Reliable Scalable Cluster Technology (RSCT) is a set of software components, ++that together provide a comprehensive clustering environment (RAS features) ++for IBM PowerVM based virtual machines. RSCT includes the Resource monitoring ++and control (RMC) subsystem. RMC is a generalized framework used for managing, ++monitoring, and manipulating resources. RMC runs as a daemon process on ++individual machines and needs creation of unique node id and restarts ++during VM boot. ++More details refer ++https://www.ibm.com/support/knowledgecenter/en/SGVKBA_3.2/admin/bl503_ovrv.htm ++ ++This module handles ++- creation of the unique RSCT node id to every instance/virtual machine ++ and ensure once set, it isn't changed subsequently by cloud-init. ++ In order to do so, it restarts RSCT service. ++ ++Prerequisite of using this module is to install RSCT packages. ++ ++**Internal name:** ``cc_reset_rmc`` ++ ++**Module frequency:** per instance ++ ++**Supported distros:** rhel, sles and ubuntu ++ ++""" ++import os ++ ++from cloudinit import log as logging ++from cloudinit.settings import PER_INSTANCE ++from cloudinit import util ++from cloudinit import subp ++ ++frequency = PER_INSTANCE ++ ++# RMCCTRL is expected to be in system PATH (/opt/rsct/bin) ++# The symlink for RMCCTRL and RECFGCT are ++# /usr/sbin/rsct/bin/rmcctrl and ++# /usr/sbin/rsct/install/bin/recfgct respectively. ++RSCT_PATH = '/opt/rsct/install/bin' ++RMCCTRL = 'rmcctrl' ++RECFGCT = 'recfgct' ++ ++LOG = logging.getLogger(__name__) ++ ++NODE_ID_FILE = '/etc/ct_node_id' ++ ++ ++def handle(name, _cfg, cloud, _log, _args): ++ # Ensuring node id has to be generated only once during first boot ++ if cloud.datasource.platform_type == 'none': ++ LOG.debug('Skipping creation of new ct_node_id node') ++ return ++ ++ if not os.path.isdir(RSCT_PATH): ++ LOG.debug("module disabled, RSCT_PATH not present") ++ return ++ ++ orig_path = os.environ.get('PATH') ++ try: ++ add_path(orig_path) ++ reset_rmc() ++ finally: ++ if orig_path: ++ os.environ['PATH'] = orig_path ++ else: ++ del os.environ['PATH'] ++ ++ ++def reconfigure_rsct_subsystems(): ++ # Reconfigure the RSCT subsystems, which includes removing all RSCT data ++ # under the /var/ct directory, generating a new node ID, and making it ++ # appear as if the RSCT components were just installed ++ try: ++ out = subp.subp([RECFGCT])[0] ++ LOG.debug(out.strip()) ++ return out ++ except subp.ProcessExecutionError: ++ util.logexc(LOG, 'Failed to reconfigure the RSCT subsystems.') ++ raise ++ ++ ++def get_node_id(): ++ try: ++ fp = util.load_file(NODE_ID_FILE) ++ node_id = fp.split('\n')[0] ++ return node_id ++ except Exception: ++ util.logexc(LOG, 'Failed to get node ID from file %s.' % NODE_ID_FILE) ++ raise ++ ++ ++def add_path(orig_path): ++ # Adding the RSCT_PATH to env standard path ++ # So thet cloud init automatically find and ++ # run RECFGCT to create new node_id. ++ suff = ":" + orig_path if orig_path else "" ++ os.environ['PATH'] = RSCT_PATH + suff ++ return os.environ['PATH'] ++ ++ ++def rmcctrl(): ++ # Stop the RMC subsystem and all resource managers so that we can make ++ # some changes to it ++ try: ++ return subp.subp([RMCCTRL, '-z']) ++ except Exception: ++ util.logexc(LOG, 'Failed to stop the RMC subsystem.') ++ raise ++ ++ ++def reset_rmc(): ++ LOG.debug('Attempting to reset RMC.') ++ ++ node_id_before = get_node_id() ++ LOG.debug('Node ID at beginning of module: %s', node_id_before) ++ ++ # Stop the RMC subsystem and all resource managers so that we can make ++ # some changes to it ++ rmcctrl() ++ reconfigure_rsct_subsystems() ++ ++ node_id_after = get_node_id() ++ LOG.debug('Node ID at end of module: %s', node_id_after) ++ ++ # Check if new node ID is generated or not ++ # by comparing old and new node ID ++ if node_id_after == node_id_before: ++ msg = 'New node ID did not get generated.' ++ LOG.error(msg) ++ raise Exception(msg) +diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl +index 2beb9b0..7171aaa 100644 +--- a/config/cloud.cfg.tmpl ++++ b/config/cloud.cfg.tmpl +@@ -135,6 +135,8 @@ cloud_final_modules: + - chef + - mcollective + - salt-minion ++ - reset_rmc ++ - refresh_rmc_and_interface + - rightscale_userdata + - scripts-vendor + - scripts-per-once +diff --git a/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py b/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py +new file mode 100644 +index 0000000..e13b779 +--- /dev/null ++++ b/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py +@@ -0,0 +1,109 @@ ++from cloudinit.config import cc_refresh_rmc_and_interface as ccrmci ++ ++from cloudinit import util ++ ++from cloudinit.tests import helpers as t_help ++from cloudinit.tests.helpers import mock ++ ++from textwrap import dedent ++import logging ++ ++LOG = logging.getLogger(__name__) ++MPATH = "cloudinit.config.cc_refresh_rmc_and_interface" ++NET_INFO = { ++ 'lo': {'ipv4': [{'ip': '127.0.0.1', ++ 'bcast': '', 'mask': '255.0.0.0', ++ 'scope': 'host'}], ++ 'ipv6': [{'ip': '::1/128', ++ 'scope6': 'host'}], 'hwaddr': '', ++ 'up': 'True'}, ++ 'env2': {'ipv4': [{'ip': '8.0.0.19', ++ 'bcast': '8.0.0.255', 'mask': '255.255.255.0', ++ 'scope': 'global'}], ++ 'ipv6': [{'ip': 'fe80::f896:c2ff:fe81:8220/64', ++ 'scope6': 'link'}], 'hwaddr': 'fa:96:c2:81:82:20', ++ 'up': 'True'}, ++ 'env3': {'ipv4': [{'ip': '90.0.0.14', ++ 'bcast': '90.0.0.255', 'mask': '255.255.255.0', ++ 'scope': 'global'}], ++ 'ipv6': [{'ip': 'fe80::f896:c2ff:fe81:8221/64', ++ 'scope6': 'link'}], 'hwaddr': 'fa:96:c2:81:82:21', ++ 'up': 'True'}, ++ 'env4': {'ipv4': [{'ip': '9.114.23.7', ++ 'bcast': '9.114.23.255', 'mask': '255.255.255.0', ++ 'scope': 'global'}], ++ 'ipv6': [{'ip': 'fe80::f896:c2ff:fe81:8222/64', ++ 'scope6': 'link'}], 'hwaddr': 'fa:96:c2:81:82:22', ++ 'up': 'True'}, ++ 'env5': {'ipv4': [], ++ 'ipv6': [{'ip': 'fe80::9c26:c3ff:fea4:62c8/64', ++ 'scope6': 'link'}], 'hwaddr': '42:20:86:df:fa:4c', ++ 'up': 'True'}} ++ ++ ++class TestRsctNodeFile(t_help.CiTestCase): ++ def test_disable_ipv6_interface(self): ++ """test parsing of iface files.""" ++ fname = self.tmp_path("iface-eth5") ++ util.write_file(fname, dedent("""\ ++ BOOTPROTO=static ++ DEVICE=eth5 ++ HWADDR=42:20:86:df:fa:4c ++ IPV6INIT=yes ++ IPADDR6=fe80::9c26:c3ff:fea4:62c8/64 ++ IPV6ADDR=fe80::9c26:c3ff:fea4:62c8/64 ++ NM_CONTROLLED=yes ++ ONBOOT=yes ++ STARTMODE=auto ++ TYPE=Ethernet ++ USERCTL=no ++ """)) ++ ++ ccrmci.disable_ipv6(fname) ++ self.assertEqual(dedent("""\ ++ BOOTPROTO=static ++ DEVICE=eth5 ++ HWADDR=42:20:86:df:fa:4c ++ ONBOOT=yes ++ STARTMODE=auto ++ TYPE=Ethernet ++ USERCTL=no ++ NM_CONTROLLED=no ++ """), util.load_file(fname)) ++ ++ @mock.patch(MPATH + '.refresh_rmc') ++ @mock.patch(MPATH + '.restart_network_manager') ++ @mock.patch(MPATH + '.disable_ipv6') ++ @mock.patch(MPATH + '.refresh_ipv6') ++ @mock.patch(MPATH + '.netinfo.netdev_info') ++ @mock.patch(MPATH + '.subp.which') ++ def test_handle(self, m_refresh_rmc, ++ m_netdev_info, m_refresh_ipv6, m_disable_ipv6, ++ m_restart_nm, m_which): ++ """Basic test of handle.""" ++ m_netdev_info.return_value = NET_INFO ++ m_which.return_value = '/opt/rsct/bin/rmcctrl' ++ ccrmci.handle( ++ "refresh_rmc_and_interface", None, None, None, None) ++ self.assertEqual(1, m_netdev_info.call_count) ++ m_refresh_ipv6.assert_called_with('env5') ++ m_disable_ipv6.assert_called_with( ++ '/etc/sysconfig/network-scripts/ifcfg-env5') ++ self.assertEqual(1, m_restart_nm.call_count) ++ self.assertEqual(1, m_refresh_rmc.call_count) ++ ++ @mock.patch(MPATH + '.netinfo.netdev_info') ++ def test_find_ipv6(self, m_netdev_info): ++ """find_ipv6_ifaces parses netdev_info returning those with ipv6""" ++ m_netdev_info.return_value = NET_INFO ++ found = ccrmci.find_ipv6_ifaces() ++ self.assertEqual(['env5'], found) ++ ++ @mock.patch(MPATH + '.subp.subp') ++ def test_refresh_ipv6(self, m_subp): ++ """refresh_ipv6 should ip down and up the interface.""" ++ iface = "myeth0" ++ ccrmci.refresh_ipv6(iface) ++ m_subp.assert_has_calls([ ++ mock.call(['ip', 'link', 'set', iface, 'down']), ++ mock.call(['ip', 'link', 'set', iface, 'up'])]) +diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers +index c67db43..802a35b 100644 +--- a/tools/.github-cla-signers ++++ b/tools/.github-cla-signers +@@ -1,4 +1,5 @@ + AlexBaranowski ++Aman306 + beezly + bipinbachhao + BirknerAlex +-- +1.8.3.1 + diff --git a/SOURCES/ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch b/SOURCES/ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch new file mode 100644 index 0000000..c31b4b2 --- /dev/null +++ b/SOURCES/ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch @@ -0,0 +1,58 @@ +From 8a7d21fa739901bad847294004266dba76c027af Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 1 Dec 2020 15:51:47 +0100 +Subject: [PATCH 2/4] Adding BOOTPROTO = dhcp to render sysconfig dhcp6 + stateful on RHEL (#685) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 25: Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL (#685) +RH-Commit: [1/1] b7304323096b1e40287950e44cf7aa3cdb4ba99e (eterrell/cloud-init) +RH-Bugzilla: 1859695 + +BOOTPROTO needs to be set to 'dhcp' on RHEL so NetworkManager can +properly acquire ipv6 address. + +rhbz: #1859695 + +Signed-off-by: Eduardo Otubo + +Co-authored-by: Daniel Watkins +Co-authored-by: Scott Moser +--- + cloudinit/net/sysconfig.py | 6 ++++++ + tests/unittests/test_net.py | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index 078636a4..94801a93 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -391,6 +391,12 @@ class Renderer(renderer.Renderer): + # Only IPv6 is DHCP, IPv4 may be static + iface_cfg['BOOTPROTO'] = 'dhcp6' + iface_cfg['DHCLIENT6_MODE'] = 'managed' ++ # only if rhel AND dhcpv6 stateful ++ elif (flavor == 'rhel' and ++ subnet_type == 'ipv6_dhcpv6-stateful'): ++ iface_cfg['BOOTPROTO'] = 'dhcp' ++ iface_cfg['DHCPV6C'] = True ++ iface_cfg['IPV6INIT'] = True + else: + iface_cfg['IPV6INIT'] = True + # Configure network settings using DHCPv6 +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index c0337459..bcd261db 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1359,7 +1359,7 @@ NETWORK_CONFIGS = { + }, + 'expected_sysconfig_rhel': { + 'ifcfg-iface0': textwrap.dedent("""\ +- BOOTPROTO=none ++ BOOTPROTO=dhcp + DEVICE=iface0 + DHCPV6C=yes + IPV6INIT=yes +-- +2.18.4 + diff --git a/SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch b/SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch new file mode 100644 index 0000000..7a9f478 --- /dev/null +++ b/SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch @@ -0,0 +1,60 @@ +From bcbd6be99d8317793aff905c4222c351a1bf5c46 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Thu, 21 Jan 2021 10:08:49 +0100 +Subject: [PATCH 1/2] DataSourceAzure: update password for defuser if exists + (#671) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 37: DataSourceAzure: update password for defuser if exists (#671) +RH-Commit: [1/1] 264092a68a3771cc4ed99dad5b93f7a1433e143a (eterrell/cloud-init) +RH-Bugzilla: 1900892 + +commit eea754492f074e00b601cf77aa278e3623857c5a +Author: Anh Vo +Date: Thu Nov 19 00:35:46 2020 -0500 + + DataSourceAzure: update password for defuser if exists (#671) + + cc_set_password will only update the password for the default user if + cfg['password'] is set. The existing code of datasource Azure will fail + to update the default user's password because it does not set that + metadata. If the default user doesn't exist in the image, the current + code works fine because the password is set during user create and + not in cc_set_password + +Signed-off-by: Eduardo Otubo +--- + cloudinit/sources/DataSourceAzure.py | 2 +- + tests/unittests/test_datasource/test_azure.py | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py +index 1c214db9..d4a2d60f 100755 +--- a/cloudinit/sources/DataSourceAzure.py ++++ b/cloudinit/sources/DataSourceAzure.py +@@ -1231,7 +1231,7 @@ def read_azure_ovf(contents): + if password: + defuser['lock_passwd'] = False + if DEF_PASSWD_REDACTION != password: +- defuser['passwd'] = encrypt_pass(password) ++ defuser['passwd'] = cfg['password'] = encrypt_pass(password) + + if defuser: + cfg['system_info'] = {'default_user': defuser} +diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py +index 47e03bd1..2059990a 100644 +--- a/tests/unittests/test_datasource/test_azure.py ++++ b/tests/unittests/test_datasource/test_azure.py +@@ -919,6 +919,9 @@ scbus-1 on xpt0 bus 0 + crypt.crypt(odata['UserPassword'], + defuser['passwd'][0:pos])) + ++ # the same hashed value should also be present in cfg['password'] ++ self.assertEqual(defuser['passwd'], dsrc.cfg['password']) ++ + def test_user_not_locked_if_password_redacted(self): + odata = {'HostName': "myhost", 'UserName': "myuser", + 'UserPassword': dsaz.DEF_PASSWD_REDACTION} +-- +2.18.4 + diff --git a/SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch b/SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch new file mode 100644 index 0000000..a0d9156 --- /dev/null +++ b/SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch @@ -0,0 +1,295 @@ +From 5ded09d5acf4d653fe2cbd54814f53063d265489 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Thu, 29 Oct 2020 15:05:42 +0100 +Subject: [PATCH 1/3] Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on + static6 (#634) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 13: [RHEL-8.4.0] Add support for ipv6_autoconf on cloud-init-20.3 +RH-Commit: [1/1] 41e61c35893f4487981a1ad31f9f97a9a740b397 (eterrell/cloud-init) +RH-Bugzilla: 1889635 + +commit b46e4a8cff667c8441622089cf7d57aeb88220cd +Author: Eduardo Otubo +Date: Thu Oct 29 15:05:42 2020 +0100 + + Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634) + + The static and static6 subnet types for network_data.json were + being ignored by the Openstack handler, this would cause the code to + break and not function properly. + + As of today, if a static6 configuration is chosen, the interface will + still eventually be available to receive router advertisements or be set + from NetworkManager to wait for them and cycle the interface in negative + case. + + It is safe to assume that if the interface is manually configured to use + static ipv6 address, there's no need to wait for router advertisements. + This patch will set automatically IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA + both to "no" in this case. + + This patch fixes the specific behavior only for RHEL flavor and + sysconfig renderer. It also introduces new unit tests for the specific + case as well as adjusts some existent tests to be compatible with the + new options. This patch also addresses this problem by assigning the + appropriate subnet type for each case on the openstack handler. + + rhbz: #1889635 + rhbz: #1889635 + + Signed-off-by: Eduardo Otubo otubo@redhat.com + +Signed-off-by: Eduardo Otubo otubo@redhat.com +--- + cloudinit/net/network_state.py | 3 +- + cloudinit/net/sysconfig.py | 4 + + cloudinit/sources/helpers/openstack.py | 8 +- + tests/unittests/test_distros/test_netconfig.py | 2 + + tests/unittests/test_net.py | 100 +++++++++++++++++++++++++ + 5 files changed, 115 insertions(+), 2 deletions(-) + +diff --git a/cloudinit/net/network_state.py b/cloudinit/net/network_state.py +index b2f7d31..d9e7fd5 100644 +--- a/cloudinit/net/network_state.py ++++ b/cloudinit/net/network_state.py +@@ -820,7 +820,8 @@ def _normalize_subnet(subnet): + + if subnet.get('type') in ('static', 'static6'): + normal_subnet.update( +- _normalize_net_keys(normal_subnet, address_keys=('address',))) ++ _normalize_net_keys(normal_subnet, address_keys=( ++ 'address', 'ip_address',))) + normal_subnet['routes'] = [_normalize_route(r) + for r in subnet.get('routes', [])] + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index af093dd..c078898 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -451,6 +451,10 @@ class Renderer(renderer.Renderer): + iface_cfg[mtu_key] = subnet['mtu'] + else: + iface_cfg[mtu_key] = subnet['mtu'] ++ ++ if subnet_is_ipv6(subnet) and flavor == 'rhel': ++ iface_cfg['IPV6_FORCE_ACCEPT_RA'] = False ++ iface_cfg['IPV6_AUTOCONF'] = False + elif subnet_type == 'manual': + if flavor == 'suse': + LOG.debug('Unknown subnet type setting "%s"', subnet_type) +diff --git a/cloudinit/sources/helpers/openstack.py b/cloudinit/sources/helpers/openstack.py +index 65e020c..3e6365f 100644 +--- a/cloudinit/sources/helpers/openstack.py ++++ b/cloudinit/sources/helpers/openstack.py +@@ -602,11 +602,17 @@ def convert_net_json(network_json=None, known_macs=None): + elif network['type'] in ['ipv6_slaac', 'ipv6_dhcpv6-stateless', + 'ipv6_dhcpv6-stateful']: + subnet.update({'type': network['type']}) +- elif network['type'] in ['ipv4', 'ipv6']: ++ elif network['type'] in ['ipv4', 'static']: + subnet.update({ + 'type': 'static', + 'address': network.get('ip_address'), + }) ++ elif network['type'] in ['ipv6', 'static6']: ++ cfg.update({'accept-ra': False}) ++ subnet.update({ ++ 'type': 'static6', ++ 'address': network.get('ip_address'), ++ }) + + # Enable accept_ra for stateful and legacy ipv6_dhcp types + if network['type'] in ['ipv6_dhcpv6-stateful', 'ipv6_dhcp']: +diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py +index 8d7b09c..f9fc3a1 100644 +--- a/tests/unittests/test_distros/test_netconfig.py ++++ b/tests/unittests/test_distros/test_netconfig.py +@@ -514,7 +514,9 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + DEVICE=eth0 + IPV6ADDR=2607:f0d0:1002:0011::2/64 + IPV6INIT=yes ++ IPV6_AUTOCONF=no + IPV6_DEFAULTGW=2607:f0d0:1002:0011::1 ++ IPV6_FORCE_ACCEPT_RA=no + NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 9985a97..d7a7a65 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -750,7 +750,9 @@ IPADDR=172.19.1.34 + IPV6ADDR=2001:DB8::10/64 + IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64" + IPV6INIT=yes ++IPV6_AUTOCONF=no + IPV6_DEFAULTGW=2001:DB8::1 ++IPV6_FORCE_ACCEPT_RA=no + NETMASK=255.255.252.0 + ONBOOT=yes + TYPE=Ethernet +@@ -1022,6 +1024,8 @@ NETWORK_CONFIGS = { + IPADDR=192.168.14.2 + IPV6ADDR=2001:1::1/64 + IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no + NETMASK=255.255.255.0 + ONBOOT=yes + TYPE=Ethernet +@@ -1247,6 +1251,33 @@ NETWORK_CONFIGS = { + """), + }, + }, ++ 'static6': { ++ 'yaml': textwrap.dedent("""\ ++ version: 1 ++ config: ++ - type: 'physical' ++ name: 'iface0' ++ accept-ra: 'no' ++ subnets: ++ - type: 'static6' ++ address: 2001:1::1/64 ++ """).rstrip(' '), ++ 'expected_sysconfig_rhel': { ++ 'ifcfg-iface0': textwrap.dedent("""\ ++ BOOTPROTO=none ++ DEVICE=iface0 ++ IPV6ADDR=2001:1::1/64 ++ IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no ++ DEVICE=iface0 ++ NM_CONTROLLED=no ++ ONBOOT=yes ++ TYPE=Ethernet ++ USERCTL=no ++ """), ++ }, ++ }, + 'dhcpv6_stateless': { + 'expected_eni': textwrap.dedent("""\ + auto lo +@@ -1636,6 +1667,8 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + IPADDR=192.168.14.2 + IPV6ADDR=2001:1::1/64 + IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no + IPV6_DEFAULTGW=2001:4800:78ff:1b::1 + MACADDR=bb:bb:bb:bb:bb:aa + NETMASK=255.255.255.0 +@@ -2158,6 +2191,8 @@ iface bond0 inet6 static + IPADDR1=192.168.1.2 + IPV6ADDR=2001:1::1/92 + IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no + MTU=9000 + NETMASK=255.255.255.0 + NETMASK1=255.255.255.0 +@@ -2259,6 +2294,8 @@ iface bond0 inet6 static + IPADDR1=192.168.1.2 + IPV6ADDR=2001:1::bbbb/96 + IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no + IPV6_DEFAULTGW=2001:1::1 + MTU=2222 + NETMASK=255.255.255.0 +@@ -2341,6 +2378,9 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:00 + IPV6ADDR=2001:1::100/96 + IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no ++ NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -2352,6 +2392,9 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:01 + IPV6ADDR=2001:1::101/96 + IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no ++ NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -3151,6 +3194,61 @@ USERCTL=no + self._compare_files_to_expected(entry[self.expected_name], found) + self._assert_headers(found) + ++ def test_stattic6_from_json(self): ++ net_json = { ++ "services": [{"type": "dns", "address": "172.19.0.12"}], ++ "networks": [{ ++ "network_id": "dacd568d-5be6-4786-91fe-750c374b78b4", ++ "type": "ipv4", "netmask": "255.255.252.0", ++ "link": "tap1a81968a-79", ++ "routes": [{ ++ "netmask": "0.0.0.0", ++ "network": "0.0.0.0", ++ "gateway": "172.19.3.254", ++ }, { ++ "netmask": "0.0.0.0", # A second default gateway ++ "network": "0.0.0.0", ++ "gateway": "172.20.3.254", ++ }], ++ "ip_address": "172.19.1.34", "id": "network0" ++ }, { ++ "network_id": "mgmt", ++ "netmask": "ffff:ffff:ffff:ffff::", ++ "link": "interface1", ++ "mode": "link-local", ++ "routes": [], ++ "ip_address": "fe80::c096:67ff:fe5c:6e84", ++ "type": "static6", ++ "id": "network1", ++ "services": [], ++ "accept-ra": "false" ++ }], ++ "links": [ ++ { ++ "ethernet_mac_address": "fa:16:3e:ed:9a:59", ++ "mtu": None, "type": "bridge", "id": ++ "tap1a81968a-79", ++ "vif_id": "1a81968a-797a-400f-8a80-567f997eb93f" ++ }, ++ ], ++ } ++ macs = {'fa:16:3e:ed:9a:59': 'eth0'} ++ render_dir = self.tmp_dir() ++ network_cfg = openstack.convert_net_json(net_json, known_macs=macs) ++ ns = network_state.parse_net_config_data(network_cfg, ++ skip_broken=False) ++ renderer = self._get_renderer() ++ with self.assertRaises(ValueError): ++ renderer.render_network_state(ns, target=render_dir) ++ self.assertEqual([], os.listdir(render_dir)) ++ ++ def test_static6_from_yaml(self): ++ entry = NETWORK_CONFIGS['static6'] ++ found = self._render_and_read(network_config=yaml.load( ++ entry['yaml'])) ++ self._compare_files_to_expected(entry[self.expected_name], found) ++ self._assert_headers(found) ++ + def test_dhcpv6_reject_ra_config_v2(self): + entry = NETWORK_CONFIGS['dhcpv6_reject_ra'] + found = self._render_and_read(network_config=yaml.load( +@@ -3268,6 +3366,8 @@ USERCTL=no + IPADDR=192.168.42.100 + IPV6ADDR=2001:db8::100/32 + IPV6INIT=yes ++ IPV6_AUTOCONF=no ++ IPV6_FORCE_ACCEPT_RA=no + IPV6_DEFAULTGW=2001:db8::1 + NETMASK=255.255.255.0 + NM_CONTROLLED=no +-- +1.8.3.1 + diff --git a/SOURCES/ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch b/SOURCES/ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch new file mode 100644 index 0000000..120a4f1 --- /dev/null +++ b/SOURCES/ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch @@ -0,0 +1,103 @@ +From 93b48730e201bf374f75a3f71d8d6b28211016ba Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 23 Mar 2021 16:14:16 +0100 +Subject: [PATCH] Fix requiring device-number on EC2 derivatives (#836) + +RH-Author: Eduardo Otubo +RH-MergeRequest: 3: Fix requiring device-number on EC2 derivatives (#836) +RH-Commit: [1/1] f372b10d179a969fcf824db8a39bdea3befc4ef4 (eterell/cloud-init) +RH-Bugzilla: 1942699 +RH-Acked-by: Acked-by: Mohammed Gamal +RH-Acked-by: Acked-by: Vitaly Kuznetsov vkuznets@redhat.com +RH-Acked-by: Acked-by: Cathy Avery cavery@redhat.com + +commit 9bd19645a61586b82e86db6f518dd05c3363b17f +Author: James Falcon +Date: Mon Mar 8 14:09:47 2021 -0600 + + Fix requiring device-number on EC2 derivatives (#836) + + #342 (70dbccbb) introduced the ability to determine route-metrics based on + the `device-number` provided by the EC2 IMDS. Not all datasources that + subclass EC2 will have this attribute, so allow the old behavior if + `device-number` is not present. + + LP: #1917875 + +Signed-off-by: Eduardo Otubo +--- + cloudinit/sources/DataSourceEc2.py | 3 +- + .../unittests/test_datasource/test_aliyun.py | 30 +++++++++++++++++++ + 2 files changed, 32 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py +index 1d09c12a..ce69d1b3 100644 +--- a/cloudinit/sources/DataSourceEc2.py ++++ b/cloudinit/sources/DataSourceEc2.py +@@ -764,13 +764,14 @@ def convert_ec2_metadata_network_config( + netcfg['ethernets'][nic_name] = dev_config + return netcfg + # Apply network config for all nics and any secondary IPv4/v6 addresses ++ nic_idx = 0 + for mac, nic_name in sorted(macs_to_nics.items()): + nic_metadata = macs_metadata.get(mac) + if not nic_metadata: + continue # Not a physical nic represented in metadata + # device-number is zero-indexed, we want it 1-indexed for the + # multiplication on the following line +- nic_idx = int(nic_metadata['device-number']) + 1 ++ nic_idx = int(nic_metadata.get('device-number', nic_idx)) + 1 + dhcp_override = {'route-metric': nic_idx * 100} + dev_config = {'dhcp4': True, 'dhcp4-overrides': dhcp_override, + 'dhcp6': False, +diff --git a/tests/unittests/test_datasource/test_aliyun.py b/tests/unittests/test_datasource/test_aliyun.py +index b626229e..a57f86a1 100644 +--- a/tests/unittests/test_datasource/test_aliyun.py ++++ b/tests/unittests/test_datasource/test_aliyun.py +@@ -7,6 +7,7 @@ from unittest import mock + + from cloudinit import helpers + from cloudinit.sources import DataSourceAliYun as ay ++from cloudinit.sources.DataSourceEc2 import convert_ec2_metadata_network_config + from cloudinit.tests import helpers as test_helpers + + DEFAULT_METADATA = { +@@ -183,6 +184,35 @@ class TestAliYunDatasource(test_helpers.HttprettyTestCase): + self.assertEqual(ay.parse_public_keys(public_keys), + public_keys['key-pair-0']['openssh-key']) + ++ def test_route_metric_calculated_without_device_number(self): ++ """Test that route-metric code works without `device-number` ++ ++ `device-number` is part of EC2 metadata, but not supported on aliyun. ++ Attempting to access it will raise a KeyError. ++ ++ LP: #1917875 ++ """ ++ netcfg = convert_ec2_metadata_network_config( ++ {"interfaces": {"macs": { ++ "06:17:04:d7:26:09": { ++ "interface-id": "eni-e44ef49e", ++ }, ++ "06:17:04:d7:26:08": { ++ "interface-id": "eni-e44ef49f", ++ } ++ }}}, ++ macs_to_nics={ ++ '06:17:04:d7:26:09': 'eth0', ++ '06:17:04:d7:26:08': 'eth1', ++ } ++ ) ++ ++ met0 = netcfg['ethernets']['eth0']['dhcp4-overrides']['route-metric'] ++ met1 = netcfg['ethernets']['eth1']['dhcp4-overrides']['route-metric'] ++ ++ # route-metric numbers should be 100 apart ++ assert 100 == abs(met0 - met1) ++ + + class TestIsAliYun(test_helpers.CiTestCase): + ALIYUN_PRODUCT = 'Alibaba Cloud ECS' +-- +2.27.0 + diff --git a/SOURCES/ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch b/SOURCES/ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch new file mode 100644 index 0000000..aeaa342 --- /dev/null +++ b/SOURCES/ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch @@ -0,0 +1,61 @@ +From d3889c4645a1319c3d677006164b618ee53f4c8b Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 7 Dec 2020 14:23:22 +0100 +Subject: [PATCH 3/4] Fix unit failure of cloud-final.service if NetworkManager + was not present. + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 27: Fix unit failure of cloud-final.service if NetworkManager was not present. +RH-Commit: [1/1] 3c65a2cca140fff48df1ef32919e3cb035506a2b (eterrell/cloud-init) +RH-Bugzilla: 1898943 + +cloud-final.service would fail if NetworkManager was not installed. + +journal -u cloud-final.service would show: + + cloud-init[5328]: Cloud-init v. 19.4 finished at ... + echo[5346]: try restart NetworkManager.service + systemctl[5349]: Failed to reload-or-try-restart + NetworkManager.service: Unit not found. + systemd[1]: cloud-final.service: control process exited, + code=exited status=5 + systemd[1]: Failed to start Execute cloud user/final scripts. + systemd[1]: Unit cloud-final.service entered failed state. + systemd[1]: cloud-final.service failed. + +The change here is to only attempt to restart NetworkManager if it is +present, and its SubState is 'running'. + +The multi-line shell in a systemd unit is less than ideal, but I'm not +aware of any other way of conditionally doing this. + +Note that both of 'try-reload-or-restart' and 'reload-or-try-restart' +will fail if the service is not present. So this would also affect rhel +8 systems that do not use NetworkManager. + +Signed-off-by: Eduardo Otubo +--- + rhel/systemd/cloud-final.service | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service +index 05add077..e281c0cf 100644 +--- a/rhel/systemd/cloud-final.service ++++ b/rhel/systemd/cloud-final.service +@@ -11,8 +11,11 @@ ExecStart=/usr/bin/cloud-init modules --mode=final + RemainAfterExit=yes + TimeoutSec=0 + KillMode=process +-ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service" +-ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service ++# Restart NetworkManager if it is present and running. ++ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ ++ out=$(systemctl show --property=SubState $u) || exit; \ ++ [ "$out" = "SubState=running" ] || exit 0; \ ++ systemctl reload-or-try-restart $u' + + # Output needs to appear in instance console output + StandardOutput=journal+console +-- +2.18.4 + diff --git a/SOURCES/ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch b/SOURCES/ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch new file mode 100644 index 0000000..3860cd1 --- /dev/null +++ b/SOURCES/ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch @@ -0,0 +1,49 @@ +From 15852ea6958c18e3830aa9244b36cd0decc93b95 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Thu, 7 Jan 2021 16:51:30 +0100 +Subject: [PATCH] Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful + on RHEL (#753) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 29: Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful on RHEL (#753) +RH-Commit: [1/1] 46943f83071d243bcc61f9d987b4fe7d9cf98596 (eterrell/cloud-init) +RH-Bugzilla: 1859695 + +IPV6_AUTOCONF needs to be set to 'no' on RHEL so NetworkManager can +properly acquire ipv6 address. + +rhbz: #1859695 + +Signed-off-by: Eduardo Otubo +--- + cloudinit/net/sysconfig.py | 1 + + tests/unittests/test_net.py | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index 94801a93..1793977d 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -397,6 +397,7 @@ class Renderer(renderer.Renderer): + iface_cfg['BOOTPROTO'] = 'dhcp' + iface_cfg['DHCPV6C'] = True + iface_cfg['IPV6INIT'] = True ++ iface_cfg['IPV6_AUTOCONF'] = False + else: + iface_cfg['IPV6INIT'] = True + # Configure network settings using DHCPv6 +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index bcd261db..844d5ba8 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1363,6 +1363,7 @@ NETWORK_CONFIGS = { + DEVICE=iface0 + DHCPV6C=yes + IPV6INIT=yes ++ IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=yes + DEVICE=iface0 + NM_CONTROLLED=no +-- +2.18.4 + diff --git a/SOURCES/ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch b/SOURCES/ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch new file mode 100644 index 0000000..a7f4117 --- /dev/null +++ b/SOURCES/ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch @@ -0,0 +1,80 @@ +From 4dde2a9bed58aba13c730bf4a7314b21038d7a31 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 25 Jan 2021 16:24:29 +0100 +Subject: [PATCH 2/2] Revert "ssh_util: handle non-default AuthorizedKeysFile + config (#586)" (#775) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 38: Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" (#775) +RH-Commit: [1/1] aec2860c773ad1921f3949dc622543e81860c5bf (eterrell/cloud-init) +RH-Bugzilla: 1919972 + +commit cdc5b81f33aee0ed3ef1ae239e5cec1906d0178a +Author: Daniel Watkins +Date: Tue Jan 19 12:23:23 2021 -0500 + + Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" (#775) + + This reverts commit b0e73814db4027dba0b7dc0282e295b7f653325c. + +Signed-off-by: Eduardo Otubo +--- + cloudinit/ssh_util.py | 6 +++--- + tests/unittests/test_sshutil.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py +index d5113996..c08042d6 100644 +--- a/cloudinit/ssh_util.py ++++ b/cloudinit/ssh_util.py +@@ -262,13 +262,13 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG): + + except (IOError, OSError): + # Give up and use a default key filename +- auth_key_fns.append(default_authorizedkeys_file) ++ auth_key_fns[0] = default_authorizedkeys_file + util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in SSH " + "config from %r, using 'AuthorizedKeysFile' file " + "%r instead", DEF_SSHD_CFG, auth_key_fns[0]) + +- # always store all the keys in the first file configured on sshd_config +- return (auth_key_fns[0], parse_authorized_keys(auth_key_fns)) ++ # always store all the keys in the user's private file ++ return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns)) + + + def setup_user_keys(keys, username, options=None): +diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py +index 88a111e3..fd1d1bac 100644 +--- a/tests/unittests/test_sshutil.py ++++ b/tests/unittests/test_sshutil.py +@@ -593,7 +593,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + fpw.pw_name, sshd_config) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual(authorized_keys, auth_key_fn) ++ self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +@@ -610,7 +610,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + sshd_config = self.tmp_path('sshd_config') + util.write_file( + sshd_config, +- "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys) ++ "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys) + ) + + (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( +@@ -618,7 +618,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + ) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual(user_keys, auth_key_fn) ++ self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +-- +2.18.4 + diff --git a/SOURCES/ci-fix-a-typo-in-man-page-cloud-init.1-752.patch b/SOURCES/ci-fix-a-typo-in-man-page-cloud-init.1-752.patch new file mode 100644 index 0000000..0a08abf --- /dev/null +++ b/SOURCES/ci-fix-a-typo-in-man-page-cloud-init.1-752.patch @@ -0,0 +1,53 @@ +From c90d5c11eb99ec25e0fd90585bad9283e60bda7e Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 26 Jan 2021 10:48:55 +0100 +Subject: [PATCH] fix a typo in man page cloud-init.1 (#752) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 39: fix a typo in man page cloud-init.1 (#752) +RH-Commit: [1/1] d2f7efbc63a7928ef175ac0714053dba20aab01a (eterrell/cloud-init) +RH-Bugzilla: 1913127 + +commit 48b2c5f16bd4ef754fef137ea19894908d4bf1db +Author: Amy Chen <66719270+xiachen-rh@users.noreply.github.com> +Date: Wed Jan 6 22:37:02 2021 +0800 + + fix a typo in man page cloud-init.1 (#752) + + 1. fix a typo in cloud-init.1 + 2. add xiachen-rh as contributor + +Conflict: We don't really use tools/.github-cla-signers, but had to fix +a tiny conflict of already included names on the file. + +Signed-off-by: Eduardo Otubo +--- + doc/man/cloud-init.1 | 2 +- + tools/.github-cla-signers | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/doc/man/cloud-init.1 b/doc/man/cloud-init.1 +index 9b52dc8d..3fde4148 100644 +--- a/doc/man/cloud-init.1 ++++ b/doc/man/cloud-init.1 +@@ -10,7 +10,7 @@ cloud-init \- Cloud instance initialization + Cloud-init provides a mechanism for cloud instance initialization. + This is done by identifying the cloud platform that is in use, reading + provided cloud metadata and optional vendor and user +-data, and then intializing the instance as requested. ++data, and then initializing the instance as requested. + + Generally, this command is not normally meant to be run directly by + the user. However, some subcommands may useful for development or +diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers +index 802a35bd..e5d2b95c 100644 +--- a/tools/.github-cla-signers ++++ b/tools/.github-cla-signers +@@ -21,3 +21,4 @@ sshedi + TheRealFalcon + tomponline + tsanghan ++xiachen-rh +-- +2.18.4 + diff --git a/SOURCES/ci-get_interfaces-don-t-exclude-Open-vSwitch-bridge-bon.patch b/SOURCES/ci-get_interfaces-don-t-exclude-Open-vSwitch-bridge-bon.patch new file mode 100644 index 0000000..e9a0426 --- /dev/null +++ b/SOURCES/ci-get_interfaces-don-t-exclude-Open-vSwitch-bridge-bon.patch @@ -0,0 +1,150 @@ +From a0601a472dc5b05106617b35b81d8a0578ade339 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lukas=20M=C3=A4rdian?