From 9924fc8dd79fb8009602e37436360ed13fbd336e Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 27 Sep 2023 12:45:57 +0000 Subject: [PATCH] import CS cloud-init-23.1.1-10.el8 --- .cloud-init.metadata | 2 +- .gitignore | 2 +- SOURCES/0001-Add-initial-redhat-setup.patch | 586 --------- ...CONTROLLED-no-in-generated-interface.patch | 68 +- ...03-limit-permissions-on-def_log_file.patch | 22 +- ...EROCONF-yes-in-etc-sysconfig-network.patch | 10 +- ...e-Network-Manager-and-Netplan-as-def.patch | 95 ++ ...ition-between-cloud-init-and-Network.patch | 148 --- ...-native-NetworkManager-support-1224.patch} | 1072 ++-------------- ...emove-ssh_genkeytypes-in-settings.py.patch | 65 - ...settings.py-update-settings-for-rhel.patch | 47 + ...rhel-custom-files-with-upstream-1431.patch | 257 ---- ...S-VMware-modify-a-few-log-level-4284.patch | 72 ++ ...-permissions-of-netrules-target-2076.patch | 120 ++ ...E-based-distros-for-ca-handling-2036.patch | 93 ++ ...eady-before-cloud-init-service-runs-.patch | 43 - ...istent-ca-cert-config-situation-2073.patch | 88 ++ ...-data-sensitive-and-remove-log-permi.patch | 309 +++++ ...default-IPv6-addr-gen-mode-for-all-i.patch | 293 +++++ SOURCES/ci-Remove-rhel-specific-files.patch | 373 ------ ...vert-Use-Network-Manager-and-Netplan.patch | 102 ++ ...-native-NetworkManager-support-1224.patch} | 1115 ++--------------- ...rk-Manager-and-Netplan-as-default-re.patch | 75 -- ...rt-limit-permissions-on-def_log_file.patch | 63 + ...erer-as-sysconfig-for-centos-rhel-41.patch | 44 + ...t-EC2-tags-in-instance-metadata-1309.patch | 164 --- ...ger-and-Netplan-as-default-renderers.patch | 110 -- ...ignore-var-lib-cloud-data-set-hostna.patch | 84 -- ...ake-sure-centos-settings-are-identic.patch | 146 --- SOURCES/ci-cosmetic-fix-tox-formatting.patch | 35 + ...rent-file-mode-of-log-file-if-its-st.patch | 183 +++ ...able-sysconfig-renderer-if-network-m.patch | 71 ++ ...Set-higher-autoconnect-priority-for-.patch | 410 ++++++ ...add-a-method-for-ipv6-static-IP-conf.patch | 40 + ...-stateful-dhcp-config-at-par-with-sy.patch | 58 + ...revious-hostname-file-ends-with-a-ne.patch | 65 + ...-adjust-udev-rules-default-path-1513.patch | 57 - ...es-to-apply-RHEL-specific-config-set.patch | 47 + ...s-remove-NM_CONTROLLED-no-from-tests.patch | 286 +++++ ...on-fix-the-tool-so-that-it-can-handl.patch | 117 ++ SPECS/cloud-init.spec | 166 ++- 41 files changed, 3030 insertions(+), 4173 deletions(-) delete mode 100644 SOURCES/0001-Add-initial-redhat-setup.patch create mode 100644 SOURCES/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch delete mode 100644 SOURCES/0005-Remove-race-condition-between-cloud-init-and-Network.patch rename SOURCES/{ci-Revert-Add-native-NetworkManager-support-1224.patch => 0006-Revert-Add-native-NetworkManager-support-1224.patch} (60%) delete mode 100644 SOURCES/0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch create mode 100644 SOURCES/0007-settings.py-update-settings-for-rhel.patch delete mode 100644 SOURCES/ci-Align-rhel-custom-files-with-upstream-1431.patch create mode 100644 SOURCES/ci-DS-VMware-modify-a-few-log-level-4284.patch create mode 100644 SOURCES/ci-Don-t-change-permissions-of-netrules-target-2076.patch create mode 100644 SOURCES/ci-Enable-SUSE-based-distros-for-ca-handling-2036.patch delete mode 100644 SOURCES/ci-Ensure-network-ready-before-cloud-init-service-runs-.patch create mode 100644 SOURCES/ci-Handle-non-existent-ca-cert-config-situation-2073.patch create mode 100644 SOURCES/ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch create mode 100644 SOURCES/ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch delete mode 100644 SOURCES/ci-Remove-rhel-specific-files.patch create mode 100644 SOURCES/ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch rename SOURCES/{ci-Add-native-NetworkManager-support-1224.patch => ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch} (58%) delete mode 100644 SOURCES/ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch create mode 100644 SOURCES/ci-Revert-limit-permissions-on-def_log_file.patch create mode 100644 SOURCES/ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch delete mode 100644 SOURCES/ci-Support-EC2-tags-in-instance-metadata-1309.patch delete mode 100644 SOURCES/ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch delete mode 100644 SOURCES/ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch delete mode 100644 SOURCES/ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch create mode 100644 SOURCES/ci-cosmetic-fix-tox-formatting.patch create mode 100644 SOURCES/ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch create mode 100644 SOURCES/ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch create mode 100644 SOURCES/ci-network-manager-Set-higher-autoconnect-priority-for-.patch create mode 100644 SOURCES/ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch create mode 100644 SOURCES/ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch create mode 100644 SOURCES/ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch delete mode 100644 SOURCES/ci-setup.py-adjust-udev-rules-default-path-1513.patch create mode 100644 SOURCES/ci-test-fixes-changes-to-apply-RHEL-specific-config-set.patch create mode 100644 SOURCES/ci-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch create mode 100644 SOURCES/ci-tools-read-version-fix-the-tool-so-that-it-can-handl.patch diff --git a/.cloud-init.metadata b/.cloud-init.metadata index 0356978..b6b2083 100644 --- a/.cloud-init.metadata +++ b/.cloud-init.metadata @@ -1 +1 @@ -830185bb5ce87ad86e4d1c0c62329bb255ec1648 SOURCES/cloud-init-22.1.tar.gz +d34297c11997da2f026a5518f92539f7fb135cc2 SOURCES/cloud-init-23.1.1.tar.gz diff --git a/.gitignore b/.gitignore index bf19bdd..62438cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cloud-init-22.1.tar.gz +SOURCES/cloud-init-23.1.1.tar.gz diff --git a/SOURCES/0001-Add-initial-redhat-setup.patch b/SOURCES/0001-Add-initial-redhat-setup.patch deleted file mode 100644 index d93c32c..0000000 --- a/SOURCES/0001-Add-initial-redhat-setup.patch +++ /dev/null @@ -1,586 +0,0 @@ -From 5e1e568d7085fd4443b4e3ccc492f5e31747e270 Mon Sep 17 00:00:00 2001 -From: Amy Chen -Date: Wed, 20 Apr 2022 10:59:48 +0800 -Subject: Add initial redhat setup - -Merged patches (22.1) -- d18029bf Add netifaces package as a Requires in cloud-init.spec.template -- 31adf961 Add gdisk and openssl as deps to fix UEFI / Azure initialization -- f4a2905d Add dhcp-client as a dependency -- 290e14cc cloud-init.spec.template: update %systemd_postun parameter -- 9be4ae9b (tag: cloud-init-21.1-1.el8) Update to cloud-init-21.1-1.el8 - -Conflicts: -cloudinit/config/cc_chef.py Using double quotes instead of single quotes - -cloudinit/settings.py -- Using rhel settings -- Using double quotes instead of single quotes - -setup.py -- Following the changes of 21.1 rebase -- Using double quotes instead of single quotes - -redhat/cloud-init.spec.template -- Add the drop-in to the right cloud-init.spec used by our package builder, which is downstream-only part of the bz 2002492 fix. - -redhat/Makefile.common -- Backport the build handling fixes from patch "Update to cloud-init-21.1-1.el8" - -Signed-off-by: Amy Chen - -Merged patches (21.1): -- 915d30ad Change gating file to correct rhel version -- 311f318d Removing net-tools dependency -- 74731806 Adding man pages to Red Hat spec file -- 758d333d Removing blocking test from yaml configuration file -- c7e7c59c Changing permission of cloud-init-generator to 755 -- 8b85abbb Installing man pages in the correct place with correct permissions -- c6808d8d Fix unit failure of cloud-final.service if NetworkManager was not present. -- 11866ef6 Report full specific version with "cloud-init --version" - -Rebase notes (18.5): -- added bash_completition file -- added cloud-id file - -Merged patches (20.3): -- 01900d0 changing ds-identify patch from /usr/lib to /usr/libexec -- 7f47ca3 Render the generator from template instead of cp - -Merged patches (19.4): -- 4ab5a61 Fix for network configuration not persisting after reboot -- 84cf125 Removing cloud-user from wheel -- 31290ab Adding gating tests for Azure, ESXi and AWS - -Merged patches (18.5): -- 2d6b469 add power-state-change module to cloud_final_modules -- 764159f Adding systemd mount options to wait for cloud-init -- da4d99e Adding disk_setup to rhel/cloud.cfg -- f5c6832 Enable cloud-init by default on vmware - -Conflicts: -cloudinit/config/cc_chef.py: - - Updated header documentation text - - Replacing double quotes by simple quotes - -setup.py: - - Adding missing cmdclass info - -Signed-off-by: Eduardo Otubo ---- - .gitignore | 1 + - cloudinit/config/cc_chef.py | 65 ++- - cloudinit/settings.py | 7 +- - redhat/.gitignore | 1 + - redhat/Makefile | 71 +++ - redhat/Makefile.common | 37 ++ - redhat/cloud-init-tmpfiles.conf | 1 + - redhat/cloud-init.spec.template | 696 ++++++++++++++++++++++++++ - redhat/gating.yaml | 8 + - redhat/rpmbuild/BUILD/.gitignore | 3 + - redhat/rpmbuild/RPMS/.gitignore | 3 + - redhat/rpmbuild/SOURCES/.gitignore | 3 + - redhat/rpmbuild/SPECS/.gitignore | 3 + - redhat/rpmbuild/SRPMS/.gitignore | 3 + - redhat/scripts/frh.py | 25 + - redhat/scripts/git-backport-diff | 327 ++++++++++++ - redhat/scripts/git-compile-check | 215 ++++++++ - redhat/scripts/process-patches.sh | 92 ++++ - redhat/scripts/tarball_checksum.sh | 3 + - rhel/README.rhel | 5 + - rhel/cloud-init-tmpfiles.conf | 1 + - rhel/cloud.cfg | 69 +++ - rhel/systemd/cloud-config.service | 18 + - rhel/systemd/cloud-config.target | 11 + - rhel/systemd/cloud-final.service | 24 + - rhel/systemd/cloud-init-local.service | 31 ++ - rhel/systemd/cloud-init.service | 25 + - rhel/systemd/cloud-init.target | 7 + - setup.py | 28 +- - tools/read-version | 28 +- - 30 files changed, 1756 insertions(+), 55 deletions(-) - create mode 100644 redhat/.gitignore - create mode 100644 redhat/Makefile - create mode 100644 redhat/Makefile.common - create mode 100644 redhat/cloud-init-tmpfiles.conf - create mode 100644 redhat/cloud-init.spec.template - create mode 100644 redhat/gating.yaml - create mode 100644 redhat/rpmbuild/BUILD/.gitignore - create mode 100644 redhat/rpmbuild/RPMS/.gitignore - create mode 100644 redhat/rpmbuild/SOURCES/.gitignore - create mode 100644 redhat/rpmbuild/SPECS/.gitignore - create mode 100644 redhat/rpmbuild/SRPMS/.gitignore - create mode 100755 redhat/scripts/frh.py - create mode 100755 redhat/scripts/git-backport-diff - create mode 100755 redhat/scripts/git-compile-check - create mode 100755 redhat/scripts/process-patches.sh - create mode 100755 redhat/scripts/tarball_checksum.sh - create mode 100644 rhel/README.rhel - create mode 100644 rhel/cloud-init-tmpfiles.conf - create mode 100644 rhel/cloud.cfg - create mode 100644 rhel/systemd/cloud-config.service - create mode 100644 rhel/systemd/cloud-config.target - create mode 100644 rhel/systemd/cloud-final.service - create mode 100644 rhel/systemd/cloud-init-local.service - create mode 100644 rhel/systemd/cloud-init.service - create mode 100644 rhel/systemd/cloud-init.target - -diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py -index fdb3a6e3..d028c548 100644 ---- a/cloudinit/config/cc_chef.py -+++ b/cloudinit/config/cc_chef.py -@@ -6,7 +6,70 @@ - # - # This file is part of cloud-init. See LICENSE file for license information. - --"""Chef: module that configures, starts and installs chef.""" -+""" -+Chef -+---- -+**Summary:** module that configures, starts and installs chef. -+ -+This module enables chef to be installed (from packages or -+from gems, or from omnibus). Before this occurs chef configurations are -+written to disk (validation.pem, client.pem, firstboot.json, client.rb), -+and needed chef folders/directories are created (/etc/chef and /var/log/chef -+and so-on). Then once installing proceeds correctly if configured chef will -+be started (in daemon mode or in non-daemon mode) and then once that has -+finished (if ran in non-daemon mode this will be when chef finishes -+converging, if ran in daemon mode then no further actions are possible since -+chef will