rpms/cloud-init
8
1
Fork 1
Code Issues Pull Requests Releases Activity

Rebase to 23.1.1

Browse Source
This commit is contained in:
František Zatloukal 2023-03-22 14:35:32 +01:00
parent d5fe29f525
commit bfa66bdc55
5 changed files with 238 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
2073.patch Normal file
View File

@ -0,0 +1,162 @@
From 9ab893043254e7c8fdc219579fbc958366d32ca8 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:51:15 +0530
Subject: [PATCH 1/5] cc_ca_certs.py: store distro_cfg['ca_cert_config'] in a
variable
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
cloudinit/config/cc_ca_certs.py | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index b1c4a2bf01..77375285b2 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -177,14 +177,20 @@ def disable_system_ca_certs(distro_cfg):
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
"""
- if distro_cfg["ca_cert_config"] is None:
+
+ ca_cert_cfg_fn = distro_cfg["ca_cert_config"]
+
+ if ca_cert_cfg_fn is None:
return
+
header_comment = (
"# Modified by cloud-init to deselect certs due to user-data"
)
+
added_header = False
- if os.stat(distro_cfg["ca_cert_config"]).st_size != 0:
- orig = util.load_file(distro_cfg["ca_cert_config"])
+
+ if os.stat(ca_cert_cfg_fn).st_size != 0:
+ orig = util.load_file(ca_cert_cfg_fn)
out_lines = []
for line in orig.splitlines():
if line == header_comment:
@@ -198,7 +204,7 @@ def disable_system_ca_certs(distro_cfg):
added_header = True
out_lines.append("!" + line)
util.write_file(
- distro_cfg["ca_cert_config"], "\n".join(out_lines) + "\n", omode="wb"
+ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
)
From 4f999f14b112b2b57a4596acf4de080967bca73b Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:52:40 +0530
Subject: [PATCH 2/5] cc_ca_certs.py: check for cert file existence before stat
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
cloudinit/config/cc_ca_certs.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 77375285b2..bff27f4b45 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -180,7 +180,7 @@ def disable_system_ca_certs(distro_cfg):
ca_cert_cfg_fn = distro_cfg["ca_cert_config"]
- if ca_cert_cfg_fn is None:
+ if not ca_cert_cfg_fn or not os.path.exists(ca_cert_cfg_fn):
return
header_comment = (
From ea4b0042ea9bde41473e664b351d530e467c0a71 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:55:50 +0530
Subject: [PATCH 3/5] cc_ca_certs.py: remove redundant check for zero
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
cloudinit/config/cc_ca_certs.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index bff27f4b45..2c0b1f335c 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -189,7 +189,7 @@ def disable_system_ca_certs(distro_cfg):
added_header = False
- if os.stat(ca_cert_cfg_fn).st_size != 0:
+ if os.stat(ca_cert_cfg_fn).st_size:
orig = util.load_file(ca_cert_cfg_fn)
out_lines = []
for line in orig.splitlines():
From 562222dc8c40b9d0a5d1e2c33dc5619f0f2e8c22 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:56:38 +0530
Subject: [PATCH 4/5] cc_ca_certs.py: move util.write_file with if block
if cert file size if zero, out_lines won't get initialized
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
cloudinit/config/cc_ca_certs.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 2c0b1f335c..54153638e3 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -203,9 +203,10 @@ def disable_system_ca_certs(distro_cfg):
out_lines.append(header_comment)
added_header = True
out_lines.append("!" + line)
- util.write_file(
- ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
- )
+
+ util.write_file(
+ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
+ )
def remove_default_ca_certs(distro_cfg):
From d31144ededa0dd829405f0a21e372d254b082050 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 17:52:30 +0530
Subject: [PATCH 5/5] test_cc_ca_certs.py: add tests for non existent ca-cert
config
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
tests/unittests/config/test_cc_ca_certs.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py
index adc3609a8e..07a2939523 100644
--- a/tests/unittests/config/test_cc_ca_certs.py
+++ b/tests/unittests/config/test_cc_ca_certs.py
@@ -367,6 +367,18 @@ def test_commands(self):
else:
assert mock_subp.call_count == 0
+ def test_non_existent_cert_cfg(self):
+ self.m_stat.return_value.st_size = 0
+
+ for distro_name in cc_ca_certs.distros:
+ conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
+ with ExitStack() as mocks:
+ mocks.enter_context(
+ mock.patch.object(util, "delete_dir_contents")
+ )
+ mocks.enter_context(mock.patch.object(subp, "subp"))
+ cc_ca_certs.disable_default_ca_certs(distro_name, conf)
+
class TestCACertsSchema:
"""Directly test schema rather than through handle."""

