From 654aefaf42b5889492c546cb6071c68dcc772cee Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 2 Feb 2026 07:54:48 +0000 Subject: [PATCH 1/2] import OL cloud-init-24.4-7.0.1.el9_7.1 --- ...to-stop-retrying-to-get-ec2-metadata.patch | 50 + ...add-a-new-unit-test-for-network-mana.patch | 136 +++ ...source-support-crawl-metadata-at-onc.patch | 1000 +++++++++++++++++ ...t-to-identify-non-x86-OpenStack-inst.patch | 9 +- ...d-bring-up-individual-network-conns-.patch | 14 +- ...le-in-ds-identify-on-no-datasources-.patch | 9 +- SOURCES/ignore-enslaved-interface.patch | 44 + ...racle-Linux-variant-to-known-distros.patch | 26 + ...30435672-003-cloud-init-collect-logs.patch | 77 ++ .../orabug30435672-004-ol-cloud-config.patch | 112 ++ .../orabug30435672-006-cc_spacewalk.py.patch | 55 + ...ug32183938-009-missing-sshd-services.patch | 31 + ...issing-sshd-services-in-rhel-systemd.patch | 22 + ...stro-detection-logic-in-cloud.cfg.tm.patch | 287 +++++ ...SourceOracle-network-getdata-updates.patch | 115 ++ SPECS/cloud-init.spec | 79 +- 16 files changed, 2032 insertions(+), 34 deletions(-) create mode 100644 SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch create mode 100644 SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch create mode 100644 SOURCES/ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch create mode 100644 SOURCES/ignore-enslaved-interface.patch create mode 100644 SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch create mode 100644 SOURCES/orabug30435672-003-cloud-init-collect-logs.patch create mode 100644 SOURCES/orabug30435672-004-ol-cloud-config.patch create mode 100644 SOURCES/orabug30435672-006-cc_spacewalk.py.patch create mode 100644 SOURCES/orabug32183938-009-missing-sshd-services.patch create mode 100644 SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch create mode 100644 SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch create mode 100644 SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch diff --git a/SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch b/SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch new file mode 100644 index 0000000..d691b94 --- /dev/null +++ b/SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch @@ -0,0 +1,50 @@ +Enable ec2_utils to stop retrying to get ec2 metadata + +Signed-off-by: David Sloboda +Reviewed-by: Laurence Rochfort + +diff -ruN a/cloudinit/sources/helpers/openstack.py b/cloudinit/sources/helpers/openstack.py +--- a/cloudinit/sources/helpers/openstack.py 2018-04-02 12:51:20.053828637 -0700 ++++ b/cloudinit/sources/helpers/openstack.py 2018-04-02 12:33:20.000000000 -0700 +@@ -464,6 +464,16 @@ + + return results + ++def should_retry_cb(_request_args, cause): ++ try: ++ code = int(cause.code) ++ if code >= 400: ++ return False ++ except (TypeError, ValueError): ++ # Older versions of requests didn't have a code. ++ pass ++ return True ++ + + class MetadataReader(BaseReader): + def __init__(self, base_url, ssl_details=None, timeout=5, retries=5): +@@ -489,16 +499,6 @@ + return self._versions + + def _path_read(self, path, decode=False): +- def should_retry_cb(_request_args, cause): +- try: +- code = int(cause.code) +- if code >= 400: +- return False +- except (TypeError, ValueError): +- # Older versions of requests didn't have a code. +- pass +- return True +- + response = url_helper.readurl( + path, + retries=self.retries, +@@ -519,6 +519,7 @@ + ssl_details=self.ssl_details, + timeout=self.timeout, + retries=self.retries, ++ exception_cb=should_retry_cb, + ) + + diff --git a/SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch b/SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch new file mode 100644 index 0000000..2248cbf --- /dev/null +++ b/SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch @@ -0,0 +1,136 @@ +From 37a6837813e418486af8cbef436ab82a8be3e3fa Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 06:06:30 -0800 +Subject: [PATCH] tests/unittests: add a new unit test for network manager net + activator (#4672) + +Some changes in behavior in network manager net activator was brought in with +the commit +d1d5166895da ("net/nm: check for presence of ifcfg files when nm connection files are absent") + +This change adds some unit tests that exercizes network manager activator's +bring_up_interface() method that tests failure scenarios as well as cases +where an ifcfg file is used to bring the interface up. + +Signed-off-by: Ani Sinha +(cherry picked from commit bb474df78bfe45ea5f05907eb710e8d5de764fc8) +Signed-off-by: Darren Archibald +--- + tests/unittests/test_net_activators.py | 101 +++++++++++++++++++++++++ + 1 file changed, 101 insertions(+) + +diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py +index 2a363ec..f95c8a7 100644 +--- a/tests/unittests/test_net_activators.py ++++ b/tests/unittests/test_net_activators.py +@@ -288,6 +288,107 @@ class TestActivatorsBringUp: + for call in m_subp.call_args_list: + assert call in expected_call_list + ++class TestNetworkManagerActivatorBringUp: ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=True, ++ ) ++ @patch("os.path.isfile") ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_nm_conn( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ There is no network manager connection file but ifcfg-rh plugin is ++ present and ifcfg interface config files are also present. In this ++ case, we should use ifcfg files. ++ """ ++ ++ def fake_isfile_no_nmconn(filename): ++ return False if filename.endswith(".nmconnection") else True ++ ++ m_isfile.side_effect = fake_isfile_no_nmconn ++ ++ expected_call_list = [ ++ ( ++ ( ++ [ ++ "nmcli", ++ "connection", ++ "load", ++ "".join( ++ [ ++ "/etc/sysconfig/network-scripts/ifcfg-eth0", ++ ] ++ ), ++ ], ++ ), ++ {}, ++ ), ++ ( ++ ( ++ [ ++ "nmcli", ++ "connection", ++ "up", ++ "filename", ++ "".join( ++ [ ++ "/etc/sysconfig/network-scripts/ifcfg-eth0", ++ ] ++ ), ++ ], ++ ), ++ {}, ++ ), ++ ] ++ ++ index = 0 ++ assert NetworkManagerActivator.bring_up_interface("eth0") ++ for call in m_subp.call_args_list: ++ assert call == expected_call_list[index] ++ index += 1 ++ ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=False, ++ ) ++ @patch("os.path.isfile") ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_plugin_no_nm_conn( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ The ifcfg-rh plugin is absent and nmconnection file is also ++ not present. In this case, we can't use ifcfg file and the ++ interface bring up should fail. ++ """ ++ ++ def fake_isfile_no_nmconn(filename): ++ return False if filename.endswith(".nmconnection") else True ++ ++ m_isfile.side_effect = fake_isfile_no_nmconn ++ assert not NetworkManagerActivator.bring_up_interface("eth0") ++ ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=True, ++ ) ++ @patch("os.path.isfile", return_value=False) ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_conn_file( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ Neither network manager connection files are present nor ++ ifcfg files are present. Even if ifcfg-rh plugin is present, ++ we can not bring up the interface. So bring_up_interface() ++ should fail. ++ """ ++ assert not NetworkManagerActivator.bring_up_interface("eth0") + + IF_UP_DOWN_BRING_DOWN_CALL_LIST: list = [ + ((["ifdown", "eth0"],), {}), +-- +2.31.1 + diff --git a/SOURCES/ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch b/SOURCES/ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch new file mode 100644 index 0000000..dad8230 --- /dev/null +++ b/SOURCES/ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch @@ -0,0 +1,1000 @@ +From 75eaa90b0581e0533fa50b59b9088f99f738e3cf Mon Sep 17 00:00:00 2001 +From: jinkangkang <1547182170@qq.com> +Date: Thu, 20 Feb 2025 10:55:05 +0800 +Subject: [PATCH] feat: aliyun datasource support crawl metadata at once + (#5942) + +RH-Author: xiachen +RH-MergeRequest: 128: feat: aliyun datasource support crawl metadata at once (#5942) +RH-Jira: RHEL-88658 +RH-Acked-by: Ani Sinha +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Commit: [1/1] 284ed9fb0516bca2d852014ad9da7b48b07f451b (xiachen/cloud-init-centos) + +Obtain metadata information from the new metadata path for better +performance. Fall back to old directory tree format on failure. + +Also: + +- Separate the Alibaba Cloud data source from ec2 and make it independent +- Use network card names to sort routing priorities +- Add vendor data support +- Streamline logic, made possible by separating the datasources + +Based on discussion in: GH-5838 + +(cherry picked from commit 27adc8e598991e0861f45274f91d9fb97cdec636) +Signed-off-by: Amy Chen +--- + cloudinit/sources/DataSourceAliYun.py | 338 ++++++++++++++++++++++++- + cloudinit/sources/DataSourceEc2.py | 9 +- + cloudinit/sources/helpers/aliyun.py | 211 +++++++++++++++ + tests/unittests/sources/test_aliyun.py | 213 ++++++++++++---- + tests/unittests/sources/test_ec2.py | 10 - + 5 files changed, 704 insertions(+), 77 deletions(-) + create mode 100644 cloudinit/sources/helpers/aliyun.py + +diff --git a/cloudinit/sources/DataSourceAliYun.py b/cloudinit/sources/DataSourceAliYun.py +index d674e1fc0..000e15a84 100644 +--- a/cloudinit/sources/DataSourceAliYun.py ++++ b/cloudinit/sources/DataSourceAliYun.py +@@ -2,27 +2,43 @@ + + import copy + import logging +-from typing import List ++from typing import List, Union + + from cloudinit import dmi, sources ++from cloudinit import url_helper as uhelp ++from cloudinit import util + from cloudinit.event import EventScope, EventType +-from cloudinit.sources import DataSourceEc2 as EC2 +-from cloudinit.sources import DataSourceHostname, NicOrder ++from cloudinit.net.dhcp import NoDHCPLeaseError ++from cloudinit.net.ephemeral import EphemeralIPNetwork ++from cloudinit.sources import DataSourceHostname ++from cloudinit.sources.helpers import aliyun, ec2 + + LOG = logging.getLogger(__name__) + + ALIYUN_PRODUCT = "Alibaba Cloud ECS" + + +-class DataSourceAliYun(EC2.DataSourceEc2): ++class DataSourceAliYun(sources.DataSource): + + dsname = "AliYun" + metadata_urls = ["http://100.100.100.200"] + +- # The minimum supported metadata_version from the ec2 metadata apis ++ # The minimum supported metadata_version from the ecs metadata apis + min_metadata_version = "2016-01-01" + extended_metadata_versions: List[str] = [] + ++ # Setup read_url parameters per get_url_params. ++ url_max_wait = 240 ++ url_timeout = 50 ++ ++ # API token for accessing the metadata service ++ _api_token = None ++ # Used to cache calculated network cfg v1 ++ _network_config: Union[str, dict] = sources.UNSET ++ ++ # Whether we want to get network configuration from the metadata service. ++ perform_dhcp_setup = False ++ + # Aliyun metadata server security enhanced mode overwrite + @property + def imdsv2_token_put_header(self): +@@ -32,11 +48,9 @@ class DataSourceAliYun(EC2.DataSourceEc2): + super(DataSourceAliYun, self).__init__(sys_cfg, distro, paths) + self.default_update_events = copy.deepcopy(self.default_update_events) + self.default_update_events[EventScope.NETWORK].add(EventType.BOOT) +- self._fallback_nic_order = NicOrder.NIC_NAME + + def _unpickle(self, ci_pkl_version: int) -> None: + super()._unpickle(ci_pkl_version) +- self._fallback_nic_order = NicOrder.NIC_NAME + + def get_hostname(self, fqdn=False, resolve_ip=False, metadata_only=False): + hostname = self.metadata.get("hostname") +@@ -51,9 +65,315 @@ class DataSourceAliYun(EC2.DataSourceEc2): + + def _get_cloud_name(self): + if _is_aliyun(): +- return EC2.CloudNames.ALIYUN ++ return self.dsname.lower() ++ return "NO_ALIYUN_METADATA" ++ ++ @property ++ def platform(self): ++ return self.dsname.lower() ++ ++ # IMDSv2 related parameters from the ecs metadata api document ++ @property ++ def api_token_route(self): ++ return "latest/api/token" ++ ++ @property ++ def imdsv2_token_ttl_seconds(self): ++ return "21600" ++ ++ @property ++ def imdsv2_token_redact(self): ++ return [self.imdsv2_token_put_header, self.imdsv2_token_req_header] ++ ++ @property ++ def imdsv2_token_req_header(self): ++ return self.imdsv2_token_put_header + "-ttl-seconds" ++ ++ @property ++ def network_config(self): ++ """Return a network config dict for rendering ENI or netplan files.""" ++ if self._network_config != sources.UNSET: ++ return self._network_config ++ ++ result = {} ++ iface = self.distro.fallback_interface ++ net_md = self.metadata.get("network") ++ if isinstance(net_md, dict): ++ result = aliyun.convert_ecs_metadata_network_config( ++ net_md, ++ fallback_nic=iface, ++ full_network_config=util.get_cfg_option_bool( ++ self.ds_cfg, "apply_full_imds_network_config", True ++ ), ++ ) + else: +- return EC2.CloudNames.NO_EC2_METADATA ++ LOG.warning("Metadata 'network' key not valid: %s.", net_md) ++ return result ++ self._network_config = result ++ return self._network_config ++ ++ def _maybe_fetch_api_token(self, mdurls): ++ """Get an API token for ECS Instance Metadata Service. ++ ++ On ECS. IMDS will always answer an API token, set ++ HttpTokens=optional (default) when create instance will not forcefully ++ use the security-enhanced mode (IMDSv2). ++ ++ https://api.alibabacloud.com/api/Ecs/2014-05-26/RunInstances ++ """ ++ ++ urls = [] ++ url2base = {} ++ url_path = self.api_token_route ++ request_method = "PUT" ++ for url in mdurls: ++ cur = "{0}/{1}".format(url, url_path) ++ urls.append(cur) ++ url2base[cur] = url ++ ++ # use the self._imds_exception_cb to check for Read errors ++ LOG.debug("Fetching Ecs IMDSv2 API Token") ++ ++ response = None ++ url = None ++ url_params = self.get_url_params() ++ try: ++ url, response = uhelp.wait_for_url( ++ urls=urls, ++ max_wait=url_params.max_wait_seconds, ++ timeout=url_params.timeout_seconds, ++ status_cb=LOG.warning, ++ headers_cb=self._get_headers, ++ exception_cb=self._imds_exception_cb, ++ request_method=request_method, ++ headers_redact=self.imdsv2_token_redact, ++ connect_synchronously=False, ++ ) ++ except uhelp.UrlError: ++ # We use the