have forked into its own process) then a post run function can -+run that can do finishing activities (such as removing the validation pem -+file). -+ -+**Internal name:** ``cc_chef`` -+ -+**Module frequency:** per always -+ -+**Supported distros:** all -+ -+**Config keys**:: -+ -+ chef: -+ directories: (defaulting to /etc/chef, /var/log/chef, /var/lib/chef, -+ /var/cache/chef, /var/backups/chef, /run/chef) -+ validation_cert: (optional string to be written to file validation_key) -+ special value 'system' means set use existing file -+ validation_key: (optional the path for validation_cert. default -+ /etc/chef/validation.pem) -+ firstboot_path: (path to write run_list and initial_attributes keys that -+ should also be present in this configuration, defaults -+ to /etc/chef/firstboot.json) -+ exec: boolean to run or not run chef (defaults to false, unless -+ a gem installed is requested -+ where this will then default -+ to true) -+ -+ chef.rb template keys (if falsey, then will be skipped and not -+ written to /etc/chef/client.rb) -+ -+ chef: -+ client_key: -+ encrypted_data_bag_secret: -+ environment: -+ file_backup_path: -+ file_cache_path: -+ json_attribs: -+ log_level: -+ log_location: -+ node_name: -+ omnibus_url: -+ omnibus_url_retries: -+ omnibus_version: -+ pid_file: -+ server_url: -+ show_time: -+ ssl_verify_mode: -+ validation_cert: -+ validation_key: -+ validation_name: -+""" - - import itertools - import json -diff --git a/cloudinit/settings.py b/cloudinit/settings.py -index ecc1403b..39650a5b 100644 ---- a/cloudinit/settings.py -+++ b/cloudinit/settings.py -@@ -50,13 +50,16 @@ CFG_BUILTIN = { - ], - "def_log_file": "/var/log/cloud-init.log", - "log_cfgs": [], -- "syslog_fix_perms": ["syslog:adm", "root:adm", "root:wheel", "root:root"], -+ "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"], -+ "ssh_deletekeys": False, -+ "ssh_genkeytypes": [], -+ "syslog_fix_perms": [], - "system_info": { - "paths": { - "cloud_dir": "/var/lib/cloud", - "templates_dir": "/etc/cloud/templates/", - }, -- "distro": "ubuntu", -+ "distro": "rhel", - "network": {"renderers": None}, - }, - "vendor_data": {"enabled": True, "prefix": []}, -diff --git a/rhel/README.rhel b/rhel/README.rhel -new file mode 100644 -index 00000000..aa29630d ---- /dev/null -+++ b/rhel/README.rhel -@@ -0,0 +1,5 @@ -+The following cloud-init modules are currently unsupported on this OS: -+ - apt_update_upgrade ('apt_update', 'apt_upgrade', 'apt_mirror', 'apt_preserve_sources_list', 'apt_old_mirror', 'apt_sources', 'debconf_selections', 'packages' options) -+ - byobu ('byobu_by_default' option) -+ - chef -+ - grub_dpkg -diff --git a/rhel/cloud-init-tmpfiles.conf b/rhel/cloud-init-tmpfiles.conf -new file mode 100644 -index 00000000..0c6d2a3b ---- /dev/null -+++ b/rhel/cloud-init-tmpfiles.conf -@@ -0,0 +1 @@ -+d /run/cloud-init 0700 root root - - -diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg -new file mode 100644 -index 00000000..82e8bf62 ---- /dev/null -+++ b/rhel/cloud.cfg -@@ -0,0 +1,69 @@ -+users: -+ - default -+ -+disable_root: 1 -+ssh_pwauth: 0 -+ -+mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] -+resize_rootfs_tmp: /dev -+ssh_deletekeys: 0 -+ssh_genkeytypes: ~ -+syslog_fix_perms: ~ -+disable_vmware_customization: false -+ -+cloud_init_modules: -+ - disk_setup -+ - migrator -+ - bootcmd -+ - write-files -+ - growpart -+ - resizefs -+ - set_hostname -+ - update_hostname -+ - update_etc_hosts -+ - rsyslog -+ - users-groups -+ - ssh -+ -+cloud_config_modules: -+ - mounts -+ - locale -+ - set-passwords -+ - rh_subscription -+ - yum-add-repo -+ - package-update-upgrade-install -+ - timezone -+ - puppet -+ - chef -+ - salt-minion -+ - mcollective -+ - disable-ec2-metadata -+ - runcmd -+ -+cloud_final_modules: -+ - rightscale_userdata -+ - scripts-per-once -+ - scripts-per-boot -+ - scripts-per-instance -+ - scripts-user -+ - ssh-authkey-fingerprints -+ - keys-to-console -+ - phone-home -+ - final-message -+ - power-state-change -+ -+system_info: -+ default_user: -+ name: cloud-user -+ lock_passwd: true -+ gecos: Cloud User -+ groups: [adm, systemd-journal] -+ sudo: ["ALL=(ALL) NOPASSWD:ALL"] -+ shell: /bin/bash -+ distro: rhel -+ paths: -+ cloud_dir: /var/lib/cloud -+ templates_dir: /etc/cloud/templates -+ ssh_svcname: sshd -+ -+# vim:syntax=yaml -diff --git a/rhel/systemd/cloud-config.service b/rhel/systemd/cloud-config.service -new file mode 100644 -index 00000000..f3dcd4be ---- /dev/null -+++ b/rhel/systemd/cloud-config.service -@@ -0,0 +1,18 @@ -+[Unit] -+Description=Apply the settings specified in cloud-config -+After=network-online.target cloud-config.target -+Wants=network-online.target cloud-config.target -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+ -+[Service] -+Type=oneshot -+ExecStart=/usr/bin/cloud-init modules --mode=config -+RemainAfterExit=yes -+TimeoutSec=0 -+ -+# Output needs to appear in instance console output -+StandardOutput=journal+console -+ -+[Install] -+WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-config.target b/rhel/systemd/cloud-config.target -new file mode 100644 -index 00000000..ae9b7d02 ---- /dev/null -+++ b/rhel/systemd/cloud-config.target -@@ -0,0 +1,11 @@ -+# cloud-init normally emits a "cloud-config" upstart event to inform third -+# parties that cloud-config is available, which does us no good when we're -+# using systemd. cloud-config.target serves as this synchronization point -+# instead. Services that would "start on cloud-config" with upstart can -+# instead use "After=cloud-config.target" and "Wants=cloud-config.target" -+# as appropriate. -+ -+[Unit] -+Description=Cloud-config availability -+Wants=cloud-init-local.service cloud-init.service -+After=cloud-init-local.service cloud-init.service -diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service -new file mode 100644 -index 00000000..e281c0cf ---- /dev/null -+++ b/rhel/systemd/cloud-final.service -@@ -0,0 +1,24 @@ -+[Unit] -+Description=Execute cloud user/final scripts -+After=network-online.target cloud-config.service