import cloud-init-21.1-15.el8
This commit is contained in:
parent
cf197691a5
commit
947bda3709
295
SOURCES/ci-Add-flexibility-to-IMDS-api-version-793.patch
Normal file
295
SOURCES/ci-Add-flexibility-to-IMDS-api-version-793.patch
Normal file
@ -0,0 +1,295 @@
|
||||
From 2a2a5cdec0de0b96d503f9357c1641043574f90a Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Stringer <thstring@microsoft.com>
|
||||
Date: Wed, 3 Mar 2021 11:07:43 -0500
|
||||
Subject: [PATCH 1/7] Add flexibility to IMDS api-version (#793)
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 45: Add support for userdata on Azure from IMDS
|
||||
RH-Commit: [1/7] 9aa42581c4ff175fb6f8f4a78d94cac9c9971062
|
||||
RH-Bugzilla: 2023940
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
Add flexibility to IMDS api-version by having both a desired IMDS
|
||||
api-version and a minimum api-version. The desired api-version will
|
||||
be used first, and if that fails it will fall back to the minimum
|
||||
api-version.
|
||||
---
|
||||
cloudinit/sources/DataSourceAzure.py | 113 ++++++++++++++----
|
||||
tests/unittests/test_datasource/test_azure.py | 42 ++++++-
|
||||
2 files changed, 129 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
|
||||
index 553b5a7e..de1452ce 100755
|
||||
--- a/cloudinit/sources/DataSourceAzure.py
|
||||
+++ b/cloudinit/sources/DataSourceAzure.py
|
||||
@@ -78,17 +78,15 @@ AGENT_SEED_DIR = '/var/lib/waagent'
|
||||
# In the event where the IMDS primary server is not
|
||||
# available, it takes 1s to fallback to the secondary one
|
||||
IMDS_TIMEOUT_IN_SECONDS = 2
|
||||
-IMDS_URL = "http://169.254.169.254/metadata/"
|
||||
-IMDS_VER = "2019-06-01"
|
||||
-IMDS_VER_PARAM = "api-version={}".format(IMDS_VER)
|
||||
+IMDS_URL = "http://169.254.169.254/metadata"
|
||||
+IMDS_VER_MIN = "2019-06-01"
|
||||
+IMDS_VER_WANT = "2020-09-01"
|
||||
|
||||
|
||||
class metadata_type(Enum):
|
||||
- compute = "{}instance?{}".format(IMDS_URL, IMDS_VER_PARAM)
|
||||
- network = "{}instance/network?{}".format(IMDS_URL,
|
||||
- IMDS_VER_PARAM)
|
||||
- reprovisiondata = "{}reprovisiondata?{}".format(IMDS_URL,
|
||||
- IMDS_VER_PARAM)
|
||||
+ compute = "{}/instance".format(IMDS_URL)
|
||||
+ network = "{}/instance/network".format(IMDS_URL)
|
||||
+ reprovisiondata = "{}/reprovisiondata".format(IMDS_URL)
|
||||
|
||||
|
||||
PLATFORM_ENTROPY_SOURCE = "/sys/firmware/acpi/tables/OEM0"
|
||||
@@ -349,6 +347,8 @@ class DataSourceAzure(sources.DataSource):
|
||||
self.update_events['network'].add(EventType.BOOT)
|
||||
self._ephemeral_dhcp_ctx = None
|
||||
|
||||
+ self.failed_desired_api_version = False
|
||||
+
|
||||
def __str__(self):
|
||||
root = sources.DataSource.__str__(self)
|
||||
return "%s [seed=%s]" % (root, self.seed)
|
||||
@@ -520,8 +520,10 @@ class DataSourceAzure(sources.DataSource):
|
||||
self._wait_for_all_nics_ready()
|
||||
ret = self._reprovision()
|
||||
|
||||
- imds_md = get_metadata_from_imds(
|
||||
- self.fallback_interface, retries=10)
|
||||
+ imds_md = self.get_imds_data_with_api_fallback(
|
||||
+ self.fallback_interface,
|
||||
+ retries=10
|
||||
+ )
|
||||
(md, userdata_raw, cfg, files) = ret
|
||||
self.seed = cdev
|
||||
crawled_data.update({
|
||||
@@ -652,6 +654,57 @@ class DataSourceAzure(sources.DataSource):
|
||||
self.ds_cfg['data_dir'], crawled_data['files'], dirmode=0o700)
|
||||
return True
|
||||
|
||||
+ @azure_ds_telemetry_reporter
|
||||
+ def get_imds_data_with_api_fallback(
|
||||
+ self,
|
||||
+ fallback_nic,
|
||||
+ retries,
|
||||
+ md_type=metadata_type.compute):
|
||||
+ """
|
||||
+ Wrapper for get_metadata_from_imds so that we can have flexibility
|
||||
+ in which IMDS api-version we use. If a particular instance of IMDS
|
||||
+ does not have the api version that is desired, we want to make
|
||||
+ this fault tolerant and fall back to a good known minimum api
|
||||
+ version.
|
||||
+ """
|
||||
+
|
||||
+ if not self.failed_desired_api_version:
|
||||
+ for _ in range(retries):
|
||||
+ try:
|
||||
+ LOG.info(
|
||||
+ "Attempting IMDS api-version: %s",
|
||||
+ IMDS_VER_WANT
|
||||
+ )
|
||||
+ return get_metadata_from_imds(
|
||||
+ fallback_nic=fallback_nic,
|
||||
+ retries=0,
|
||||
+ md_type=md_type,
|
||||
+ api_version=IMDS_VER_WANT
|
||||
+ )
|
||||
+ except UrlError as err:
|
||||
+ LOG.info(
|
||||
+ "UrlError with IMDS api-version: %s",
|
||||
+ IMDS_VER_WANT
|
||||
+ )
|
||||
+ if err.code == 400:
|
||||
+ log_msg = "Fall back to IMDS api-version: {}".format(
|
||||
+ IMDS_VER_MIN
|
||||
+ )
|
||||
+ report_diagnostic_event(
|
||||
+ log_msg,
|
||||
+ logger_func=LOG.info
|
||||
+ )
|
||||
+ self.failed_desired_api_version = True
|
||||
+ break
|
||||
+
|
||||
+ LOG.info("Using IMDS api-version: %s", IMDS_VER_MIN)
|
||||
+ return get_metadata_from_imds(
|
||||
+ fallback_nic=fallback_nic,
|
||||
+ retries=retries,
|
||||
+ md_type=md_type,
|
||||
+ api_version=IMDS_VER_MIN
|
||||
+ )
|
||||
+
|
||||
def device_name_to_device(self, name):
|
||||
return self.ds_cfg['disk_aliases'].get(name)
|
||||
|
||||
@@ -880,10 +933,11 @@ class DataSourceAzure(sources.DataSource):
|
||||
# primary nic is being attached first helps here. Otherwise each nic
|
||||
# could add several seconds of delay.
|
||||
try:
|
||||
- imds_md = get_metadata_from_imds(
|
||||
+ imds_md = self.get_imds_data_with_api_fallback(
|
||||
ifname,
|
||||
5,
|
||||
- metadata_type.network)
|
||||
+ metadata_type.network
|
||||
+ )
|
||||
except Exception as e:
|
||||
LOG.warning(
|
||||
"Failed to get network metadata using nic %s. Attempt to "
|
||||
@@ -1017,7 +1071,10 @@ class DataSourceAzure(sources.DataSource):
|
||||
def _poll_imds(self):
|
||||
"""Poll IMDS for the new provisioning data until we get a valid
|
||||
response. Then return the returned JSON object."""
|
||||
- url = metadata_type.reprovisiondata.value
|
||||
+ url = "{}?api-version={}".format(
|
||||
+ metadata_type.reprovisiondata.value,
|
||||
+ IMDS_VER_MIN
|
||||
+ )
|
||||
headers = {"Metadata": "true"}
|
||||
nl_sock = None
|
||||
report_ready = bool(not os.path.isfile(REPORTED_READY_MARKER_FILE))
|
||||
@@ -2059,7 +2116,8 @@ def _generate_network_config_from_fallback_config() -> dict:
|
||||
@azure_ds_telemetry_reporter
|
||||
def get_metadata_from_imds(fallback_nic,
|
||||
retries,
|
||||
- md_type=metadata_type.compute):
|
||||
+ md_type=metadata_type.compute,
|
||||
+ api_version=IMDS_VER_MIN):
|
||||
"""Query Azure's instance metadata service, returning a dictionary.
|
||||
|
||||
If network is not up, setup ephemeral dhcp on fallback_nic to talk to the
|
||||
@@ -2069,13 +2127,16 @@ def get_metadata_from_imds(fallback_nic,
|
||||
@param fallback_nic: String. The name of the nic which requires active
|
||||
network in order to query IMDS.
|
||||
@param retries: The number of retries of the IMDS_URL.
|
||||
+ @param md_type: Metadata type for IMDS request.
|
||||
+ @param api_version: IMDS api-version to use in the request.
|
||||
|
||||
@return: A dict of instance metadata containing compute and network
|
||||
info.
|
||||
"""
|
||||
kwargs = {'logfunc': LOG.debug,
|
||||
'msg': 'Crawl of Azure Instance Metadata Service (IMDS)',
|
||||
- 'func': _get_metadata_from_imds, 'args': (retries, md_type,)}
|
||||
+ 'func': _get_metadata_from_imds,
|
||||
+ 'args': (retries, md_type, api_version,)}
|
||||
if net.is_up(fallback_nic):
|
||||
return util.log_time(**kwargs)
|
||||
else:
|
||||
@@ -2091,20 +2152,26 @@ def get_metadata_from_imds(fallback_nic,
|
||||
|
||||
|
||||
@azure_ds_telemetry_reporter
|
||||
-def _get_metadata_from_imds(retries, md_type=metadata_type.compute):
|
||||
-
|
||||
- url = md_type.value
|
||||
+def _get_metadata_from_imds(
|
||||
+ retries,
|
||||
+ md_type=metadata_type.compute,
|
||||
+ api_version=IMDS_VER_MIN):
|
||||
+ url = "{}?api-version={}".format(md_type.value, api_version)
|
||||
headers = {"Metadata": "true"}
|
||||
try:
|
||||
response = readurl(
|
||||
url, timeout=IMDS_TIMEOUT_IN_SECONDS, headers=headers,
|
||||
retries=retries, exception_cb=retry_on_url_exc)
|
||||
except Exception as e:
|
||||
- report_diagnostic_event(
|
||||
- 'Ignoring IMDS instance metadata. '
|
||||
- 'Get metadata from IMDS failed: %s' % e,
|
||||
- logger_func=LOG.warning)
|
||||
- return {}
|
||||
+ # pylint:disable=no-member
|
||||
+ if isinstance(e, UrlError) and e.code == 400:
|
||||
+ raise
|
||||
+ else:
|
||||
+ report_diagnostic_event(
|
||||
+ 'Ignoring IMDS instance metadata. '
|
||||
+ 'Get metadata from IMDS failed: %s' % e,
|
||||
+ logger_func=LOG.warning)
|
||||
+ return {}
|
||||
try:
|
||||
from json.decoder import JSONDecodeError
|
||||
json_decode_error = JSONDecodeError
|
||||
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
|
||||
index f597c723..dedebeb1 100644
|
||||
--- a/tests/unittests/test_datasource/test_azure.py
|
||||
+++ b/tests/unittests/test_datasource/test_azure.py
|
||||
@@ -408,7 +408,9 @@ class TestGetMetadataFromIMDS(HttprettyTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(TestGetMetadataFromIMDS, self).setUp()
|
||||
- self.network_md_url = dsaz.IMDS_URL + "instance?api-version=2019-06-01"
|
||||
+ self.network_md_url = "{}/instance?api-version=2019-06-01".format(
|
||||
+ dsaz.IMDS_URL
|
||||
+ )
|
||||
|
||||
@mock.patch(MOCKPATH + 'readurl')
|
||||
@mock.patch(MOCKPATH + 'EphemeralDHCPv4', autospec=True)
|
||||
@@ -518,7 +520,7 @@ class TestGetMetadataFromIMDS(HttprettyTestCase):
|
||||
"""Return empty dict when IMDS network metadata is absent."""