raised exception to interupt the retry loop. ++ # Nothing else to do here. ++ pass ++ ++ if url and response: ++ self._api_token = response ++ return url2base[url] ++ ++ # If we get here, then wait_for_url timed out, waiting for IMDS ++ # or the IMDS HTTP endpoint is disabled ++ return None ++ ++ def wait_for_metadata_service(self): ++ mcfg = self.ds_cfg ++ mdurls = mcfg.get("metadata_urls", self.metadata_urls) ++ ++ # try the api token path first ++ metadata_address = self._maybe_fetch_api_token(mdurls) ++ ++ if metadata_address: ++ self.metadata_address = metadata_address ++ LOG.debug("Using metadata source: '%s'", self.metadata_address) ++ else: ++ LOG.warning("IMDS's HTTP endpoint is probably disabled") ++ return bool(metadata_address) ++ ++ def crawl_metadata(self): ++ """Crawl metadata service when available. ++ ++ @returns: Dictionary of crawled metadata content containing the keys: ++ meta-data, user-data, vendor-data and dynamic. ++ """ ++ if not self.wait_for_metadata_service(): ++ return {} ++ redact = self.imdsv2_token_redact ++ crawled_metadata = {} ++ exc_cb = self._refresh_stale_aliyun_token_cb ++ exc_cb_ud = self._skip_or_refresh_stale_aliyun_token_cb ++ skip_cb = None ++ exe_cb_whole_meta = self._skip_json_path_meta_path_aliyun_cb ++ try: ++ crawled_metadata["user-data"] = aliyun.get_instance_data( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exc_cb_ud, ++ item_name="user-data", ++ ) ++ crawled_metadata["vendor-data"] = aliyun.get_instance_data( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exc_cb_ud, ++ item_name="vendor-data", ++ ) ++ try: ++ result = aliyun.get_instance_meta_data( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exe_cb_whole_meta, ++ ) ++ crawled_metadata["meta-data"] = result ++ except Exception: ++ util.logexc( ++ LOG, ++ "Faild read json meta-data from %s " ++ "fall back directory tree style", ++ self.metadata_address, ++ ) ++ crawled_metadata["meta-data"] = ec2.get_instance_metadata( ++ self.min_metadata_version, ++ self.metadata_address, ++ headers_cb=self._get_headers, ++ headers_redact=redact, ++ exception_cb=exc_cb, ++ retrieval_exception_ignore_cb=skip_cb, ++ ) ++ except Exception: ++ util.logexc( ++ LOG, ++ "Failed reading from metadata address %s", ++ self.metadata_address, ++ ) ++ return {} ++ return crawled_metadata ++ ++ def _refresh_stale_aliyun_token_cb(self, msg, exception): ++ """Exception handler for Ecs to refresh token if token is stale.""" ++ if isinstance(exception, uhelp.UrlError) and exception.code == 401: ++ # With _api_token as None, _get_headers will _refresh_api_token. ++ LOG.debug("Clearing cached Ecs API token due to expiry") ++ self._api_token = None ++ return True # always retry ++ ++ def _skip_retry_on_codes(self, status_codes, cause): ++ """Returns False if cause.code is in status_codes.""" ++ return cause.code not in status_codes ++ ++ def _skip_or_refresh_stale_aliyun_token_cb(self, msg, exception): ++ """Callback will not retry on SKIP_USERDATA_VENDORDATA_CODES or ++ if no token is available.""" ++ retry = self._skip_retry_on_codes(ec2.SKIP_USERDATA_CODES, exception) ++ if not retry: ++ return False # False raises exception ++ return self._refresh_stale_aliyun_token_cb(msg, exception) ++ ++ def _skip_json_path_meta_path_aliyun_cb(self, msg, exception): ++ """Callback will not retry of whole meta_path is not found""" ++ if isinstance(exception, uhelp.UrlError) and exception.code == 404: ++ LOG.warning("whole meta_path is not found, skipping") ++ return False ++ return self._refresh_stale_aliyun_token_cb(msg, exception) ++ ++ def _get_data(self): ++ if self.cloud_name != self.dsname.lower(): ++ return False ++ if self.perform_dhcp_setup: # Setup networking in init-local stage. ++ if util.is_FreeBSD(): ++ LOG.debug("FreeBSD doesn't support running dhclient with -sf") ++ return False ++ try: ++ with EphemeralIPNetwork( ++ self.distro, ++ self.distro.fallback_interface, ++ ipv4=True, ++ ipv6=False, ++ ) as netw: ++ self._crawled_metadata = self.crawl_metadata() ++ LOG.debug( ++ "Crawled metadata service%s", ++ f" {netw.state_msg}" if netw.state_msg else "", ++ ) ++ ++ except NoDHCPLeaseError: ++ return False ++ else: ++ self._crawled_metadata = self.crawl_metadata() ++ if not self._crawled_metadata or not isinstance( ++ self._crawled_metadata, dict ++ ): ++ return False ++ self.metadata = self._crawled_metadata.get("meta-data", {}) ++ self.userdata_raw = self._crawled_metadata.get("user-data", {}) ++ self.vendordata_raw = self._crawled_metadata.get("vendor-data", {}) ++ return True ++ ++ def _refresh_api_token(self, seconds=None): ++ """Request new metadata API token. ++ @param seconds: The lifetime of the token in seconds ++ ++ @return: The API token or None if unavailable. ++ """ ++ ++ if seconds is None: ++ seconds = self.imdsv2_token_ttl_seconds ++ ++ LOG.debug("Refreshing Ecs metadata API token") ++ request_header = {self.imdsv2_token_req_header: seconds} ++ token_url = "{}/{}".format(self.metadata_address, self.api_token_route) ++ try: ++ response = uhelp.readurl( ++ token_url, ++ headers=request_header, ++ headers_redact=self.imdsv2_token_redact, ++ request_method="PUT", ++ ) ++ except uhelp.UrlError as e: ++ LOG.warning( ++ "Unable to get API token: %s raised exception %s", token_url, e ++ ) ++ return None ++ return response.contents ++ ++ def _get_headers(self, url=""): ++ """Return a dict of headers for accessing a url. ++ ++ If _api_token is unset on AWS, attempt to refresh the token via a PUT ++ and then return the updated token header. ++ """ ++ ++ request_token_header = { ++ self.imdsv2_token_req_header: self.imdsv2_token_ttl_seconds ++ } ++ if self.api_token_route in url: ++ return request_token_header ++ if not self._api_token: ++ # If we don't yet have an API token, get one via a PUT against ++ # api_token_route. This _api_token may get unset by a 403 due ++ # to an invalid or expired token ++ self._api_token = self._refresh_api_token() ++ if not self._api_token: ++ return {} ++ return {self.imdsv2_token_put_header: self._api_token} ++ ++ def _imds_exception_cb(self, msg, exception=None): ++ """Fail quickly on proper AWS if IMDSv2 rejects API token request ++ ++ Guidance from Amazon is that if IMDSv2 had disabled token requests ++ by returning a 403, or cloud-init malformed requests resulting in ++ other 40X errors, we want the datasource detection to fail quickly ++ without retries as those symptoms will likely not be resolved by ++ retries. ++ ++ Exceptions such as requests.ConnectionError due to IMDS being ++ temporarily unroutable or unavailable will still retry due to the ++ callsite wait_for_url. ++ """ ++ if isinstance(exception, uhelp.UrlError): ++ # requests.ConnectionError will have exception.code == None ++ if exception.code and exception.code >= 400: ++ if exception.code == 403: ++ LOG.warning( ++ "Ecs IMDS endpoint returned a 403 error. " ++ "HTTP endpoint is disabled. Aborting." ++ ) ++ else: ++ LOG.warning( ++ "Fatal error while requesting Ecs IMDSv2 API tokens" ++ ) ++ raise exception + + + def _is_aliyun(): +diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py +index 10837df6a..0b763b52b 100644 +--- a/cloudinit/sources/DataSourceEc2.py ++++ b/cloudinit/sources/DataSourceEc2.py +@@ -34,7 +34,6 @@ STRICT_ID_DEFAULT = "warn" + + + class CloudNames: +- ALIYUN = "aliyun" + AWS = "aws" + BRIGHTBOX = "brightbox" + ZSTACK = "zstack" +@@ -54,7 +53,7 @@ def skip_404_tag_errors(exception): + + + # Cloud platforms that support IMDSv2 style metadata server +-IDMSV2_SUPPORTED_CLOUD_PLATFORMS = [CloudNames.AWS, CloudNames.ALIYUN] ++IDMSV2_SUPPORTED_CLOUD_PLATFORMS = [CloudNames.AWS] + + # Only trigger hook-hotplug on NICs with Ec2 drivers. Avoid triggering + # it on docker virtual NICs and the like. LP: #1946003 +@@ -768,11 +767,6 @@ def warn_if_necessary(cfgval, cfg): + warnings.show_warning("non_ec2_md", cfg, mode=True, sleep=sleep) + + +-def identify_aliyun(data): +- if data["product_name"] == "Alibaba Cloud ECS": +- return CloudNames.ALIYUN +- +- + def identify_aws(data): + # data is a dictionary returned by _collect_platform_data. + uuid_str = data["uuid"] +@@ -821,7 +815,6 @@ def identify_platform(): + identify_zstack, + identify_e24cloud, + identify_outscale, +- identify_aliyun, + lambda x: CloudNames.UNKNOWN, + ) + for checker in checks: +diff --git a/cloudinit/sources/helpers/aliyun.py b/cloudinit/sources/helpers/aliyun.py +new file mode 100644 +index 000000000..201ceb04b +--- /dev/null ++++ b/cloudinit/sources/helpers/aliyun.py +@@ -0,0 +1,211 @@ ++# This file is part of cloud-init. See LICENSE file for license information. ++ ++import logging ++from typing import MutableMapping ++ ++from cloudinit import net, url_helper, util ++from cloudinit.sources.helpers import ec2 ++ ++LOG = logging.getLogger(__name__) ++ ++ ++def get_instance_meta_data( ++ api_version="latest", ++ metadata_address="http://100.100.100.200", ++ ssl_details=None, ++ timeout=5, ++ retries=5, ++ headers_cb=None, ++ headers_redact=None, ++ exception_cb=None, ++): ++ ud_url = url_helper.combine_url(metadata_address, api_version) ++ ud_url = url_helper.combine_url(ud_url, "meta-data/all") ++ response = url_helper.read_file_or_url( ++ ud_url, ++ ssl_details=ssl_details, ++ timeout=timeout, ++ retries=retries, ++ exception_cb=exception_cb, ++ headers_cb=headers_cb, ++ headers_redact=headers_redact, ++ ) ++ meta_data_raw: object = util.load_json(response.contents) ++ ++ # meta_data_raw is a json object with the following format get ++ # by`meta-data/all` ++ # { ++ # "sub-private-ipv4-list": "", ++ # "dns-conf": { ++ # "nameservers": "100.100.2.136\r\n100.100.2.138" ++ # }, ++ # "zone-id": "cn-hangzhou-i", ++ # "instance": { ++ # "instance-name": "aliyun_vm_test", ++ # "instance-type": "ecs.g7.xlarge" ++ # }, ++ # "disks": { ++ # "bp1cikh4di1xxxx": { ++ # "name": "disk_test", ++ # "id": "d-bp1cikh4di1lf7pxxxx" ++ # } ++ # }, ++ # "instance-id": "i-bp123", ++ # "eipv4": "47.99.152.7", ++ # "private-ipv4": "192.168.0.9", ++ # "hibernation": { ++ # "configured": "false" ++ # }, ++ # "vpc-id": "vpc-bp1yeqg123", ++ # "mac": "00:16:3e:30:3e:ca", ++ # "source-address": "http://mirrors.cloud.aliyuncs.com", ++ # "vswitch-cidr-block": "192.168.0.0/24", ++ # "network": { ++ # "interfaces": { ++ # "macs": { ++ # "00:16:3e:30:3e:ca": { ++ # "vpc-cidr-block": "192.168.0.0/16", ++ # "netmask": "255.255.255.0" ++ # } ++ # } ++ # } ++ # }, ++ # "network-type": "vpc", ++ # "hostname": "aliyun_vm_test", ++ # "region-id": "cn-hangzhou", ++ # "ntp-conf": { ++ # "ntp-servers": "ntp1.aliyun.com\r\nntp2.aliyun.com" ++ # }, ++ # } ++ # Note: For example, in the values of dns conf: the `nameservers` ++ # key is a string, the format is the same as the response from the ++ # `meta-data/dns-conf/nameservers` endpoint. we use the same ++ # serialization method to ensure consistency between ++ # the two methods (directory tree and json path). ++ def _process_dict_values(d): ++ if isinstance(d, dict): ++ return {k: _process_dict_values(v) for k, v in d.items()} ++ elif isinstance(d, list): ++ return [_process_dict_values(item) for item in d] ++ else: ++ return ec2.MetadataLeafDecoder()("", d) ++ ++ return _process_dict_values(meta_data_raw) ++ ++ ++def get_instance_data( ++ api_version="latest", ++ metadata_address="http://100.100.100.200", ++ ssl_details=None, ++ timeout=5, ++ retries=5, ++ headers_cb=None, ++ headers_redact=None, ++ exception_cb=None, ++ item_name=None, ++): ++ ud_url = url_helper.combine_url(metadata_address, api_version) ++ ud_url = url_helper.combine_url(ud_url, item_name) ++ data = b"" ++ support_items_list = ["user-data", "vendor-data"] ++ if item_name not in support_items_list: ++ LOG.error( ++ "aliyun datasource not support the item %s", ++ item_name, ++ ) ++ return data ++ try: ++ response = url_helper.read_file_or_url( ++ ud_url, ++ ssl_details=ssl_details, ++ timeout=timeout, ++ retries=retries, ++ exception_cb=exception_cb, ++ headers_cb=headers_cb, ++ headers_redact=headers_redact, ++ ) ++ data = response.contents ++ except Exception: ++ util.logexc(LOG, "Failed fetching %s from url %s", item_name, ud_url) ++ return data ++ ++ ++def convert_ecs_metadata_network_config( ++ network_md, ++ macs_to_nics=None, ++ fallback_nic=None, ++ full_network_config=True, ++): ++ """Convert ecs metadata to network config version 2 data dict. ++ ++ @param: network_md: 'network' portion of ECS metadata. ++ generally formed as {"interfaces": {"macs": {}} where ++ 'macs' is a dictionary with mac address as key: ++ @param: macs_to_nics: Optional dict of mac addresses and nic names. If ++ not provided, get_interfaces_by_mac is called to get it from the OS. ++ @param: fallback_nic: Optionally provide the primary nic interface name. ++ This nic will be guaranteed to minimally have a dhcp4 configuration. ++ @param: full_network_config: Boolean set True to configure all networking ++ presented by IMDS. This includes rendering secondary IPv4 and IPv6 ++ addresses on all NICs and rendering network config on secondary NICs. ++ If False, only the primary nic will be configured and only with dhcp ++ (IPv4/IPv6). ++ ++ @return A dict of network config version 2 based on the metadata and macs. ++ """ ++ netcfg: MutableMapping = {"version": 2, "ethernets": {}} ++ if not macs_to_nics: ++ macs_to_nics = net.get_interfaces_by_mac() ++ macs_metadata = network_md["interfaces"]["macs"] ++ ++ if not full_network_config: ++ for mac, nic_name in macs_to_nics.items(): ++ if nic_name == fallback_nic: ++ break ++ dev_config: MutableMapping = { ++ "dhcp4": True, ++ "dhcp6": False, ++ "match": {"macaddress": mac.lower()}, ++ "set-name": nic_name, ++ } ++ nic_metadata = macs_metadata.get(mac) ++ if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured ++ dev_config["dhcp6"] = True ++ netcfg["ethernets"][nic_name] = dev_config ++ return netcfg ++ nic_name_2_mac_map = dict() ++ for mac, nic_name in macs_to_nics.items(): ++ nic_metadata = macs_metadata.get(mac) ++ if not nic_metadata: ++ continue # Not a physical nic represented in metadata ++ nic_name_2_mac_map[nic_name] = mac ++ ++ # sorted by nic_name ++ orderd_nic_name_list = sorted( ++ nic_name_2_mac_map.keys(), key=net.natural_sort_key ++ ) ++ for nic_idx, nic_name in enumerate(orderd_nic_name_list): ++ nic_mac = nic_name_2_mac_map[nic_name] ++ nic_metadata = macs_metadata.get(nic_mac) ++ dhcp_override = {"route-metric": (nic_idx + 1) * 100} ++ dev_config = { ++ "dhcp4": True, ++ "dhcp4-overrides": dhcp_override, ++ "dhcp6": False, ++ "match": {"macaddress": nic_mac.lower()}, ++ "set-name": nic_name, ++ } ++ if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured ++ dev_config["dhcp6"] = True ++ dev_config["dhcp6-overrides"] = dhcp_override ++ ++ netcfg["ethernets"][nic_name] = dev_config ++ # Remove route-metric dhcp overrides and routes / routing-policy if only ++ # one nic configured ++ if len(netcfg["ethernets"]) == 1: ++ for nic_name in netcfg["ethernets"].keys(): ++ netcfg["ethernets"][nic_name].pop("dhcp4-overrides") ++ netcfg["ethernets"][nic_name].pop("dhcp6-overrides", None) ++ netcfg["ethernets"][nic_name].pop("routes", None) ++ netcfg["ethernets"][nic_name].pop("routing-policy", None) ++ return netcfg +diff --git a/tests/unittests/sources/test_aliyun.py b/tests/unittests/sources/test_aliyun.py +index 2639302b2..2d61ff8af 100644 +--- a/tests/unittests/sources/test_aliyun.py ++++ b/tests/unittests/sources/test_aliyun.py +@@ -9,46 +9,93 @@ import responses + + from cloudinit import helpers + from cloudinit.sources import DataSourceAliYun as ay +-from cloudinit.sources.DataSourceEc2 import convert_ec2_metadata_network_config ++from cloudinit.sources.helpers.aliyun import ( ++ convert_ecs_metadata_network_config, ++) ++from cloudinit.util import load_json + from tests.unittests import helpers as test_helpers + +-DEFAULT_METADATA = { +- "instance-id": "aliyun-test-vm-00", +- "eipv4": "10.0.0.1", +- "hostname": "test-hostname", +- "image-id": "m-test", +- "launch-index": "0", +- "mac": "00:16:3e:00:00:00", +- "network-type": "vpc", +- "private-ipv4": "192.168.0.1", +- "serial-number": "test-string", +- "vpc-cidr-block": "192.168.0.0/16", +- "vpc-id": "test-vpc", +- "vswitch-id": "test-vpc", +- "vswitch-cidr-block": "192.168.0.0/16", +- "zone-id": "test-zone-1", +- "ntp-conf": { +- "ntp_servers": [ +- "ntp1.aliyun.com", +- "ntp2.aliyun.com", +- "ntp3.aliyun.com", +- ] +- }, +- "source-address": [ +- "http://mirrors.aliyun.com", +- "http://mirrors.aliyuncs.com", +- ], +- "public-keys": { +- "key-pair-1": {"openssh-key": "ssh-rsa AAAAB3..."}, +- "key-pair-2": {"openssh-key": "ssh-rsa AAAAB3..."}, ++DEFAULT_METADATA_RAW = r"""{ ++ "disks": { ++ "bp15spwwhlf8bbbn7xxx": { ++ "id": "d-bp15spwwhlf8bbbn7xxx", ++ "name": "" ++ } ++ }, ++ "dns-conf": { ++ "nameservers": [ ++ "100.100.2.136", ++ "100.100.2.138" ++ ] ++ }, ++ "hibernation": { ++ "configured": "false" ++ }, ++ "instance": { ++ "instance-name": "aliyun-test-vm-00", ++ "instance-type": "ecs.g8i.large", ++ "last-host-landing-time": "2024-11-17 10:02:41", ++ "max-netbw-egress": "2560000", ++ "max-netbw-ingress": "2560000", ++ "virtualization-solution": "ECS Virt", ++ "virtualization-solution-version": "2.0" ++ }, ++ "network": { ++ "interfaces": { ++ "macs": { ++ "00:16:3e:14:59:58": { ++ "gateway": "172.16.101.253", ++ "netmask": "255.255.255.0", ++ "network-interface-id": "eni-bp13i3ed90icgdgaxxxx" ++ } ++ } ++ } ++ }, ++ "ntp-conf": { ++ "ntp-servers": [ ++ "ntp1.aliyun.com", ++ "ntp1.cloud.aliyuncs.com" ++ ] ++ }, ++ "public-keys": { ++ "0": { ++ "openssh-key": "ssh-rsa AAAAB3Nza" + }, +-} ++ "skp-bp1test": { ++ "openssh-key": "ssh-rsa AAAAB3Nza" ++ } ++ }, ++ "eipv4": "121.66.77.88", ++ "hostname": "aliyun-test-vm-00", ++ "image-id": "ubuntu_24_04_x64_20G_alibase_20241016.vhd", ++ "instance-id": "i-bp15ojxppkmsnyjxxxxx", ++ "mac": "00:16:3e:14:59:58", ++ "network-type": "vpc", ++ "owner-account-id": "123456", ++ "private-ipv4": "172.16.111.222", ++ "region-id": "cn-hangzhou", ++ "serial-number": "3ca05955-a892-46b3-a6fc-xxxxxx", ++ "source-address": "http://mirrors.cloud.aliyuncs.com", ++ "sub-private-ipv4-list": "172.16.101.215", ++ "vpc-cidr-block": "172.16.0.0/12", ++ "vpc-id": "vpc-bp1uwvjta7txxxxxxx", ++ "vswitch-cidr-block": "172.16.101.0/24", ++ "vswitch-id": "vsw-bp12cibmw6078qv123456", ++ "zone-id": "cn-hangzhou-j" ++}""" ++ ++DEFAULT_METADATA = load_json(DEFAULT_METADATA_RAW) + + DEFAULT_USERDATA = """\ + #cloud-config + + hostname: localhost""" + ++DEFAULT_VENDORDATA = """\ ++#cloud-config ++bootcmd: ++- echo hello world > /tmp/vendor""" ++ + + class TestAliYunDatasource(test_helpers.ResponsesTestCase): + def setUp(self): +@@ -67,6 +114,10 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + def default_userdata(self): + return DEFAULT_USERDATA + ++ @property ++ def default_vendordata(self): ++ return DEFAULT_VENDORDATA ++ + @property + def metadata_url(self): + return ( +@@ -78,12 +129,29 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + + "/" + ) + ++ @property ++ def metadata_all_url(self): ++ return ( ++ os.path.join( ++ self.metadata_address, ++ self.ds.min_metadata_version, ++ "meta-data", ++ ) ++ + "/all" ++ ) ++ + @property + def userdata_url(self): + return os.path.join( + self.metadata_address, self.ds.min_metadata_version, "user-data" + ) + ++ @property ++ def vendordata_url(self): ++ return os.path.join( ++ self.metadata_address, self.ds.min_metadata_version, "vendor-data" ++ ) ++ + # EC2 provides an instance-identity document which must return 404 here + # for this test to pass. + @property +@@ -133,9 +201,17 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + register = functools.partial(self.responses.add, responses.GET) + register_helper(register, base_url, data) + +- def regist_default_server(self): ++ def regist_default_server(self, register_json_meta_path=True): + self.register_mock_metaserver(self.metadata_url, self.default_metadata) ++ if register_json_meta_path: ++ self.register_mock_metaserver( ++ self.metadata_all_url, DEFAULT_METADATA_RAW ++ ) + self.register_mock_metaserver(self.userdata_url, self.default_userdata) ++ self.register_mock_metaserver( ++ self.vendordata_url, self.default_userdata ++ ) ++ + self.register_mock_metaserver(self.identity_url, self.default_identity) + self.responses.add(responses.PUT, self.token_url, "API-TOKEN") + +@@ -175,7 +251,25 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + self._test_get_iid() + self._test_host_name() + self.assertEqual("aliyun", self.ds.cloud_name) +- self.assertEqual("ec2", self.ds.platform) ++ self.assertEqual("aliyun", self.ds.platform) ++ self.assertEqual( ++ "metadata (http://100.100.100.200)", self.ds.subplatform ++ ) ++ ++ @mock.patch("cloudinit.sources.DataSourceEc2.util.is_resolvable") ++ @mock.patch("cloudinit.sources.DataSourceAliYun._is_aliyun") ++ def test_with_mock_server_without_json_path(self, m_is_aliyun, m_resolv): ++ m_is_aliyun.return_value = True ++ self.regist_default_server(register_json_meta_path=False) ++ ret = self.ds.get_data() ++ self.assertEqual(True, ret) ++ self.assertEqual(1, m_is_aliyun.call_count) ++ self._test_get_data() ++ self._test_get_sshkey() ++ self._test_get_iid() ++ self._test_host_name() ++ self.assertEqual("aliyun", self.ds.cloud_name) ++ self.assertEqual("aliyun", self.ds.platform) + self.assertEqual( + "metadata (http://100.100.100.200)", self.ds.subplatform + ) +@@ -221,7 +315,7 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + self._test_get_iid() + self._test_host_name() + self.assertEqual("aliyun", self.ds.cloud_name) +- self.assertEqual("ec2", self.ds.platform) ++ self.assertEqual("aliyun", self.ds.platform) + self.assertEqual( + "metadata (http://100.100.100.200)", self.ds.subplatform + ) +@@ -272,31 +366,28 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + public_keys["key-pair-0"]["openssh-key"], + ) + +- def test_route_metric_calculated_without_device_number(self): +- """Test that route-metric code works without `device-number` +- +- `device-number` is part of EC2 metadata, but not supported on aliyun. +- Attempting to access it will raise a KeyError. +- +- LP: #1917875 +- """ +- netcfg = convert_ec2_metadata_network_config( ++ def test_route_metric_calculated_with_multiple_network_cards(self): ++ """Test that route-metric code works with multiple network cards""" ++ netcfg = convert_ecs_metadata_network_config( + { + "interfaces": { + "macs": { +- "06:17:04:d7:26:09": { +- "interface-id": "eni-e44ef49e", ++ "00:16:3e:14:59:58": { ++ "ipv6-gateway": "2408:xxxxx", ++ "ipv6s": "[2408:xxxxxx]", ++ "network-interface-id": "eni-bp13i1xxxxx", + }, +- "06:17:04:d7:26:08": { +- "interface-id": "eni-e44ef49f", ++ "00:16:3e:39:43:27": { ++ "gateway": "172.16.101.253", ++ "netmask": "255.255.255.0", ++ "network-interface-id": "eni-bp13i2xxxx", + }, + } + } + }, +- mock.Mock(), + macs_to_nics={ +- "06:17:04:d7:26:09": "eth0", +- "06:17:04:d7:26:08": "eth1", ++ "00:16:3e:14:59:58": "eth0", ++ "00:16:3e:39:43:27": "eth1", + }, + ) + +@@ -314,6 +405,28 @@ class TestAliYunDatasource(test_helpers.ResponsesTestCase): + netcfg["ethernets"]["eth1"].keys() + ) + ++ # eth0 network meta-data have ipv6s info, ipv6 should True ++ met0_dhcp6 = netcfg["ethernets"]["eth0"]["dhcp6"] ++ assert met0_dhcp6 is True ++ ++ netcfg = convert_ecs_metadata_network_config( ++ { ++ "interfaces": { ++ "macs": { ++ "00:16:3e:14:59:58": { ++ "gateway": "172.16.101.253", ++ "netmask": "255.255.255.0", ++ "network-interface-id": "eni-bp13ixxxx", ++ } ++ } ++ } ++ }, ++ macs_to_nics={"00:16:3e:14:59:58": "eth0"}, ++ ) ++ met0 = netcfg["ethernets"]["eth0"] ++ # single network card would have no dhcp4-overrides ++ assert "dhcp4-overrides" not in met0 ++ + + class TestIsAliYun(test_helpers.CiTestCase): + ALIYUN_PRODUCT = "Alibaba Cloud ECS" +diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py +index b28afc52f..c3d33dfc9 100644 +--- a/tests/unittests/sources/test_ec2.py ++++ b/tests/unittests/sources/test_ec2.py +@@ -1709,16 +1709,6 @@ class TestIdentifyPlatform: + ) + assert ec2.CloudNames.AWS == ec2.identify_platform() + +- @mock.patch("cloudinit.sources.DataSourceEc2._collect_platform_data") +- def test_identify_aliyun(self, m_collect): +- """aliyun should be identified if product name equals to +- Alibaba Cloud ECS +- """ +- m_collect.return_value = self.collmock( +- product_name="Alibaba Cloud ECS" +- ) +- assert ec2.CloudNames.ALIYUN == ec2.identify_platform() +- + @mock.patch("cloudinit.sources.DataSourceEc2._collect_platform_data") + def test_identify_zstack(self, m_collect): + """zstack should be identified if chassis-asset-tag +-- +2.48.1 + diff --git a/SOURCES/ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch b/SOURCES/ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch index 3d21d20..c9622ea 100644 --- a/SOURCES/ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch +++ b/SOURCES/ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch @@ -1,14 +1,15 @@ -From b4d74e6043fa991a52e2cb98178a17914afe75b9 Mon Sep 17 00:00:00 2001 +From cce7faf49aeb3b53433b9b7bcc48ca2e7dbaee64 Mon Sep 17 00:00:00 2001 From: Brett Holman Date: Thu, 22 Aug 2024 16:54:53 -0600 Subject: [PATCH 1/2] fix: Don't attempt to identify non-x86 OpenStack instances RH-Author: Ani Sinha -RH-MergeRequest: 161: CVE-2024-6174: fix: Don't attempt to identify non-x86 OpenStack instances -RH-Jira: RHEL-100611 +RH-MergeRequest: 129: CVE-2024-6174: fix: Don't attempt to identify non-x86 OpenStack instances +RH-Jira: RHEL-100615 RH-Acked-by: xiachen -RH-Commit: [1/2] 9a7d7ee54fc4361e3c2b92e399ea2a6e45290300 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/2] 71a7a1b189d33ff43dc439ecf73c996a9cca3494 (anisinha/cloud-init) This causes cloud-init to attempt to reach out to the OpenStack Nova datasource in non-Nova deployments on non-x86 architectures. diff --git a/SOURCES/ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch b/SOURCES/ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch index 6a4ba2a..a3c2f6c 100644 --- a/SOURCES/ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch +++ b/SOURCES/ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch @@ -1,14 +1,12 @@ -From 9fc0cee23d9d2b9ed43a7b4a8d09395b3507002a Mon Sep 17 00:00:00 2001 +From 95e9d95a1bd0b995cdb505395b761896739d1476 Mon Sep 17 00:00:00 2001 From: Ani Sinha Date: Thu, 13 Mar 2025 19:46:35 +0530 Subject: [PATCH] fix: NM reload and bring up individual network conns (#6073) RH-Author: Ani Sinha -RH-MergeRequest: 156: fix: NM reload and bring up individual network conns (#6073) -RH-Jira: RHEL-83636 -RH-Acked-by: Emanuele Giuseppe Esposito -RH-Acked-by: xiachen -RH-Commit: [1/1] f4aa90029dff342dd100b95f1d67dcddac434095 +RH-MergeRequest: 125: fix: NM reload and bring up individual network conns (#6073) +RH-Jira: RHEL-81703 +RH-Commit: [1/1] 7d9b3575e1807360c40a1f45620060d1843a65b7 (anisinha/cloud-init) Reloading the network manager service is equivalent to "nmcli reload" and this command only reloads the global .conf files and DNS config, not connections. @@ -34,7 +32,7 @@ Signed-off-by: Ani Sinha 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cloudinit/net/activators.py b/cloudinit/net/activators.py -index de9a1d3c..94212894 100644 +index de9a1d3c9..942128941 100644 --- a/cloudinit/net/activators.py +++ b/cloudinit/net/activators.py @@ -206,9 +206,9 @@ class NetworkManagerActivator(NetworkActivator): @@ -50,7 +48,7 @@ index de9a1d3c..94212894 100644 class NetplanActivator(NetworkActivator): diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py -index a720ada8..84876b73 100644 +index a720ada81..84876b73b 100644 --- a/tests/unittests/test_net_activators.py +++ b/tests/unittests/test_net_activators.py @@ -247,8 +247,8 @@ NETWORK_MANAGER_BRING_UP_ALL_CALL_LIST: list = [ diff --git a/SOURCES/ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch b/SOURCES/ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch index 2652a66..097b9cd 100644 --- a/SOURCES/ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch +++ b/SOURCES/ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch @@ -1,14 +1,15 @@ -From e408a36f43f476a0804f4855da2d7b58b405d87f Mon Sep 17 00:00:00 2001 +From 9c2c1169ba2d11b22ff054583583cd4298a5ba81 Mon Sep 17 00:00:00 2001 From: Chad Smith Date: Tue, 24 Jun 2025 09:12:52 -0600 Subject: [PATCH 2/2] fix: strict disable in ds-identify on no datasources found RH-Author: Ani Sinha -RH-MergeRequest: 161: CVE-2024-6174: fix: Don't attempt to identify non-x86 OpenStack instances -RH-Jira: RHEL-100611 +RH-MergeRequest: 129: CVE-2024-6174: fix: Don't attempt to identify non-x86 OpenStack instances +RH-Jira: RHEL-100615 RH-Acked-by: xiachen -RH-Commit: [2/2] 4a12b4c640fe84916cc52484c232898506ab9d19 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/2] f941ad029982aa5b1aecd569380ae47a6d727d9b (anisinha/cloud-init) Take the CVE-2024-6174 strict detection fix one step further. diff --git a/SOURCES/ignore-enslaved-interface.patch b/SOURCES/ignore-enslaved-interface.patch new file mode 100644 index 0000000..cfefbe4 --- /dev/null +++ b/SOURCES/ignore-enslaved-interface.patch @@ -0,0 +1,44 @@ +From e7aba0f0ccd6f023667f41385f25044a94428ed3 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 05:56:06 -0800 +Subject: [PATCH] ignore enslaved interface + + Changes to ignore all enslaved interfaces. + https://jira.oci.oraclecorp.com/browse/LINUX-1947 + + Orabug: 30092148 + + Signed-off-by: Si-Wei Liu + Signed-off-by: Darren Archibald +--- + cloudinit/net/__init__.