= +Date: Thu, 29 Oct 2020 14:38:56 +0100 +Subject: [PATCH 1/2] get_interfaces: don't exclude Open vSwitch bridge/bond + members (#608) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Eduardo Otubo (otubo) +RH-MergeRequest: 6: Patch series to fix "Bug 1957135 - Intermittent failure to start cloud-init due to failure to detect macs" +RH-Commit: [1/2] 4362f855d2d1a250a7d18490b35e65a1133a00c2 (otubo/cloud-init) +RH-Bugzilla: 1957135 +RH-Acked-by: Mohammed Gamal +RH-Acked-by: Emanuele Giuseppe Esposito <[eesposit@redhat.com](mailto:eesposit@redhat.com> + +commit 3c432b32de1bdce2699525201396a8bbc6a41f3e +Author: Lukas Märdian +Date: Thu Oct 29 14:38:56 2020 +0100 + + get_interfaces: don't exclude Open vSwitch bridge/bond members (#608) + + If an OVS bridge was used as the only/primary interface, the 'init' + stage failed with a "Not all expected physical devices present" error, + leaving the system with a broken SSH setup. + + LP: #1898997 + +Signed-off-by: Eduardo Otubo +--- + cloudinit/net/__init__.py | 15 +++++++++++-- + cloudinit/net/tests/test_init.py | 36 +++++++++++++++++++++++++++++++- + tools/.github-cla-signers | 1 + + 3 files changed, 49 insertions(+), 3 deletions(-) + +diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py +index e233149a..0aa58b27 100644 +--- a/cloudinit/net/__init__.py ++++ b/cloudinit/net/__init__.py +@@ -124,6 +124,15 @@ def master_is_bridge_or_bond(devname): + return (os.path.exists(bonding_path) or os.path.exists(bridge_path)) + + ++def master_is_openvswitch(devname): ++ """Return a bool indicating if devname's master is openvswitch""" ++ master_path = get_master(devname) ++ if master_path is None: ++ return False ++ ovs_path = sys_dev_path(devname, path="upper_ovs-system") ++ return os.path.exists(ovs_path) ++ ++ + def is_netfailover(devname, driver=None): + """ netfailover driver uses 3 nics, master, primary and standby. + this returns True if the device is either the primary or standby +@@ -855,8 +864,10 @@ def get_interfaces(): + continue + if is_bond(name): + continue +- if get_master(name) is not None and not master_is_bridge_or_bond(name): +- continue ++ if get_master(name) is not None: ++ if (not master_is_bridge_or_bond(name) and ++ not master_is_openvswitch(name)): ++ continue + if is_netfailover(name): + continue + mac = get_interface_mac(name) +diff --git a/cloudinit/net/tests/test_init.py b/cloudinit/net/tests/test_init.py +index 311ab6f8..0535387a 100644 +--- a/cloudinit/net/tests/test_init.py ++++ b/cloudinit/net/tests/test_init.py +@@ -190,6 +190,28 @@ class TestReadSysNet(CiTestCase): + self.assertTrue(net.master_is_bridge_or_bond('eth1')) + self.assertTrue(net.master_is_bridge_or_bond('eth2')) + ++ def test_master_is_openvswitch(self): ++ ovs_mac = 'bb:cc:aa:bb:cc:aa' ++ ++ # No master => False ++ write_file(os.path.join(self.sysdir, 'eth1', 'address'), ovs_mac) ++ ++ self.assertFalse(net.master_is_bridge_or_bond('eth1')) ++ ++ # masters without ovs-system => False ++ write_file(os.path.join(self.sysdir, 'ovs-system', 'address'), ovs_mac) ++ ++ os.symlink('../ovs-system', os.path.join(self.sysdir, 'eth1', ++ 'master')) ++ ++ self.assertFalse(net.master_is_openvswitch('eth1')) ++ ++ # masters with ovs-system => True ++ os.symlink('../ovs-system', os.path.join(self.sysdir, 'eth1', ++ 'upper_ovs-system')) ++ ++ self.assertTrue(net.master_is_openvswitch('eth1')) ++ + def test_is_vlan(self): + """is_vlan is True when /sys/net/devname/uevent has DEVTYPE=vlan.""" + ensure_file(os.path.join(self.sysdir, 'eth0', 'uevent')) +@@ -465,20 +487,32 @@ class TestGetInterfaceMAC(CiTestCase): + ): + bridge_mac = 'aa:bb:cc:aa:bb:cc' + bond_mac = 'cc:bb:aa:cc:bb:aa' ++ ovs_mac = 'bb:cc:aa:bb:cc:aa' ++ + write_file(os.path.join(self.sysdir, 'br0', 'address'), bridge_mac) + write_file(os.path.join(self.sysdir, 'br0', 'bridge'), '') + + write_file(os.path.join(self.sysdir, 'bond0', 'address'), bond_mac) + write_file(os.path.join(self.sysdir, 'bond0', 'bonding'), '') + ++ write_file(os.path.join(self.sysdir, 'ovs-system', 'address'), ++ ovs_mac) ++ + write_file(os.path.join(self.sysdir, 'eth1', 'address'), bridge_mac) + os.symlink('../br0', os.path.join(self.sysdir, 'eth1', 'master')) + + write_file(os.path.join(self.sysdir, 'eth2', 'address'), bond_mac) + os.symlink('../bond0', os.path.join(self.sysdir, 'eth2', 'master')) + ++ write_file(os.path.join(self.sysdir, 'eth3', 'address'), ovs_mac) ++ os.symlink('../ovs-system', os.path.join(self.sysdir, 'eth3', ++ 'master')) ++ os.symlink('../ovs-system', os.path.join(self.sysdir, 'eth3', ++ 'upper_ovs-system')) ++ + interface_names = [interface[0] for interface in net.get_interfaces()] +- self.assertEqual(['eth1', 'eth2'], sorted(interface_names)) ++ self.assertEqual(['eth1', 'eth2', 'eth3', 'ovs-system'], ++ sorted(interface_names)) + + + class TestInterfaceHasOwnMAC(CiTestCase): +diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers +index e5d2b95c..db55361a 100644 +--- a/tools/.github-cla-signers ++++ b/tools/.github-cla-signers +@@ -16,6 +16,7 @@ matthewruffell + nishigori + omBratteng + onitake ++slyon + smoser + sshedi + TheRealFalcon +-- +2.27.0 + diff --git a/SOURCES/ci-net-exclude-OVS-internal-interfaces-in-get_interface.patch b/SOURCES/ci-net-exclude-OVS-internal-interfaces-in-get_interface.patch new file mode 100644 index 0000000..7304f89 --- /dev/null +++ b/SOURCES/ci-net-exclude-OVS-internal-interfaces-in-get_interface.patch @@ -0,0 +1,512 @@ +From 83e17432645b9e959c82ffe9c86d20fa183bc5ef Mon Sep 17 00:00:00 2001 +From: Daniel Watkins +Date: Mon, 8 Mar 2021 12:50:57 -0500 +Subject: [PATCH 2/2] net: exclude OVS internal interfaces in get_interfaces + (#829) + +RH-Author: Eduardo Otubo (otubo) +RH-MergeRequest: 6: Patch series to fix "Bug 1957135 - Intermittent failure to start cloud-init due to failure to detect macs" +RH-Commit: [2/2] d401dc64a7ceeecb091a792aa24de334940a3750 (otubo/cloud-init) +RH-Bugzilla: 1957135 +RH-Acked-by: Mohammed Gamal +RH-Acked-by: Emanuele Giuseppe Esposito <[eesposit@redhat.com](mailto:eesposit@redhat.com> + +commit 121bc04cdf0e6732fe143b7419131dc250c13384 +Author: Daniel Watkins +Date: Mon Mar 8 12:50:57 2021 -0500 + + net: exclude OVS internal interfaces in get_interfaces (#829) + + `get_interfaces` is used to in two ways, broadly: firstly, to determine + the available interfaces when converting cloud network configuration + formats to cloud-init's network configuration formats; and, secondly, to + ensure that any interfaces which are specified in network configuration + are (a) available, and (b) named correctly. The first of these is + unaffected by this commit, as no clouds support Open vSwitch + configuration in their network configuration formats. + + For the second, we check that MAC addresses of physical devices are + unique. In some OVS configurations, there are OVS-created devices which + have duplicate MAC addresses, either with each other or with physical + devices. As these interfaces are created by OVS, we can be confident + that (a) they will be available when appropriate, and (b) that OVS will + name them correctly. As such, this commit excludes any OVS-internal + interfaces from the set of interfaces returned by `get_interfaces`. + + LP: #1912844 + +Signed-off-by: Eduardo Otubo +--- + cloudinit/net/__init__.py | 62 +++++++++ + cloudinit/net/tests/test_init.py | 119 ++++++++++++++++++ + .../sources/helpers/tests/test_openstack.py | 5 + + cloudinit/sources/tests/test_oracle.py | 4 + + .../integration_tests/bugs/test_lp1912844.py | 103 +++++++++++++++ + .../test_datasource/test_configdrive.py | 8 ++ + tests/unittests/test_net.py | 20 +++ + 7 files changed, 321 insertions(+) + create mode 100644 tests/integration_tests/bugs/test_lp1912844.py + +diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py +index 0aa58b27..2ff770e1 100644 +--- a/cloudinit/net/__init__.py ++++ b/cloudinit/net/__init__.py +@@ -6,6 +6,7 @@ + # This file is part of cloud-init. See LICENSE file for license information. + + import errno ++import functools + import ipaddress + import logging + import os +@@ -19,6 +20,19 @@ from cloudinit.url_helper import UrlError, readurl + LOG = logging.getLogger(__name__) + SYS_CLASS_NET = "/sys/class/net/" + DEFAULT_PRIMARY_INTERFACE = 'eth0' ++OVS_INTERNAL_INTERFACE_LOOKUP_CMD = [ ++ "ovs-vsctl", ++ "--format", ++ "csv", ++ "--no-headings", ++ "--timeout", ++ "10", ++ "--columns", ++ "name", ++ "find", ++ "interface", ++ "type=internal", ++] + + + def natural_sort_key(s, _nsre=re.compile('([0-9]+)')): +@@ -133,6 +147,52 @@ def master_is_openvswitch(devname): + return os.path.exists(ovs_path) + + ++@functools.lru_cache(maxsize=None) ++def openvswitch_is_installed() -> bool: ++ """Return a bool indicating if Open vSwitch is installed in the system.""" ++ ret = bool(subp.which("ovs-vsctl")) ++ if not ret: ++ LOG.debug( ++ "ovs-vsctl not in PATH; not detecting Open vSwitch interfaces" ++ ) ++ return ret ++ ++ ++@functools.lru_cache(maxsize=None) ++def get_ovs_internal_interfaces() -> list: ++ """Return a list of the names of OVS internal interfaces on the system. ++ ++ These will all be strings, and are used to exclude OVS-specific interface ++ from cloud-init's network configuration handling. ++ """ ++ try: ++ out, _err = subp.subp(OVS_INTERNAL_INTERFACE_LOOKUP_CMD) ++ except subp.ProcessExecutionError as exc: ++ if "database connection failed" in exc.stderr: ++ LOG.info( ++ "Open vSwitch is not yet up; no interfaces will be detected as" ++ " OVS-internal" ++ ) ++ return [] ++ raise ++ else: ++ return out.splitlines() ++ ++ ++def is_openvswitch_internal_interface(devname: str) -> bool: ++ """Returns True if this is an OVS internal interface. ++ ++ If OVS is not installed or not yet running, this will return False. ++ """ ++ if not openvswitch_is_installed(): ++ return False ++ ovs_bridges = get_ovs_internal_interfaces() ++ if devname in ovs_bridges: ++ LOG.debug("Detected %s as an OVS interface", devname) ++ return True ++ return False ++ ++ + def is_netfailover(devname, driver=None): + """ netfailover driver uses 3 nics, master, primary and standby. + this returns True if the device is either the primary or standby +@@ -877,6 +937,8 @@ def get_interfaces(): + # skip nics that have no mac (00:00....) + if name != 'lo' and mac == zero_mac[:len(mac)]: + continue ++ if is_openvswitch_internal_interface(name): ++ continue + ret.append((name, mac, device_driver(name), device_devid(name))) + return ret + +diff --git a/cloudinit/net/tests/test_init.py b/cloudinit/net/tests/test_init.py +index 0535387a..946f8ee2 100644 +--- a/cloudinit/net/tests/test_init.py ++++ b/cloudinit/net/tests/test_init.py +@@ -391,6 +391,10 @@ class TestGetDeviceList(CiTestCase): + self.assertCountEqual(['eth0', 'eth1'], net.get_devicelist()) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False), ++) + class TestGetInterfaceMAC(CiTestCase): + + def setUp(self): +@@ -1224,6 +1228,121 @@ class TestNetFailOver(CiTestCase): + self.assertFalse(net.is_netfailover(devname, driver)) + + ++class