|
||||
httpretty.register_uri(
|
||||
httpretty.GET,
|
||||
- dsaz.IMDS_URL + 'instance?api-version=2017-12-01',
|
||||
+ dsaz.IMDS_URL + '/instance?api-version=2017-12-01',
|
||||
body={}, status=404)
|
||||
|
||||
m_net_is_up.return_value = True # skips dhcp
|
||||
@@ -1877,6 +1879,40 @@ scbus-1 on xpt0 bus 0
|
||||
ssh_keys = dsrc.get_public_ssh_keys()
|
||||
self.assertEqual(ssh_keys, ['key2'])
|
||||
|
||||
+ @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ def test_imds_api_version_wanted_nonexistent(
|
||||
+ self,
|
||||
+ m_get_metadata_from_imds):
|
||||
+ def get_metadata_from_imds_side_eff(*args, **kwargs):
|
||||
+ if kwargs['api_version'] == dsaz.IMDS_VER_WANT:
|
||||
+ raise url_helper.UrlError("No IMDS version", code=400)
|
||||
+ return NETWORK_METADATA
|
||||
+ m_get_metadata_from_imds.side_effect = get_metadata_from_imds_side_eff
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ odata = {'HostName': "myhost", 'UserName': "myuser"}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ dsrc.get_data()
|
||||
+ self.assertIsNotNone(dsrc.metadata)
|
||||
+ self.assertTrue(dsrc.failed_desired_api_version)
|
||||
+
|
||||
+ @mock.patch(
|
||||
+ MOCKPATH + 'get_metadata_from_imds', return_value=NETWORK_METADATA)
|
||||
+ def test_imds_api_version_wanted_exists(self, m_get_metadata_from_imds):
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ odata = {'HostName': "myhost", 'UserName': "myuser"}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ dsrc.get_data()
|
||||
+ self.assertIsNotNone(dsrc.metadata)
|
||||
+ self.assertFalse(dsrc.failed_desired_api_version)
|
||||
+
|
||||
|
||||
class TestAzureBounce(CiTestCase):
|
||||
|
||||
@@ -2657,7 +2693,7 @@ class TestPreprovisioningHotAttachNics(CiTestCase):
|
||||
@mock.patch(MOCKPATH + 'DataSourceAzure.wait_for_link_up')
|
||||
@mock.patch('cloudinit.sources.helpers.netlink.wait_for_nic_attach_event')
|
||||
@mock.patch('cloudinit.sources.net.find_fallback_nic')
|
||||
- @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ @mock.patch(MOCKPATH + 'DataSourceAzure.get_imds_data_with_api_fallback')
|
||||
@mock.patch(MOCKPATH + 'EphemeralDHCPv4')
|
||||
@mock.patch(MOCKPATH + 'DataSourceAzure._wait_for_nic_detach')
|
||||
@mock.patch('os.path.isfile')
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,397 @@
|
||||
From 3ec4ddbc595c5fe781b3dc501631d23569849818 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Stringer <thstring@microsoft.com>
|
||||
Date: Mon, 26 Apr 2021 09:41:38 -0400
|
||||
Subject: [PATCH 5/7] Azure: Retrieve username and hostname from IMDS (#865)
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 45: Add support for userdata on Azure from IMDS
|
||||
RH-Commit: [5/7] 6fab7ef28c7fd340bda4f82dbf828f10716cb3f1
|
||||
RH-Bugzilla: 2023940
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
This change allows us to retrieve the username and hostname from
|
||||
IMDS instead of having to rely on the mounted OVF.
|
||||
---
|
||||
cloudinit/sources/DataSourceAzure.py | 149 ++++++++++++++----
|
||||
tests/unittests/test_datasource/test_azure.py | 87 +++++++++-
|
||||
2 files changed, 205 insertions(+), 31 deletions(-)
|
||||
|
||||
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
|
||||
index 39e67c4f..6d7954ee 100755
|
||||
--- a/cloudinit/sources/DataSourceAzure.py
|
||||
+++ b/cloudinit/sources/DataSourceAzure.py
|
||||
@@ -5,6 +5,7 @@
|
||||
# This file is part of cloud-init. See LICENSE file for license information.
|
||||
|
||||
import base64
|
||||
+from collections import namedtuple
|
||||
import contextlib
|
||||
import crypt
|
||||
from functools import partial
|
||||
@@ -25,6 +26,7 @@ from cloudinit.net import device_driver
|
||||
from cloudinit.net.dhcp import EphemeralDHCPv4
|
||||
from cloudinit import sources
|
||||
from cloudinit.sources.helpers import netlink
|
||||
+from cloudinit import ssh_util
|
||||
from cloudinit import subp
|
||||
from cloudinit.url_helper import UrlError, readurl, retry_on_url_exc
|
||||
from cloudinit import util
|
||||
@@ -80,7 +82,12 @@ AGENT_SEED_DIR = '/var/lib/waagent'
|
||||
IMDS_TIMEOUT_IN_SECONDS = 2
|
||||
IMDS_URL = "http://169.254.169.254/metadata"
|
||||
IMDS_VER_MIN = "2019-06-01"
|
||||
-IMDS_VER_WANT = "2020-09-01"
|
||||
+IMDS_VER_WANT = "2020-10-01"
|
||||
+
|
||||
+
|
||||
+# This holds SSH key data including if the source was
|
||||
+# from IMDS, as well as the SSH key data itself.
|
||||
+SSHKeys = namedtuple("SSHKeys", ("keys_from_imds", "ssh_keys"))
|
||||
|
||||
|
||||
class metadata_type(Enum):
|
||||
@@ -391,6 +398,8 @@ class DataSourceAzure(sources.DataSource):
|
||||
"""Return the subplatform metadata source details."""
|
||||
if self.seed.startswith('/dev'):
|
||||
subplatform_type = 'config-disk'
|
||||
+ elif self.seed.lower() == 'imds':
|
||||
+ subplatform_type = 'imds'
|
||||
else:
|
||||
subplatform_type = 'seed-dir'
|
||||
return '%s (%s)' % (subplatform_type, self.seed)
|
||||
@@ -433,9 +442,11 @@ class DataSourceAzure(sources.DataSource):
|
||||
|
||||
found = None
|
||||
reprovision = False
|
||||
+ ovf_is_accessible = True
|
||||
reprovision_after_nic_attach = False
|
||||
for cdev in candidates:
|
||||
try:
|
||||
+ LOG.debug("cdev: %s", cdev)
|
||||
if cdev == "IMDS":
|
||||
ret = None
|
||||
reprovision = True
|
||||
@@ -462,8 +473,18 @@ class DataSourceAzure(sources.DataSource):
|
||||
raise sources.InvalidMetaDataException(msg)
|
||||
except util.MountFailedError:
|
||||
report_diagnostic_event(
|
||||
- '%s was not mountable' % cdev, logger_func=LOG.warning)
|
||||
- continue
|
||||
+ '%s was not mountable' % cdev, logger_func=LOG.debug)
|
||||
+ cdev = 'IMDS'
|
||||
+ ovf_is_accessible = False
|
||||
+ empty_md = {'local-hostname': ''}
|
||||
+ empty_cfg = dict(
|
||||
+ system_info=dict(
|
||||
+ default_user=dict(
|
||||
+ name=''
|
||||
+ )
|
||||
+ )
|
||||
+ )
|
||||
+ ret = (empty_md, '', empty_cfg, {})
|
||||
|
||||
report_diagnostic_event("Found provisioning metadata in %s" % cdev,
|
||||
logger_func=LOG.debug)
|
||||
@@ -490,6 +511,10 @@ class DataSourceAzure(sources.DataSource):
|
||||
self.fallback_interface,
|
||||
retries=10
|
||||
)
|
||||
+ if not imds_md and not ovf_is_accessible:
|
||||
+ msg = 'No OVF or IMDS available'
|
||||
+ report_diagnostic_event(msg)
|
||||
+ raise sources.InvalidMetaDataException(msg)
|
||||
(md, userdata_raw, cfg, files) = ret
|
||||
self.seed = cdev
|
||||
crawled_data.update({
|
||||
@@ -498,6 +523,21 @@ class DataSourceAzure(sources.DataSource):
|
||||
'metadata': util.mergemanydict(
|
||||
[md, {'imds': imds_md}]),
|
||||
'userdata_raw': userdata_raw})
|
||||
+ imds_username = _username_from_imds(imds_md)
|
||||
+ imds_hostname = _hostname_from_imds(imds_md)
|
||||
+ imds_disable_password = _disable_password_from_imds(imds_md)
|
||||
+ if imds_username:
|
||||
+ LOG.debug('Username retrieved from IMDS: %s', imds_username)
|
||||
+ cfg['system_info']['default_user']['name'] = imds_username
|
||||
+ if imds_hostname:
|
||||
+ LOG.debug('Hostname retrieved from IMDS: %s', imds_hostname)
|
||||
+ crawled_data['metadata']['local-hostname'] = imds_hostname
|
||||
+ if imds_disable_password:
|
||||
+ LOG.debug(
|
||||
+ 'Disable password retrieved from IMDS: %s',
|
||||
+ imds_disable_password
|
||||
+ )
|
||||
+ crawled_data['metadata']['disable_password'] = imds_disable_password # noqa: E501
|
||||
found = cdev
|
||||
|
||||
report_diagnostic_event(
|
||||
@@ -676,6 +716,13 @@ class DataSourceAzure(sources.DataSource):
|
||||
|
||||
@azure_ds_telemetry_reporter
|
||||
def get_public_ssh_keys(self):
|
||||
+ """
|
||||
+ Retrieve public SSH keys.
|
||||
+ """
|
||||
+
|
||||
+ return self._get_public_ssh_keys_and_source().ssh_keys
|
||||
+
|
||||
+ def _get_public_ssh_keys_and_source(self):
|
||||
"""
|
||||
Try to get the ssh keys from IMDS first, and if that fails
|
||||
(i.e. IMDS is unavailable) then fallback to getting the ssh
|
||||
@@ -685,30 +732,50 @@ class DataSourceAzure(sources.DataSource):
|
||||
advantage, so this is a strong preference. But we must keep
|
||||
OVF as a second option for environments that don't have IMDS.