63
Fedora-Enable-CA-handling.patch Normal file
View File

@ -0,0 +1,63 @@
From 7ea5446f0e46d0e7a8a6226cf1f5949b44f83d72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 22 Mar 2023 11:51:52 +0100
Subject: [PATCH] Fedora: Enable CA handling
Fedora wasn't previously supported for CA handling. Enabling this
allows the testsuite to pass when ran on a Fedora system. The conf
override is the same as for rhel.
---
cloudinit/config/cc_ca_certs.py | 9 ++++++++-
tests/unittests/config/test_cc_ca_certs.py | 2 ++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 169b0e18..599145c8 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -25,6 +25,13 @@ DEFAULT_CONFIG = {
"ca_cert_update_cmd": ["update-ca-certificates"],
}
DISTRO_OVERRIDES = {
+ "fedora": {
+ "ca_cert_path": "/etc/pki/ca-trust/",
+ "ca_cert_local_path": "/usr/share/pki/ca-trust-source/",
+ "ca_cert_filename": "anchors/cloud-init-ca-cert-{cert_index}.crt",
+ "ca_cert_config": None,
+ "ca_cert_update_cmd": ["update-ca-trust"],
+ },
"rhel": {
"ca_cert_path": "/etc/pki/ca-trust/",
"ca_cert_local_path": "/usr/share/pki/ca-trust-source/",
@@ -48,7 +55,7 @@ configuration option ``remove_defaults``.
Alpine Linux requires the ca-certificates package to be installed in
order to provide the ``update-ca-certificates`` command.
"""
-distros = ["alpine", "debian", "rhel", "ubuntu"]
+distros = ["alpine", "debian", "fedora", "rhel", "ubuntu"]
meta: MetaSchema = {
"id": "cc_ca_certs",
diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py
index 19e5d422..6db17485 100644
--- a/tests/unittests/config/test_cc_ca_certs.py
+++ b/tests/unittests/config/test_cc_ca_certs.py
@@ -311,6 +311,7 @@ class TestRemoveDefaultCaCerts(TestCase):
"cloud_dir": tmpdir,
}
)
+ self.add_patch("cloudinit.config.cc_ca_certs.os.stat", "m_stat")
def test_commands(self):
ca_certs_content = "# line1\nline2\nline3\n"
@@ -318,6 +319,7 @@ class TestRemoveDefaultCaCerts(TestCase):
"# line1\n# Modified by cloud-init to deselect certs due to"
" user-data\n!line2\n!line3\n"
)
+ self.m_stat.return_value.st_size = 1
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
--
2.39.2