rc-local.service -+Wants=network-online.target cloud-config.service -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+ -+[Service] -+Type=oneshot -+ExecStart=/usr/bin/cloud-init modules --mode=final -+RemainAfterExit=yes -+TimeoutSec=0 -+KillMode=process -+# Restart NetworkManager if it is present and running. -+ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ -+ out=$(systemctl show --property=SubState $u) || exit; \ -+ [ "$out" = "SubState=running" ] || exit 0; \ -+ systemctl reload-or-try-restart $u' -+ -+# Output needs to appear in instance console output -+StandardOutput=journal+console -+ -+[Install] -+WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-init-local.service b/rhel/systemd/cloud-init-local.service -new file mode 100644 -index 00000000..8f9f6c9f ---- /dev/null -+++ b/rhel/systemd/cloud-init-local.service -@@ -0,0 +1,31 @@ -+[Unit] -+Description=Initial cloud-init job (pre-networking) -+DefaultDependencies=no -+Wants=network-pre.target -+After=systemd-remount-fs.service -+Requires=dbus.socket -+After=dbus.socket -+Before=NetworkManager.service network.service -+Before=network-pre.target -+Before=shutdown.target -+Before=firewalld.target -+Conflicts=shutdown.target -+RequiresMountsFor=/var/lib/cloud -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+ -+[Service] -+Type=oneshot -+ExecStartPre=/bin/mkdir -p /run/cloud-init -+ExecStartPre=/sbin/restorecon /run/cloud-init -+ExecStartPre=/usr/bin/touch /run/cloud-init/enabled -+ExecStart=/usr/bin/cloud-init init --local -+ExecStart=/bin/touch /run/cloud-init/network-config-ready -+RemainAfterExit=yes -+TimeoutSec=0 -+ -+# Output needs to appear in instance console output -+StandardOutput=journal+console -+ -+[Install] -+WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service -new file mode 100644 -index 00000000..d0023a05 ---- /dev/null -+++ b/rhel/systemd/cloud-init.service -@@ -0,0 +1,25 @@ -+[Unit] -+Description=Initial cloud-init job (metadata service crawler) -+Wants=cloud-init-local.service -+Wants=sshd-keygen.service -+Wants=sshd.service -+After=cloud-init-local.service -+After=NetworkManager.service network.service -+Before=network-online.target -+Before=sshd-keygen.service -+Before=sshd.service -+Before=systemd-user-sessions.service -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+ -+[Service] -+Type=oneshot -+ExecStart=/usr/bin/cloud-init init -+RemainAfterExit=yes -+TimeoutSec=0 -+ -+# Output needs to appear in instance console output -+StandardOutput=journal+console -+ -+[Install] -+WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-init.target b/rhel/systemd/cloud-init.target -new file mode 100644 -index 00000000..083c3b6f ---- /dev/null -+++ b/rhel/systemd/cloud-init.target -@@ -0,0 +1,7 @@ -+# cloud-init target is enabled by cloud-init-generator -+# To disable it you can either: -+# a.) boot with kernel cmdline of 'cloud-init=disabled' -+# b.) touch a file /etc/cloud/cloud-init.disabled -+[Unit] -+Description=Cloud-init target -+After=multi-user.target -diff --git a/setup.py b/setup.py -index a9132d2c..3c377eaa 100755 ---- a/setup.py -+++ b/setup.py -@@ -139,21 +139,6 @@ INITSYS_FILES = { - "sysvinit_deb": [f for f in glob("sysvinit/debian/*") if is_f(f)], - "sysvinit_openrc": [f for f in glob("sysvinit/gentoo/*") if is_f(f)], - "sysvinit_suse": [f for f in glob("sysvinit/suse/*") if is_f(f)], -- "systemd": [ -- render_tmpl(f) -- for f in ( -- glob("systemd/*.tmpl") -- + glob("systemd/*.service") -- + glob("systemd/*.socket") -- + glob("systemd/*.target") -- ) -- if (is_f(f) and not is_generator(f)) -- ], -- "systemd.generators": [ -- render_tmpl(f, mode=0o755) -- for f in glob("systemd/*") -- if is_f(f) and is_generator(f) -- ], - "upstart": [f for f in glob("upstart/*") if is_f(f)], - } - INITSYS_ROOTS = { -@@ -163,10 +148,6 @@ INITSYS_ROOTS = { - "sysvinit_deb": "etc/init.d", - "sysvinit_openrc": "etc/init.d", - "sysvinit_suse": "etc/init.d", -- "systemd": pkg_config_read("systemd", "systemdsystemunitdir"), -- "systemd.generators": pkg_config_read( -- "systemd", "systemdsystemgeneratordir" -- ), - "upstart": "etc/init/", - } - INITSYS_TYPES = sorted([f.partition(".")[0] for f in INITSYS_ROOTS.keys()]) -@@ -281,15 +262,13 @@ data_files = [ - ( - USR_LIB_EXEC + "/cloud-init", - [ -- "tools/ds-identify", - "tools/hook-hotplug", - "tools/uncloud-init", - "tools/write-ssh-key-fingerprints", - ], - ), - ( -- USR + "/share/bash-completion/completions", -- ["bash_completion/cloud-init"], -+ ETC + "/bash_completion.d", ["bash_completion/cloud-init"], - ), - (USR + "/share/doc/cloud-init", [f for f in glob("doc/*") if is_f(f)]), - ( -@@ -308,8 +287,7 @@ if not platform.system().endswith("BSD"): - ETC + "/NetworkManager/dispatcher.d/", - ["tools/hook-network-manager"], - ), -- (ETC + "/dhcp/dhclient-exit-hooks.d/", ["tools/hook-dhclient"]), -- (LIB + "/udev/rules.d", [f for f in glob("udev/*.rules")]), -+ ("/usr/lib/udev/rules.d", [f for f in glob("udev/*.rules")]), - ( - ETC + "/systemd/system/sshd-keygen@.service.d/", - ["systemd/disable-sshd-keygen-if-cloud-init-active.conf"], -@@ -339,8 +317,6 @@ setuptools.setup( - scripts=["tools/cloud-init-per"], - license="Dual-licensed under GPLv3 or Apache 2.0", - data_files=data_files, -- install_requires=requirements, -- cmdclass=cmdclass, - entry_points={ - "console_scripts": [ - "cloud-init = cloudinit.cmd.main:main", -diff --git a/tools/read-version b/tools/read-version -index 02c90643..79755f78 100755 ---- a/tools/read-version -+++ b/tools/read-version -@@ -71,32 +71,8 @@ version_long = None - is_release_branch_ci = ( - os.environ.get("TRAVIS_PULL_REQUEST_BRANCH", "").startswith("upstream/") - ) --if is_gitdir(_tdir) and which("git") and not is_release_branch_ci: -- flags = [] -- if use_tags: -- flags = ['--tags'] -- cmd = ['git', 'describe', '--abbrev=8', '--match=[0-9]*'] + flags -- -- try: -- version = tiny_p(cmd).strip() -- except RuntimeError: -- version = None -- -- if version is None or not version.startswith(src_version): -- sys.stderr.write("git describe version (%s) differs from " -- "cloudinit.version (%s)\n" % (version, src_version)) -- sys.stderr.write( -- "Please get the latest upstream tags.