|
||||
"""
|
||||
+
|
||||
LOG.debug('Retrieving public SSH keys')
|
||||
ssh_keys = []
|
||||
+ keys_from_imds = True
|
||||
+ LOG.debug('Attempting to get SSH keys from IMDS')
|
||||
try:
|
||||
- raise KeyError(
|
||||
- "Not using public SSH keys from IMDS"
|
||||
- )
|
||||
- # pylint:disable=unreachable
|
||||
ssh_keys = [
|
||||
public_key['keyData']
|
||||
for public_key
|
||||
in self.metadata['imds']['compute']['publicKeys']
|
||||
]
|
||||
- LOG.debug('Retrieved SSH keys from IMDS')
|
||||
+ for key in ssh_keys:
|
||||
+ if not _key_is_openssh_formatted(key=key):
|
||||
+ keys_from_imds = False
|
||||
+ break
|
||||
+
|
||||
+ if not keys_from_imds:
|
||||
+ log_msg = 'Keys not in OpenSSH format, using OVF'
|
||||
+ else:
|
||||
+ log_msg = 'Retrieved {} keys from IMDS'.format(
|
||||
+ len(ssh_keys)
|
||||
+ if ssh_keys is not None
|
||||
+ else 0
|
||||
+ )
|
||||
except KeyError:
|
||||
log_msg = 'Unable to get keys from IMDS, falling back to OVF'
|
||||
+ keys_from_imds = False
|
||||
+ finally:
|
||||
report_diagnostic_event(log_msg, logger_func=LOG.debug)
|
||||
+
|
||||
+ if not keys_from_imds:
|
||||
+ LOG.debug('Attempting to get SSH keys from OVF')
|
||||
try:
|
||||
ssh_keys = self.metadata['public-keys']
|
||||
- LOG.debug('Retrieved keys from OVF')
|
||||
+ log_msg = 'Retrieved {} keys from OVF'.format(len(ssh_keys))
|
||||
except KeyError:
|
||||
log_msg = 'No keys available from OVF'
|
||||
+ finally:
|
||||
report_diagnostic_event(log_msg, logger_func=LOG.debug)
|
||||
|
||||
- return ssh_keys
|
||||
+ return SSHKeys(
|
||||
+ keys_from_imds=keys_from_imds,
|
||||
+ ssh_keys=ssh_keys
|
||||
+ )
|
||||
|
||||
def get_config_obj(self):
|
||||
return self.cfg
|
||||
@@ -1325,30 +1392,21 @@ class DataSourceAzure(sources.DataSource):
|
||||
self.bounce_network_with_azure_hostname()
|
||||
|
||||
pubkey_info = None
|
||||
- try:
|
||||
- raise KeyError(
|
||||
- "Not using public SSH keys from IMDS"
|
||||
- )
|
||||
- # pylint:disable=unreachable
|
||||
- public_keys = self.metadata['imds']['compute']['publicKeys']
|
||||
- LOG.debug(
|
||||
- 'Successfully retrieved %s key(s) from IMDS',
|
||||
- len(public_keys)
|
||||
- if public_keys is not None
|
||||
+ ssh_keys_and_source = self._get_public_ssh_keys_and_source()
|
||||
+
|
||||
+ if not ssh_keys_and_source.keys_from_imds:
|
||||
+ pubkey_info = self.cfg.get('_pubkeys', None)
|
||||
+ log_msg = 'Retrieved {} fingerprints from OVF'.format(
|
||||
+ len(pubkey_info)
|
||||
+ if pubkey_info is not None
|
||||
else 0
|
||||
)
|
||||
- except KeyError:
|
||||
- LOG.debug(
|
||||
- 'Unable to retrieve SSH keys from IMDS during '
|
||||
- 'negotiation, falling back to OVF'
|
||||
- )
|
||||
- pubkey_info = self.cfg.get('_pubkeys', None)
|
||||
+ report_diagnostic_event(log_msg, logger_func=LOG.debug)
|
||||
|
||||
metadata_func = partial(get_metadata_from_fabric,
|
||||
fallback_lease_file=self.
|
||||
dhclient_lease_file,
|
||||
- pubkey_info=pubkey_info,
|
||||
- iso_dev=self.iso_dev)
|
||||
+ pubkey_info=pubkey_info)
|
||||
|
||||
LOG.debug("negotiating with fabric via agent command %s",
|
||||
self.ds_cfg['agent_command'])
|
||||
@@ -1404,6 +1462,41 @@ class DataSourceAzure(sources.DataSource):
|
||||
return self.metadata.get('imds', {}).get('compute', {}).get('location')
|
||||
|
||||
|
||||
+def _username_from_imds(imds_data):
|
||||
+ try:
|
||||
+ return imds_data['compute']['osProfile']['adminUsername']
|
||||
+ except KeyError:
|
||||
+ return None
|
||||
+
|
||||
+
|
||||
+def _hostname_from_imds(imds_data):
|
||||
+ try:
|
||||
+ return imds_data['compute']['osProfile']['computerName']
|
||||
+ except KeyError:
|
||||
+ return None
|
||||
+
|
||||
+
|
||||
+def _disable_password_from_imds(imds_data):
|
||||
+ try:
|
||||
+ return imds_data['compute']['osProfile']['disablePasswordAuthentication'] == 'true' # noqa: E501
|
||||
+ except KeyError:
|
||||
+ return None
|
||||
+
|
||||
+
|
||||
+def _key_is_openssh_formatted(key):
|
||||
+ """
|
||||
+ Validate whether or not the key is OpenSSH-formatted.
|
||||
+ """
|
||||
+
|
||||
+ parser = ssh_util.AuthKeyLineParser()
|
||||
+ try:
|
||||
+ akl = parser.parse(key)
|
||||
+ except TypeError:
|
||||
+ return False
|
||||
+
|
||||
+ return akl.keytype is not None
|
||||
+
|
||||
+
|
||||
def _partitions_on_device(devpath, maxnum=16):
|
||||
# return a list of tuples (ptnum, path) for each part on devpath
|
||||
for suff in ("-part", "p", ""):
|
||||
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
|
||||
index 320fa857..d9817d84 100644
|
||||
--- a/tests/unittests/test_datasource/test_azure.py
|
||||
+++ b/tests/unittests/test_datasource/test_azure.py
|
||||
@@ -108,7 +108,7 @@ NETWORK_METADATA = {
|
||||
"zone": "",
|
||||
"publicKeys": [
|
||||
{
|
||||
- "keyData": "key1",
|
||||
+ "keyData": "ssh-rsa key1",
|
||||
"path": "path1"
|
||||
}
|
||||
]
|
||||
@@ -1761,8 +1761,29 @@ scbus-1 on xpt0 bus 0
|
||||
dsrc.get_data()
|
||||
dsrc.setup(True)
|
||||
ssh_keys = dsrc.get_public_ssh_keys()
|
||||
- # Temporarily alter this test so that SSH public keys
|
||||
- # from IMDS are *not* going to be in use to fix a regression.
|
||||
+ self.assertEqual(ssh_keys, ["ssh-rsa key1"])
|
||||
+ self.assertEqual(m_parse_certificates.call_count, 0)
|
||||
+
|
||||
+ @mock.patch(
|
||||
+ 'cloudinit.sources.helpers.azure.OpenSSLManager.parse_certificates')
|
||||
+ @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ def test_get_public_ssh_keys_with_no_openssh_format(
|
||||
+ self,
|
||||
+ m_get_metadata_from_imds,
|
||||
+ m_parse_certificates):
|
||||
+ imds_data = copy.deepcopy(NETWORK_METADATA)
|
||||
+ imds_data['compute']['publicKeys'][0]['keyData'] = 'no-openssh-format'
|
||||
+ m_get_metadata_from_imds.return_value = imds_data
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ odata = {'HostName': "myhost", 'UserName': "myuser"}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ dsrc.get_data()
|
||||
+ dsrc.setup(True)
|
||||
+ ssh_keys = dsrc.get_public_ssh_keys()
|
||||
self.assertEqual(ssh_keys, [])
|
||||
self.assertEqual(m_parse_certificates.call_count, 0)
|
||||
|
||||
@@ -1818,6 +1839,66 @@ scbus-1 on xpt0 bus 0
|
||||
self.assertIsNotNone(dsrc.metadata)
|
||||
self.assertFalse(dsrc.failed_desired_api_version)
|
||||
|
||||
+ @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ def test_hostname_from_imds(self, m_get_metadata_from_imds):
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ odata = {'HostName': "myhost", 'UserName': "myuser"}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+ imds_data_with_os_profile = copy.deepcopy(NETWORK_METADATA)
|
||||
+ imds_data_with_os_profile["compute"]["osProfile"] = dict(
|
||||
+ adminUsername="username1",
|
||||
+ computerName="hostname1",
|
||||
+ disablePasswordAuthentication="true"
|
||||
+ )
|
||||
+ m_get_metadata_from_imds.return_value = imds_data_with_os_profile
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ dsrc.get_data()
|
||||
+ self.assertEqual(dsrc.metadata["local-hostname"], "hostname1")
|
||||
+
|
||||
+ @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ def test_username_from_imds(self, m_get_metadata_from_imds):
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ odata = {'HostName': "myhost", 'UserName': "myuser"}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+ imds_data_with_os_profile = copy.deepcopy(NETWORK_METADATA)
|
||||
+ imds_data_with_os_profile["compute"]["osProfile"] = dict(
|
||||
+ adminUsername="username1",
|
||||
+ computerName="hostname1",
|
||||
+ disablePasswordAuthentication="true"
|
||||
+ )
|
||||
+ m_get_metadata_from_imds.return_value = imds_data_with_os_profile
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ dsrc.get_data()
|
||||
+ self.assertEqual(
|
||||
+ dsrc.cfg["system_info"]["default_user"]["name"],
|
||||
+ "username1"
|
||||
+ )
|
||||
+
|
||||
+ @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ def test_disable_password_from_imds(self, m_get_metadata_from_imds):
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ odata = {'HostName': "myhost", 'UserName': "myuser"}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+ imds_data_with_os_profile = copy.deepcopy(NETWORK_METADATA)
|
||||
+ imds_data_with_os_profile["compute"]["osProfile"] = dict(
|
||||
+ adminUsername="username1",
|
||||
+ computerName="hostname1",
|
||||
+ disablePasswordAuthentication="true"
|
||||
+ )
|
||||
+ m_get_metadata_from_imds.return_value = imds_data_with_os_profile
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ dsrc.get_data()
|
||||
+ self.assertTrue(dsrc.metadata["disable_password"])
|
||||
+
|
||||
|
||||
class TestAzureBounce(CiTestCase):
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,315 @@
|
||||
From ca5b83cee7b45bf56eec258db739cb5fe51b3231 Mon Sep 17 00:00:00 2001
|
||||
From: aswinrajamannar <39812128+aswinrajamannar@users.noreply.github.com>
|
||||
Date: Mon, 26 Apr 2021 07:28:39 -0700
|
||||
Subject: [PATCH 6/7] Azure: Retry net metadata during nic attach for
|
||||
non-timeout errs (#878)
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 45: Add support for userdata on Azure from IMDS
|
||||
RH-Commit: [6/7] 4e6e44f017d5ffcb72ac8959a94f80c71fef9560
|
||||
RH-Bugzilla: 2023940
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
When network interfaces are hot-attached to the VM, attempting to get
|
||||
network metadata might return 410 (or 500, 503 etc) because the info
|
||||
is not yet available. In those cases, we retry getting the metadata
|
||||
before giving up. The only case where we can move on to wait for more
|
||||
nic attach events is if the call times out despite retries, which
|
||||
means the interface is not likely a primary interface, and we should
|
||||
try for more nic attach events.