TestOpenvswitchIsInstalled: ++ """Test cloudinit.net.openvswitch_is_installed. ++ ++ Uses the ``clear_lru_cache`` local autouse fixture to allow us to test ++ despite the ``lru_cache`` decorator on the unit under test. ++ """ ++ ++ @pytest.fixture(autouse=True) ++ def clear_lru_cache(self): ++ net.openvswitch_is_installed.cache_clear() ++ ++ @pytest.mark.parametrize( ++ "expected,which_return", [(True, "/some/path"), (False, None)] ++ ) ++ @mock.patch("cloudinit.net.subp.which") ++ def test_mirrors_which_result(self, m_which, expected, which_return): ++ m_which.return_value = which_return ++ assert expected == net.openvswitch_is_installed() ++ ++ @mock.patch("cloudinit.net.subp.which") ++ def test_only_calls_which_once(self, m_which): ++ net.openvswitch_is_installed() ++ net.openvswitch_is_installed() ++ assert 1 == m_which.call_count ++ ++ ++@mock.patch("cloudinit.net.subp.subp", return_value=("", "")) ++class TestGetOVSInternalInterfaces: ++ """Test cloudinit.net.get_ovs_internal_interfaces. ++ ++ Uses the ``clear_lru_cache`` local autouse fixture to allow us to test ++ despite the ``lru_cache`` decorator on the unit under test. ++ """ ++ @pytest.fixture(autouse=True) ++ def clear_lru_cache(self): ++ net.get_ovs_internal_interfaces.cache_clear() ++ ++ def test_command_used(self, m_subp): ++ """Test we use the correct command when we call subp""" ++ net.get_ovs_internal_interfaces() ++ ++ assert [ ++ mock.call(net.OVS_INTERNAL_INTERFACE_LOOKUP_CMD) ++ ] == m_subp.call_args_list ++ ++ def test_subp_contents_split_and_returned(self, m_subp): ++ """Test that the command output is appropriately mangled.""" ++ stdout = "iface1\niface2\niface3\n" ++ m_subp.return_value = (stdout, "") ++ ++ assert [ ++ "iface1", ++ "iface2", ++ "iface3", ++ ] == net.get_ovs_internal_interfaces() ++ ++ def test_database_connection_error_handled_gracefully(self, m_subp): ++ """Test that the error indicating OVS is down is handled gracefully.""" ++ m_subp.side_effect = ProcessExecutionError( ++ stderr="database connection failed" ++ ) ++ ++ assert [] == net.get_ovs_internal_interfaces() ++ ++ def test_other_errors_raised(self, m_subp): ++ """Test that only database connection errors are handled.""" ++ m_subp.side_effect = ProcessExecutionError() ++ ++ with pytest.raises(ProcessExecutionError): ++ net.get_ovs_internal_interfaces() ++ ++ def test_only_runs_once(self, m_subp): ++ """Test that we cache the value.""" ++ net.get_ovs_internal_interfaces() ++ net.get_ovs_internal_interfaces() ++ ++ assert 1 == m_subp.call_count ++ ++ ++@mock.patch("cloudinit.net.get_ovs_internal_interfaces") ++@mock.patch("cloudinit.net.openvswitch_is_installed") ++class TestIsOpenVSwitchInternalInterface: ++ def test_false_if_ovs_not_installed( ++ self, m_openvswitch_is_installed, _m_get_ovs_internal_interfaces ++ ): ++ """Test that OVS' absence returns False.""" ++ m_openvswitch_is_installed.return_value = False ++ ++ assert not net.is_openvswitch_internal_interface("devname") ++ ++ @pytest.mark.parametrize( ++ "detected_interfaces,devname,expected_return", ++ [ ++ ([], "devname", False), ++ (["notdevname"], "devname", False), ++ (["devname"], "devname", True), ++ (["some", "other", "devices", "and", "ours"], "ours", True), ++ ], ++ ) ++ def test_return_value_based_on_detected_interfaces( ++ self, ++ m_openvswitch_is_installed, ++ m_get_ovs_internal_interfaces, ++ detected_interfaces, ++ devname, ++ expected_return, ++ ): ++ """Test that the detected interfaces are used correctly.""" ++ m_openvswitch_is_installed.return_value = True ++ m_get_ovs_internal_interfaces.return_value = detected_interfaces ++ assert expected_return == net.is_openvswitch_internal_interface( ++ devname ++ ) ++ ++ + class TestIsIpAddress: + """Tests for net.is_ip_address. + +diff --git a/cloudinit/sources/helpers/tests/test_openstack.py b/cloudinit/sources/helpers/tests/test_openstack.py +index 2bde1e3f..95fb9743 100644 +--- a/cloudinit/sources/helpers/tests/test_openstack.py ++++ b/cloudinit/sources/helpers/tests/test_openstack.py +@@ -1,10 +1,15 @@ + # This file is part of cloud-init. See LICENSE file for license information. + # ./cloudinit/sources/helpers/tests/test_openstack.py ++from unittest import mock + + from cloudinit.sources.helpers import openstack + from cloudinit.tests import helpers as test_helpers + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestConvertNetJson(test_helpers.CiTestCase): + + def test_phy_types(self): +diff --git a/cloudinit/sources/tests/test_oracle.py b/cloudinit/sources/tests/test_oracle.py +index 7bd23813..902d1e40 100644 +--- a/cloudinit/sources/tests/test_oracle.py ++++ b/cloudinit/sources/tests/test_oracle.py +@@ -173,6 +173,10 @@ class TestIsPlatformViable(test_helpers.CiTestCase): + m_read_dmi_data.assert_has_calls([mock.call('chassis-asset-tag')]) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestNetworkConfigFromOpcImds: + def test_no_secondary_nics_does_not_mutate_input(self, oracle_ds): + oracle_ds._vnics_data = [{}] +diff --git a/tests/integration_tests/bugs/test_lp1912844.py b/tests/integration_tests/bugs/test_lp1912844.py +new file mode 100644 +index 00000000..efafae50 +--- /dev/null ++++ b/tests/integration_tests/bugs/test_lp1912844.py +@@ -0,0 +1,103 @@ ++"""Integration test for LP: #1912844 ++ ++cloud-init should ignore OVS-internal interfaces when performing its own ++interface determination: these interfaces are handled fully by OVS, so ++cloud-init should never need to touch them. ++ ++This test is a semi-synthetic reproducer for the bug. It uses a similar ++network configuration, tweaked slightly to DHCP in a way that will succeed even ++on "failed" boots. The exact bug doesn't reproduce with the NoCloud ++datasource, because it runs at init-local time (whereas the MAAS datasource, ++from the report, runs only at init (network) time): this means that the ++networking code runs before OVS creates its interfaces (which happens after ++init-local but, of course, before networking is up), and so doesn't generate ++the traceback that they cause. We work around this by calling ++``get_interfaces_by_mac` directly in the test code. ++""" ++import pytest ++ ++from tests.integration_tests import random_mac_address ++ ++MAC_ADDRESS = random_mac_address() ++ ++NETWORK_CONFIG = """\ ++bonds: ++ bond0: ++ interfaces: ++ - enp5s0 ++ macaddress: {0} ++ mtu: 1500 ++bridges: ++ ovs-br: ++ interfaces: ++ - bond0 ++ macaddress: {0} ++ mtu: 1500 ++ openvswitch: {{}} ++ dhcp4: true ++ethernets: ++ enp5s0: ++ mtu: 1500 ++ set-name: enp5s0 ++ match: ++ macaddress: {0} ++version: 2 ++vlans: ++ ovs-br.100: ++ id: 100 ++ link: ovs-br ++ mtu: 1500 ++ ovs-br.200: ++ id: 200 ++ link: ovs-br ++ mtu: 1500 ++""".format(MAC_ADDRESS) ++ ++ ++SETUP_USER_DATA = """\ ++#cloud-config ++packages: ++- openvswitch-switch ++""" ++ ++ ++@pytest.fixture ++def ovs_enabled_session_cloud(session_cloud): ++ """A session_cloud wrapper, to use an OVS-enabled image for tests. ++ ++ This implementation is complicated by wanting to use ``session_cloud``s ++ snapshot cleanup/retention logic, to avoid having to reimplement that here. ++ """ ++ old_snapshot_id = session_cloud.snapshot_id ++ with session_cloud.launch( ++ user_data=SETUP_USER_DATA, ++ ) as instance: ++ instance.instance.clean() ++ session_cloud.snapshot_id = instance.snapshot() ++ ++ yield session_cloud ++ ++ try: ++ session_cloud.delete_snapshot() ++ finally: ++ session_cloud.snapshot_id = old_snapshot_id ++ ++ ++@pytest.mark.lxd_vm ++def test_get_interfaces_by_mac_doesnt_traceback(ovs_enabled_session_cloud): ++ """Launch our OVS-enabled image and confirm the bug doesn't reproduce.""" ++ launch_kwargs = { ++ "config_dict": { ++ "user.network-config": NETWORK_CONFIG, ++ "volatile.eth0.hwaddr": MAC_ADDRESS, ++ }, ++ } ++ with ovs_enabled_session_cloud.launch( ++ launch_kwargs=launch_kwargs, ++ ) as client: ++ result = client.execute( ++ "python3 -c" ++ "'from cloudinit.net import get_interfaces_by_mac;" ++ "get_interfaces_by_mac()'" ++ ) ++ assert result.ok +diff --git a/tests/unittests/test_datasource/test_configdrive.py b/tests/unittests/test_datasource/test_configdrive.py +index 6f830cc6..2e2b7847 100644 +--- a/tests/unittests/test_datasource/test_configdrive.py ++++ b/tests/unittests/test_datasource/test_configdrive.py +@@ -494,6 +494,10 @@ class TestConfigDriveDataSource(CiTestCase): + self.assertEqual('config-disk (/dev/anything)', cfg_ds.subplatform) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestNetJson(CiTestCase): + def setUp(self): + super(TestNetJson, self).setUp() +@@ -654,6 +658,10 @@ class TestNetJson(CiTestCase): + self.assertEqual(out_data, conv_data) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestConvertNetworkData(CiTestCase): + + with_logs = True +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 844d5ba8..3607c5e3 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -2825,6 +2825,10 @@ iface eth1 inet dhcp + self.assertEqual(0, mock_settle.call_count) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestRhelSysConfigRendering(CiTestCase): + + with_logs = True +@@ -3495,6 +3499,10 @@ USERCTL=no + expected, self._render_and_read(network_config=v2data)) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestOpenSuseSysConfigRendering(CiTestCase): + + with_logs = True +@@ -4859,6 +4867,10 @@ class TestNetRenderers(CiTestCase): + self.assertTrue(result) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestGetInterfaces(CiTestCase): + _data = {'bonds': ['bond1'], + 'bridges': ['bridge1'], +@@ -5008,6 +5020,10 @@ class TestInterfaceHasOwnMac(CiTestCase): + self.assertFalse(interface_has_own_mac("eth0")) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestGetInterfacesByMac(CiTestCase): + _data = {'bonds': ['bond1'], + 'bridges': ['bridge1'], +@@ -5164,6 +5180,10 @@ class TestInterfacesSorting(CiTestCase): + ['enp0s3', 'enp0s8', 'enp0s13', 'enp1s2', 'enp2s0', 'enp2s3']) + + ++@mock.patch( ++ "cloudinit.net.is_openvswitch_internal_interface", ++ mock.Mock(return_value=False) ++) + class TestGetIBHwaddrsByInterface(CiTestCase): + + _ib_addr = '80:00:00:28:fe:80:00:00:00:00:00:00:00:11:22:03:00:33:44:56' +-- +2.27.0 + diff --git a/SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch b/SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch new file mode 100644 index 0000000..a2ef2dc --- /dev/null +++ b/SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch @@ -0,0 +1,247 @@ +From 51a90ecbdf1f3900183d8ec641eeb4571decf6dc Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Wed, 4 Nov 2020 12:37:54 +0100 +Subject: [PATCH] network: Fix type and respect name when rendering vlan in + sysconfig. (#541) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 19: network: Fix type and respect name when rendering vlan in sysconfig. (#541) +RH-Commit: [1/1] 75bea46017397082c5763125a5f35806c2f840e9 (eterrell/cloud-init) +RH-Bugzilla: 1881462 + +commit 8439b191ec2f336d544cab86dba2860f969cd5b8 +Author: Eduardo Otubo +Date: Tue Sep 15 18:00:00 2020 +0200 + + network: Fix type and respect name when rendering vlan in sysconfig. (#541) + + Prior to this change, vlans were rendered in sysconfig with + 'TYPE=Ethernet', and incorrectly rendered the PHYSDEV based on + the name of the vlan device rather than the 'link' provided + in the network config. + + The change here fixes: + * rendering of TYPE=Ethernet for a vlan + * adds a warning if the configured device name is not supported + per the RHEL 7 docs "11.5. Naming Scheme for VLAN Interfaces" + + LP: #1788915 + LP: #1826608 + RHBZ: #1861871 + +Signed-off-by: Eduardo Otubo +--- + cloudinit/net/sysconfig.py | 32 +++++++++- + tests/unittests/test_distros/test_netconfig.py | 81 ++++++++++++++++++++++++++ + tests/unittests/test_net.py | 4 -- + 3 files changed, 112 insertions(+), 5 deletions(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index c078898..078636a 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -99,6 +99,10 @@ class ConfigMap(object): + def __len__(self): + return len(self._conf) + ++ def skip_key_value(self, key, val): ++ """Skip the pair key, value if it matches a certain rule.""" ++ return False ++ + def to_string(self): + buf = io.StringIO() + buf.write(_make_header()) +@@ -106,6 +110,8 @@ class ConfigMap(object): + buf.write("\n") + for key in sorted(self._conf.keys()): + value = self._conf[key] ++ if self.skip_key_value(key, value): ++ continue + if isinstance(value, bool): + value = self._bool_map[value] + if not isinstance(value, str): +@@ -214,6 +220,7 @@ class NetInterface(ConfigMap): + 'bond': 'Bond', + 'bridge': 'Bridge', + 'infiniband': 'InfiniBand', ++ 'vlan': 'Vlan', + } + + def __init__(self, iface_name, base_sysconf_dir, templates, +@@ -267,6 +274,11 @@ class NetInterface(ConfigMap): + c.routes = self.routes.copy() + return c + ++ def skip_key_value(self, key, val): ++ if key == 'TYPE' and val == 'Vlan': ++ return True ++ return False ++ + + class Renderer(renderer.Renderer): + """Renders network information in a /etc/sysconfig format.""" +@@ -701,7 +713,16 @@ class Renderer(renderer.Renderer): + iface_cfg['ETHERDEVICE'] = iface_name[:iface_name.rfind('.')] + else: + iface_cfg['VLAN'] = True +- iface_cfg['PHYSDEV'] = iface_name[:iface_name.rfind('.')] ++ iface_cfg.kind = 'vlan' ++ ++ rdev = iface['vlan-raw-device'] ++ supported = _supported_vlan_names(rdev, iface['vlan_id']) ++ if iface_name not in supported: ++ LOG.info( ++ "Name '%s' for vlan '%s' is not officially supported" ++ "by RHEL. Supported: %s", ++ iface_name, rdev, ' '.join(supported)) ++ iface_cfg['PHYSDEV'] = rdev + + iface_subnets = iface.get("subnets", []) + route_cfg = iface_cfg.routes +@@ -909,6 +930,15 @@ class Renderer(renderer.Renderer): + "\n".join(netcfg) + "\n", file_mode) + + ++def _supported_vlan_names(rdev, vid): ++ """Return list of supported names for vlan devices per RHEL doc ++ 11.5. Naming Scheme for VLAN Interfaces.""" ++ return [ ++ v.format(rdev=rdev, vid=int(vid)) ++ for v in ("{rdev}{vid:04}", "{rdev}{vid}", ++ "{rdev}.{vid:04}", "{rdev}.{vid}")] ++ ++ + def available(target=None): + sysconfig = available_sysconfig(target=target) + nm = available_nm(target=target) +diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py +index f9fc3a1..a1df066 100644 +--- a/tests/unittests/test_distros/test_netconfig.py ++++ b/tests/unittests/test_distros/test_netconfig.py +@@ -541,6 +541,87 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + V1_NET_CFG_IPV6, + expected_cfgs=expected_cfgs.copy()) + ++ def test_vlan_render_unsupported(self): ++ """Render officially unsupported vlan names.""" ++ cfg = { ++ 'version': 2, ++ 'ethernets': { ++ 'eth0': {'addresses': ["192.10.1.2/24"], ++ 'match': {'macaddress': "00:16:3e:60:7c:df"}}}, ++ 'vlans': { ++ 'infra0': {'addresses': ["10.0.1.2/16"], ++ 'id': 1001, 'link': 'eth0'}}, ++ } ++ expected_cfgs = { ++ self.ifcfg_path('eth0'): dedent("""\ ++ BOOTPROTO=none ++ DEVICE=eth0 ++ HWADDR=00:16:3e:60:7c:df ++ IPADDR=192.10.1.2 ++ NETMASK=255.255.255.0 ++ NM_CONTROLLED=no ++ ONBOOT=yes ++ TYPE=Ethernet ++ USERCTL=no ++ """), ++ self.ifcfg_path('infra0'): dedent("""\ ++ BOOTPROTO=none ++ DEVICE=infra0 ++ IPADDR=10.0.1.2 ++ NETMASK=255.255.0.0 ++ NM_CONTROLLED=no ++ ONBOOT=yes ++ PHYSDEV=eth0 ++ USERCTL=no ++ VLAN=yes ++ """), ++ self.control_path(): dedent("""\ ++ NETWORKING=yes ++ """), ++ } ++ self._apply_and_verify( ++ self.distro.apply_network_config, cfg, ++ expected_cfgs=expected_cfgs) ++ ++ def test_vlan_render(self): ++ cfg = { ++ 'version': 2, ++ 'ethernets': { ++ 'eth0': {'addresses': ["192.10.1.2/24"]}}, ++ 'vlans': { ++ 'eth0.1001': {'addresses': ["10.0.1.2/16"], ++ 'id': 1001, 'link': 'eth0'}}, ++ } ++ expected_cfgs = { ++ self.ifcfg_path('eth0'): dedent("""\ ++ BOOTPROTO=none ++ DEVICE=eth0 ++ IPADDR=192.10.1.2 ++ NETMASK=255.255.255.0 ++ NM_CONTROLLED=no ++ ONBOOT=yes ++ TYPE=Ethernet ++ USERCTL=no ++ """), ++ self.ifcfg_path('eth0.1001'): dedent("""\ ++ BOOTPROTO=none ++ DEVICE=eth0.1001 ++ IPADDR=10.0.1.2 ++ NETMASK=255.255.0.0 ++ NM_CONTROLLED=no ++ ONBOOT=yes ++ PHYSDEV=eth0 ++ USERCTL=no ++ VLAN=yes ++ """), ++ self.control_path(): dedent("""\ ++ NETWORKING=yes ++ """), ++ } ++ self._apply_and_verify( ++ self.distro.apply_network_config, cfg, ++ expected_cfgs=expected_cfgs) ++ + + class TestNetCfgDistroOpensuse(TestNetCfgDistroBase): + +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index d7a7a65..c033745 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1656,7 +1656,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + DHCLIENT_SET_DEFAULT_ROUTE=no + ONBOOT=yes + PHYSDEV=bond0 +- TYPE=Ethernet + USERCTL=no + VLAN=yes"""), + 'ifcfg-br0': textwrap.dedent("""\ +@@ -1699,7 +1698,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + NETMASK1=255.255.255.0 + ONBOOT=yes + PHYSDEV=eth0 +- TYPE=Ethernet + USERCTL=no + VLAN=yes"""), + 'ifcfg-eth1': textwrap.dedent("""\ +@@ -2302,7 +2300,6 @@ iface bond0 inet6 static + NETMASK1=255.255.255.0 + ONBOOT=yes + PHYSDEV=en0 +- TYPE=Ethernet + USERCTL=no + VLAN=yes"""), + }, +@@ -3409,7 +3406,6 @@ USERCTL=no + NM_CONTROLLED=no + ONBOOT=yes + PHYSDEV=eno1 +- TYPE=Ethernet + USERCTL=no + VLAN=yes + """) +-- +1.8.3.1 + diff --git a/SOURCES/ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch b/SOURCES/ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch new file mode 100644 index 0000000..5fbcb0c --- /dev/null +++ b/SOURCES/ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch @@ -0,0 +1,98 @@ +From b84a1e6d246bbb758f0530038612bd18eff71767 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 8 Dec 2020 13:27:22 +0100 +Subject: [PATCH 4/4] ssh_util: handle non-default AuthorizedKeysFile config + (#586) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 28: ssh_util: handle non-default AuthorizedKeysFile config (#586) +RH-Commit: [1/1] f7ce396e3002c53a3504e653b58810efb956aa26 (eterrell/cloud-init) +RH-Bugzilla: 1862967 + +commit b0e73814db4027dba0b7dc0282e295b7f653325c +Author: Eduardo Otubo +Date: Tue Oct 20 18:04:59 2020 +0200 + + ssh_util: handle non-default AuthorizedKeysFile config (#586) + + The following commit merged all ssh keys into a default user file + `~/.ssh/authorized_keys` in sshd_config had multiple files configured for + AuthorizedKeysFile: + + commit f1094b1a539044c0193165a41501480de0f8df14 + Author: Eduardo Otubo + Date: Thu Dec 5 17:37:35 2019 +0100 + + Multiple file fix for AuthorizedKeysFile config (#60) + + This commit ignored the case when sshd_config would have a single file for + AuthorizedKeysFile, but a non default configuration, for example + `~/.ssh/authorized_keys_foobar`. In this case cloud-init would grab all keys + from this file and write a new one, the default `~/.ssh/authorized_keys` + causing the bug. + + rhbz: #1862967 + + Signed-off-by: Eduardo Otubo + +Signed-off-by: Eduardo Otubo +--- + cloudinit/ssh_util.py | 6 +++--- + tests/unittests/test_sshutil.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py +index c08042d6..d5113996 100644 +--- a/cloudinit/ssh_util.py ++++ b/cloudinit/ssh_util.py +@@ -262,13 +262,13 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG): + + except (IOError, OSError): + # Give up and use a default key filename +- auth_key_fns[0] = default_authorizedkeys_file ++ auth_key_fns.append(default_authorizedkeys_file) + util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in SSH " + "config from %r, using 'AuthorizedKeysFile' file " + "%r instead", DEF_SSHD_CFG, auth_key_fns[0]) + +- # always store all the keys in the user's private file +- return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns)) ++ # always store all the keys in the first file configured on sshd_config ++ return (auth_key_fns[0], parse_authorized_keys(auth_key_fns)) + + + def setup_user_keys(keys, username, options=None): +diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py +index fd1d1bac..88a111e3 100644 +--- a/tests/unittests/test_sshutil.py ++++ b/tests/unittests/test_sshutil.py +@@ -593,7 +593,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + fpw.pw_name, sshd_config) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) ++ self.assertEqual(authorized_keys, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +@@ -610,7 +610,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + sshd_config = self.tmp_path('sshd_config') + util.write_file( + sshd_config, +- "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys) ++ "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys) + ) + + (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( +@@ -618,7 +618,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + ) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) ++ self.assertEqual(user_keys, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +-- +2.18.4 + diff --git a/SOURCES/cloud-init-tmpfiles.conf b/SOURCES/cloud-init-tmpfiles.conf new file mode 100644 index 0000000..0c6d2a3 --- /dev/null +++ b/SOURCES/cloud-init-tmpfiles.conf @@ -0,0 +1 @@ +d /run/cloud-init 0700 root root - - diff --git a/SPECS/cloud-init.spec b/SPECS/cloud-init.spec new file mode 100644 index 0000000..da84b6e --- /dev/null +++ b/SPECS/cloud-init.spec @@ -0,0 +1,629 @@ +%{!?license: %global license %%doc} + +# The only reason we are archful is because dmidecode is ExclusiveArch +# https://bugzilla.redhat.com/show_bug.cgi?id=1067089 +%global debug_package %{nil} + +Name: cloud-init +Version: 20.3 +Release: 10%{?dist}.3 +Summary: Cloud instance init scripts + +Group: System Environment/Base +License: GPLv3 +URL: http://launchpad.net/cloud-init +Source0: https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz +Source1: cloud-init-tmpfiles.conf + +Patch0001: 0001-Add-initial-redhat-setup.patch +Patch0002: 0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch +Patch0003: 0003-limit-permissions-on-def_log_file.patch +Patch0004: 0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch +Patch0005: 0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch +Patch0006: 0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch +Patch0007: 0007-Remove-race-condition-between-cloud-init-and-Network.patch +Patch8: ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch +Patch9: ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch +# For bz#1881462 - [rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection +Patch10: ci-network-Fix-type-and-respect-name-when-rendering-vla.patch +# For bz#1859695 - [Cloud-init] DHCPv6 assigned address is not added to VM's interface +Patch11: ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch +# For bz#1898943 - [rhel-8]cloud-final.service fails if NetworkManager not installed. +Patch12: ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch +# For bz#1862967 - [cloud-init]Customize ssh AuthorizedKeysFile causes login failure +Patch13: ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch +# For bz#1859695 - [Cloud-init] DHCPv6 assigned address is not added to VM's interface +Patch14: ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch +# For bz#1900892 - [Azure] Update existing user password RHEL8x +Patch15: ci-DataSourceAzure-update-password-for-defuser-if-exist.patch +# For bz#1919972 - [RHEL-8.4] ssh keys can be shared across users giving potential root access +Patch16: ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch +# For bz#1913127 - A typo in cloud-init man page +Patch17: ci-fix-a-typo-in-man-page-cloud-init.1-752.patch +# For bz#1942699 - [Aliyun][RHEL8.4][cloud-init] cloud-init