94
cloud-init-22.3-nm-default.patch
View File

@ -1,94 +0,0 @@
From 7703aa98b89c8daba207c28a0422268ead10019a Mon Sep 17 00:00:00 2001
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Date: Thu, 19 May 2022 15:05:01 +0200
Subject: [PATCH] Use Network-Manager and Netplan as default renderers for RHEL
and Fedora (#1465)
This is adapted from Neal Gompa's PR:
https://github.com/canonical/cloud-init/pull/1435
The only difference is that we are not modifying renderers.py (thus
modifying the priority of all distros), but just tweaking cloud.cfg to
apply this change to Fedora and RHEL. Other distros can optionally
add themselves afterwards.
net: Prefer Netplan and NetworkManager renderers by default
NetworkManager is used by default on a variety of Linux distributions,
and exists as a cross-distribution network management service.
Additionally, add information about the NetworkManager renderer to
the cloud-init documentation.
Because Netplan can be explicitly used to manage NetworkManager,
it needs to be preferred before NetworkManager.
This change is a follow-up to #1224, which added the native
NetworkManager renderer.
This patch has been deployed on Fedora's cloud-init package throughout
the development of Fedora Linux 36 to verify that it works.
This should also make it tremendously easier for Linux distributions
to use cloud-init because now a standard configuration is supported
by default.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
config/cloud.cfg.tmpl | 3 +++
doc/rtd/topics/network-config.rst | 12 +++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
index 6951a0e3..707a050c 100644
--- a/config/cloud.cfg.tmpl
+++ b/config/cloud.cfg.tmpl
@@ -349,4 +349,7 @@ system_info:
{% elif variant in ["dragonfly"] %}
network:
renderers: ['freebsd']
+{% elif variant in ["rhel", "fedora"] %}
+ network:
+ renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni']
{% endif %}
diff --git a/doc/rtd/topics/network-config.rst b/doc/rtd/topics/network-config.rst
index c461a3fe..f503caab 100644
--- a/doc/rtd/topics/network-config.rst
+++ b/doc/rtd/topics/network-config.rst
@@ -188,6 +188,15 @@ generated configuration into an internal network configuration state. From
this state `Cloud-init`_ delegates rendering of the configuration to Distro
supported formats. The following ``renderers`` are supported in cloud-init:
+- **NetworkManager**
+
+`NetworkManager <https://networkmanager.dev>`_ is the standard Linux network
+configuration tool suite. It supports a wide range of networking setups.
+Configuration is typically stored in ``/etc/NetworkManager``.
+
+It is the default for a number of Linux distributions, notably Fedora;
+CentOS/RHEL; and derivatives.
+
- **ENI**
/etc/network/interfaces or ``ENI`` is supported by the ``ifupdown`` package
@@ -215,6 +224,7 @@ is as follows:
- ENI
- Sysconfig
- Netplan
+- NetworkManager
When applying the policy, `Cloud-init`_ checks if the current instance has the
correct binaries and paths to support the renderer. The first renderer that
@@ -223,7 +233,7 @@ supplying an updated configuration in cloud-config. ::
system_info:
network:
- renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd']
+ renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd']
Network Configuration Tools
--
2.36.1

19
cloud-init.spec
View File

@ -1,6 +1,6 @@
Name: cloud-init
Version: 22.2
Release: 5%{?dist}
Version: 23.1.1
Release: 1%{?dist}
Summary: Cloud instance init scripts
License: ASL 2.0 or GPLv3
URL: http://launchpad.net/cloud-init
@ -8,10 +8,11 @@ URL: http://launchpad.net/cloud-init
Source0: https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz
Source1: cloud-init-tmpfiles.conf
# Default to NetworkManager for configuration renderer
# https://bugzilla.redhat.com/show_bug.cgi?id=2014701
# From: https://github.com/canonical/cloud-init/commit/7703aa98b89c8daba207c28a0422268ead10019a
Patch1: cloud-init-22.3-nm-default.patch
# https://github.com/canonical/cloud-init/pull/2073
Patch1: 2073.patch
# Cherry pick of https://github.com/canonical/cloud-init/pull/2086
# and part of https://github.com/canonical/cloud-init/pull/2036
Patch2: Fedora-Enable-CA-handling.patch
BuildArch: noarch
@ -148,6 +149,7 @@ python3 -m pytest tests/unittests
%license LICENSE LICENSE-Apache2.0 LICENSE-GPLv3
%doc ChangeLog
%doc doc/*
%doc %{_sysconfdir}/cloud/clean.d/README
%{_mandir}/man1/*
%config(noreplace) %{_sysconfdir}/cloud/cloud.cfg
%dir %{_sysconfdir}/cloud/cloud.cfg.d
@ -159,7 +161,7 @@ python3 -m pytest tests/unittests
%config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
%{_sysconfdir}/NetworkManager/dispatcher.d/hook-network-manager
%{_sysconfdir}/dhcp/dhclient-exit-hooks.d/hook-dhclient
/lib/udev/rules.d/66-azure-ephemeral.rules
%{_udevrulesdir}/66-azure-ephemeral.rules
%{_unitdir}/cloud-config.service
%{_unitdir}/cloud-final.service
%{_unitdir}/cloud-init.service
@ -181,6 +183,9 @@ python3 -m pytest tests/unittests
%changelog
* Wed Mar 22 2023 Frantisek Zatloukal <fzatlouk@redhat.com> - 23.1.1-1
- Rebase to 23.1.1
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 22.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (cloud-init-22.2.tar.gz) = 07fec2f1d6eab20a1161672bb339a0c6b2826540bcb03936f95458b179fcb1b3142773c9a4038fe02b30bb05a5ca48a4153b6b0f59015b43bd6c6602832f9d6f
SHA512 (cloud-init-23.1.1.tar.gz) = f84cf9085760e59111b52d3f8dc2f899b67fdf6b332a7a6ee1f04be97749be1acead820cd2b787a888839547fdd9c9e0ab04f10e7db25504811f48428bb8bbf6