|
||||
---
|
||||
cloudinit/sources/DataSourceAzure.py | 65 +++++++++++--
|
||||
tests/unittests/test_datasource/test_azure.py | 95 ++++++++++++++++---
|
||||
2 files changed, 140 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
|
||||
index 6d7954ee..d0be6d84 100755
|
||||
--- a/cloudinit/sources/DataSourceAzure.py
|
||||
+++ b/cloudinit/sources/DataSourceAzure.py
|
||||
@@ -17,6 +17,7 @@ from time import sleep
|
||||
from xml.dom import minidom
|
||||
import xml.etree.ElementTree as ET
|
||||
from enum import Enum
|
||||
+import requests
|
||||
|
||||
from cloudinit import dmi
|
||||
from cloudinit import log as logging
|
||||
@@ -665,7 +666,9 @@ class DataSourceAzure(sources.DataSource):
|
||||
self,
|
||||
fallback_nic,
|
||||
retries,
|
||||
- md_type=metadata_type.compute):
|
||||
+ md_type=metadata_type.compute,
|
||||
+ exc_cb=retry_on_url_exc,
|
||||
+ infinite=False):
|
||||
"""
|
||||
Wrapper for get_metadata_from_imds so that we can have flexibility
|
||||
in which IMDS api-version we use. If a particular instance of IMDS
|
||||
@@ -685,7 +688,8 @@ class DataSourceAzure(sources.DataSource):
|
||||
fallback_nic=fallback_nic,
|
||||
retries=0,
|
||||
md_type=md_type,
|
||||
- api_version=IMDS_VER_WANT
|
||||
+ api_version=IMDS_VER_WANT,
|
||||
+ exc_cb=exc_cb
|
||||
)
|
||||
except UrlError as err:
|
||||
LOG.info(
|
||||
@@ -708,7 +712,9 @@ class DataSourceAzure(sources.DataSource):
|
||||
fallback_nic=fallback_nic,
|
||||
retries=retries,
|
||||
md_type=md_type,
|
||||
- api_version=IMDS_VER_MIN
|
||||
+ api_version=IMDS_VER_MIN,
|
||||
+ exc_cb=exc_cb,
|
||||
+ infinite=infinite
|
||||
)
|
||||
|
||||
def device_name_to_device(self, name):
|
||||
@@ -938,6 +944,9 @@ class DataSourceAzure(sources.DataSource):
|
||||
is_primary = False
|
||||
expected_nic_count = -1
|
||||
imds_md = None
|
||||
+ metadata_poll_count = 0
|
||||
+ metadata_logging_threshold = 1
|
||||
+ metadata_timeout_count = 0
|
||||
|
||||
# For now, only a VM's primary NIC can contact IMDS and WireServer. If
|
||||
# DHCP fails for a NIC, we have no mechanism to determine if the NIC is
|
||||
@@ -962,14 +971,48 @@ class DataSourceAzure(sources.DataSource):
|
||||
% (ifname, e), logger_func=LOG.error)
|
||||
raise
|
||||
|
||||
+ # Retry polling network metadata for a limited duration only when the
|
||||
+ # calls fail due to timeout. This is because the platform drops packets
|
||||
+ # going towards IMDS when it is not a primary nic. If the calls fail
|
||||
+ # due to other issues like 410, 503 etc, then it means we are primary
|
||||
+ # but IMDS service is unavailable at the moment. Retry indefinitely in
|
||||
+ # those cases since we cannot move on without the network metadata.
|
||||
+ def network_metadata_exc_cb(msg, exc):
|
||||
+ nonlocal metadata_timeout_count, metadata_poll_count
|
||||
+ nonlocal metadata_logging_threshold
|
||||
+
|
||||
+ metadata_poll_count = metadata_poll_count + 1
|
||||
+
|
||||
+ # Log when needed but back off exponentially to avoid exploding
|
||||
+ # the log file.
|
||||
+ if metadata_poll_count >= metadata_logging_threshold:
|
||||
+ metadata_logging_threshold *= 2
|
||||
+ report_diagnostic_event(
|
||||
+ "Ran into exception when attempting to reach %s "
|
||||
+ "after %d polls." % (msg, metadata_poll_count),
|
||||
+ logger_func=LOG.error)
|
||||
+
|
||||
+ if isinstance(exc, UrlError):
|
||||
+ report_diagnostic_event("poll IMDS with %s failed. "
|
||||
+ "Exception: %s and code: %s" %
|
||||
+ (msg, exc.cause, exc.code),
|
||||
+ logger_func=LOG.error)
|
||||
+
|
||||
+ if exc.cause and isinstance(exc.cause, requests.Timeout):
|
||||
+ metadata_timeout_count = metadata_timeout_count + 1
|
||||
+ return (metadata_timeout_count <= 10)
|
||||
+ return True
|
||||
+
|
||||
# Primary nic detection will be optimized in the future. The fact that
|
||||
# primary nic is being attached first helps here. Otherwise each nic
|
||||
# could add several seconds of delay.
|
||||
try:
|
||||
imds_md = self.get_imds_data_with_api_fallback(
|
||||
ifname,
|
||||
- 5,
|
||||
- metadata_type.network
|
||||
+ 0,
|
||||
+ metadata_type.network,
|
||||
+ network_metadata_exc_cb,
|
||||
+ True
|
||||
)
|
||||
except Exception as e:
|
||||
LOG.warning(
|
||||
@@ -2139,7 +2182,9 @@ def _generate_network_config_from_fallback_config() -> dict:
|
||||
def get_metadata_from_imds(fallback_nic,
|
||||
retries,
|
||||
md_type=metadata_type.compute,
|
||||
- api_version=IMDS_VER_MIN):
|
||||
+ api_version=IMDS_VER_MIN,
|
||||
+ exc_cb=retry_on_url_exc,
|
||||
+ infinite=False):
|
||||
"""Query Azure's instance metadata service, returning a dictionary.
|
||||
|
||||
If network is not up, setup ephemeral dhcp on fallback_nic to talk to the
|
||||
@@ -2158,7 +2203,7 @@ def get_metadata_from_imds(fallback_nic,
|
||||
kwargs = {'logfunc': LOG.debug,
|
||||
'msg': 'Crawl of Azure Instance Metadata Service (IMDS)',
|
||||
'func': _get_metadata_from_imds,
|
||||
- 'args': (retries, md_type, api_version,)}
|
||||
+ 'args': (retries, exc_cb, md_type, api_version, infinite)}
|
||||
if net.is_up(fallback_nic):
|
||||
return util.log_time(**kwargs)
|
||||
else:
|
||||
@@ -2176,14 +2221,16 @@ def get_metadata_from_imds(fallback_nic,
|
||||
@azure_ds_telemetry_reporter
|
||||
def _get_metadata_from_imds(
|
||||
retries,
|
||||
+ exc_cb,
|
||||
md_type=metadata_type.compute,
|
||||
- api_version=IMDS_VER_MIN):
|
||||
+ api_version=IMDS_VER_MIN,
|
||||
+ infinite=False):
|
||||
url = "{}?api-version={}".format(md_type.value, api_version)
|
||||
headers = {"Metadata": "true"}
|
||||
try:
|
||||
response = readurl(
|
||||
url, timeout=IMDS_TIMEOUT_IN_SECONDS, headers=headers,
|
||||
- retries=retries, exception_cb=retry_on_url_exc)
|
||||
+ retries=retries, exception_cb=exc_cb, infinite=infinite)
|
||||
except Exception as e:
|
||||
# pylint:disable=no-member
|
||||
if isinstance(e, UrlError) and e.code == 400:
|
||||
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
|
||||
index d9817d84..c4a8e08d 100644
|
||||
--- a/tests/unittests/test_datasource/test_azure.py
|
||||
+++ b/tests/unittests/test_datasource/test_azure.py
|
||||
@@ -448,7 +448,7 @@ class TestGetMetadataFromIMDS(HttprettyTestCase):
|
||||
"http://169.254.169.254/metadata/instance?api-version="
|
||||
"2019-06-01", exception_cb=mock.ANY,
|
||||
headers=mock.ANY, retries=mock.ANY,
|
||||
- timeout=mock.ANY)
|
||||
+ timeout=mock.ANY, infinite=False)
|
||||
|
||||
@mock.patch(MOCKPATH + 'readurl', autospec=True)
|
||||
@mock.patch(MOCKPATH + 'EphemeralDHCPv4')
|
||||
@@ -467,7 +467,7 @@ class TestGetMetadataFromIMDS(HttprettyTestCase):
|
||||
"http://169.254.169.254/metadata/instance/network?api-version="
|
||||
"2019-06-01", exception_cb=mock.ANY,
|
||||
headers=mock.ANY, retries=mock.ANY,
|
||||
- timeout=mock.ANY)
|
||||
+ timeout=mock.ANY, infinite=False)
|
||||
|
||||
@mock.patch(MOCKPATH + 'readurl', autospec=True)
|
||||
@mock.patch(MOCKPATH + 'EphemeralDHCPv4')
|
||||
@@ -486,7 +486,7 @@ class TestGetMetadataFromIMDS(HttprettyTestCase):
|
||||
"http://169.254.169.254/metadata/instance?api-version="
|
||||
"2019-06-01", exception_cb=mock.ANY,
|
||||
headers=mock.ANY, retries=mock.ANY,
|
||||
- timeout=mock.ANY)
|
||||
+ timeout=mock.ANY, infinite=False)
|
||||
|
||||
@mock.patch(MOCKPATH + 'readurl', autospec=True)
|
||||
@mock.patch(MOCKPATH + 'EphemeralDHCPv4WithReporting', autospec=True)
|
||||
@@ -511,7 +511,7 @@ class TestGetMetadataFromIMDS(HttprettyTestCase):
|
||||
m_readurl.assert_called_with(
|
||||
self.network_md_url, exception_cb=mock.ANY,
|
||||
headers={'Metadata': 'true'}, retries=2,
|
||||
- timeout=dsaz.IMDS_TIMEOUT_IN_SECONDS)
|
||||
+ timeout=dsaz.IMDS_TIMEOUT_IN_SECONDS, infinite=False)
|
||||
|
||||
@mock.patch('cloudinit.url_helper.time.sleep')
|
||||
@mock.patch(MOCKPATH + 'net.is_up', autospec=True)
|
||||
@@ -2694,15 +2694,22 @@ class TestPreprovisioningHotAttachNics(CiTestCase):
|
||||
|
||||
def nic_attach_ret(nl_sock, nics_found):
|
||||
nonlocal m_attach_call_count
|
||||
- if m_attach_call_count == 0:
|
||||
- m_attach_call_count = m_attach_call_count + 1
|
||||
+ m_attach_call_count = m_attach_call_count + 1
|
||||
+ if m_attach_call_count == 1:
|
||||
return "eth0"
|
||||
- return "eth1"
|
||||
+ elif m_attach_call_count == 2:
|
||||
+ return "eth1"
|
||||
+ raise RuntimeError("Must have found primary nic by now.")