service failed to start with Alibaba instance [rhel-8.4.0.z] +Patch18: ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch +# For bz#1957135 - Intermittent failure to start cloud-init due to failure to detect macs [rhel-8.4.0.z] +Patch19: ci-get_interfaces-don-t-exclude-Open-vSwitch-bridge-bon.patch +# For bz#1957135 - Intermittent failure to start cloud-init due to failure to detect macs [rhel-8.4.0.z] +Patch20: ci-net-exclude-OVS-internal-interfaces-in-get_interface.patch + +BuildArch: noarch + +BuildRequires: pkgconfig(systemd) +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: systemd + +# For tests +BuildRequires: iproute +BuildRequires: python3-configobj +# # https://bugzilla.redhat.com/show_bug.cgi?id=1417029 +BuildRequires: python3-httpretty >= 0.8.14-2 +BuildRequires: python3-jinja2 +BuildRequires: python3-jsonpatch +BuildRequires: python3-jsonschema +BuildRequires: python3-mock +BuildRequires: python3-nose +BuildRequires: python3-oauthlib +BuildRequires: python3-prettytable +BuildRequires: python3-pyserial +BuildRequires: python3-PyYAML +BuildRequires: python3-requests +BuildRequires: python3-six +BuildRequires: python3-unittest2 +# dnf is needed to make cc_ntp unit tests work +# https://bugs.launchpad.net/cloud-init/+bug/1721573 +BuildRequires: /usr/bin/dnf + +Requires: e2fsprogs +Requires: iproute +Requires: libselinux-python3 +Requires: policycoreutils-python3 +Requires: procps +Requires: python3-configobj +Requires: python3-jinja2 +Requires: python3-jsonpatch +Requires: python3-jsonschema +Requires: python3-oauthlib +Requires: python3-prettytable +Requires: python3-pyserial +Requires: python3-PyYAML +Requires: python3-requests +Requires: python3-six +Requires: shadow-utils +Requires: util-linux +Requires: xfsprogs + +%{?systemd_requires} + +%description +Cloud-init is a set of init scripts for cloud instances. Cloud instances +need special scripts to run during initialization to retrieve and install +ssh keys and to let the user run various scripts. + + +%prep +%autosetup -p1 + +# Change shebangs +sed -i -e 's|#!/usr/bin/env python|#!/usr/bin/env python3|' \ + -e 's|#!/usr/bin/python|#!/usr/bin/python3|' tools/* cloudinit/ssh_util.py + +%build +%py3_build + + +%install +%py3_install -- + +python3 tools/render-cloudcfg --variant fedora > $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg + +sed -i "s,@@PACKAGED_VERSION@@,%{version}-%{release}," $RPM_BUILD_ROOT/%{python3_sitelib}/cloudinit/version.py + +mkdir -p $RPM_BUILD_ROOT/var/lib/cloud + +# /run/cloud-init needs a tmpfiles.d entry +mkdir -p $RPM_BUILD_ROOT/run/cloud-init +mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir} +cp -p %{SOURCE1} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf + +# We supply our own config file since our software differs from Ubuntu's. +cp -p rhel/cloud.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg + +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rsyslog.d +cp -p tools/21-cloudinit.conf $RPM_BUILD_ROOT/%{_sysconfdir}/rsyslog.d/21-cloudinit.conf + +# Make installed NetworkManager hook name less generic +mv $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/hook-network-manager \ + $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/cloud-init-azure-hook + +# Install our own systemd units (rhbz#1440831) +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +cp rhel/systemd/* $RPM_BUILD_ROOT%{_unitdir}/ + +[ ! -d $RPM_BUILD_ROOT/usr/lib/systemd/system-generators ] && mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system-generators +python3 tools/render-cloudcfg --variant rhel systemd/cloud-init-generator.tmpl > $RPM_BUILD_ROOT/usr/lib/systemd/system-generators/cloud-init-generator +chmod 755 $RPM_BUILD_ROOT/usr/lib/systemd/system-generators/cloud-init-generator + +[ ! -d $RPM_BUILD_ROOT/usr/lib/%{name} ] && mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name} +cp -p tools/ds-identify $RPM_BUILD_ROOT%{_libexecdir}/%{name}/ds-identify + +# installing man pages +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1/ +for man in cloud-id.1 cloud-init.1 cloud-init-per.1; do + install -c -m 0644 doc/man/${man} ${RPM_BUILD_ROOT}%{_mandir}/man1/${man} + chmod -x ${RPM_BUILD_ROOT}%{_mandir}/man1/* +done + +%clean +rm -rf $RPM_BUILD_ROOT + + +%post +if [ $1 -eq 1 ] ; then + # Initial installation + # Enabled by default per "runs once then goes away" exception + /bin/systemctl enable cloud-config.service >/dev/null 2>&1 || : + /bin/systemctl enable cloud-final.service >/dev/null 2>&1 || : + /bin/systemctl enable cloud-init.service >/dev/null 2>&1 || : + /bin/systemctl enable cloud-init-local.service >/dev/null 2>&1 || : + /bin/systemctl enable cloud-init.target >/dev/null 2>&1 || : +elif [ $1 -eq 2 ]; then + # Upgrade. If the upgrade is from a version older than 0.7.9-8, + # there will be stale systemd config + /bin/systemctl is-enabled cloud-config.service >/dev/null 2>&1 && + /bin/systemctl reenable cloud-config.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-final.service >/dev/null 2>&1 && + /bin/systemctl reenable cloud-final.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-init.service >/dev/null 2>&1 && + /bin/systemctl reenable cloud-init.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-init-local.service >/dev/null 2>&1 && + /bin/systemctl reenable cloud-init-local.service >/dev/null 2>&1 || : + + /bin/systemctl is-enabled cloud-init.target >/dev/null 2>&1 && + /bin/systemctl reenable cloud-init.target >/dev/null 2>&1 || : +fi + +%preun +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable cloud-config.service >/dev/null 2>&1 || : + /bin/systemctl --no-reload disable cloud-final.service >/dev/null 2>&1 || : + /bin/systemctl --no-reload disable cloud-init.service >/dev/null 2>&1 || : + /bin/systemctl --no-reload disable cloud-init-local.service >/dev/null 2>&1 || : + /bin/systemctl --no-reload disable cloud-init.target >/dev/null 2>&1 || : + # One-shot services -> no need to stop +fi + +%postun +%systemd_postun + + +%files +%license LICENSE +%doc ChangeLog rhel/README.rhel +%config(noreplace) %{_sysconfdir}/cloud/cloud.cfg +%dir %{_sysconfdir}/cloud/cloud.cfg.d +%config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/*.cfg +%doc %{_sysconfdir}/cloud/cloud.cfg.d/README +%dir %{_sysconfdir}/cloud/templates +%config(noreplace) %{_sysconfdir}/cloud/templates/* +%{_unitdir}/cloud-config.service +%{_unitdir}/cloud-config.target +%{_unitdir}/cloud-final.service +%{_unitdir}/cloud-init-local.service +%{_unitdir}/cloud-init.service +%{_unitdir}/cloud-init.target +%{_tmpfilesdir}/%{name}.conf +%{python3_sitelib}/* +%{_libexecdir}/%{name} +%{_bindir}/cloud-init* +%doc %{_datadir}/doc/%{name} +%{_mandir}/man1/* +%dir %verify(not mode) /run/cloud-init +%dir /var/lib/cloud +/etc/NetworkManager/dispatcher.d/cloud-init-azure-hook +%{_udevrulesdir}/66-azure-ephemeral.rules +%{_sysconfdir}/bash_completion.d/cloud-init +%{_bindir}/cloud-id +%{_libexecdir}/%{name}/ds-identify +/usr/lib/systemd/system-generators/cloud-init-generator + + +%dir %{_sysconfdir}/rsyslog.d +%config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf + +%changelog +* Thu May 13 2021 Miroslav Rezanina - 20.3-10.el8_4.3 +- ci-get_interfaces-don-t-exclude-Open-vSwitch-bridge-bon.patch [bz#1957135] +- ci-net-exclude-OVS-internal-interfaces-in-get_interface.patch [bz#1957135] +- Resolves: bz#1957135 + (Intermittent failure to start cloud-init due to failure to detect macs [rhel-8.4.0.z]) + +* Tue Apr 06 2021 Miroslav Rezanina - 20.3-10.el8_4.2 +- ci-Fix-requiring-device-number-on-EC2-derivatives-836.patch [bz#1942699] +- Resolves: bz#1942699 + ([Aliyun][RHEL8.4][cloud-init] cloud-init service failed to start with Alibaba instance [rhel-8.4.0.z]) + +* Tue Feb 02 2021 Miroslav Rezanina - 20.3-10.el8 +- ci-fix-a-typo-in-man-page-cloud-init.1-752.patch [bz#1913127] +- Resolves: bz#1913127 + (A typo in cloud-init man page) + +* Tue Jan 26 2021 Miroslav Rezanina - 20.3-9.el8 +- ci-DataSourceAzure-update-password-for-defuser-if-exist.patch [bz#1900892] +- ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch [bz#1919972] +- Resolves: bz#1900892 + ([Azure] Update existing user password RHEL8x) +- Resolves: bz#1919972 + ([RHEL-8.4] ssh keys can be shared across users giving potential root access) + +* Thu Jan 21 2021 Miroslav Rezanina - 20.3-8.el8 +- ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch [bz#1859695] +- Resolves: bz#1859695 + ([Cloud-init] DHCPv6 assigned address is not added to VM's interface) + +* Tue Jan 05 2021 Miroslav Rezanina - 20.3-7.el8 +- ci-Report-full-specific-version-with-cloud-init-version.patch [bz#1898949] +- Resolves: bz#1898949 + (cloud-init should report full specific full version with "cloud-init --version") + +* Mon Dec 14 2020 Miroslav Rezanina - 20.3-6.el8 +- ci-Installing-man-pages-in-the-correct-place-with-corre.patch [bz#1612573] +- ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch [bz#1859695] +- ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch [bz#1898943] +- ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch [bz#1862967] +- Resolves: bz#1612573 + (Man page scan results for cloud-init) +- Resolves: bz#1859695 + ([Cloud-init] DHCPv6 assigned address is not added to VM's interface) +- Resolves: bz#1898943 + ([rhel-8]cloud-final.service fails if NetworkManager not installed.) +- Resolves: bz#1862967 + ([cloud-init]Customize ssh AuthorizedKeysFile causes login failure) + +* Fri Nov 27 2020 Miroslav Rezanina - 20.3-5.el8 +- ci-network-Fix-type-and-respect-name-when-rendering-vla.patch [bz#1881462] +- Resolves: bz#1881462 + ([rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection) + +* Tue Nov 24 2020 Miroslav Rezanina - 20.3-4.el8 +- ci-Changing-permission-of-cloud-init-generator-to-755.patch [bz#1897528] +- Resolves: bz#1897528 + (Change permission on ./systemd/cloud-init-generator.tmpl to 755 instead of 771) + +* Fri Nov 13 2020 Miroslav Rezanina - 20.3-3.el8 +- ci--Removing-net-tools-dependency.patch [bz#1881871] +- ci--Adding-man-pages-to-Red-Hat-spec-file.patch [bz#1612573] +- Resolves: bz#1881871 + (Remove net-tools legacy dependency from spec file) +- Resolves: bz#1612573 + (Man page scan results for cloud-init) + +* Tue Nov 03 2020 Miroslav Rezanina - 20.3-2.el8 +- ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch [bz#1889635] +- ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch [bz#1886430] +- Resolves: bz#1886430 + (Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init) +- Resolves: bz#1889635 + (Add support for ipv6_autoconf on cloud-init-20.3) + +* Fri Oct 23 2020 Eduardo Otubo - 20.3-1.el8 +- Rebase to cloud-init 20.3 [bz#1885185] +- Resolves: bz#1885185 + ([RHEL-8.4.0] cloud-init rebase to 20.3) + +* Wed Sep 02 2020 Miroslav Rezanina - 19.4-11.el8 +- ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1794664] +- Resolves: bz#1794664 + ([RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init) + +* Mon Aug 31 2020 Miroslav Rezanina - 19.4-10.el8 +- ci-Changing-notation-of-subp-call.patch [bz#1839662] +- Resolves: bz#1839662 + ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform) + +* Mon Aug 24 2020 Miroslav Rezanina - 19.4-9.el8 +- ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1794664] +- ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1794664] +- ci-Detect-kernel-version-before-swap-file-creation-428.patch [bz#1794664] +- Resolves: bz#1794664 + ([RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init) + +* Mon Aug 17 2020 Miroslav Rezanina - 19.4-8.el8 +- ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch [bz#1839662] +- ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch [bz#1833874] +- Resolves: bz#1833874 + ([rhel-8.3]using root user error