\n" -- "As an example, this can be done with the following:\n" -- "$ git remote add upstream https://git.launchpad.net/cloud-init\n" -- "$ git fetch upstream --tags\n" -- ) -- sys.exit(1) -- -- version_long = tiny_p(cmd + ["--long"]).strip() --else: -- version = src_version -- version_long = None -+version = src_version -+version_long = None - - # version is X.Y.Z[+xxx.gHASH] - # version_long is None or X.Y.Z-xxx-gHASH --- -2.31.1 - diff --git a/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch b/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch index 60c0a2a..fb62129 100644 --- a/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch +++ b/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch @@ -1,4 +1,4 @@ -From e0dc628ac553072891fa6607dc91b652efd99be2 Mon Sep 17 00:00:00 2001 +From 04847980754f9d5c4f5363f4bb637d1e95470fa9 Mon Sep 17 00:00:00 2001 From: Eduardo Otubo Date: Fri, 7 May 2021 13:36:06 +0200 Subject: Do not write NM_CONTROLLED=no in generated interface config files @@ -11,16 +11,18 @@ correct settings for NM_CONTROLLED. X-downstream-only: true Signed-off-by: Eduardo Otubo Signed-off-by: Ryan McCabe +(cherry picked from commit e0dc628ac553072891fa6607dc91b652efd99be2) +Signed-off-by: Ani Sinha --- cloudinit/net/sysconfig.py | 1 - tests/unittests/test_net.py | 28 ---------------------------- 2 files changed, 29 deletions(-) diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index ba85c4f6..e06ddee7 100644 +index d4daa78f..1d3d83dc 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -336,7 +336,6 @@ class Renderer(renderer.Renderer): +@@ -316,7 +316,6 @@ class Renderer(renderer.Renderer): "rhel": { "ONBOOT": True, "USERCTL": False, @@ -29,10 +31,10 @@ index ba85c4f6..e06ddee7 100644 }, "suse": {"BOOTPROTO": "static", "STARTMODE": "auto"}, diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index 47e4ba00..591241b3 100644 +index 056aaeb6..0f523ff8 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -579,7 +579,6 @@ GATEWAY=172.19.3.254 +@@ -585,7 +585,6 @@ GATEWAY=172.19.3.254 HWADDR=fa:16:3e:ed:9a:59 IPADDR=172.19.1.34 NETMASK=255.255.252.0 @@ -40,7 +42,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no -@@ -712,7 +711,6 @@ IPADDR=172.19.1.34 +@@ -749,7 +748,6 @@ IPADDR=172.19.1.34 IPADDR1=10.0.0.10 NETMASK=255.255.252.0 NETMASK1=255.255.255.0 @@ -48,7 +50,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no -@@ -874,7 +872,6 @@ IPV6_AUTOCONF=no +@@ -911,7 +909,6 @@ IPV6_AUTOCONF=no IPV6_DEFAULTGW=2001:DB8::1 IPV6_FORCE_ACCEPT_RA=no NETMASK=255.255.252.0 @@ -56,7 +58,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no -@@ -1053,7 +1050,6 @@ NETWORK_CONFIGS = { +@@ -1090,7 +1087,6 @@ NETWORK_CONFIGS = { BOOTPROTO=none DEVICE=eth1 HWADDR=cf:d6:af:48:e8:80 @@ -64,7 +66,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no""" -@@ -1072,7 +1068,6 @@ NETWORK_CONFIGS = { +@@ -1109,7 +1105,6 @@ NETWORK_CONFIGS = { IPADDR=192.168.21.3 NETMASK=255.255.255.0 METRIC=10000 @@ -72,7 +74,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no""" -@@ -1244,7 +1239,6 @@ NETWORK_CONFIGS = { +@@ -1353,7 +1348,6 @@ NETWORK_CONFIGS = { IPV6_AUTOCONF=no IPV6_FORCE_ACCEPT_RA=no NETMASK=255.255.255.0 @@ -80,7 +82,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no -@@ -2093,7 +2087,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2377,7 +2371,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DHCPV6C=yes IPV6INIT=yes MACADDR=aa:bb:cc:dd:ee:ff @@ -88,7 +90,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Bond USERCTL=no""" -@@ -2103,7 +2096,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2387,7 +2380,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BOOTPROTO=dhcp DEVICE=bond0.200 DHCLIENT_SET_DEFAULT_ROUTE=no @@ -96,7 +98,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes PHYSDEV=bond0 USERCTL=no -@@ -2123,7 +2115,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2407,7 +2399,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true IPV6_DEFAULTGW=2001:4800:78ff:1b::1 MACADDR=bb:bb:bb:bb:bb:aa NETMASK=255.255.255.0 @@ -104,7 +106,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes PRIO=22 STP=no -@@ -2135,7 +2126,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2419,7 +2410,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BOOTPROTO=none DEVICE=eth0 HWADDR=c0:d6:9f:2c:e8:80 @@ -112,7 +114,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no""" -@@ -2154,7 +2144,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2438,7 +2428,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true MTU=1500 NETMASK=255.255.255.0 NETMASK1=255.255.255.0 @@ -120,7 +122,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes PHYSDEV=eth0 USERCTL=no -@@ -2166,7 +2155,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2450,7 +2439,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DEVICE=eth1 HWADDR=aa:d6:9f:2c:e8:80 MASTER=bond0 @@ -128,7 +130,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes SLAVE=yes TYPE=Ethernet -@@ -2178,7 +2166,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2462,7 +2450,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DEVICE=eth2 HWADDR=c0:bb:9f:2c:e8:80 MASTER=bond0 @@ -136,7 +138,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes SLAVE=yes TYPE=Ethernet -@@ -2190,7 +2177,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2474,7 +2461,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BRIDGE=br0 DEVICE=eth3 HWADDR=66:bb:9f:2c:e8:80 @@ -144,7 +146,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no""" -@@ -2201,7 +2187,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2485,7 +2471,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BRIDGE=br0 DEVICE=eth4 HWADDR=98:bb:9f:2c:e8:80 @@ -152,7 +154,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no""" -@@ -2212,7 +2197,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -2496,7 +2481,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DEVICE=eth5 