|
||||
+
|
||||
+ # Simulate two NICs by adding the same one twice.
|
||||
+ md = {
|
||||
+ "interface": [
|
||||
+ IMDS_NETWORK_METADATA['interface'][0],
|
||||
+ IMDS_NETWORK_METADATA['interface'][0]
|
||||
+ ]
|
||||
+ }
|
||||
|
||||
- def network_metadata_ret(ifname, retries, type):
|
||||
- # Simulate two NICs by adding the same one twice.
|
||||
- md = IMDS_NETWORK_METADATA
|
||||
- md['interface'].append(md['interface'][0])
|
||||
+ def network_metadata_ret(ifname, retries, type, exc_cb, infinite):
|
||||
if ifname == "eth0":
|
||||
return md
|
||||
raise requests.Timeout('Fake connection timeout')
|
||||
@@ -2724,6 +2731,72 @@ class TestPreprovisioningHotAttachNics(CiTestCase):
|
||||
self.assertEqual(1, m_imds.call_count)
|
||||
self.assertEqual(2, m_link_up.call_count)
|
||||
|
||||
+ @mock.patch(MOCKPATH + 'DataSourceAzure.get_imds_data_with_api_fallback')
|
||||
+ @mock.patch(MOCKPATH + 'EphemeralDHCPv4')
|
||||
+ def test_check_if_nic_is_primary_retries_on_failures(
|
||||
+ self, m_dhcpv4, m_imds):
|
||||
+ """Retry polling for network metadata on all failures except timeout"""
|
||||
+ dsa = dsaz.DataSourceAzure({}, distro=None, paths=self.paths)
|
||||
+ lease = {
|
||||
+ 'interface': 'eth9', 'fixed-address': '192.168.2.9',
|
||||
+ 'routers': '192.168.2.1', 'subnet-mask': '255.255.255.0',
|
||||
+ 'unknown-245': '624c3620'}
|
||||
+
|
||||
+ eth0Retries = []
|
||||
+ eth1Retries = []
|
||||
+ # Simulate two NICs by adding the same one twice.
|
||||
+ md = {
|
||||
+ "interface": [
|
||||
+ IMDS_NETWORK_METADATA['interface'][0],
|
||||
+ IMDS_NETWORK_METADATA['interface'][0]
|
||||
+ ]
|
||||
+ }
|
||||
+
|
||||
+ def network_metadata_ret(ifname, retries, type, exc_cb, infinite):
|
||||
+ nonlocal eth0Retries, eth1Retries
|
||||
+
|
||||
+ # Simulate readurl functionality with retries and
|
||||
+ # exception callbacks so that the callback logic can be
|
||||
+ # validated.
|
||||
+ if ifname == "eth0":
|
||||
+ cause = requests.HTTPError()
|
||||
+ for _ in range(0, 15):
|
||||
+ error = url_helper.UrlError(cause=cause, code=410)
|
||||
+ eth0Retries.append(exc_cb("No goal state.", error))
|
||||
+ else:
|
||||
+ cause = requests.Timeout('Fake connection timeout')
|
||||
+ for _ in range(0, 10):
|
||||
+ error = url_helper.UrlError(cause=cause)
|
||||
+ eth1Retries.append(exc_cb("Connection timeout", error))
|
||||
+ # Should stop retrying after 10 retries
|
||||
+ eth1Retries.append(exc_cb("Connection timeout", error))
|
||||
+ raise cause
|
||||
+ return md
|
||||
+
|
||||
+ m_imds.side_effect = network_metadata_ret
|
||||
+
|
||||
+ dhcp_ctx = mock.MagicMock(lease=lease)
|
||||
+ dhcp_ctx.obtain_lease.return_value = lease
|
||||
+ m_dhcpv4.return_value = dhcp_ctx
|
||||
+
|
||||
+ is_primary, expected_nic_count = dsa._check_if_nic_is_primary("eth0")
|
||||
+ self.assertEqual(True, is_primary)
|
||||
+ self.assertEqual(2, expected_nic_count)
|
||||
+
|
||||
+ # All Eth0 errors are non-timeout errors. So we should have been
|
||||
+ # retrying indefinitely until success.
|
||||
+ for i in eth0Retries:
|
||||
+ self.assertTrue(i)
|
||||
+
|
||||
+ is_primary, expected_nic_count = dsa._check_if_nic_is_primary("eth1")
|
||||
+ self.assertEqual(False, is_primary)
|
||||
+
|
||||
+ # All Eth1 errors are timeout errors. Retry happens for a max of 10 and
|
||||
+ # then we should have moved on assuming it is not the primary nic.
|
||||
+ for i in range(0, 10):
|
||||
+ self.assertTrue(eth1Retries[i])
|
||||
+ self.assertFalse(eth1Retries[10])
|
||||
+
|
||||
@mock.patch('cloudinit.distros.networking.LinuxNetworking.try_set_link_up')
|
||||
def test_wait_for_link_up_returns_if_already_up(
|
||||
self, m_is_link_up):
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,129 @@
|
||||
From c0df7233fa99d4191b5d4142e209e7465d8db5f6 Mon Sep 17 00:00:00 2001
|
||||
From: Anh Vo <anhvo@microsoft.com>
|
||||
Date: Tue, 27 Apr 2021 13:40:59 -0400
|
||||
Subject: [PATCH 7/7] Azure: adding support for consuming userdata from IMDS
|
||||
(#884)
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 45: Add support for userdata on Azure from IMDS
|
||||
RH-Commit: [7/7] 32f840412da1a0f49b9ab5ba1d6f1bcb1bfacc16
|
||||
RH-Bugzilla: 2023940
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
---
|
||||
cloudinit/sources/DataSourceAzure.py | 23 ++++++++-
|
||||
tests/unittests/test_datasource/test_azure.py | 50 +++++++++++++++++++
|
||||
2 files changed, 72 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
|
||||
index d0be6d84..a66f023d 100755
|
||||
--- a/cloudinit/sources/DataSourceAzure.py
|
||||
+++ b/cloudinit/sources/DataSourceAzure.py
|
||||
@@ -83,7 +83,7 @@ AGENT_SEED_DIR = '/var/lib/waagent'
|
||||
IMDS_TIMEOUT_IN_SECONDS = 2
|
||||
IMDS_URL = "http://169.254.169.254/metadata"
|
||||
IMDS_VER_MIN = "2019-06-01"
|
||||
-IMDS_VER_WANT = "2020-10-01"
|
||||
+IMDS_VER_WANT = "2021-01-01"
|
||||
|
||||
|
||||
# This holds SSH key data including if the source was
|
||||
@@ -539,6 +539,20 @@ class DataSourceAzure(sources.DataSource):
|
||||
imds_disable_password
|
||||
)
|
||||
crawled_data['metadata']['disable_password'] = imds_disable_password # noqa: E501
|
||||
+
|
||||
+ # only use userdata from imds if OVF did not provide custom data
|
||||
+ # userdata provided by IMDS is always base64 encoded
|
||||
+ if not userdata_raw:
|
||||
+ imds_userdata = _userdata_from_imds(imds_md)
|
||||
+ if imds_userdata:
|
||||
+ LOG.debug("Retrieved userdata from IMDS")
|
||||
+ try:
|
||||
+ crawled_data['userdata_raw'] = base64.b64decode(
|
||||
+ ''.join(imds_userdata.split()))
|
||||
+ except Exception:
|
||||
+ report_diagnostic_event(
|
||||
+ "Bad userdata in IMDS",
|
||||
+ logger_func=LOG.warning)
|
||||
found = cdev
|
||||
|
||||
report_diagnostic_event(
|
||||
@@ -1512,6 +1526,13 @@ def _username_from_imds(imds_data):
|
||||
return None
|
||||
|
||||
|
||||
+def _userdata_from_imds(imds_data):
|
||||
+ try:
|
||||
+ return imds_data['compute']['userData']
|
||||
+ except KeyError:
|
||||
+ return None
|
||||
+
|
||||
+
|
||||
def _hostname_from_imds(imds_data):
|
||||
try:
|
||||
return imds_data['compute']['osProfile']['computerName']
|
||||
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
|
||||
index c4a8e08d..f8433690 100644
|
||||
--- a/tests/unittests/test_datasource/test_azure.py
|
||||
+++ b/tests/unittests/test_datasource/test_azure.py
|
||||
@@ -1899,6 +1899,56 @@ scbus-1 on xpt0 bus 0
|
||||
dsrc.get_data()
|
||||
self.assertTrue(dsrc.metadata["disable_password"])
|
||||
|
||||
+ @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ def test_userdata_from_imds(self, m_get_metadata_from_imds):
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ odata = {'HostName': "myhost", 'UserName': "myuser"}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+ userdata = "userdataImds"
|
||||
+ imds_data = copy.deepcopy(NETWORK_METADATA)
|
||||
+ imds_data["compute"]["osProfile"] = dict(
|
||||
+ adminUsername="username1",
|
||||
+ computerName="hostname1",
|
||||
+ disablePasswordAuthentication="true",
|
||||
+ )
|
||||
+ imds_data["compute"]["userData"] = b64e(userdata)
|
||||
+ m_get_metadata_from_imds.return_value = imds_data
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ ret = dsrc.get_data()
|
||||
+ self.assertTrue(ret)
|
||||
+ self.assertEqual(dsrc.userdata_raw, userdata.encode('utf-8'))
|
||||
+
|
||||
+ @mock.patch(MOCKPATH + 'get_metadata_from_imds')
|
||||
+ def test_userdata_from_imds_with_customdata_from_OVF(
|
||||
+ self, m_get_metadata_from_imds):
|
||||
+ userdataOVF = "userdataOVF"
|
||||
+ odata = {
|
||||
+ 'HostName': "myhost", 'UserName': "myuser",
|
||||
+ 'UserData': {'text': b64e(userdataOVF), 'encoding': 'base64'}
|
||||
+ }
|
||||
+ sys_cfg = {'datasource': {'Azure': {'apply_network_config': True}}}
|
||||
+ data = {
|
||||
+ 'ovfcontent': construct_valid_ovf_env(data=odata),
|
||||
+ 'sys_cfg': sys_cfg
|
||||
+ }
|
||||
+
|
||||
+ userdataImds = "userdataImds"
|
||||
+ imds_data = copy.deepcopy(NETWORK_METADATA)
|
||||
+ imds_data["compute"]["osProfile"] = dict(
|
||||
+ adminUsername="username1",
|
||||
+ computerName="hostname1",
|
||||
+ disablePasswordAuthentication="true",
|
||||
+ )
|
||||
+ imds_data["compute"]["userData"] = b64e(userdataImds)
|
||||
+ m_get_metadata_from_imds.return_value = imds_data
|
||||
+ dsrc = self._get_ds(data)
|
||||
+ ret = dsrc.get_data()
|
||||
+ self.assertTrue(ret)
|
||||
+ self.assertEqual(dsrc.userdata_raw, userdataOVF.encode('utf-8'))
|
||||
+
|
||||
|
||||
class TestAzureBounce(CiTestCase):
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,177 @@
|
||||
From 01489fb91f64f6137ddf88c39feabe4296f3a156 Mon Sep 17 00:00:00 2001
|
||||
From: Anh Vo <anhvo@microsoft.com>
|
||||
Date: Fri, 23 Apr 2021 10:18:05 -0400
|
||||
Subject: [PATCH 4/7] Azure: eject the provisioning iso before reporting ready
|
||||
(#861)
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 45: Add support for userdata on Azure from IMDS
|
||||
RH-Commit: [4/7] ba830546a62ac5bea33b91d133d364a897b9f6c0
|
||||
RH-Bugzilla: 2023940
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
Due to hyper-v implementations, iso ejection is more efficient if performed
|
||||
from within the guest. The code will attempt to perform a best-effort ejection.