should cause a non-zero exit code) +- Resolves: bz#1839662 + ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform) + +* Fri Jun 26 2020 Miroslav Rezanina - 19.4-7.el8 +- Fixing cloud-init-generator permissions [bz#1834173] +- Resolves: bz#1834173 + ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) + +* Thu Jun 25 2020 Miroslav Rezanina - 19.4-6.el8 +- ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1822343] +- Resolves: bz#1822343 + ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log) + +* Wed Jun 24 2020 Miroslav Rezanina - 19.4-5.el8 +- ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1822343] +- ci-Render-the-generator-from-template-instead-of-cp.patch [bz#1834173] +- ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch [bz#1834173] +- ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch [bz#1834173] +- Resolves: bz#1822343 + ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log) +- Resolves: bz#1834173 + ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) + +* Tue Jun 09 2020 Miroslav Rezanina - 19.4-4.el8 +- ci-changing-ds-identify-patch-from-usr-lib-to-usr-libex.patch [bz#1834173] +- Resolves: bz#1834173 + ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) + +* Mon Jun 01 2020 Miroslav Rezanina - 19.4-3.el8 +- ci-Make-cloud-init.service-execute-after-network-is-up.patch [bz#1803928] +- Resolves: bz#1803928 + ([RHEL8.3] Race condition of starting cloud-init and NetworkManager) + +* Thu May 28 2020 Miroslav Rezanina - 19.4-2.el8 +- ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812171] +- ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812174] +- ci-Enable-ssh_deletekeys-by-default.patch [bz#1814152] +- ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1840648] +- Resolves: bz#1812171 + (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-8]) +- Resolves: bz#1812174 + (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-8]) +- Resolves: bz#1814152 + (CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-8]) +- Resolves: bz#1840648 + ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok)) + +* Mon Apr 20 2020 Miroslav Rezanina - 19.4-1.el8.1 +- Rebase to cloud-init 19.4 [bz#1811912] +- Resolves: bz#1811912 + ([RHEL-8.2.1] cloud-init rebase to 19.4) + +* Tue Mar 10 2020 Miroslav Rezanina - 18.5-12.el8 +- ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1807797] +- Resolves: bz#1807797 + ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok)) + +* Thu Feb 20 2020 Miroslav Rezanina - 18.5-11.el8 +- ci-azure-avoid-re-running-cloud-init-when-instance-id-i.patch [bz#1788684] +- ci-net-skip-bond-interfaces-in-get_interfaces.patch [bz#1768770] +- ci-net-add-is_master-check-for-filtering-device-list.patch [bz#1768770] +- Resolves: bz#1768770 + (cloud-init complaining about enslaved mac) +- Resolves: bz#1788684 + ([RHEL-8] cloud-init Azure byte swap (hyperV Gen2 Only)) + +* Thu Feb 13 2020 Miroslav Rezanina - 18.5-10.el8 +- ci-cmd-main.py-Fix-missing-modules-init-key-in-modes-di.patch [bz#1802140] +- Resolves: bz#1802140 + ([cloud-init][RHEL8.2]cloud-init cloud-final.service fail with KeyError: 'modules-init' after upgrade to version 18.2-1.el7_6.1 in RHV) + +* Tue Jan 28 2020 Miroslav Rezanina - 18.5-9.el8 +- ci-Removing-cloud-user-from-wheel.patch [bz#1785648] +- Resolves: bz#1785648 + ([RHEL8]cloud-user added to wheel group and sudoers.d causes 'sudo -v' prompts for passphrase) + +* Fri Nov 22 2019 Miroslav Rezanina - 18.5-8.el8 +- ci-Fix-for-network-configuration-not-persisting-after-r.patch [bz#1706482] +- ci-util-json.dumps-on-python-2.7-will-handle-UnicodeDec.patch [bz#1744718] +- Resolves: bz#1706482 + ([cloud-init][RHVM]cloud-init network configuration does not persist reboot [RHEL 8.2.0]) +- Resolves: bz#1744718 + ([cloud-init][RHEL8][OpenStack] cloud-init can't persist instance-data.json) + +* Mon Jul 15 2019 Miroslav Rezanina - 18.5-7.el8 +- Fixing TPS [bz#1729864] +- Resolves: bz#1729864 + (cloud-init tps fail) + +* Thu Jul 04 2019 Miroslav Rezanina - 18.5-6.el8 +- ci-Revert-azure-ensure-that-networkmanager-hook-script-.patch [bz#1692914] +- ci-Azure-Return-static-fallback-address-as-if-failed-to.patch [bz#1691986] +- Resolves: bz#1691986 + ([Azure] [RHEL 8.1] Cloud-init fixes to support fast provisioning for Azure) +- Resolves: bz#1692914 + ([8.1] [WALA][cloud] cloud-init dhclient-hook script has some unexpected side-effects on Azure) + +* Mon Jun 03 2019 Miroslav Rezanina - 18.5-4.el8 +- ci-Azure-Ensure-platform-random_seed-is-always-serializ.patch [bz#1691986] +- ci-DatasourceAzure-add-additional-logging-for-azure-dat.patch [bz#1691986] +- ci-Azure-Changes-to-the-Hyper-V-KVP-Reporter.patch [bz#1691986] +- ci-DataSourceAzure-Adjust-timeout-for-polling-IMDS.patch [bz#1691986] +- ci-cc_mounts-check-if-mount-a-on-no-change-fstab-path.patch [bz#1691986] +- Resolves: bz#1691986 + ([Azure] [RHEL 8.1] Cloud-init fixes to support fast provisioning for Azure) + +* Tue Apr 16 2019 Danilo Cesar Lemes de Paula - 18.5-3.el8 +- ci-Adding-gating-tests-for-Azure-ESXi-and-AWS.patch [bz#1682786] +- Resolves: bz#1682786 + (cloud-init changes blocked until gating tests are added) + +* Wed Apr 10 2019 Danilo C. L. de Paula - 18.5-2 +- Adding gating.yaml file +- Resolves: rhbz#1682786 + (cloud-init changes blocked until gating tests are added) + + +* Wed Apr 10 2019 Danilo de Paula - 18.2-6.el8 +- ci-net-Make-sysconfig-renderer-compatible-with-Network-.patch [bz#1602784] +- Resolves: bz#1602784 + (cloud-init: Sometimes image boots fingerprints is configured, there's a network device present but it's not configured) + +* Fri Jan 18 2019 Miroslav Rezanina - 18.2-5.el8 +- ci-Fix-string-missmatch-when-mounting-ntfs.patch [bz#1664227] +- Resolves: bz#1664227 + ([Azure]String missmatch causes the /dev/sdb1 mounting failed after stop&start VM) + +* Thu Jan 10 2019 Miroslav Rezanina - 18.2-4.el8 +- ci-Enable-cloud-init-by-default-on-vmware.patch [bz#1644335] +- Resolves: bz#1644335 + ([ESXi][RHEL8.0]Enable cloud-init by default on VMware) + +* Wed Nov 28 2018 Miroslav Rezanina - 18.2-3.el8 +- ci-Adding-systemd-mount-options-to-wait-for-cloud-init.patch [bz#1615599] +- ci-Azure-Ignore-NTFS-mount-errors-when-checking-ephemer.patch [bz#1615599] +- ci-azure-Add-reported-ready-marker-file.patch [bz#1615599] +- ci-Adding-disk_setup-to-rhel-cloud.cfg.patch [bz#1615599] +- Resolves: bz#1615599 + ([Azure] cloud-init fails to mount /dev/sdb1 after stop(deallocate)&&start VM) + +* Tue Nov 06 2018 Miroslav Rezanina - 18.2-2.el7 +- Revert "remove 'tee' command from logging configuration" [bz#1626117] +- Resolves: rhbz#1626117] + (cloud-init-0.7.9-9 doesn't feed cloud-init-output.log) + +* Fri Jun 29 2018 Miroslav Rezanina - 18.2-1.el7 +- Rebase to 18.2 [bz#1515909] + Resolves: rhbz#1515909 + +* Tue Feb 13 2018 Ryan McCabe 0.7.9-24 +- Set DHCP_HOSTNAME on Azure to allow for the hostname to be + published correctly when bouncing the network. + Resolves: rhbz#1434109 + +* Mon Jan 15 2018 Ryan McCabe 0.7.9-23 +- Fix a bug tha caused cloud-init to fail as a result of trying + to rename bonds. + Resolves: rhbz#1512247 + +* Mon Jan 15 2018 Ryan McCabe 0.7.9-22 +- Apply patch from -21 + Resolves: rhbz#1489270 + +* Mon Jan 15 2018 Ryan McCabe 0.7.9-21 +- sysconfig: Fix a potential traceback introduced in the + 0.7.9-17 build + Resolves: rhbz#1489270 + +* Sun Dec 17 2017 Ryan McCabe 0.7.9-20 +- sysconfig: Correct rendering for dhcp on ipv6 + Resolves: rhbz#1519271 + +* Thu Nov 30 2017 Ryan McCabe 0.7.9-19 +- sysconfig: Fix rendering of default gateway for ipv6 + Resolves: rhbz#1492726 + +* Fri Nov 24 2017 Ryan McCabe 0.7.9-18 +- Start the cloud-init init local service after the dbus socket is created + so that the hostnamectl command works. + Resolves: rhbz#1450521 + +* Tue Nov 21 2017 Ryan McCabe 0.7.9-17 +- Correctly render DNS and DOMAIN for sysconfig + Resolves: rhbz#1489270 + +* Mon Nov 20 2017 Ryan McCabe 0.7.9-16 +- Disable NetworkManager management of resolv.conf if nameservers + are specified by configuration. + Resolves: rhbz#1454491 + +* Mon Nov 13 2017 Ryan McCabe 0.7.9-15 +- Fix a null reference error in the rh_subscription module + Resolves: rhbz#1498974 + +* Mon Nov 13 2017 Ryan McCabe 0-7.9-14 +- Include gateway if it's included in subnet configration + Resolves: rhbz#1492726 + +* Sun Nov 12 2017 Ryan McCabe 0-7.9-13 +- Do proper cleanup of systemd units when upgrading from versions + 0.7.9-3 through 0.7.9-8. + Resolves: rhbz#1465730 + +* Thu Nov 09 2017 Ryan McCabe 0.7.9-12 +- Prevent Azure NM and dhclient hooks from running when cloud-init is + disabled (rhbz#1474226) + +* Tue Oct 31 2017 Ryan McCabe 0.7.9-11 +- Fix rendering of multiple static IPs per interface file + Resolves: rhbz#bz1497954 + +* Tue Sep 26 2017 Ryan McCabe 0.7.9-10 +- AliCloud: Add support for the Alibaba Cloud datasource (rhbz#1482547) + +* Thu Jun 22 2017 Lars Kellogg-Stedman 0.7.9-9 +- RHEL/CentOS: Fix default routes for IPv4/IPv6 configuration. (rhbz#1438082) +- azure: ensure that networkmanager hook script runs (rhbz#1440831 rhbz#1460206) +- Fix ipv6 subnet detection (rhbz#1438082) + +* Tue May 23 2017 Lars Kellogg-Stedman 0.7.9-8 +- Update patches + +* Mon May 22 2017 Lars Kellogg-Stedman 0.7.9-7 +- Add missing sysconfig unit test data (rhbz#1438082) +- Fix dual stack IPv4/IPv6 configuration for RHEL (rhbz#1438082) +- sysconfig: Raise ValueError when multiple default gateways are present. (rhbz#1438082) +- Bounce network interface for Azure when using the built-in path. (rhbz#1434109) +- Do not write NM_CONTROLLED=no in generated interface config files (rhbz#1385172) + +* Wed May 10 2017 Lars Kellogg-Stedman 0.7.9-6 +- add power-state-change module to cloud_final_modules (rhbz#1252477) +- remove 'tee' command from logging configuration (rhbz#1424612) +- limit permissions on def_log_file (rhbz#1424612) +- Bounce network interface for Azure when using the built-in path. (rhbz#1434109) +- OpenStack: add 'dvs' to the list of physical link types. (rhbz#1442783) + +* Wed May 10 2017 Lars Kellogg-Stedman 0.7.9-5 +- systemd: replace generator with unit conditionals (rhbz#1440831) + +* Thu Apr 13 2017 Charalampos Stratakis 0.7.9-4 +- Import to RHEL 7 +Resolves: rhbz#1427280 + +* Tue Mar 07 2017 Lars Kellogg-Stedman 0.7.9-3 +- fixes for network config generation +- avoid dependency cycle at boot (rhbz#1420946) + +* Tue Jan 17 2017 Lars Kellogg-Stedman 0.7.9-2 +- use timeout from datasource config in openstack get_data (rhbz#1408589) + +* Thu Dec 01 2016 Lars Kellogg-Stedman - 0.7.9-1 +- Rebased on upstream 0.7.9. +- Remove dependency on run-parts + +* Wed Jan 06 2016 Lars Kellogg-Stedman - 0.7.6-8 +- make rh_subscription plugin do nothing in the absence of a valid + configuration [RH:1295953] +- move rh_subscription module to cloud_config stage + +* Wed Jan 06 2016 Lars Kellogg-Stedman - 0.7.6-7 +- correct permissions on /etc/ssh/sshd_config [RH:1296191] + +* Thu Sep 03 2015 Lars Kellogg-Stedman - 0.7.6-6 +- rebuild for ppc64le + +* Tue Jul 07 2015 Lars Kellogg-Stedman - 0.7.6-5 +- bump revision for new build + +* Tue Jul 07 2015 Lars Kellogg-Stedman - 0.7.6-4 +- ensure rh_subscription plugin is enabled by default + +* Wed Apr 29 2015 Lars Kellogg-Stedman - 0.7.6-3 +- added dependency on python-jinja2 [RH:1215913] +- added rhn_subscription plugin [RH:1227393] +- require pyserial to support smartos data source [RH:1226187] + +* Fri Jan 16 2015 Lars Kellogg-Stedman - 0.7.6-2 +- Rebased RHEL version to Fedora rawhide +- Backported fix for https://bugs.launchpad.net/cloud-init/+bug/1246485 +- Backported fix for https://bugs.launchpad.net/cloud-init/+bug/1411829 + +* Fri Nov 14 2014 Colin Walters - 0.7.6-1 +- New upstream version [RH:974327] +- Drop python-cheetah dependency (same as above bug)