DHCLIENT_SET_DEFAULT_ROUTE=no HWADDR=98:bb:9f:2c:e8:8a @@ -160,7 +162,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=no TYPE=Ethernet USERCTL=no""" -@@ -2689,7 +2673,6 @@ iface bond0 inet6 static +@@ -3220,7 +3204,6 @@ iface bond0 inet6 static MTU=9000 NETMASK=255.255.255.0 NETMASK1=255.255.255.0 @@ -168,7 +170,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Bond USERCTL=no -@@ -2701,7 +2684,6 @@ iface bond0 inet6 static +@@ -3232,7 +3215,6 @@ iface bond0 inet6 static DEVICE=bond0s0 HWADDR=aa:bb:cc:dd:e8:00 MASTER=bond0 @@ -176,7 +178,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes SLAVE=yes TYPE=Ethernet -@@ -2729,7 +2711,6 @@ iface bond0 inet6 static +@@ -3260,7 +3242,6 @@ iface bond0 inet6 static DEVICE=bond0s1 HWADDR=aa:bb:cc:dd:e8:01 MASTER=bond0 @@ -184,7 +186,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes SLAVE=yes TYPE=Ethernet -@@ -2794,7 +2775,6 @@ iface bond0 inet6 static +@@ -3406,7 +3387,6 @@ iface bond0 inet6 static BOOTPROTO=none DEVICE=en0 HWADDR=aa:bb:cc:dd:e8:00 @@ -192,7 +194,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no""" -@@ -2815,7 +2795,6 @@ iface bond0 inet6 static +@@ -3427,7 +3407,6 @@ iface bond0 inet6 static MTU=2222 NETMASK=255.255.255.0 NETMASK1=255.255.255.0 @@ -200,7 +202,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes PHYSDEV=en0 USERCTL=no -@@ -2890,7 +2869,6 @@ iface bond0 inet6 static +@@ -3553,7 +3532,6 @@ iface bond0 inet6 static DEVICE=br0 IPADDR=192.168.2.2 NETMASK=255.255.255.0 @@ -208,7 +210,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes PRIO=22 STP=no -@@ -3032,7 +3010,6 @@ iface bond0 inet6 static +@@ -3769,7 +3747,6 @@ iface bond0 inet6 static HWADDR=52:54:00:12:34:00 IPADDR=192.168.1.2 NETMASK=255.255.255.0 @@ -216,7 +218,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=no TYPE=Ethernet USERCTL=no -@@ -3044,7 +3021,6 @@ iface bond0 inet6 static +@@ -3781,7 +3758,6 @@ iface bond0 inet6 static DEVICE=eth1 HWADDR=52:54:00:12:34:aa MTU=1480 @@ -224,7 +226,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no -@@ -3055,7 +3031,6 @@ iface bond0 inet6 static +@@ -3792,7 +3768,6 @@ iface bond0 inet6 static BOOTPROTO=none DEVICE=eth2 HWADDR=52:54:00:12:34:ff @@ -232,7 +234,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=no TYPE=Ethernet USERCTL=no -@@ -3628,7 +3603,6 @@ class TestRhelSysConfigRendering(CiTestCase): +@@ -4469,7 +4444,6 @@ class TestRhelSysConfigRendering(CiTestCase): BOOTPROTO=dhcp DEVICE=eth1000 HWADDR=07-1c-c6-75-a4-be @@ -240,7 +242,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no -@@ -3840,7 +3814,6 @@ GATEWAY=10.0.2.2 +@@ -4681,7 +4655,6 @@ GATEWAY=10.0.2.2 HWADDR=52:54:00:12:34:00 IPADDR=10.0.2.15 NETMASK=255.255.255.0 @@ -248,7 +250,7 @@ index 47e4ba00..591241b3 100644 ONBOOT=yes TYPE=Ethernet USERCTL=no -@@ -3910,7 +3883,6 @@ USERCTL=no +@@ -4751,7 +4724,6 @@ USERCTL=no # BOOTPROTO=dhcp DEVICE=eth0 @@ -257,5 +259,5 @@ index 47e4ba00..591241b3 100644 TYPE=Ethernet USERCTL=no -- -2.31.1 +2.37.3 diff --git a/SOURCES/0003-limit-permissions-on-def_log_file.patch b/SOURCES/0003-limit-permissions-on-def_log_file.patch index 6f58247..d360deb 100644 --- a/SOURCES/0003-limit-permissions-on-def_log_file.patch +++ b/SOURCES/0003-limit-permissions-on-def_log_file.patch @@ -1,4 +1,4 @@ -From cb7b35ca10c82c9725c3527e3ec5fb8cb7c61bc0 Mon Sep 17 00:00:00 2001 +From 1308991156950833f62ec1464b1aef3673864c02 Mon Sep 17 00:00:00 2001 From: Eduardo Otubo Date: Fri, 7 May 2021 13:36:08 +0200 Subject: limit permissions on def_log_file @@ -15,6 +15,8 @@ Conflicts 21.1: recent version Signed-off-by: Eduardo Otubo +(cherry picked from commit cb7b35ca10c82c9725c3527e3ec5fb8cb7c61bc0) +Signed-off-by: Ani Sinha --- cloudinit/settings.py | 1 + cloudinit/stages.py | 1 + @@ -22,22 +24,22 @@ Signed-off-by: Eduardo Otubo 3 files changed, 6 insertions(+) diff --git a/cloudinit/settings.py b/cloudinit/settings.py -index 39650a5b..3c2145e9 100644 +index 8684d003..681ea771 100644 --- a/cloudinit/settings.py +++ b/cloudinit/settings.py -@@ -49,6 +49,7 @@ CFG_BUILTIN = { +@@ -52,6 +52,7 @@ CFG_BUILTIN = { "None", ], "def_log_file": "/var/log/cloud-init.log", + "def_log_file_mode": 0o600, "log_cfgs": [], - "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"], - "ssh_deletekeys": False, + "syslog_fix_perms": ["syslog:adm", "root:adm", "root:wheel", "root:root"], + "system_info": { diff --git a/cloudinit/stages.py b/cloudinit/stages.py -index 3f17294b..61db1dbd 100644 +index 9494a0bf..a624a6fb 100644 --- a/cloudinit/stages.py +++ b/cloudinit/stages.py -@@ -205,6 +205,7 @@ class Init(object): +@@ -202,6 +202,7 @@ class Init: def _initialize_filesystem(self): util.ensure_dirs(self._initial_subdirs()) log_file = util.get_cfg_option_str(self.cfg, "def_log_file") @@ -46,10 +48,10 @@ index 3f17294b..61db1dbd 100644 util.ensure_file(log_file, mode=0o640, preserve_mode=True) perms = self.cfg.get("syslog_fix_perms") diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt -index a2b4a3fa..0ccf3147 100644 +index 15d788f3..b6d16c9c 100644 --- a/doc/examples/cloud-config.txt +++ b/doc/examples/cloud-config.txt -@@ -414,10 +414,14 @@ timezone: US/Eastern +@@ -383,10 +383,14 @@ timezone: US/Eastern # if syslog_fix_perms is a list, it will iterate through and use the # first pair that does not raise error. # @@ -65,5 +67,5 @@ index a2b4a3fa..0ccf3147 100644 # you can set passwords for a user or multiple users -- -2.31.1 +2.37.3 diff --git a/SOURCES/0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch b/SOURCES/0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch index 5c5a144..915441d 100644 --- a/SOURCES/0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch +++ b/SOURCES/0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch @@ -1,4 +1,4 @@ -From ffa647e83efd4293bd027e9e390274aad8a12d94 Mon Sep 17 00:00:00 2001 +From 06b2d8279628eb5d0ec36c6b5493346d6cf9a752 Mon Sep 17 00:00:00 2001 From: Eduardo Otubo Date: Fri, 7 May 2021 13:36:13 +0200 Subject: include 'NOZEROCONF=yes' in /etc/sysconfig/network @@ -21,15 +21,17 @@ Resolves: rhbz#1653131 Signed-off-by: Eduardo Otubo Signed-off-by: Miroslav Rezanina +(cherry picked from commit ffa647e83efd4293bd027e9e390274aad8a12d94) +Signed-off-by: Ani Sinha --- cloudinit/net/sysconfig.