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py +index c0888f5..b093796 100644 +--- a/cloudinit/net/__init__.py ++++ b/cloudinit/net/__init__.py +@@ -335,6 +335,10 @@ def is_netfail_standby(devname, driver=None): + return True + + ++def is_slave(devname): ++ return os.path.exists(sys_dev_path(devname, "master")) ++ ++ + def is_renamed(devname): + """ + /* interface name assignment types (sysfs name_assign_type attribute) */ +@@ -1054,6 +1058,9 @@ def get_interfaces( + if is_bridge(name): + filtered_logger("Ignoring bridge interface: %s", name) + continue ++ if is_slave(name): ++ filtered_logger("Ignoring bridge interface: %s", name) ++ continue + if filter_vlan and is_vlan(name): + continue + if is_bond(name): +-- +2.31.1 + diff --git a/SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch b/SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch new file mode 100644 index 0000000..c8b89d8 --- /dev/null +++ b/SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch @@ -0,0 +1,26 @@ +From 8735577c8a683407e94abed0cfccc3aacbb9aa47 Mon Sep 17 00:00:00 2001 +From: Si-Wei Liu +Date: Wed, 10 Jun 2020 20:59:29 -0400 +Subject: [PATCH] sysconfig: add Oracle Linux variant to known distros + +otherwise anything sysconfig breaks on Oracle Linux. + +JIRA: https://jira.oci.oraclecorp.com/browse/LINUX-6128 + +Signed-off-by: Si-Wei Liu +--- + cloudinit/net/sysconfig.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index e94590f..55b7db5 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -35,6 +35,7 @@ + "suse", + "TencentOS", + "virtuozzo", ++ "ol", + ] + + diff --git a/SOURCES/orabug30435672-003-cloud-init-collect-logs.patch b/SOURCES/orabug30435672-003-cloud-init-collect-logs.patch new file mode 100644 index 0000000..992c033 --- /dev/null +++ b/SOURCES/orabug30435672-003-cloud-init-collect-logs.patch @@ -0,0 +1,77 @@ +From 51cdd87ad861d5d47c212258bf00402a4dec2198 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 06:17:54 -0800 +Subject: [PATCH] Update cloud-init collect-logs for Oracle Linux + +Updating the code to collect triage logs with OL distro specic methods. + +Orabug: 30435672 + +Signed-off-by: Vijay Balakrishna +Reviewed-by: Si-Wei Liu +Acked-by: Joe Kennedy +Reviewed-by: Laurence Rochfort +Signed-off-by: Rajesh Harekal +--- + cloudinit/cmd/devel/logs.py | 26 ++++++++++++++++---------- + cloudinit/util.py | 1 + + 2 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/cloudinit/cmd/devel/logs.py b/cloudinit/cmd/devel/logs.py +index 8312218..85d976a 100755 +--- a/cloudinit/cmd/devel/logs.py ++++ b/cloudinit/cmd/devel/logs.py +@@ -21,7 +21,7 @@ + from cloudinit.stages import Init + from cloudinit.subp import ProcessExecutionError, subp + from cloudinit.temp_utils import tempdir +-from cloudinit.util import copy, get_config_logfiles, write_file ++from cloudinit.util import copy, get_config_logfiles, write_file, system_info + + LOG = cast(loggers.CustomLoggerType, logging.getLogger(__name__)) + +@@ -214,13 +214,21 @@ + file_path=log_dir / "version", + msg="cloud-init --version", + ) +- dpkg_ver = _write_command_output_to_file( +- cmd=["dpkg-query", "--show", "-f=${Version}\n", "cloud-init"], +- file_path=log_dir / "dpkg-version", +- msg="dpkg version", +- ) +- if not version: +- version = dpkg_ver or "not-available" ++ if system_info()['variant'] == "ol": ++ rpm_ver = _write_command_output_to_file( ++ cmd=["rpm", "-q", "--queryformat", ++ "[%{VERSION}-%{RELEASE}.%{ARCH}]\n", "cloud-init"], ++ file_path=log_dir / "rpm-version", ++ msg="rpm version") ++ if not version: ++ version = rpm_ver if rpm_ver else "not-available" ++ else: ++ dpkg_ver = _write_command_output_to_file( ++ cmd=["dpkg-query", "--show", "-f=${Version}\n", "cloud-init"], ++ file_path=log_dir / "dpkg-version", ++ msg="dpkg version") ++ if not version: ++ version = dpkg_ver or "not-available" + + + def _collect_system_logs( +diff --git a/cloudinit/util.py b/cloudinit/util.py +index 3295735..db7bb97 100644 +--- a/cloudinit/util.py ++++ b/cloudinit/util.py +@@ -660,6 +660,7 @@ def _get_variant(info): + "suse", + "tencentos", + "virtuozzo", ++ "ol", + ): + variant = linux_dist + elif linux_dist in ("ubuntu", "linuxmint", "mint"): +-- +2.31.1 + diff --git a/SOURCES/orabug30435672-004-ol-cloud-config.patch b/SOURCES/orabug30435672-004-ol-cloud-config.patch new file mode 100644 index 0000000..5958b77 --- /dev/null +++ b/SOURCES/orabug30435672-004-ol-cloud-config.patch @@ -0,0 +1,112 @@ +From 250aa45f74e29b95f81b24811c972369605bd24e Mon Sep 17 00:00:00 2001 +From: Vijay Balakrishna +Date: Tue, 5 Nov 2019 16:00:21 -0500 +Subject: [PATCH] Add static cloud.cfg file for OL7. + +Adding OL specific cloud.cfg file to enable updates cloud-init +config file independently, adding newly verified ntp module. + +Orabug: 30435672 + +Signed-off-by: Vijay Balakrishna +Signed-off-by: Si-Wei Liu +Acked-by: Joe Kennedy +Reviewed-by: Laurence Rochfort + +--- + ol/README.ol | 6 ++++++ + ol/cloud.cfg | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 75 insertions(+) + create mode 100644 ol/README.ol + create mode 100644 ol/cloud.cfg + +diff --git a/ol/README.ol b/ol/README.ol +new file mode 100644 +index 0000000..f59d559 +--- /dev/null ++++ b/ol/README.ol +@@ -0,0 +1,6 @@ ++The following cloud-init modules are currently unsupported on this OS: ++ - apt_update_upgrade ('apt_update', 'apt_upgrade', 'apt_mirror', 'apt_preserve_sources_list', 'apt_old_mirror', 'apt_sources', 'debconf_selections', 'packages' options) ++ - byobu ('byobu_by_default' option) ++ - chef ++ - grub_dpkg ++ - rh_subscription +diff --git a/ol/cloud.cfg b/ol/cloud.cfg +new file mode 100644 +index 0000000..2ee1fb3 +--- /dev/null ++++ b/ol/cloud.cfg +@@ -0,0 +1,69 @@ ++users: ++ - default ++ ++disable_root: 1 ++ssh_pwauth: 0 ++ ++mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] ++resize_rootfs_tmp: /dev ++ssh_deletekeys: 0 ++ssh_genkeytypes: ~ ++syslog_fix_perms: ~ ++disable_vmware_customization: false ++ ++cloud_init_modules: ++ - disk_setup ++ - migrator ++ - bootcmd ++ - write-files ++ - growpart ++ - resizefs ++ - set_hostname ++ - update_hostname ++ - update_etc_hosts ++ - rsyslog ++ - users-groups ++ - ssh ++ ++cloud_config_modules: ++ - mounts ++ - locale ++ - set-passwords ++ - ntp ++ - yum-add-repo ++ - package-update-upgrade-install ++ - timezone ++ - puppet ++ - chef ++ - salt-minion ++ - mcollective ++ - disable-ec2-metadata ++ - runcmd ++ ++cloud_final_modules: ++ - rightscale_userdata ++ - scripts-per-once ++ - scripts-per-boot ++ - scripts-per-instance ++ - scripts-user ++ - ssh-authkey-fingerprints ++ - keys-to-console ++ - phone-home ++ - final-message ++ - power-state-change ++ ++system_info: ++ default_user: ++ name: cloud-user ++ lock_passwd: true ++ gecos: Cloud User ++ groups: [adm, systemd-journal] ++ sudo: ["ALL=(ALL) NOPASSWD:ALL"] ++ shell: /bin/bash ++ distro: rhel ++ paths: ++ cloud_dir: /var/lib/cloud ++ templates_dir: /etc/cloud/templates ++ ssh_svcname: sshd ++ ++# vim:syntax=yaml +-- +1.8.3.1 + diff --git a/SOURCES/orabug30435672-006-cc_spacewalk.py.patch b/SOURCES/orabug30435672-006-cc_spacewalk.py.patch new file mode 100644 index 0000000..f4d4517 --- /dev/null +++ b/SOURCES/orabug30435672-006-cc_spacewalk.py.patch @@ -0,0 +1,55 @@ +From 2b92e042bb8a4510abec38fcfc302d8de1e28f37 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 06:55:32 -0800 +Subject: [PATCH] spacewalk: fix CA cert file path for Oracle Linux + +Update the CA cert file that is available in Oracle Linux to register with ULN. + +Orabug: 30435672 + +Signed-off-by: Si-Wei Liu +Signed-off-by: Vijay Balakrishna +Acked-by: Joe Kennedy +Reviewed-by: Laurence Rochfort +Signed-off-by: Darren Archibald +Signed-off-by: Rajesh Harekal +--- + cloudinit/config/cc_spacewalk.py | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/config/cc_spacewalk.py b/cloudinit/config/cc_spacewalk.py +index 08514f2..7248cce 100644 +--- a/cloudinit/config/cc_spacewalk.py ++++ b/cloudinit/config/cc_spacewalk.py +@@ -3,7 +3,7 @@ + + import logging + +-from cloudinit import subp ++from cloudinit import subp, util + from cloudinit.cloud import Cloud + from cloudinit.config import Config + from cloudinit.config.schema import MetaSchema +@@ -21,6 +21,7 @@ + distros = ["redhat", "fedora", "openeuler"] + required_packages = ["rhn-setup"] + def_ca_cert_path = "/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" ++ol_ca_cert_path = "/usr/share/rhn/ULN-CA-CERT" + + + def is_registered(): +@@ -74,9 +75,14 @@ + # Need to have this installed before further things will work. + cloud.distro.install_packages(required_packages) + if not is_registered(): ++ if util.system_info()['variant'] == "ol": ++ cert = ol_ca_cert_path ++ else: ++ cert = def_ca_cert_path + do_register( + spacewalk_server, + cloud.datasource.get_hostname(fqdn=True).hostname, ++ ca_cert_path=cert, + proxy=cfg.get("proxy"), + activation_key=cfg.get("activation_key"), + ) diff --git a/SOURCES/orabug32183938-009-missing-sshd-services.patch b/SOURCES/orabug32183938-009-missing-sshd-services.patch new file mode 100644 index 0000000..3386a06 --- /dev/null +++ b/SOURCES/orabug32183938-009-missing-sshd-services.patch @@ -0,0 +1,31 @@ +cloud-init service file is missing sshd required services +Orabug: 32183938 + +in the systemd sshd-keygen.target file, the following services are listed: +[Unit] +Wants=sshd-keygen@rsa.service +Wants=sshd-keygen@ecdsa.service +Wants=sshd-keygen@ed25519.service + +Need to add the following to the cloud-init service file: +Before=sshd-keygen@rsa.service +Before=sshd-keygen@ecdsa.service +Before=sshd-keygen@ed25519.service + +Signed-off-by: Isaac Chen +Signed-off-by: Rajesh Harekal + +diff -up cloud-init-19.4/systemd/cloud-init.service.tmpl.orig cloud-init-19.4/systemd/cloud-init.service.tmpl +--- cloud-init-24.4/systemd/cloud-init.service.tmpl 2025-01-28 11:13:57.339346352 -0800 ++++ cloud-init-24.4/systemd/cloud-init.service.tmpl 2025-01-28 11:14:31.587669418 -0800 +@@ -28,7 +28,9 @@ + After=dbus.service + {% endif %} + Before=network-online.target +-Before=sshd-keygen.service ++Before=sshd-keygen@rsa.service ++Before=sshd-keygen@ecdsa.service ++Before=sshd-keygen@ed25519.service + Before=sshd.service + Before=systemd-user-sessions.service + {% if variant in ["ubuntu", "unknown", "debian"] %} diff --git a/SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch b/SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch new file mode 100644 index 0000000..7cb4fb0 --- /dev/null +++ b/SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch @@ -0,0 +1,22 @@ +cloud-init service file is missing sshd required services +Orabug: 32183938 + +This patch is the supplement of patch orabug32183938-009, where changes +to cloud-init.service also need to be added to files in rhel/systemd. + +Signed-off-by: Isaac Chen + +diff -up cloud-init-19.4/systemd/cloud-init.service.tmpl.orig cloud-init-19.4/systemd/cloud-init.service.tmpl +--- cloud-init-19.4/systemd/cloud-init.service.tmpl.orig 2020-12-11 19:59:37.331277979 -0800 ++++ cloud-init-19.4/systemd/cloud-init.service.tmpl 2020-12-11 20:00:38.867459043 -0800 +@@ -5,7 +5,9 @@ + DefaultDependencies=no + {% endif %} + Wants=cloud-init-local.service +-Wants=sshd-keygen.service ++Wants=sshd-keygen@rsa.service ++Wants=sshd-keygen@ecdsa.service ++Wants=sshd-keygen@ed25519.service + Wants=sshd.service + After=cloud-init-local.service + After=systemd-networkd-wait-online.service diff --git a/SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch b/SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch new file mode 100644 index 0000000..49ff3cb --- /dev/null +++ b/SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch @@ -0,0 +1,287 @@ +From e921be03f802ee154ed1ddf044e276b23af0d2b6 Mon Sep 17 00:00:00 2001 +From: Darren Archibald +Date: Fri, 23 Feb 2024 07:52:25 -0800 +Subject: [PATCH] Add Oracle to distro detection logic in cloud.cfg.tmpl + +Oracle Linux is being detected as "ol" variant by cloud-init. +This patch adds "ol" to the list of supported variants, and applies needed settings to it. +You can notice that variant "ol" is being set as distro "rhel" in a couple of places, +that is expected as this designated that base distro for "ol" is "rhel" ( which is true ) + +The main reason for this change is that cloud-init package dropped hardcoded configs that set OL as rhel +and to make cloud-init behave on OL systems as expected we need to