|
||||
Failure during ejection will not prevent reporting ready from happening. If iso
|
||||
ejection is successful, later iso ejection from the platform will be a no-op.
|
||||
In the event the iso ejection from the guest fails, iso ejection will still happen at
|
||||
the platform level.
|
||||
---
|
||||
cloudinit/sources/DataSourceAzure.py | 22 +++++++++++++++---
|
||||
cloudinit/sources/helpers/azure.py | 23 ++++++++++++++++---
|
||||
.../test_datasource/test_azure_helper.py | 13 +++++++++--
|
||||
3 files changed, 50 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
|
||||
index 020b7006..39e67c4f 100755
|
||||
--- a/cloudinit/sources/DataSourceAzure.py
|
||||
+++ b/cloudinit/sources/DataSourceAzure.py
|
||||
@@ -332,6 +332,7 @@ class DataSourceAzure(sources.DataSource):
|
||||
dsname = 'Azure'
|
||||
_negotiated = False
|
||||
_metadata_imds = sources.UNSET
|
||||
+ _ci_pkl_version = 1
|
||||
|
||||
def __init__(self, sys_cfg, distro, paths):
|
||||
sources.DataSource.__init__(self, sys_cfg, distro, paths)
|
||||
@@ -346,8 +347,13 @@ class DataSourceAzure(sources.DataSource):
|
||||
# Regenerate network config new_instance boot and every boot
|
||||
self.update_events['network'].add(EventType.BOOT)
|
||||
self._ephemeral_dhcp_ctx = None
|
||||
-
|
||||
self.failed_desired_api_version = False
|
||||
+ self.iso_dev = None
|
||||
+
|
||||
+ def _unpickle(self, ci_pkl_version: int) -> None:
|
||||
+ super()._unpickle(ci_pkl_version)
|
||||
+ if "iso_dev" not in self.__dict__:
|
||||
+ self.iso_dev = None
|
||||
|
||||
def __str__(self):
|
||||
root = sources.DataSource.__str__(self)
|
||||
@@ -459,6 +465,13 @@ class DataSourceAzure(sources.DataSource):
|
||||
'%s was not mountable' % cdev, logger_func=LOG.warning)
|
||||
continue
|
||||
|
||||
+ report_diagnostic_event("Found provisioning metadata in %s" % cdev,
|
||||
+ logger_func=LOG.debug)
|
||||
+
|
||||
+ # save the iso device for ejection before reporting ready
|
||||
+ if cdev.startswith("/dev"):
|
||||
+ self.iso_dev = cdev
|
||||
+
|
||||
perform_reprovision = reprovision or self._should_reprovision(ret)
|
||||
perform_reprovision_after_nic_attach = (
|
||||
reprovision_after_nic_attach or
|
||||
@@ -1226,7 +1239,9 @@ class DataSourceAzure(sources.DataSource):
|
||||
@return: The success status of sending the ready signal.
|
||||
"""
|
||||
try:
|
||||
- get_metadata_from_fabric(None, lease['unknown-245'])
|
||||
+ get_metadata_from_fabric(fallback_lease_file=None,
|
||||
+ dhcp_opts=lease['unknown-245'],
|
||||
+ iso_dev=self.iso_dev)
|
||||
return True
|
||||
except Exception as e:
|
||||
report_diagnostic_event(
|
||||
@@ -1332,7 +1347,8 @@ class DataSourceAzure(sources.DataSource):
|
||||
metadata_func = partial(get_metadata_from_fabric,
|
||||
fallback_lease_file=self.
|
||||
dhclient_lease_file,
|
||||
- pubkey_info=pubkey_info)
|
||||
+ pubkey_info=pubkey_info,
|
||||
+ iso_dev=self.iso_dev)
|
||||
|
||||
LOG.debug("negotiating with fabric via agent command %s",
|
||||
self.ds_cfg['agent_command'])
|
||||
diff --git a/cloudinit/sources/helpers/azure.py b/cloudinit/sources/helpers/azure.py
|
||||
index 03e7156b..ad476076 100755
|
||||
--- a/cloudinit/sources/helpers/azure.py
|
||||
+++ b/cloudinit/sources/helpers/azure.py
|
||||
@@ -865,7 +865,19 @@ class WALinuxAgentShim:
|
||||
return endpoint_ip_address
|
||||
|
||||
@azure_ds_telemetry_reporter
|
||||
- def register_with_azure_and_fetch_data(self, pubkey_info=None) -> dict:
|
||||
+ def eject_iso(self, iso_dev) -> None:
|
||||
+ try:
|
||||
+ LOG.debug("Ejecting the provisioning iso")
|
||||
+ subp.subp(['eject', iso_dev])
|
||||
+ except Exception as e:
|
||||
+ report_diagnostic_event(
|
||||
+ "Failed ejecting the provisioning iso: %s" % e,
|
||||
+ logger_func=LOG.debug)
|
||||
+
|
||||
+ @azure_ds_telemetry_reporter
|
||||
+ def register_with_azure_and_fetch_data(self,
|
||||
+ pubkey_info=None,
|
||||
+ iso_dev=None) -> dict:
|
||||
"""Gets the VM's GoalState from Azure, uses the GoalState information
|
||||
to report ready/send the ready signal/provisioning complete signal to
|
||||
Azure, and then uses pubkey_info to filter and obtain the user's
|
||||
@@ -891,6 +903,10 @@ class WALinuxAgentShim:
|
||||
ssh_keys = self._get_user_pubkeys(goal_state, pubkey_info)
|
||||
health_reporter = GoalStateHealthReporter(
|
||||
goal_state, self.azure_endpoint_client, self.endpoint)
|
||||
+
|
||||
+ if iso_dev is not None:
|
||||
+ self.eject_iso(iso_dev)
|
||||
+
|
||||
health_reporter.send_ready_signal()
|
||||
return {'public-keys': ssh_keys}
|
||||
|
||||
@@ -1046,11 +1062,12 @@ class WALinuxAgentShim:
|
||||
|
||||
@azure_ds_telemetry_reporter
|
||||
def get_metadata_from_fabric(fallback_lease_file=None, dhcp_opts=None,
|
||||
- pubkey_info=None):
|
||||
+ pubkey_info=None, iso_dev=None):
|
||||
shim = WALinuxAgentShim(fallback_lease_file=fallback_lease_file,
|
||||
dhcp_options=dhcp_opts)
|
||||
try:
|
||||
- return shim.register_with_azure_and_fetch_data(pubkey_info=pubkey_info)
|
||||
+ return shim.register_with_azure_and_fetch_data(
|
||||
+ pubkey_info=pubkey_info, iso_dev=iso_dev)
|
||||
finally:
|
||||
shim.clean_up()
|
||||
|
||||
diff --git a/tests/unittests/test_datasource/test_azure_helper.py b/tests/unittests/test_datasource/test_azure_helper.py
|
||||
index 63482c6c..552c7905 100644
|
||||
--- a/tests/unittests/test_datasource/test_azure_helper.py
|
||||
+++ b/tests/unittests/test_datasource/test_azure_helper.py
|
||||
@@ -1009,6 +1009,14 @@ class TestWALinuxAgentShim(CiTestCase):
|
||||
self.GoalState.return_value.container_id = self.test_container_id
|
||||
self.GoalState.return_value.instance_id = self.test_instance_id
|
||||
|
||||
+ def test_eject_iso_is_called(self):
|
||||
+ shim = wa_shim()
|
||||
+ with mock.patch.object(
|
||||
+ shim, 'eject_iso', autospec=True
|
||||
+ ) as m_eject_iso:
|
||||
+ shim.register_with_azure_and_fetch_data(iso_dev="/dev/sr0")
|
||||
+ m_eject_iso.assert_called_once_with("/dev/sr0")
|
||||
+
|
||||
def test_http_client_does_not_use_certificate_for_report_ready(self):
|
||||
shim = wa_shim()
|
||||
shim.register_with_azure_and_fetch_data()
|
||||
@@ -1283,13 +1291,14 @@ class TestGetMetadataGoalStateXMLAndReportReadyToFabric(CiTestCase):
|
||||
|
||||
def test_calls_shim_register_with_azure_and_fetch_data(self):
|
||||
m_pubkey_info = mock.MagicMock()
|
||||
- azure_helper.get_metadata_from_fabric(pubkey_info=m_pubkey_info)
|
||||
+ azure_helper.get_metadata_from_fabric(
|
||||
+ pubkey_info=m_pubkey_info, iso_dev="/dev/sr0")
|
||||
self.assertEqual(
|
||||
1,
|
||||
self.m_shim.return_value
|
||||
.register_with_azure_and_fetch_data.call_count)
|
||||
self.assertEqual(
|
||||
- mock.call(pubkey_info=m_pubkey_info),
|
||||
+ mock.call(iso_dev="/dev/sr0", pubkey_info=m_pubkey_info),
|
||||
self.m_shim.return_value
|
||||
.register_with_azure_and_fetch_data.call_args)
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,90 @@
|
||||
From f11bbe7f04a48eebcb446e283820d7592f76cf86 Mon Sep 17 00:00:00 2001
|
||||
From: Johnson Shi <Johnson.Shi@microsoft.com>
|
||||
Date: Thu, 25 Mar 2021 07:20:10 -0700
|
||||
Subject: [PATCH 2/7] Azure helper: Ensure Azure http handler sleeps between
|
||||
retries (#842)
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 45: Add support for userdata on Azure from IMDS
|
||||
RH-Commit: [2/7] e8f8bb658b629a8444bd2ba19f109952acf33311
|
||||
RH-Bugzilla: 2023940
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
Ensure that the Azure helper's http handler sleeps a fixed duration
|
||||
between retry failure attempts. The http handler will sleep a fixed
|
||||
duration between failed attempts regardless of whether the attempt
|
||||
failed due to (1) request timing out or (2) instant failure (no
|
||||
timeout).