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index e06ddee7..362e8d19 100644 +index 1d3d83dc..9abe2279 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -1038,7 +1038,16 @@ class Renderer(renderer.Renderer): +@@ -1018,7 +1018,16 @@ class Renderer(renderer.Renderer): # Distros configuring /etc/sysconfig/network as a file e.g. Centos if sysconfig_path.endswith("network"): util.ensure_dir(os.path.dirname(sysconfig_path)) @@ -48,5 +50,5 @@ index e06ddee7..362e8d19 100644 netcfg.append("NETWORKING_IPV6=yes") netcfg.append("IPV6_AUTOCONF=no") -- -2.31.1 +2.37.3 diff --git a/SOURCES/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch b/SOURCES/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch new file mode 100644 index 0000000..02fca29 --- /dev/null +++ b/SOURCES/0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch @@ -0,0 +1,95 @@ +From 0616dbd3f523395b619960b67b3b65c2f0ea15f4 Mon Sep 17 00:00:00 2001 +From: Emanuele Giuseppe Esposito +Date: Fri, 10 Mar 2023 11:51:48 +0100 +Subject: Manual revert "Use Network-Manager and Netplan as default renderers + for RHEL and Fedora (#1465)" + +This reverts changes done in commit 7703aa98b. +Done by hand because the doc file affected by that commit has changed. + +X-downstream-only: true + +Signed-off-by: Emanuele Giuseppe Esposito +--- + cloudinit/net/renderers.py | 1 - + config/cloud.cfg.tmpl | 3 --- + doc/rtd/reference/network-config.rst | 16 ++-------------- + 3 files changed, 2 insertions(+), 18 deletions(-) + +diff --git a/cloudinit/net/renderers.py b/cloudinit/net/renderers.py +index fcf7feba..b241683f 100644 +--- a/cloudinit/net/renderers.py ++++ b/cloudinit/net/renderers.py +@@ -30,7 +30,6 @@ DEFAULT_PRIORITY = [ + "eni", + "sysconfig", + "netplan", +- "network-manager", + "freebsd", + "netbsd", + "openbsd", +diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl +index 7238c102..12f32c51 100644 +--- a/config/cloud.cfg.tmpl ++++ b/config/cloud.cfg.tmpl +@@ -381,9 +381,6 @@ system_info: + {% elif variant in ["dragonfly"] %} + network: + renderers: ['freebsd'] +-{% elif variant in ["fedora"] or is_rhel %} +- network: +- renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni'] + {% elif variant == "openmandriva" %} + network: + renderers: ['network-manager', 'networkd'] +diff --git a/doc/rtd/reference/network-config.rst b/doc/rtd/reference/network-config.rst +index ea331f1c..bc52afa5 100644 +--- a/doc/rtd/reference/network-config.rst ++++ b/doc/rtd/reference/network-config.rst +@@ -176,16 +176,6 @@ this state, ``cloud-init`` delegates rendering of the configuration to + distro-supported formats. The following ``renderers`` are supported in + ``cloud-init``: + +-NetworkManager +--------------- +- +-`NetworkManager`_ is the standard Linux network configuration tool suite. It +-supports a wide range of networking setups. Configuration is typically stored +-in :file:`/etc/NetworkManager`. +- +-It is the default for a number of Linux distributions; notably Fedora, +-CentOS/RHEL, and their derivatives. +- + ENI + --- + +@@ -223,7 +213,6 @@ preference) is as follows: + - ENI + - Sysconfig + - Netplan +-- NetworkManager + - FreeBSD + - NetBSD + - OpenBSD +@@ -234,7 +223,6 @@ preference) is as follows: + + - **ENI**: using ``ifup``, ``ifdown`` to manage device setup/teardown + - **Netplan**: using ``netplan apply`` to manage device setup/teardown +-- **NetworkManager**: using ``nmcli`` to manage device setup/teardown + - **Networkd**: using ``ip`` to manage device setup/teardown + + When applying the policy, ``cloud-init`` checks if the current instance has the +@@ -244,8 +232,8 @@ supplying an updated configuration in cloud-config. :: + + system_info: + network: +- renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] +- activators: ['eni', 'netplan', 'network-manager', 'networkd'] ++ renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] ++ activators: ['eni', 'netplan', 'networkd'] + + Network configuration tools + =========================== +-- +2.37.3 + diff --git a/SOURCES/0005-Remove-race-condition-between-cloud-init-and-Network.patch b/SOURCES/0005-Remove-race-condition-between-cloud-init-and-Network.patch deleted file mode 100644 index 478e5ab..0000000 --- a/SOURCES/0005-Remove-race-condition-between-cloud-init-and-Network.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 386f0a82bfdfd62e506bf4251c17263260d3250a Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Fri, 7 May 2021 13:36:14 +0200 -Subject: Remove race condition between cloud-init and NetworkManager - -Message-id: <20200302104635.11648-1-otubo@redhat.com> -Patchwork-id: 94098 -O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Remove race condition between cloud-init and NetworkManager -Bugzilla: 1807797 -RH-Acked-by: Cathy Avery -RH-Acked-by: Mohammed Gamal - -BZ: 1748015 -BRANCH: rhel7/master-18.5 -BREW: 26924611 - -BZ: 1807797 -BRANCH: rhel820/master-18.5 -BREW: 26924957 - -cloud-init service is set to start before NetworkManager service starts, -but this does not avoid a race condition between them. NetworkManager -starts before cloud-init can write `dns=none' to the file: -/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager -doesn't read the configuration and erases all resolv.conf values upon -shutdown. On the next reboot neither cloud-init or NetworkManager will -write anything to resolv.conf, leaving it blank. - -This patch introduces a NM reload (try-restart) at the end of cloud-init -start up so it won't erase resolv.conf upon first shutdown. - -x-downstream-only: yes -resolves: rhbz#1748015, rhbz#1807797 and rhbz#1804780 - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina - -This commit is a squash and also includes the folloowing commits: - -commit 316a17b7c02a87fa9b2981535be0b20d165adc46 -Author: Eduardo Otubo -Date: Mon Jun 1 11:58:06 2020 +0200 - - Make