add "ol" designation to supported list. + +Orabug: 34845400 +Signed-off-by: Alex Burmashev +Signed-off-by: Darren Archibald +Signed-off-by: Rajesh Harekal +--- + cloudinit/distros/__init__.py | 1 + + cloudinit/sources/DataSourceRbxCloud.py | 2 +- + config/cloud.cfg.tmpl | 33 ++++++++++++++++++------- + systemd/cloud-final.service | 4 ++- + systemd/cloud-init-local.service.tmpl | 12 ++++++--- + systemd/cloud-init.service.tmpl | 8 ++++-- + systemd/cloud-init-generator.tmpl | 1 +++-- + tests/unittests/test_util.py | 1 + + 8 files changed, 48 insertions(+), 17 deletions(-) + +diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py +index 79e2623..8f1381b 100644 +--- a/cloudinit/distros/__init__.py ++++ b/cloudinit/distros/__init__.py +@@ -78,6 +78,7 @@ OSFAMILIES = { + "rhel", + "rocky", + "virtuozzo", ++ "ol", + ], + "suse": [ + "opensuse", +diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py +index 9214f1b..5379132 100644 +--- a/cloudinit/sources/DataSourceRbxCloud.py ++++ b/cloudinit/sources/DataSourceRbxCloud.py +@@ -60,7 +60,7 @@ def _sub_arp(cmd): + + def gratuitous_arp(items, distro): + source_param = "-S" +- if distro.name in ["fedora", "centos", "rhel"]: ++ if distro.name in ["fedora", "centos", "rhel", "ol"]: + source_param = "-s" + for item in items: + try: +diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl +index a470120..f440830 100644 +--- a/config/cloud.cfg.tmpl ++++ b/config/cloud.cfg.tmpl +@@ -59,10 +59,10 @@ + {% endif %} + + {%- if variant in ["alpine", "amazon", "fedora", "OpenCloudOS", "openeuler", +- "openmandriva", "photon", "TencentOS"] or is_rhel %} ++ "openmandriva", "photon", "TencentOS", "ol"] or is_rhel %} + +-{% if is_rhel %} +-mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.after=cloud-init-network.service,_netdev', '0', '2'] ++{% if variant in ["ol"] or is_rhel %} ++mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.after=cloud-init.service,_netdev', '0', '2'] + {% else %} + mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2'] + {% endif %} +@@ -101,7 +101,7 @@ + + {% endif -%} + +-{% if is_rhel %} ++{% if variant in ["ol"] or is_rhel %} + # Default redhat settings: + ssh_deletekeys: true + ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] +@@ -166,18 +166,20 @@ + - ubuntu_pro + {% endif %} + {% elif variant in ["azurelinux", "fedora", "mariner", "openeuler", +- "openmandriva", "photon"] or is_rhel %} ++ "openmandriva", "photon", "ol"] or is_rhel %} + {% if is_rhel %} + - rh_subscription + {% endif %} +-{% if variant not in ["azurelinux", "mariner", "photon"] %} ++{% if variant not in ["azurelinux", "mariner", "photon", "ol"] %} + - spacewalk + {% endif %} + - yum_add_repo + {% elif variant == "suse" %} + - zypper_add_repo + {% endif %} ++{% if variant not in ["ol"] %} + - ntp ++{% endif %} + - timezone + {% if variant not in ["azurelinux"] %} + - disable_ec2_metadata +@@ -207,6 +209,8 @@ + {% if variant not in ["azurelinux"] %} + - mcollective + - salt_minion ++{% endif %} ++{% if variant not in ["azurelinux", "ol"] %} + - reset_rmc + {% endif %} + - scripts_vendor +@@ -230,6 +234,8 @@ + "OpenCloudOS", "openeuler", "openmandriva", "photon", "suse", + "TencentOS", "ubuntu"] or is_rhel %} + distro: {{ variant }} ++{% elif variant == "ol" %} ++ distro: rhel + {% elif variant == "dragonfly" %} + distro: dragonflybsd + {% else %} +@@ -238,7 +244,9 @@ + {% endif %} + # Default user name + that default users groups (if added/used) + default_user: +-{% if variant in usernames %} ++{% if variant == "ol" %} ++ name: cloud-user ++{% elif variant in usernames %} + name: {{ usernames[variant] }} + {% else %} + name: {{ variant }} +@@ -246,11 +254,13 @@ + {% if variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "debian", "fedora", + "gentoo", "mariner", "OpenCloudOS", "openeuler", + "openmandriva", "photon", "suse", "TencentOS", "ubuntu", +- "unknown"] ++ "unknown", "ol"] + or is_bsd or is_rhel %} + lock_passwd: True + {% endif %} +-{% if variant in gecos %} ++{% if variant == "ol" %} ++ gecos: Cloud User ++{% elif variant in gecos %} + gecos: {{ gecos[variant] }} + {% else %} + gecos: {{ variant }} Cloud User +@@ -259,7 +269,7 @@ + groups: [{{ groups[variant] }}] + {% elif is_bsd %} + groups: [wheel] +-{% elif is_rhel %} ++{% elif variant in ["ol"] or is_rhel %} + groups: [adm, systemd-journal] + {% else %} + groups: [wheel, adm, systemd-journal] +@@ -328,7 +338,7 @@ + {% if variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "debian", "fedora", + "gentoo", "mariner", "OpenCloudOS", "openeuler", + "openmandriva", "photon", "suse", "TencentOS", "ubuntu", +- "unknown"] ++ "unknown", "ol"] + or is_rhel %} + # Other config here will be given to the distro class and/or path classes + paths: +@@ -375,7 +385,7 @@ + ssh_svcname: ssh + {% elif variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "fedora", + "gentoo", "mariner", "OpenCloudOS", "openeuler", +- "openmandriva", "photon", "suse", "TencentOS"] ++ "openmandriva", "photon", "suse", "TencentOS", "ol"] + or is_rhel %} + ssh_svcname: sshd + {% endif %} + +diff --git a/systemd/cloud-final.service b/systemd/cloud-final.service +index ab3daed..1c69dde 100644 +--- a/systemd/cloud-final.service ++++ b/systemd/cloud-final.service +@@ -3,7 +3,6 @@ + Description=Cloud-init: Final Stage + After=network-online.target time-sync.target cloud-config.service rc-local.service + After=multi-user.target +-Before=apt-daily.service + Wants=network-online.target cloud-config.service + ConditionPathExists=!/etc/cloud/cloud-init.disabled + ConditionKernelCommandLine=!cloud-init=disabled + +diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl +index 3a1ca7f..4750c36 100644 +--- a/systemd/cloud-init-local.service.tmpl ++++ b/systemd/cloud-init-local.service.tmpl +@@ -2,19 +2,21 @@ + [Unit] + # https://docs.cloud-init.io/en/latest/explanation/boot.html + Description=Cloud-init: Local Stage (pre-network) +-{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel"] %} ++{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel", "ol"] %} + DefaultDependencies=no + {% endif %} + Wants=network-pre.target ++{% if variant not in ["ol"] %} + After=hv_kvp_daemon.service +-{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ++{% endif %} ++{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} + Requires=dbus.socket + After=dbus.socket + {% endif %} + After=systemd-remount-fs.service + Before=network-pre.target + Before=shutdown.target +-{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ++{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} + Before=firewalld.target + {% endif %} + {% if variant in ["ubuntu", "unknown", "debian"] %} +@@ -28,7 +30,7 @@ + + [Service] + Type=oneshot +-{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ++{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} + ExecStartPre=/sbin/restorecon /run/cloud-init + {% endif %} + ExecStart=/usr/bin/cloud-init init --local + +diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl +index 90d45f2..2e1ce48 100644 +--- a/systemd/cloud-init.service.tmpl ++++ b/systemd/cloud-init.service.tmpl +@@ -2,7 +2,7 @@ + [Unit] + # https://docs.cloud-init.io/en/latest/explanation/boot.html + Description=Cloud-init: Network Stage +-{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %} ++{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel", "ol"] %} + DefaultDependencies=no + {% endif %} + Wants=cloud-init-local.service +@@ -11,13 +11,15 @@ + Wants=sshd-keygen@ed25519.service + Wants=sshd.service + After=cloud-init-local.service ++{% if variant not in ["ol"] %} + After=systemd-networkd-wait-online.service ++{% endif %} + {% if variant in ["ubuntu", "unknown", "debian"] %} + After=networking.service + {% endif %} + {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", + "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", +- "suse", "TencentOS", "virtuozzo"] %} ++ "suse", "TencentOS", "virtuozzo", "ol"] %} + + After=NetworkManager.service + After=NetworkManager-wait-online.service + +diff --git a/systemd/cloud-init-generator.tmpl b/systemd/cloud-init-generator.tmpl +--- a/systemd/cloud-init-generator.tmpl ++++ b/systemd/cloud-init-generator.tmpl +@@ -21,7 +21,7 @@ + CLOUD_SYSTEM_TARGET="/lib/systemd/system/cloud-init.target" + {% endif %} + {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", +- "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo"] %} ++ "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo", "ol"] %} + dsidentify="/usr/libexec/cloud-init/ds-identify" + {% elif variant == "benchmark" %} + dsidentify="/bin/true" + +diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py +index 519ef63..323e7f6 100644 +--- a/tests/unittests/test_util.py ++++ b/tests/unittests/test_util.py +@@ -1311,6 +1311,7 @@ class TestGetVariant: + ({"system": "linux", "dist": ("sles",)}, "suse"), + ({"system": "linux", "dist": ("sle_hpc",)}, "suse"), + ({"system": "linux", "dist": ("my_distro",)}, "linux"), ++ ({"system": "linux", "dist": ("ol",)}, "ol"), + ({"system": "Windows", "dist": ("dontcare",)}, "windows"), + ({"system": "Darwin", "dist": ("dontcare",)}, "darwin"), + ({"system": "Freebsd", "dist": ("dontcare",)}, "freebsd"), +-- +2.31.1 + diff --git a/SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch b/SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch new file mode 100644 index 0000000..5a2835e --- /dev/null +++ b/SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch @@ -0,0 +1,115 @@ +Patch to adapt DataSourceOracle and make it functional for OCI. +Also includes setting for retries and timeouts previously provided by +a separate patch to help PCA instances get IMDS data. + +Orabug: 37065979 + +Signed-off-by: Rajesh Harekal +--- +diff -git a/cloudinit/sources/DataSourceOracle.py b/cloudinit/sources/DataSourceOracle.py +--- a/cloudinit/sources/DataSourceOracle.py 2025-03-07 16:04:37.773216485 -0800 ++++ a/cloudinit/sources/DataSourceOracle.py 2025-03-07 16:32:33.174574170 -0800 +@@ -15,6 +15,7 @@ + + import base64 + import ipaddress ++import os + import json + import logging + import time +@@ -32,6 +33,8 @@ + + LOG = logging.getLogger(__name__) + ++ISCSI_IBFT_PATH='/sys/firmware/acpi/tables/iBFT' ++ + BUILTIN_DS_CONFIG = { + # Don't use IMDS to configure secondary NICs by default + "configure_secondary_nics": False, +@@ -135,8 +138,8 @@ + perform_dhcp_setup = True + + # Careful...these can be overridden in __init__ +- url_max_wait = 30 +- url_timeout = 5 ++ url_max_wait = 180 ++ url_timeout = 20 + + def __init__(self, sys_cfg, *args, **kwargs): + super(DataSourceOracle, self).__init__(sys_cfg, *args, **kwargs) +@@ -149,7 +152,7 @@ + ] + ) + self._network_config_source = KlibcOracleNetworkConfigSource() +- self._network_config: dict = {"config": [], "version": 1} ++ self._network_config = sources.UNSET + + url_params = self.get_url_params() + self.url_max_wait = url_params.max_wait_seconds +@@ -274,7 +277,7 @@ + + def _is_iscsi_root(self) -> bool: + """Return whether we are on a iscsi machine.""" +- return self._network_config_source.is_applicable() ++ return self._network_config_source.is_applicable() or bool(os.path.exists(ISCSI_IBFT_PATH)) + + def _get_iscsi_config(self) -> dict: + return self._network_config_source.render_config() +@@ -294,34 +297,31 @@ + + set_primary = False + # this is v1 +- if self._is_iscsi_root(): +- self._network_config = self._get_iscsi_config() +- if not self._has_network_config(): +- LOG.warning( +- "Could not obtain network configuration from initramfs. " +- "Falling back to IMDS." ++ if self._network_config == sources.UNSET: ++ # this is v1 ++ if not self._has_network_config(): ++ self._network_config = self.distro.generate_fallback_config() ++ set_primary = True ++ ++ set_secondary = self.ds_cfg.get( ++ "configure_secondary_nics", ++ BUILTIN_DS_CONFIG["configure_secondary_nics"], + ) +- set_primary = True +- +- set_secondary = self.ds_cfg.get( +- "configure_secondary_nics", +- BUILTIN_DS_CONFIG["configure_secondary_nics"], +- ) +- if set_primary or set_secondary: +- try: +- # Mutate self._network_config to include primary and/or +- # secondary VNICs +- self._add_network_config_from_opc_imds(set_primary) +- except Exception: +- util.logexc( +- LOG, +- "Failed to parse IMDS network configuration!", +- ) ++ if set_primary or set_secondary: ++ try: ++ # Mutate self._network_config to include primary and/or ++ # secondary VNICs ++ self._add_network_config_from_opc_imds(set_primary) ++ except Exception: ++ util.logexc( ++ LOG, ++ "Failed to parse IMDS network configuration!", ++ ) + +- # we need to verify that the nic selected is not a netfail over +- # device and, if it is a netfail master, then we need to avoid +- # emitting any match by mac +- _ensure_netfailover_safe(self._network_config) ++ # we need to verify that the nic selected is not a netfail over ++ # device and, if it is a netfail master, then we need to avoid ++ # emitting any match by mac ++ _ensure_netfailover_safe(self._network_config) + + return self._network_config + diff --git a/SPECS/cloud-init.spec b/SPECS/cloud-init.spec index 60f5d6d..eb74b3f 100644 --- a/SPECS/cloud-init.spec +++ b/SPECS/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init Version: 24.4 -Release: 4%{?dist}.3 +Release: 7.0.1%{?dist}.1 Summary: Cloud instance init scripts License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -21,13 +21,29 @@ Patch7: ci-Use-log_with_downgradable_level-for-user-password-wa.patch Patch8: ci-downstream-set-deprecation-boundary-version.patch # For RHEL-76361 - [c9s] cloud-init remove 'NOZEROCONF=yes' from /etc/sysconfig/network Patch9: ci-net-sysconfig-do-not-remove-all-existing-settings-of.patch -# For RHEL-83636 - DataSourceNoCloudNet network configuration is ineffective [rhel-9.6.z] +# For RHEL-81703 - DataSourceNoCloudNet network configuration is ineffective - c9s Patch10: ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch -Patch11: 0003-downstream-Retain-exit-code-in-cloud-init-status-for.patch -# For RHEL-100611 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.6.z] +# For RHEL-88658 - Cloud-Init Backport Optimization Features on Alibaba Cloud +Patch11: ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch +# For RHEL-100615 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.7] Patch12: ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch -# For RHEL-100611 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.6.z] +# For RHEL-100615 - CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.7] Patch13: ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch +Patch14: 0003-downstream-Retain-exit-code-in-cloud-init-status-for.patch + +# Oracle patches +Patch100: 0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch +Patch101: ignore-enslaved-interface.patch +Patch102: ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch +Patch103: 0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch +# Oracle specific patches (preferred prefix: "ol" or "orabugNNNNNNNN") +Patch1001: orabug30435672-003-cloud-init-collect-logs.patch +Patch1002: orabug30435672-004-ol-cloud-config.patch +Patch1003: orabug30435672-006-cc_spacewalk.py.patch +Patch1004: orabug32183938-009-missing-sshd-services.patch +Patch1005: orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch +Patch1006: orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch +Patch1007: orabug35950168-DataSourceOracle-network-getdata-updates.patch BuildArch: noarch @@ -216,6 +232,7 @@ fi %doc %{_sysconfdir}/cloud/cloud.cfg.d/README %dir %{_sysconfdir}/cloud/templates %config(noreplace) %{_sysconfdir}/cloud/templates/* +%config(noreplace) %{_unitdir}/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf %{_unitdir}/cloud-config.service %{_unitdir}/cloud-config.target %{_unitdir}/cloud-final.service @@ -236,26 +253,52 @@ fi %{_datadir}/bash-completion/completions/cloud-init %{_bindir}/cloud-id %{_systemdgeneratordir}/cloud-init-generator -%{_unitdir}/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf %dir %{_sysconfdir}/rsyslog.d %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %changelog -* Thu Jul 03 2025 Miroslav Rezanina - 24.4-4.el9_6.3 -- ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100611] -- ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch [RHEL-100611] -- Resolves: RHEL-100611 - (CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.6.z]) +* Thu Jan 29 2026 Craig Guiller - 24.4-7.0.1.el9_7.1 +- Fix Oracle Datasource network and getdata methods for OCI OL [Orabug: 35950168] +- Fix log file permission [Orabug: 35302969] +- Update detection logic for OL distros in config template [Orabug: 34845400] +- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938] +- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938] +- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] +- limit permissions [Orabug: 31352433] +- Changes to ignore all enslaved interfaces [Orabug: 30092148] +- Make Oracle datasource detect dracut based config files [Orabug: 29956753] +- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch: + 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata + 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader + Resolves: Oracle-Bug:41660 (Bugzilla) +- added OL to list of known distros +Resolves: rhbz#1427280 +Resolves: rhbz#1427280 -* Thu Jul 03 2025 Miroslav Rezanina - 24.4-4.el9_6.2 -- Adding missed fix 'Retain exit code in cloud-init status for recoverable errors' -- Resolves: RHEL-101693 +* Wed Dec 10 2025 Jon Maloy - 24.4-7.el9_7.1 +- ci-downstream-Do-not-override-changes-in-disable-sshd-k.patch [RHEL-128876] +- Resolves: RHEL-128876 + ([rhel-9] cloud-init upgrade is overwriting modifications in disable-sshd-keygen-if-cloud-init-active.conf) -* Thu Mar 20 2025 Jon Maloy - 24.4-4.el9_6.1 -- ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch [RHEL-83636] -- Resolves: RHEL-83636 - (DataSourceNoCloudNet network configuration is ineffective [rhel-9.6.z]) +* Thu Jul 03 2025 Miroslav Rezanina - 24.4-7 +- ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100615] +- ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch [RHEL-100615] +- Fix missing patch [RHEL-101692] +- Resolves: RHEL-100615 + (CVE-2024-6174 cloud-init: From CVEorg collector [rhel-9.7]) +- Resolves: RHEL-101692 + (c9s dist-git missing patch "downstream: Retain exit code in cloud-init status for recoverable errors") + +* Wed May 14 2025 Jon Maloy - 24.4-6 +- ci-feat-aliyun-datasource-support-crawl-metadata-at-onc.patch [RHEL-88658] +- Resolves: RHEL-88658 + (Cloud-Init Backport Optimization Features on Alibaba Cloud) + +* Tue Mar 18 2025 Jon Maloy - 24.4-5 +- ci-fix-NM-reload-and-bring-up-individual-network-conns-.patch [RHEL-81703] +- Resolves: RHEL-81703 + (DataSourceNoCloudNet network configuration is ineffective - c9s) * Mon Feb 17 2025 Jon Maloy - 24.4-4 - ci-net-sysconfig-do-not-remove-all-existing-settings-of.patch [RHEL-76361] From 592323f7ab9b44ff601814b75c24ea0ca98aa7ef Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 2 Feb 2026 08:54:49 +0000 Subject: [PATCH 2/2] Revert OL modifications --- ...to-stop-retrying-to-get-ec2-metadata.patch | 50 --- ...add-a-new-unit-test-for-network-mana.patch | 136 --------- SOURCES/ignore-enslaved-interface.patch | 44 --- ...racle-Linux-variant-to-known-distros.patch | 26 -- ...30435672-003-cloud-init-collect-logs.patch | 77 ----- .../orabug30435672-004-ol-cloud-config.patch | 112 ------- .../orabug30435672-006-cc_spacewalk.py.patch | 55 ---- ...ug32183938-009-missing-sshd-services.patch | 31 -- ...issing-sshd-services-in-rhel-systemd.patch | 22 -- ...stro-detection-logic-in-cloud.cfg.tm.patch | 287 ------------------ ...SourceOracle-network-getdata-updates.patch | 115 ------- SPECS/cloud-init.spec | 41 +-- 12 files changed, 5 insertions(+), 991 deletions(-) delete mode 100644 SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch delete mode 100644 SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch delete mode 100644 SOURCES/ignore-enslaved-interface.patch delete mode 100644 SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch delete mode 100644 SOURCES/orabug30435672-003-cloud-init-collect-logs.patch delete mode 100644 SOURCES/orabug30435672-004-ol-cloud-config.patch delete mode 100644 SOURCES/orabug30435672-006-cc_spacewalk.py.patch delete mode 100644 SOURCES/orabug32183938-009-missing-sshd-services.patch delete mode 100644 SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch delete mode 100644 SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch delete mode 100644 SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch diff --git a/SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch b/SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch deleted file mode 100644 index d691b94..0000000 --- a/SOURCES/0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch +++ /dev/null @@ -1,50 +0,0 @@ -Enable ec2_utils to stop retrying to get ec2 metadata - -Signed-off-by: David Sloboda -Reviewed-by: Laurence Rochfort - -diff -ruN a/cloudinit/sources/helpers/openstack.py b/cloudinit/sources/helpers/openstack.py ---- a/cloudinit/sources/helpers/openstack.py 2018-04-02 12:51:20.053828637 -0700 -+++ b/cloudinit/sources/helpers/openstack.py 2018-04-02 12:33:20.000000000 -0700 -@@ -464,6 +464,16 @@ - - return results - -+def should_retry_cb(_request_args, cause): -+ try: -+ code = int(cause.code) -+ if code >= 400: -+ return False -+ except (TypeError, ValueError): -+ # Older versions of requests didn't have a code. -+ pass -+ return True -+ - - class MetadataReader(BaseReader): - def __init__(self, base_url, ssl_details=None, timeout=5, retries=5): -@@ -489,16 +499,6 @@ - return self._versions - - def _path_read(self, path, decode=False): -- def should_retry_cb(_request_args, cause): -- try: -- code = int(cause.code) -- if code >= 400: -- return False -- except (TypeError, ValueError): -- # Older versions of requests didn't have a code. -- pass -- return True -- - response = url_helper.readurl( - path, - retries=self.retries, -@@ -519,6 +519,7 @@ - ssl_details=self.ssl_details, - timeout=self.timeout, - retries=self.retries, -+ exception_cb=should_retry_cb, - ) - - diff --git a/SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch b/SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch deleted file mode 100644 index 2248cbf..0000000 --- a/SOURCES/0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 37a6837813e418486af8cbef436ab82a8be3e3fa Mon Sep 17 00:00:00 2001 -From: Darren Archibald -Date: Fri, 23 Feb 2024 06:06:30 -0800 -Subject: [PATCH] tests/unittests: add a new unit test for network manager net - activator (#4672) - -Some changes in behavior in network manager net activator was brought in with -the commit -d1d5166895da ("net/nm: check for presence of ifcfg files when nm connection files are absent") - -This change adds some unit tests that exercizes network manager activator's -bring_up_interface() method that tests failure scenarios as well as cases -where an ifcfg file is used to bring the interface up. - -Signed-off-by: Ani Sinha -(cherry picked from commit bb474df78bfe45ea5f05907eb710e8d5de764fc8) -Signed-off-by: Darren Archibald ---- - tests/unittests/test_net_activators.py | 101 +++++++++++++++++++++++++ - 1 file changed, 101 insertions(+) - -diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py -index 2a363ec..f95c8a7 100644 ---- a/tests/unittests/test_net_activators.py -+++ b/tests/unittests/test_net_activators.py -@@ -288,6 +288,107 @@ class TestActivatorsBringUp: - for call in m_subp.call_args_list: - assert call in expected_call_list - -+class TestNetworkManagerActivatorBringUp: -+ @patch("cloudinit.subp.subp", return_value=("", "")) -+ @patch( -+ "cloudinit.net.network_manager.available_nm_ifcfg_rh", -+ return_value=True, -+ ) -+ @patch("os.path.isfile") -+ @patch("os.path.exists", return_value=True) -+ def test_bring_up_interface_no_nm_conn( -+ self, m_exists, m_isfile, m_plugin, m_subp -+ ): -+ """ -+ There is no network manager connection file but ifcfg-rh plugin is -+ present and ifcfg interface config files are also present. In this -+ case, we should use ifcfg files. -+ """ -+ -+ def fake_isfile_no_nmconn(filename): -+ return False if filename.endswith(".nmconnection") else True -+ -+ m_isfile.side_effect = fake_isfile_no_nmconn -+ -+ expected_call_list = [ -+ ( -+ ( -+ [ -+ "nmcli", -+ "connection", -+ "load", -+ "".join( -+ [ -+ "/etc/sysconfig/network-scripts/ifcfg-eth0", -+ ] -+ ), -+ ], -+ ), -+ {}, -+ ), -+ ( -+ ( -+ [ -+ "nmcli", -+ "connection", -+ "up", -+ "filename", -+ "".join( -+ [ -+ "/etc/sysconfig/network-scripts/ifcfg-eth0", -+ ] -+ ), -+ ], -+ ), -+ {}, -+ ), -+ ] -+ -+ index = 0 -+ assert NetworkManagerActivator.bring_up_interface("eth0") -+ for call in m_subp.call_args_list: -+ assert call == expected_call_list[index] -+ index += 1 -+ -+ @patch("cloudinit.subp.subp", return_value=("", "")) -+ @patch( -+ "cloudinit.net.network_manager.available_nm_ifcfg_rh", -+ return_value=False, -+ ) -+ @patch("os.path.isfile") -+ @patch("os.path.exists", return_value=True) -+ def test_bring_up_interface_no_plugin_no_nm_conn( -+ self, m_exists, m_isfile, m_plugin, m_subp -+ ): -+ """ -+ The ifcfg-rh plugin is absent and nmconnection file is also -+ not present. In this case, we can't use ifcfg file and the -+ interface bring up should fail. -+ """ -+ -+ def fake_isfile_no_nmconn(filename): -+ return False if filename.endswith(".nmconnection") else True -+ -+ m_isfile.side_effect = fake_isfile_no_nmconn -+ assert not NetworkManagerActivator.bring_up_interface("eth0") -+ -+ @patch("cloudinit.subp.subp", return_value=("", "")) -+ @patch( -+ "cloudinit.net.network_manager.available_nm_ifcfg_rh", -+ return_value=True, -+ ) -+ @patch("os.path.isfile", return_value=False) -+ @patch("os.path.exists", return_value=True) -+ def test_bring_up_interface_no_conn_file( -+ self, m_exists, m_isfile, m_plugin, m_subp -+ ): -+ """ -+ Neither network manager connection files are present nor -+ ifcfg files are present. Even if ifcfg-rh plugin is present, -+ we can not bring up the interface. So bring_up_interface() -+ should fail. -+ """ -+ assert not NetworkManagerActivator.bring_up_interface("eth0") - - IF_UP_DOWN_BRING_DOWN_CALL_LIST: list = [ - ((["ifdown", "eth0"],), {}), --- -2.31.1 - diff --git a/SOURCES/ignore-enslaved-interface.patch b/SOURCES/ignore-enslaved-interface.patch deleted file mode 100644 index cfefbe4..0000000 --- a/SOURCES/ignore-enslaved-interface.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e7aba0f0ccd6f023667f41385f25044a94428ed3 Mon Sep 17 00:00:00 2001 -From: Darren Archibald -Date: Fri, 23 Feb 2024 05:56:06 -0800 -Subject: [PATCH] ignore enslaved interface - - Changes to ignore all enslaved interfaces. - https://jira.oci.oraclecorp.com/browse/LINUX-1947 - - Orabug: 30092148 - - Signed-off-by: Si-Wei Liu - Signed-off-by: Darren Archibald ---- - cloudinit/net/__init__.py | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py -index c0888f5..b093796 100644 ---- a/cloudinit/net/__init__.py -+++ b/cloudinit/net/__init__.py -@@ -335,6 +335,10 @@ def is_netfail_standby(devname, driver=None): - return True - - -+def is_slave(devname): -+ return os.path.exists(sys_dev_path(devname, "master")) -+ -+ - def is_renamed(devname): - """ - /* interface name assignment types (sysfs name_assign_type attribute) */ -@@ -1054,6 +1058,9 @@ def get_interfaces( - if is_bridge(name): - filtered_logger("Ignoring bridge interface: %s", name) - continue -+ if is_slave(name): -+ filtered_logger("Ignoring bridge interface: %s", name) -+ continue - if filter_vlan and is_vlan(name): - continue - if is_bond(name): --- -2.31.1 - diff --git a/SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch b/SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch deleted file mode 100644 index c8b89d8..0000000 --- a/SOURCES/ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 8735577c8a683407e94abed0cfccc3aacbb9aa47 Mon Sep 17 00:00:00 2001 -From: Si-Wei Liu -Date: Wed, 10 Jun 2020 20:59:29 -0400 -Subject: [PATCH] sysconfig: add Oracle Linux variant to known distros - -otherwise anything sysconfig breaks on Oracle Linux. - -JIRA: https://jira.oci.oraclecorp.com/browse/LINUX-6128 - -Signed-off-by: Si-Wei Liu ---- - cloudinit/net/sysconfig.