|
||||
|
||||
Due to certain platform issues, the http request to the Azure endpoint
|
||||
may instantly fail without reaching the http timeout duration. Without
|
||||
sleeping a fixed duration in between retry attempts, the http handler
|
||||
will loop through the max retry attempts quickly. This causes the
|
||||
communication between cloud-init and the Azure platform to be less
|
||||
resilient due to the short total duration if there is no sleep in
|
||||
between retries.
|
||||
---
|
||||
cloudinit/sources/helpers/azure.py | 2 ++
|
||||
tests/unittests/test_datasource/test_azure_helper.py | 11 +++++++++--
|
||||
2 files changed, 11 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/cloudinit/sources/helpers/azure.py b/cloudinit/sources/helpers/azure.py
|
||||
index d3055d08..03e7156b 100755
|
||||
--- a/cloudinit/sources/helpers/azure.py
|
||||
+++ b/cloudinit/sources/helpers/azure.py
|
||||
@@ -303,6 +303,7 @@ def http_with_retries(url, **kwargs) -> str:
|
||||
|
||||
max_readurl_attempts = 240
|
||||
default_readurl_timeout = 5
|
||||
+ sleep_duration_between_retries = 5
|
||||
periodic_logging_attempts = 12
|
||||
|
||||
if 'timeout' not in kwargs:
|
||||
@@ -338,6 +339,7 @@ def http_with_retries(url, **kwargs) -> str:
|
||||
'attempt %d with exception: %s' %
|
||||
(url, attempt, e),
|
||||
logger_func=LOG.debug)
|
||||
+ time.sleep(sleep_duration_between_retries)
|
||||
|
||||
raise exc
|
||||
|
||||
diff --git a/tests/unittests/test_datasource/test_azure_helper.py b/tests/unittests/test_datasource/test_azure_helper.py
|
||||
index b8899807..63482c6c 100644
|
||||
--- a/tests/unittests/test_datasource/test_azure_helper.py
|
||||
+++ b/tests/unittests/test_datasource/test_azure_helper.py
|
||||
@@ -384,6 +384,7 @@ class TestAzureHelperHttpWithRetries(CiTestCase):
|
||||
|
||||
max_readurl_attempts = 240
|
||||
default_readurl_timeout = 5
|
||||
+ sleep_duration_between_retries = 5
|
||||
periodic_logging_attempts = 12
|
||||
|
||||
def setUp(self):
|
||||
@@ -394,8 +395,8 @@ class TestAzureHelperHttpWithRetries(CiTestCase):
|
||||
self.m_readurl = patches.enter_context(
|
||||
mock.patch.object(
|
||||
azure_helper.url_helper, 'readurl', mock.MagicMock()))
|
||||
- patches.enter_context(
|
||||
- mock.patch.object(azure_helper.time, 'sleep', mock.MagicMock()))
|
||||
+ self.m_sleep = patches.enter_context(
|
||||
+ mock.patch.object(azure_helper.time, 'sleep', autospec=True))
|
||||
|
||||
def test_http_with_retries(self):
|
||||
self.m_readurl.return_value = 'TestResp'
|
||||
@@ -438,6 +439,12 @@ class TestAzureHelperHttpWithRetries(CiTestCase):
|
||||
self.m_readurl.call_count,
|
||||
self.periodic_logging_attempts + 1)
|
||||
|
||||
+ # Ensure that cloud-init did sleep between each failed request
|
||||
+ self.assertEqual(
|
||||
+ self.m_sleep.call_count,
|
||||
+ self.periodic_logging_attempts)
|
||||
+ self.m_sleep.assert_called_with(self.sleep_duration_between_retries)
|
||||
+
|
||||
def test_http_with_retries_long_delay_logs_periodic_failure_msg(self):
|
||||
self.m_readurl.side_effect = \
|
||||
[SentinelException] * self.periodic_logging_attempts + \
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,12 +1,12 @@
|
||||
From 67d62f2c0df1fcb5cd86be73cba6064075aa61e3 Mon Sep 17 00:00:00 2001
|
||||
From c3d41dc6b18df0d74f569b1a0ba43c8118437948 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Fri, 14 Jan 2022 16:39:46 +0100
|
||||
Date: Fri, 14 Jan 2022 16:40:24 +0100
|
||||
Subject: [PATCH 3/6] Change netifaces dependency to 0.10.4 (#965)
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 43: Datasource for VMware
|
||||
RH-Commit: [3/6] 81f0638e62841bab09b423d9cb5d340026ee87c2
|
||||
RH-Bugzilla: 2040704
|
||||
RH-MergeRequest: 44: Datasource for VMware
|
||||
RH-Commit: [3/6] d25d68427ab8b86ee1521c66483e9300e8fcc735
|
||||
RH-Bugzilla: 2026587
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
|
||||
|
@ -1,12 +1,12 @@
|
||||
From 697152978b1194aa10ab39597802bb2b4041773c Mon Sep 17 00:00:00 2001
|
||||
From 1917af220242840ec1b21f82f80532cf6548cc00 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Fri, 14 Jan 2022 16:37:42 +0100
|
||||
Date: Fri, 14 Jan 2022 16:34:49 +0100
|
||||
Subject: [PATCH 2/6] Datasource for VMware (#953)
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 43: Datasource for VMware
|
||||
RH-Commit: [2/6] a0999fa63b8117959839f62bd470f9fe632b31cc
|
||||
RH-Bugzilla: 2040704
|
||||
RH-MergeRequest: 44: Datasource for VMware
|
||||
RH-Commit: [2/6] bb6e58dfeaf8b64d2801ddb4cb73868cf31de3ef
|
||||
RH-Bugzilla: 2026587
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
|
||||
@ -73,7 +73,7 @@ Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
create mode 100644 tests/unittests/test_datasource/test_vmware.py
|
||||
|
||||
diff --git a/README.md b/README.md
|
||||
index 435405da..b98f61d3 100644
|
||||
index 435405da..aa4fad63 100644
|
||||
--- a/README.md
|
||||
+++ b/README.md
|
||||
@@ -39,7 +39,7 @@ get in contact with that distribution and send them our way!
|
||||
@ -81,7 +81,7 @@ index 435405da..b98f61d3 100644
|
||||
| Supported OSes | Supported Public Clouds | Supported Private Clouds |
|
||||
| --- | --- | --- |
|
||||
-| Alpine Linux<br />ArchLinux<br />Debian<br />Fedora<br />FreeBSD<br />Gentoo Linux<br />NetBSD<br />OpenBSD<br />RHEL/CentOS<br />SLES/openSUSE<br />Ubuntu<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /> | Amazon Web Services<br />Microsoft Azure<br />Google Cloud Platform<br />Oracle Cloud Infrastructure<br />Softlayer<br />Rackspace Public Cloud<br />IBM Cloud<br />Digital Ocean<br />Bigstep<br />Hetzner<br />Joyent<br />CloudSigma<br />Alibaba Cloud<br />OVH<br />OpenNebula<br />Exoscale<br />Scaleway<br />CloudStack<br />AltCloud<br />SmartOS<br />HyperOne<br />Rootbox<br /> | Bare metal installs<br />OpenStack<br />LXD<br />KVM<br />Metal-as-a-Service (MAAS)<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />|
|
||||
+| Alpine Linux<br />ArchLinux<br />Debian<br />Fedora<br />FreeBSD<br />Gentoo Linux<br />NetBSD<br />OpenBSD<br />RHEL/CentOS<br />SLES/openSUSE<br />Ubuntu<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /> | Amazon Web Services<br />Microsoft Azure<br />Google Cloud Platform<br />Oracle Cloud Infrastructure<br />Softlayer<br />Rackspace Public Cloud<br />IBM Cloud<br />Digital Ocean<br />Bigstep<br />Hetzner<br />Joyent<br />CloudSigma<br />Alibaba Cloud<br />OVH<br />OpenNebula<br />Exoscale<br />Scaleway<br />CloudStack<br />AltCloud<br />SmartOS<br />HyperOne<br />Rootbox<br /> | Bare metal installs<br />OpenStack<br />LXD<br />KVM<br />Metal-as-a-Service (MAAS)<br /><br />VMware<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />|
|
||||
+| Alpine Linux<br />ArchLinux<br />Debian<br />Fedora<br />FreeBSD<br />Gentoo Linux<br />NetBSD<br />OpenBSD<br />RHEL/CentOS<br />SLES/openSUSE<br />Ubuntu<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /> | Amazon Web Services<br />Microsoft Azure<br />Google Cloud Platform<br />Oracle Cloud Infrastructure<br />Softlayer<br />Rackspace Public Cloud<br />IBM Cloud<br />Digital Ocean<br />Bigstep<br />Hetzner<br />Joyent<br />CloudSigma<br />Alibaba Cloud<br />OVH<br />OpenNebula<br />Exoscale<br />Scaleway<br />CloudStack<br />AltCloud<br />SmartOS<br />HyperOne<br />Rootbox<br /> | Bare metal installs<br />OpenStack<br />LXD<br />KVM<br />Metal-as-a-Service (MAAS)<br />VMware<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />|
|
||||
|
||||
## To start developing cloud-init
|
||||
|
||||
|
@ -0,0 +1,180 @@
|
||||
From b226448134b5182ba685702e7b7a486db772d956 Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Fri, 4 Mar 2022 11:21:16 +0100
|
||||
Subject: [PATCH 1/2] - Detect a Python version change and clear the cache
|
||||
(#857)
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 54: - Detect a Python version change and clear the cache (#857)
|
||||
RH-Commit: [1/2] c562cd802eabae9dc14079de0b26d471d2229ca8
|
||||
RH-Bugzilla: 1935826
|
||||
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
commit 78e89b03ecb29e7df3181b1219a0b5f44b9d7532
|
||||
Author: Robert Schweikert <rjschwei@suse.com>
|
||||
Date: Thu Jul 1 12:35:40 2021 -0400
|
||||
|
||||
- Detect a Python version change and clear the cache (#857)
|
||||
|
||||
summary: Clear cache when a Python version change is detected
|
||||
|
||||
When a distribution gets updated it is possible that the Python version
|
||||
changes. Python makes no guarantee that pickle is consistent across
|
||||
versions as such we need to purge the cache and start over.