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index e94590f..55b7db5 100644 ---- a/cloudinit/net/sysconfig.py -+++ b/cloudinit/net/sysconfig.py -@@ -35,6 +35,7 @@ - "suse", - "TencentOS", - "virtuozzo", -+ "ol", - ] - - diff --git a/SOURCES/orabug30435672-003-cloud-init-collect-logs.patch b/SOURCES/orabug30435672-003-cloud-init-collect-logs.patch deleted file mode 100644 index 992c033..0000000 --- a/SOURCES/orabug30435672-003-cloud-init-collect-logs.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 51cdd87ad861d5d47c212258bf00402a4dec2198 Mon Sep 17 00:00:00 2001 -From: Darren Archibald -Date: Fri, 23 Feb 2024 06:17:54 -0800 -Subject: [PATCH] Update cloud-init collect-logs for Oracle Linux - -Updating the code to collect triage logs with OL distro specic methods. - -Orabug: 30435672 - -Signed-off-by: Vijay Balakrishna -Reviewed-by: Si-Wei Liu -Acked-by: Joe Kennedy -Reviewed-by: Laurence Rochfort -Signed-off-by: Rajesh Harekal ---- - cloudinit/cmd/devel/logs.py | 26 ++++++++++++++++---------- - cloudinit/util.py | 1 + - 2 files changed, 17 insertions(+), 10 deletions(-) - -diff --git a/cloudinit/cmd/devel/logs.py b/cloudinit/cmd/devel/logs.py -index 8312218..85d976a 100755 ---- a/cloudinit/cmd/devel/logs.py -+++ b/cloudinit/cmd/devel/logs.py -@@ -21,7 +21,7 @@ - from cloudinit.stages import Init - from cloudinit.subp import ProcessExecutionError, subp - from cloudinit.temp_utils import tempdir --from cloudinit.util import copy, get_config_logfiles, write_file -+from cloudinit.util import copy, get_config_logfiles, write_file, system_info - - LOG = cast(loggers.CustomLoggerType, logging.getLogger(__name__)) - -@@ -214,13 +214,21 @@ - file_path=log_dir / "version", - msg="cloud-init --version", - ) -- dpkg_ver = _write_command_output_to_file( -- cmd=["dpkg-query", "--show", "-f=${Version}\n", "cloud-init"], -- file_path=log_dir / "dpkg-version", -- msg="dpkg version", -- ) -- if not version: -- version = dpkg_ver or "not-available" -+ if system_info()['variant'] == "ol": -+ rpm_ver = _write_command_output_to_file( -+ cmd=["rpm", "-q", "--queryformat", -+ "[%{VERSION}-%{RELEASE}.%{ARCH}]\n", "cloud-init"], -+ file_path=log_dir / "rpm-version", -+ msg="rpm version") -+ if not version: -+ version = rpm_ver if rpm_ver else "not-available" -+ else: -+ dpkg_ver = _write_command_output_to_file( -+ cmd=["dpkg-query", "--show", "-f=${Version}\n", "cloud-init"], -+ file_path=log_dir / "dpkg-version", -+ msg="dpkg version") -+ if not version: -+ version = dpkg_ver or "not-available" - - - def _collect_system_logs( -diff --git a/cloudinit/util.py b/cloudinit/util.py -index 3295735..db7bb97 100644 ---- a/cloudinit/util.py -+++ b/cloudinit/util.py -@@ -660,6 +660,7 @@ def _get_variant(info): - "suse", - "tencentos", - "virtuozzo", -+ "ol", - ): - variant = linux_dist - elif linux_dist in ("ubuntu", "linuxmint", "mint"): --- -2.31.1 - diff --git a/SOURCES/orabug30435672-004-ol-cloud-config.patch b/SOURCES/orabug30435672-004-ol-cloud-config.patch deleted file mode 100644 index 5958b77..0000000 --- a/SOURCES/orabug30435672-004-ol-cloud-config.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 250aa45f74e29b95f81b24811c972369605bd24e Mon Sep 17 00:00:00 2001 -From: Vijay Balakrishna -Date: Tue, 5 Nov 2019 16:00:21 -0500 -Subject: [PATCH] Add static cloud.cfg file for OL7. - -Adding OL specific cloud.cfg file to enable updates cloud-init -config file independently, adding newly verified ntp module. - -Orabug: 30435672 - -Signed-off-by: Vijay Balakrishna -Signed-off-by: Si-Wei Liu -Acked-by: Joe Kennedy -Reviewed-by: Laurence Rochfort - ---- - ol/README.ol | 6 ++++++ - ol/cloud.cfg | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 75 insertions(+) - create mode 100644 ol/README.ol - create mode 100644 ol/cloud.cfg - -diff --git a/ol/README.ol b/ol/README.ol -new file mode 100644 -index 0000000..f59d559 ---- /dev/null -+++ b/ol/README.ol -@@ -0,0 +1,6 @@ -+The following cloud-init modules are currently unsupported on this OS: -+ - apt_update_upgrade ('apt_update', 'apt_upgrade', 'apt_mirror', 'apt_preserve_sources_list', 'apt_old_mirror', 'apt_sources', 'debconf_selections', 'packages' options) -+ - byobu ('byobu_by_default' option) -+ - chef -+ - grub_dpkg -+ - rh_subscription -diff --git a/ol/cloud.cfg b/ol/cloud.cfg -new file mode 100644 -index 0000000..2ee1fb3 ---- /dev/null -+++ b/ol/cloud.cfg -@@ -0,0 +1,69 @@ -+users: -+ - default -+ -+disable_root: 1 -+ssh_pwauth: 0 -+ -+mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] -+resize_rootfs_tmp: /dev -+ssh_deletekeys: 0 -+ssh_genkeytypes: ~ -+syslog_fix_perms: ~ -+disable_vmware_customization: false -+ -+cloud_init_modules: -+ - disk_setup -+ - migrator -+ - bootcmd -+ - write-files -+ - growpart -+ - resizefs -+ - set_hostname -+ - update_hostname -+ - update_etc_hosts -+ - rsyslog -+ - users-groups -+ - ssh -+ -+cloud_config_modules: -+ - mounts -+ - locale -+ - set-passwords -+ - ntp -+ - yum-add-repo -+ - package-update-upgrade-install -+ - timezone -+ - puppet -+ - chef -+ - salt-minion -+ - mcollective -+ - disable-ec2-metadata -+ - runcmd -+ -+cloud_final_modules: -+ - rightscale_userdata -+ - scripts-per-once -+ - scripts-per-boot -+ - scripts-per-instance -+ - scripts-user -+ - ssh-authkey-fingerprints -+ - keys-to-console -+ - phone-home -+ - final-message -+ - power-state-change -+ -+system_info: -+ default_user: -+ name: cloud-user -+ lock_passwd: true -+ gecos: Cloud User -+ groups: [adm, systemd-journal] -+ sudo: ["ALL=(ALL) NOPASSWD:ALL"] -+ shell: /bin/bash -+ distro: rhel -+ paths: -+ cloud_dir: /var/lib/cloud -+ templates_dir: /etc/cloud/templates -+ ssh_svcname: sshd -+ -+# vim:syntax=yaml --- -1.8.3.1 - diff --git a/SOURCES/orabug30435672-006-cc_spacewalk.py.patch b/SOURCES/orabug30435672-006-cc_spacewalk.py.patch deleted file mode 100644 index f4d4517..0000000 --- a/SOURCES/orabug30435672-006-cc_spacewalk.py.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 2b92e042bb8a4510abec38fcfc302d8de1e28f37 Mon Sep 17 00:00:00 2001 -From: Darren Archibald -Date: Fri, 23 Feb 2024 06:55:32 -0800 -Subject: [PATCH] spacewalk: fix CA cert file path for Oracle Linux - -Update the CA cert file that is available in Oracle Linux to register with ULN. - -Orabug: 30435672 - -Signed-off-by: Si-Wei Liu -Signed-off-by: Vijay Balakrishna -Acked-by: Joe Kennedy -Reviewed-by: Laurence Rochfort -Signed-off-by: Darren Archibald -Signed-off-by: Rajesh Harekal ---- - cloudinit/config/cc_spacewalk.py | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/cloudinit/config/cc_spacewalk.py b/cloudinit/config/cc_spacewalk.py -index 08514f2..7248cce 100644 ---- a/cloudinit/config/cc_spacewalk.py -+++ b/cloudinit/config/cc_spacewalk.py -@@ -3,7 +3,7 @@ - - import logging - --from cloudinit import subp -+from cloudinit import subp, util - from cloudinit.cloud import Cloud - from cloudinit.config import Config - from cloudinit.config.schema import MetaSchema -@@ -21,6 +21,7 @@ - distros = ["redhat", "fedora", "openeuler"] - required_packages = ["rhn-setup"] - def_ca_cert_path = "/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" -+ol_ca_cert_path = "/usr/share/rhn/ULN-CA-CERT" - - - def is_registered(): -@@ -74,9 +75,14 @@ - # Need to have this installed before further things will work. - cloud.distro.install_packages(required_packages) - if not is_registered(): -+ if util.system_info()['variant'] == "ol": -+ cert = ol_ca_cert_path -+ else: -+ cert = def_ca_cert_path - do_register( - spacewalk_server, - cloud.datasource.get_hostname(fqdn=True).hostname, -+ ca_cert_path=cert, - proxy=cfg.get("proxy"), - activation_key=cfg.get("activation_key"), - ) diff --git a/SOURCES/orabug32183938-009-missing-sshd-services.patch b/SOURCES/orabug32183938-009-missing-sshd-services.patch deleted file mode 100644 index 3386a06..0000000 --- a/SOURCES/orabug32183938-009-missing-sshd-services.patch +++ /dev/null @@ -1,31 +0,0 @@ -cloud-init service file is missing sshd required services -Orabug: 32183938 - -in the systemd sshd-keygen.target file, the following services are listed: -[Unit] -Wants=sshd-keygen@rsa.service -Wants=sshd-keygen@ecdsa.service -Wants=sshd-keygen@ed25519.service - -Need to add the following to the cloud-init service file: -Before=sshd-keygen@rsa.service -Before=sshd-keygen@ecdsa.service -Before=sshd-keygen@ed25519.service - -Signed-off-by: Isaac Chen -Signed-off-by: Rajesh Harekal - -diff -up cloud-init-19.4/systemd/cloud-init.service.tmpl.orig cloud-init-19.4/systemd/cloud-init.service.tmpl ---- cloud-init-24.4/systemd/cloud-init.service.tmpl 2025-01-28 11:13:57.339346352 -0800 -+++ cloud-init-24.4/systemd/cloud-init.service.tmpl 2025-01-28 11:14:31.587669418 -0800 -@@ -28,7 +28,9 @@ - After=dbus.service - {% endif %} - Before=network-online.target --Before=sshd-keygen.service -+Before=sshd-keygen@rsa.service -+Before=sshd-keygen@ecdsa.service -+Before=sshd-keygen@ed25519.service - Before=sshd.service - Before=systemd-user-sessions.service - {% if variant in ["ubuntu", "unknown", "debian"] %} diff --git a/SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch b/SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch deleted file mode 100644 index 7cb4fb0..0000000 --- a/SOURCES/orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch +++ /dev/null @@ -1,22 +0,0 @@ -cloud-init service file is missing sshd required services -Orabug: 32183938 - -This patch is the supplement of patch orabug32183938-009, where changes -to cloud-init.service also need to be added to files in rhel/systemd. - -Signed-off-by: Isaac Chen - -diff -up cloud-init-19.4/systemd/cloud-init.service.tmpl.orig cloud-init-19.4/systemd/cloud-init.service.tmpl ---- cloud-init-19.4/systemd/cloud-init.service.tmpl.orig 2020-12-11 19:59:37.331277979 -0800 -+++ cloud-init-19.4/systemd/cloud-init.service.tmpl 2020-12-11 20:00:38.867459043 -0800 -@@ -5,7 +5,9 @@ - DefaultDependencies=no - {% endif %} - Wants=cloud-init-local.service --Wants=sshd-keygen.service -+Wants=sshd-keygen@rsa.service -+Wants=sshd-keygen@ecdsa.service -+Wants=sshd-keygen@ed25519.service - Wants=sshd.service - After=cloud-init-local.service - After=systemd-networkd-wait-online.service diff --git a/SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch b/SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch deleted file mode 100644 index 49ff3cb..0000000 --- a/SOURCES/orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch +++ /dev/null @@ -1,287 +0,0 @@ -From e921be03f802ee154ed1ddf044e276b23af0d2b6 Mon Sep 17 00:00:00 2001 -From: Darren Archibald -Date: Fri, 23 Feb 2024 07:52:25 -0800 -Subject: [PATCH] Add Oracle to distro detection logic in cloud.cfg.tmpl - -Oracle Linux is being detected as "ol" variant by cloud-init. -This patch adds "ol" to the list of supported variants, and applies needed settings to it. -You can notice that variant "ol" is being set as distro "rhel" in a couple of places, -that is expected as this designated that base distro for "ol" is "rhel" ( which is true ) - -The main reason for this change is that cloud-init package dropped hardcoded configs that set OL as rhel -and to make cloud-init behave on OL systems as expected we need to add "ol" designation to supported list. - -Orabug: 34845400 -Signed-off-by: Alex Burmashev -Signed-off-by: Darren Archibald -Signed-off-by: Rajesh Harekal ---- - cloudinit/distros/__init__.py | 1 + - cloudinit/sources/DataSourceRbxCloud.py | 2 +- - config/cloud.cfg.tmpl | 33 ++++++++++++++++++------- - systemd/cloud-final.service | 4 ++- - systemd/cloud-init-local.service.tmpl | 12 ++++++--- - systemd/cloud-init.service.tmpl | 8 ++++-- - systemd/cloud-init-generator.tmpl | 1 +++-- - tests/unittests/test_util.py | 1 + - 8 files changed, 48 insertions(+), 17 deletions(-) - -diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py -index 79e2623..8f1381b 100644 ---- a/cloudinit/distros/__init__.py -+++ b/cloudinit/distros/__init__.py -@@ -78,6 +78,7 @@ OSFAMILIES = { - "rhel", - "rocky", - "virtuozzo", -+ "ol", - ], - "suse": [ - "opensuse", -diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py -index 9214f1b..5379132 100644 ---- a/cloudinit/sources/DataSourceRbxCloud.py -+++ b/cloudinit/sources/DataSourceRbxCloud.py -@@ -60,7 +60,7 @@ def _sub_arp(cmd): - - def gratuitous_arp(items, distro): - source_param = "-S" -- if distro.name in ["fedora", "centos", "rhel"]: -+ if distro.name in ["fedora", "centos", "rhel", "ol"]: - source_param = "-s" - for item in items: - try: -diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index a470120..f440830 100644 ---- a/config/cloud.cfg.tmpl -+++ b/config/cloud.cfg.tmpl -@@ -59,10 +59,10 @@ - {% endif %} - - {%- if variant in ["alpine", "amazon", "fedora", "OpenCloudOS", "openeuler", -- "openmandriva", "photon", "TencentOS"] or is_rhel %} -+ "openmandriva", "photon", "TencentOS", "ol"] or is_rhel %} - --{% if is_rhel %} --mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.after=cloud-init-network.service,_netdev', '0', '2'] -+{% if variant in ["ol"] or is_rhel %} -+mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.after=cloud-init.service,_netdev', '0', '2'] - {% else %} - mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2'] - {% endif %} -@@ -101,7 +101,7 @@ - - {% endif -%} - --{% if is_rhel %} -+{% if variant in ["ol"] or is_rhel %} - # Default redhat settings: - ssh_deletekeys: true - ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] -@@ -166,18 +166,20 @@ - - ubuntu_pro - {% endif %} - {% elif variant in ["azurelinux", "fedora", "mariner", "openeuler", -- "openmandriva", "photon"] or is_rhel %} -+ "openmandriva", "photon", "ol"] or is_rhel %} - {% if is_rhel %} - - rh_subscription - {% endif %} --{% if variant not in ["azurelinux", "mariner", "photon"] %} -+{% if variant not in ["azurelinux", "mariner", "photon", "ol"] %} - - spacewalk - {% endif %} - - yum_add_repo - {% elif variant == "suse" %} - - zypper_add_repo - {% endif %} -+{% if variant not in ["ol"] %} - - ntp -+{% endif %} - - timezone - {% if variant not in ["azurelinux"] %} - - disable_ec2_metadata -@@ -207,6 +209,8 @@ - {% if variant not in ["azurelinux"] %} - - mcollective - - salt_minion -+{% endif %} -+{% if variant not in ["azurelinux", "ol"] %} - - reset_rmc - {% endif %} - - scripts_vendor -@@ -230,6 +234,8 @@ - "OpenCloudOS", "openeuler", "openmandriva", "photon", "suse", - "TencentOS", "ubuntu"] or is_rhel %} - distro: {{ variant }} -+{% elif variant == "ol" %} -+ distro: rhel - {% elif variant == "dragonfly" %} - distro: dragonflybsd - {% else %} -@@ -238,7 +244,9 @@ - {% endif %} - # Default user name + that default users groups (if added/used) - default_user: --{% if variant in usernames %} -+{% if variant == "ol" %} -+ name: cloud-user -+{% elif variant in usernames %} - name: {{ usernames[variant] }} - {% else %} - name: {{ variant }} -@@ -246,11 +254,13 @@ - {% if variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "debian", "fedora", - "gentoo", "mariner", "OpenCloudOS", "openeuler", - "openmandriva", "photon", "suse", "TencentOS", "ubuntu", -- "unknown"] -+ "unknown", "ol"] - or is_bsd or is_rhel %} - lock_passwd: True - {% endif %} --{% if variant in gecos %} -+{% if variant == "ol" %} -+ gecos: Cloud User -+{% elif variant in gecos %} - gecos: {{ gecos[variant] }} - {% else %} - gecos: {{ variant }} Cloud User -@@ -259,7 +269,7 @@ - groups: [{{ groups[variant] }}] - {% elif is_bsd %} - groups: [wheel] --{% elif is_rhel %} -+{% elif variant in ["ol"] or is_rhel %} - groups: [adm, systemd-journal] - {% else %} - groups: [wheel, adm, systemd-journal] -@@ -328,7 +338,7 @@ - {% if variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "debian", "fedora", - "gentoo", "mariner", "OpenCloudOS", "openeuler", - "openmandriva", "photon", "suse", "TencentOS", "ubuntu", -- "unknown"] -+ "unknown", "ol"] - or is_rhel %} - # Other config here will be given to the distro class and/or path classes - paths: -@@ -375,7 +385,7 @@ - ssh_svcname: ssh - {% elif variant in ["alpine", "amazon", "aosc", "arch", "azurelinux", "fedora", - "gentoo", "mariner", "OpenCloudOS", "openeuler", -- "openmandriva", "photon", "suse", "TencentOS"] -+ "openmandriva", "photon", "suse", "TencentOS", "ol"] - or is_rhel %} - ssh_svcname: sshd - {% endif %} - -diff --git a/systemd/cloud-final.service b/systemd/cloud-final.service -index ab3daed..1c69dde 100644 ---- a/systemd/cloud-final.service -+++ b/systemd/cloud-final.service -@@ -3,7 +3,6 @@ - Description=Cloud-init: Final Stage - After=network-online.target time-sync.target cloud-config.service rc-local.service - After=multi-user.target --Before=apt-daily.service - Wants=network-online.target cloud-config.service - ConditionPathExists=!/etc/cloud/cloud-init.disabled - ConditionKernelCommandLine=!cloud-init=disabled - -diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl -index 3a1ca7f..4750c36 100644 ---- a/systemd/cloud-init-local.service.tmpl -+++ b/systemd/cloud-init-local.service.tmpl -@@ -2,19 +2,21 @@ - [Unit] - # https://docs.cloud-init.io/en/latest/explanation/boot.html - Description=Cloud-init: Local Stage (pre-network) --{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel"] %} -+{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel", "ol"] %} - DefaultDependencies=no - {% endif %} - Wants=network-pre.target -+{% if variant not in ["ol"] %} - After=hv_kvp_daemon.service --{% if variant in ["almalinux", "cloudlinux", "rhel"] %} -+{% endif %} -+{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} - Requires=dbus.socket - After=dbus.socket - {% endif %} - After=systemd-remount-fs.service - Before=network-pre.target - Before=shutdown.target --{% if variant in ["almalinux", "cloudlinux", "rhel"] %} -+{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} - Before=firewalld.target - {% endif %} - {% if variant in ["ubuntu", "unknown", "debian"] %} -@@ -28,7 +30,7 @@ - - [Service] - Type=oneshot --{% if variant in ["almalinux", "cloudlinux", "rhel"] %} -+{% if variant in ["almalinux", "cloudlinux", "rhel", "ol"] %} - ExecStartPre=/sbin/restorecon /run/cloud-init - {% endif %} - ExecStart=/usr/bin/cloud-init init --local - -diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl -index 90d45f2..2e1ce48 100644 ---- a/systemd/cloud-init.service.tmpl -+++ b/systemd/cloud-init.service.tmpl -@@ -2,7 +2,7 @@ - [Unit] - # https://docs.cloud-init.io/en/latest/explanation/boot.html - Description=Cloud-init: Network Stage --{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %} -+{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel", "ol"] %} - DefaultDependencies=no - {% endif %} - Wants=cloud-init-local.service -@@ -11,13 +11,15 @@ - Wants=sshd-keygen@ed25519.service - Wants=sshd.service - After=cloud-init-local.service -+{% if variant not in ["ol"] %} - After=systemd-networkd-wait-online.service -+{% endif %} - {% if variant in ["ubuntu", "unknown", "debian"] %} - After=networking.service - {% endif %} - {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", - "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", -- "suse", "TencentOS", "virtuozzo"] %} -+ "suse", "TencentOS", "virtuozzo", "ol"] %} - - After=NetworkManager.service - After=NetworkManager-wait-online.service - -diff --git a/systemd/cloud-init-generator.tmpl b/systemd/cloud-init-generator.tmpl ---- a/systemd/cloud-init-generator.tmpl -+++ b/systemd/cloud-init-generator.tmpl -@@ -21,7 +21,7 @@ - CLOUD_SYSTEM_TARGET="/lib/systemd/system/cloud-init.target" - {% endif %} - {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", -- "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo"] %} -+ "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo", "ol"] %} - dsidentify="/usr/libexec/cloud-init/ds-identify" - {% elif variant == "benchmark" %} - dsidentify="/bin/true" - -diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py -index 519ef63..323e7f6 100644 ---- a/tests/unittests/test_util.py -+++ b/tests/unittests/test_util.py -@@ -1311,6 +1311,7 @@ class TestGetVariant: - ({"system": "linux", "dist": ("sles",)}, "suse"), - ({"system": "linux", "dist": ("sle_hpc",)}, "suse"), - ({"system": "linux", "dist": ("my_distro",)}, "linux"), -+ ({"system": "linux", "dist": ("ol",)}, "ol"), - ({"system": "Windows", "dist": ("dontcare",)}, "windows"), - ({"system": "Darwin", "dist": ("dontcare",)}, "darwin"), - ({"system": "Freebsd", "dist": ("dontcare",)}, "freebsd"), --- -2.31.1 - diff --git a/SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch b/SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch deleted file mode 100644 index 5a2835e..0000000 --- a/SOURCES/orabug35950168-DataSourceOracle-network-getdata-updates.patch +++ /dev/null @@ -1,115 +0,0 @@ -Patch to adapt DataSourceOracle and make it functional for OCI. -Also includes setting for retries and timeouts previously provided by -a separate patch to help PCA instances get IMDS data. - -Orabug: 37065979 - -Signed-off-by: Rajesh Harekal ---- -diff -git a/cloudinit/sources/DataSourceOracle.py b/cloudinit/sources/DataSourceOracle.py ---- a/cloudinit/sources/DataSourceOracle.py 2025-03-07 16:04:37.773216485 -0800 -+++ a/cloudinit/sources/DataSourceOracle.py 2025-03-07 16:32:33.174574170 -0800 -@@ -15,6 +15,7 @@ - - import base64 - import ipaddress -+import os - import json - import logging - import time -@@ -32,6 +33,8 @@ - - LOG = logging.getLogger(__name__) - -+ISCSI_IBFT_PATH='/sys/firmware/acpi/tables/iBFT' -+ - BUILTIN_DS_CONFIG = { - # Don't use IMDS to configure secondary NICs by default - "configure_secondary_nics": False, -@@ -135,8 +138,8 @@ - perform_dhcp_setup = True - - # Careful...these can be overridden in __init__ -- url_max_wait = 30 -- url_timeout = 5 -+ url_max_wait = 180 -+ url_timeout = 20 - - def __init__(self, sys_cfg, *args, **kwargs): - super(DataSourceOracle, self).__init__(sys_cfg, *args, **kwargs) -@@ -149,7 +152,7 @@ - ] - ) - self._network_config_source = KlibcOracleNetworkConfigSource() -- self._network_config: dict = {"config": [], "version": 1} -+ self._network_config = sources.UNSET - - url_params = self.get_url_params() - self.url_max_wait = url_params.max_wait_seconds -@@ -274,7 +277,7 @@ - - def _is_iscsi_root(self) -> bool: - """Return whether we are on a iscsi machine.""" -- return self._network_config_source.is_applicable() -+ return self._network_config_source.is_applicable() or bool(os.path.exists(ISCSI_IBFT_PATH)) - - def _get_iscsi_config(self) -> dict: - return self._network_config_source.render_config() -@@ -294,34 +297,31 @@ - - set_primary = False - # this is v1 -- if self._is_iscsi_root(): -- self._network_config = self._get_iscsi_config() -- if not self._has_network_config(): -- LOG.warning( -- "Could not obtain network configuration from initramfs. " -- "Falling back to IMDS." -+ if self._network_config == sources.UNSET: -+ # this is v1 -+ if not self._has_network_config(): -+ self._network_config = self.distro.generate_fallback_config() -+ set_primary = True -+ -+ set_secondary = self.ds_cfg.get( -+ "configure_secondary_nics", -+ BUILTIN_DS_CONFIG["configure_secondary_nics"], - ) -- set_primary = True -- -- set_secondary = self.ds_cfg.get( -- "configure_secondary_nics", -- BUILTIN_DS_CONFIG["configure_secondary_nics"], -- ) -- if set_primary or set_secondary: -- try: -- # Mutate self._network_config to include primary and/or -- # secondary VNICs -- self._add_network_config_from_opc_imds(set_primary) -- except Exception: -- util.logexc( -- LOG, -- "Failed to parse IMDS network configuration!", -- ) -+ if set_primary or set_secondary: -+ try: -+ # Mutate self._network_config to include primary and/or -+ # secondary VNICs -+ self._add_network_config_from_opc_imds(set_primary) -+ except Exception: -+ util.logexc( -+ LOG, -+ "Failed to parse IMDS network configuration!", -+ ) - -- # we need to verify that the nic selected is not a netfail over -- # device and, if it is a netfail master, then we need to avoid -- # emitting any match by mac -- _ensure_netfailover_safe(self._network_config) -+ # we need to verify that the nic selected is not a netfail over -+ # device and, if it is a netfail master, then we need to avoid -+ # emitting any match by mac -+ _ensure_netfailover_safe(self._network_config) - - return self._network_config - diff --git a/SPECS/cloud-init.spec b/SPECS/cloud-init.spec index eb74b3f..f89457e 100644 --- a/SPECS/cloud-init.spec +++ b/SPECS/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init Version: 24.4 -Release: 7.0.1%{?dist}.1 +Release: 7%{?dist}.1 Summary: Cloud instance init scripts License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -31,20 +31,6 @@ Patch12: ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch Patch13: ci-fix-strict-disable-in-ds-identify-on-no-datasources-.patch Patch14: 0003-downstream-Retain-exit-code-in-cloud-init-status-for.patch -# Oracle patches -Patch100: 0041-enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch -Patch101: ignore-enslaved-interface.patch -Patch102: ol-sysconfig-add-Oracle-Linux-variant-to-known-distros.patch -Patch103: 0106-tests-unittests-add-a-new-unit-test-for-network-mana.patch -# Oracle specific patches (preferred prefix: "ol" or "orabugNNNNNNNN") -Patch1001: orabug30435672-003-cloud-init-collect-logs.patch -Patch1002: orabug30435672-004-ol-cloud-config.patch -Patch1003: orabug30435672-006-cc_spacewalk.py.patch -Patch1004: orabug32183938-009-missing-sshd-services.patch -Patch1005: orabug32183938-010-missing-sshd-services-in-rhel-systemd.patch -Patch1006: orabug34845400-Add-Oracle-to-distro-detection-logic-in-cloud.cfg.tm.patch -Patch1007: orabug35950168-DataSourceOracle-network-getdata-updates.patch - BuildArch: noarch BuildRequires: pkgconfig(systemd) @@ -233,6 +219,7 @@ fi %dir %{_sysconfdir}/cloud/templates %config(noreplace) %{_sysconfdir}/cloud/templates/* %config(noreplace) %{_unitdir}/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf + %{_unitdir}/cloud-config.service %{_unitdir}/cloud-config.target %{_unitdir}/cloud-final.service @@ -258,28 +245,10 @@ fi %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %changelog -* Thu Jan 29 2026 Craig Guiller - 24.4-7.0.1.el9_7.1 -- Fix Oracle Datasource network and getdata methods for OCI OL [Orabug: 35950168] -- Fix log file permission [Orabug: 35302969] -- Update detection logic for OL distros in config template [Orabug: 34845400] -- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938] -- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938] -- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] -- limit permissions [Orabug: 31352433] -- Changes to ignore all enslaved interfaces [Orabug: 30092148] -- Make Oracle datasource detect dracut based config files [Orabug: 29956753] -- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch: - 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata - 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader - Resolves: Oracle-Bug:41660 (Bugzilla) -- added OL to list of known distros -Resolves: rhbz#1427280 -Resolves: rhbz#1427280 - * Wed Dec 10 2025 Jon Maloy - 24.4-7.el9_7.1 -- ci-downstream-Do-not-override-changes-in-disable-sshd-k.patch [RHEL-128876] -- Resolves: RHEL-128876 - ([rhel-9] cloud-init upgrade is overwriting modifications in disable-sshd-keygen-if-cloud-init-active.conf) +- ci-downstream-Do-not-override-changes-in-disable-sshd-k.patch [RHEL-128882] +- Resolves: RHEL-128882 + ([rhel-9] cloud-init upgrade is overwriting modifications in disable-sshd-keygen-if-cloud-init-active.conf [rhel-9.7.z]) * Thu Jul 03 2025 Miroslav Rezanina - 24.4-7 - ci-fix-Don-t-attempt-to-identify-non-x86-OpenStack-inst.patch [RHEL-100615]