|
||||
|
||||
Co-authored-by: James Falcon <therealfalcon@gmail.com>
|
||||
Conflicts:
|
||||
tests/integration_tests/util.py: test is not present downstream
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
cloudinit/cmd/main.py | 30 ++++++++++
|
||||
cloudinit/cmd/tests/test_main.py | 2 +
|
||||
.../assets/test_version_change.pkl | Bin 0 -> 21 bytes
|
||||
.../modules/test_ssh_auth_key_fingerprints.py | 2 +-
|
||||
.../modules/test_version_change.py | 56 ++++++++++++++++++
|
||||
5 files changed, 89 insertions(+), 1 deletion(-)
|
||||
create mode 100644 tests/integration_tests/assets/test_version_change.pkl
|
||||
create mode 100644 tests/integration_tests/modules/test_version_change.py
|
||||
|
||||
diff --git a/cloudinit/cmd/main.py b/cloudinit/cmd/main.py
|
||||
index baf1381f..21213a4a 100644
|
||||
--- a/cloudinit/cmd/main.py
|
||||
+++ b/cloudinit/cmd/main.py
|
||||
@@ -210,6 +210,35 @@ def attempt_cmdline_url(path, network=True, cmdline=None):
|
||||
(cmdline_name, url, path))
|
||||
|
||||
|
||||
+def purge_cache_on_python_version_change(init):
|
||||
+ """Purge the cache if python version changed on us.
|
||||
+
|
||||
+ There could be changes not represented in our cache (obj.pkl) after we
|
||||
+ upgrade to a new version of python, so at that point clear the cache
|
||||
+ """
|
||||
+ current_python_version = '%d.%d' % (
|
||||
+ sys.version_info.major, sys.version_info.minor
|
||||
+ )
|
||||
+ python_version_path = os.path.join(
|
||||
+ init.paths.get_cpath('data'), 'python-version'
|
||||
+ )
|
||||
+ if os.path.exists(python_version_path):
|
||||
+ cached_python_version = open(python_version_path).read()
|
||||
+ # The Python version has changed out from under us, anything that was
|
||||
+ # pickled previously is likely useless due to API changes.
|
||||
+ if cached_python_version != current_python_version:
|
||||
+ LOG.debug('Python version change detected. Purging cache')
|
||||
+ init.purge_cache(True)
|
||||
+ util.write_file(python_version_path, current_python_version)
|
||||
+ else:
|
||||
+ if os.path.exists(init.paths.get_ipath_cur('obj_pkl')):
|
||||
+ LOG.info(
|
||||
+ 'Writing python-version file. '
|
||||
+ 'Cache compatibility status is currently unknown.'
|
||||
+ )
|
||||
+ util.write_file(python_version_path, current_python_version)
|
||||
+
|
||||
+
|
||||
def main_init(name, args):
|
||||
deps = [sources.DEP_FILESYSTEM, sources.DEP_NETWORK]
|
||||
if args.local:
|
||||
@@ -276,6 +305,7 @@ def main_init(name, args):
|
||||
util.logexc(LOG, "Failed to initialize, likely bad things to come!")
|
||||
# Stage 4
|
||||
path_helper = init.paths
|
||||
+ purge_cache_on_python_version_change(init)
|
||||
mode = sources.DSMODE_LOCAL if args.local else sources.DSMODE_NETWORK
|
||||
|
||||
if mode == sources.DSMODE_NETWORK:
|
||||
diff --git a/cloudinit/cmd/tests/test_main.py b/cloudinit/cmd/tests/test_main.py
|
||||
index 78b27441..1f5975b0 100644
|
||||
--- a/cloudinit/cmd/tests/test_main.py
|
||||
+++ b/cloudinit/cmd/tests/test_main.py
|
||||
@@ -17,6 +17,8 @@ myargs = namedtuple('MyArgs', 'debug files force local reporter subcommand')
|
||||
|
||||
|
||||
class TestMain(FilesystemMockingTestCase):
|
||||
+ with_logs = True
|
||||
+ allowed_subp = False
|
||||
|
||||
def setUp(self):
|
||||
super(TestMain, self).setUp()
|
||||
diff --git a/tests/integration_tests/modules/test_ssh_auth_key_fingerprints.py b/tests/integration_tests/modules/test_ssh_auth_key_fingerprints.py
|
||||
index b9b0d85e..e1946cb1 100644
|
||||
--- a/tests/integration_tests/modules/test_ssh_auth_key_fingerprints.py
|
||||
+++ b/tests/integration_tests/modules/test_ssh_auth_key_fingerprints.py
|
||||
@@ -18,7 +18,7 @@ USER_DATA_SSH_AUTHKEY_DISABLE = """\
|
||||
no_ssh_fingerprints: true
|
||||
"""
|
||||
|
||||
-USER_DATA_SSH_AUTHKEY_ENABLE="""\
|
||||
+USER_DATA_SSH_AUTHKEY_ENABLE = """\
|
||||
#cloud-config
|
||||
ssh_genkeytypes:
|
||||
- ecdsa
|
||||
diff --git a/tests/integration_tests/modules/test_version_change.py b/tests/integration_tests/modules/test_version_change.py
|
||||
new file mode 100644
|
||||
index 00000000..4e9ab63f
|
||||
--- /dev/null
|
||||
+++ b/tests/integration_tests/modules/test_version_change.py
|
||||
@@ -0,0 +1,56 @@
|
||||
+from pathlib import Path
|
||||
+
|
||||
+from tests.integration_tests.instances import IntegrationInstance
|
||||
+from tests.integration_tests.util import ASSETS_DIR
|
||||
+
|
||||
+
|
||||
+PICKLE_PATH = Path('/var/lib/cloud/instance/obj.pkl')
|
||||
+TEST_PICKLE = ASSETS_DIR / 'test_version_change.pkl'
|
||||
+
|
||||
+
|
||||
+def _assert_no_pickle_problems(log):
|
||||
+ assert 'Failed loading pickled blob' not in log
|
||||
+ assert 'Traceback' not in log
|
||||
+ assert 'WARN' not in log
|
||||
+
|
||||
+
|
||||
+def test_reboot_without_version_change(client: IntegrationInstance):
|
||||
+ log = client.read_from_file('/var/log/cloud-init.log')
|
||||
+ assert 'Python version change detected' not in log
|
||||
+ assert 'Cache compatibility status is currently unknown.' not in log
|
||||
+ _assert_no_pickle_problems(log)
|
||||
+
|
||||
+ client.restart()
|
||||
+ log = client.read_from_file('/var/log/cloud-init.log')
|
||||
+ assert 'Python version change detected' not in log
|
||||
+ assert 'Could not determine Python version used to write cache' not in log
|
||||
+ _assert_no_pickle_problems(log)
|
||||
+
|
||||
+ # Now ensure that loading a bad pickle gives us problems
|
||||
+ client.push_file(TEST_PICKLE, PICKLE_PATH)
|
||||
+ client.restart()
|
||||
+ log = client.read_from_file('/var/log/cloud-init.log')
|
||||
+ assert 'Failed loading pickled blob from {}'.format(PICKLE_PATH) in log
|
||||
+
|
||||
+
|
||||
+def test_cache_purged_on_version_change(client: IntegrationInstance):
|
||||
+ # Start by pushing the invalid pickle so we'll hit an error if the
|
||||
+ # cache didn't actually get purged
|
||||
+ client.push_file(TEST_PICKLE, PICKLE_PATH)
|
||||
+ client.execute("echo '1.0' > /var/lib/cloud/data/python-version")
|
||||
+ client.restart()
|
||||
+ log = client.read_from_file('/var/log/cloud-init.log')
|
||||
+ assert 'Python version change detected. Purging cache' in log
|
||||
+ _assert_no_pickle_problems(log)
|
||||
+
|
||||
+
|
||||
+def test_log_message_on_missing_version_file(client: IntegrationInstance):
|
||||
+ # Start by pushing a pickle so we can see the log message
|
||||
+ client.push_file(TEST_PICKLE, PICKLE_PATH)
|
||||
+ client.execute("rm /var/lib/cloud/data/python-version")
|
||||
+ client.restart()
|
||||
+ log = client.read_from_file('/var/log/cloud-init.log')
|
||||
+ assert (
|
||||
+ 'Writing python-version file. '
|
||||
+ 'Cache compatibility status is currently unknown.'
|
||||
+ ) in log
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,14 +1,14 @@
|
||||
From e38ff212eb35943961b79f0d30cdceffc1bc0905 Mon Sep 17 00:00:00 2001
|
||||
From 7bd016008429f0a18393a070d88e669f3ed89caa Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Wed, 2 Mar 2022 10:18:02 +0100
|
||||
Date: Fri, 11 Feb 2022 14:37:46 +0100
|
||||
Subject: [PATCH] Fix IPv6 netmask format for sysconfig (#1215)
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 49: Fix IPv6 netmask format for sysconfig (#1215)
|
||||
RH-Commit: [1/1] 7a97580791fc03f6ae878a699cf92f620f58a237
|
||||
RH-Bugzilla: 2060026
|
||||
RH-MergeRequest: 48: Fix IPv6 netmask format for sysconfig (#1215)
|
||||
RH-Commit: [1/1] 4c940bbcf85dba1fce9f4acb9fc7820c0d7777f6
|
||||
RH-Bugzilla: 2046540
|
||||
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
commit b97a30f0a05c1dea918c46ca9c05c869d15fe2d5
|
||||
Author: Harald <hjensas@redhat.com>
|
||||
@ -45,16 +45,6 @@ Date: Tue Feb 8 15:49:00 2022 +0100
|
||||
|
||||
LP: #1959148
|
||||
|
||||
Conflicts (most related to different format style):
|
||||
cloudinit/net/__init__.py
|
||||
cloudinit/net/network_state.py
|
||||
cloudinit/net/sysconfig.py
|
||||
cloudinit/sources/DataSourceOpenNebula.py
|
||||
cloudinit/sources/helpers/vmware/imc/config_nic.py
|
||||
tests/unittests/net/test_init.py (file not backported)
|
||||
tests/unittests/net/test_network_state.py (file not backported)
|
||||
tests/unittests/test_net.py
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
---
|
||||
cloudinit/net/__init__.py | 7 +-
|
||||
|
@ -0,0 +1,705 @@
|
||||
From 04a4cc7b8da04ba4103118cf9d975d8e9548e0dc Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Fri, 4 Mar 2022 11:23:22 +0100
|
||||
Subject: [PATCH 2/2] Fix MIME policy failure on python version upgrade (#934)
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 54: - Detect a Python version change and clear the cache (#857)
|
||||
RH-Commit: [2/2] 05fc8c52a39b5ad464ad146488703467e39d73b1
|
||||
RH-Bugzilla: 1935826
|
||||
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
commit eacb0353803263934aa2ac827c37e461c87cb107
|
||||
Author: James Falcon <therealfalcon@gmail.com>
|
||||
Date: Thu Jul 15 17:52:21 2021 -0500
|
||||
|
||||
Fix MIME policy failure on python version upgrade (#934)
|
||||
|
||||
Python 3.6 added a new `policy` attribute to `MIMEMultipart`.
|
||||
MIMEMultipart may be part of the cached object pickle of a datasource.
|
||||
Upgrading from an old version of python to 3.6+ will cause the
|
||||
datasource to be invalid after pickle load.
|
||||
|
||||
This commit uses the upgrade framework to attempt to access the mime
|
||||
message and fail early (thus discarding the cache) if we cannot.
|
||||
Commit 78e89b03 should fix this issue more generally.
|
||||