cloud-init.service execute after network is up - - RH-Author: Eduardo Otubo - Message-id: <20200526090804.2047-1-otubo@redhat.com> - Patchwork-id: 96809 - O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up - Bugzilla: 1803928 - RH-Acked-by: Vitaly Kuznetsov - RH-Acked-by: Miroslav Rezanina - - cloud-init.service needs to wait until network is fully up before - continuing executing and configuring its service. - - Signed-off-by: Eduardo Otubo - - x-downstream-only: yes - Resolves: rhbz#1831646 - Signed-off-by: Miroslav Rezanina - -commit 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7 -Author: Eduardo Otubo -Date: Thu May 28 08:44:08 2020 +0200 - - Remove race condition between cloud-init and NetworkManager - - RH-Author: Eduardo Otubo - Message-id: <20200327121911.17699-1-otubo@redhat.com> - Patchwork-id: 94453 - O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager - Bugzilla: 1840648 - RH-Acked-by: Vitaly Kuznetsov - RH-Acked-by: Miroslav Rezanina - RH-Acked-by: Cathy Avery - - cloud-init service is set to start before NetworkManager service starts, - but this does not avoid a race condition between them. NetworkManager - starts before cloud-init can write `dns=none' to the file: - /etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager - doesn't read the configuration and erases all resolv.conf values upon - shutdown. On the next reboot neither cloud-init or NetworkManager will - write anything to resolv.conf, leaving it blank. - - This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init - start up so it won't erase resolv.conf upon first shutdown. - - x-downstream-only: yes - - Signed-off-by: Eduardo Otubo otubo@redhat.com - Signed-off-by: Miroslav Rezanina - -commit e0b48a936433faea7f56dbc29dda35acf7d375f7 -Author: Eduardo Otubo -Date: Thu May 28 08:44:06 2020 +0200 - - Enable ssh_deletekeys by default - - RH-Author: Eduardo Otubo - Message-id: <20200317091705.15715-1-otubo@redhat.com> - Patchwork-id: 94365 - O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default - Bugzilla: 1814152 - RH-Acked-by: Mohammed Gamal - RH-Acked-by: Vitaly Kuznetsov - - The configuration option ssh_deletekeys will trigger the generation - of new ssh keys for every new instance deployed. - - x-downstream-only: yes - resolves: rhbz#1814152 - - Signed-off-by: Eduardo Otubo - Signed-off-by: Miroslav Rezanina ---- - rhel/cloud.cfg | 2 +- - rhel/systemd/cloud-init.service | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg -index 82e8bf62..9ecba215 100644 ---- a/rhel/cloud.cfg -+++ b/rhel/cloud.cfg -@@ -6,7 +6,7 @@ ssh_pwauth: 0 - - mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] - resize_rootfs_tmp: /dev --ssh_deletekeys: 0 -+ssh_deletekeys: 1 - ssh_genkeytypes: ~ - syslog_fix_perms: ~ - disable_vmware_customization: false -diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service -index d0023a05..0b3d796d 100644 ---- a/rhel/systemd/cloud-init.service -+++ b/rhel/systemd/cloud-init.service -@@ -5,6 +5,7 @@ Wants=sshd-keygen.service - Wants=sshd.service - After=cloud-init-local.service - After=NetworkManager.service network.service -+After=NetworkManager-wait-online.service - Before=network-online.target - Before=sshd-keygen.service - Before=sshd.service --- -2.31.1 - diff --git a/SOURCES/ci-Revert-Add-native-NetworkManager-support-1224.patch b/SOURCES/0006-Revert-Add-native-NetworkManager-support-1224.patch similarity index 60% rename from SOURCES/ci-Revert-Add-native-NetworkManager-support-1224.patch rename to SOURCES/0006-Revert-Add-native-NetworkManager-support-1224.patch index e4e3594..a53d0fd 100644 --- a/SOURCES/ci-Revert-Add-native-NetworkManager-support-1224.patch +++ b/SOURCES/0006-Revert-Add-native-NetworkManager-support-1224.patch @@ -1,37 +1,30 @@ -From f1836e78d20ef34b05b6aba002fc10a97eceb454 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Mon, 8 Aug 2022 10:08:50 +0200 -Subject: [PATCH 1/2] Revert "Add native NetworkManager support (#1224)" +From df17359efbf873396cd49bbd87b1680700cdda41 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Wed, 22 Mar 2023 16:31:58 +0530 +Subject: Revert "Add native NetworkManager support (#1224)" -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 81: Revert "Use Network-Manager and Netplan as default renderers for RHEL and Fedora (#1465)" -RH-Commit: [1/2] 5b3e51502a89c2dcfbc97dc08a86b792454fedd3 -RH-Bugzilla: 2107464 2110066 2117526 2104393 2098624 -RH-Acked-by: Eduardo Otubo -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Mohamed Gamal Morsy +This reverts commit feda344e6cf9d37b09bc13cf333a717d1654c26c. -NM is not yet stable, so we don't want to support it for now. -This reverts commit 0d93e53fd05c44b62e3456b7580c9de8135e6b5a. +X-downstream-only: true -Signed-off-by: Emanuele Giuseppe Esposito +Signed-off-by: Ani Sinha --- - cloudinit/cmd/devel/net_convert.py | 14 +- - cloudinit/net/activators.py | 25 +- - cloudinit/net/network_manager.py | 377 ------- - cloudinit/net/renderers.py | 3 - - cloudinit/net/sysconfig.py | 37 +- - tests/unittests/test_net.py | 1268 +++--------------------- - tests/unittests/test_net_activators.py | 93 +- - 7 files changed, 193 insertions(+), 1624 deletions(-) + cloudinit/cmd/devel/net_convert.py | 14 +- + cloudinit/net/activators.py | 25 +- + cloudinit/net/network_manager.py | 393 ---------------- + cloudinit/net/renderers.py | 2 - + cloudinit/net/sysconfig.py | 42 +- + tests/unittests/test_net.py | 597 +++++-------------------- + tests/unittests/test_net_activators.py | 11 +- + 7 files changed, 161 insertions(+), 923 deletions(-) delete mode 100644 cloudinit/net/network_manager.py diff --git a/cloudinit/cmd/devel/net_convert.py b/cloudinit/cmd/devel/net_convert.py -index 647fe07b..18b1e7ff 100755 +index eee49860..1a0a31ac 100755 --- a/cloudinit/cmd/devel/net_convert.py +++ b/cloudinit/cmd/devel/net_convert.py -@@ -7,14 +7,7 @@ import os - import sys +@@ -10,14 +10,7 @@ import sys + import yaml from cloudinit import distros, log, safeyaml -from cloudinit.net import ( @@ -44,9 +37,9 @@ index 647fe07b..18b1e7ff 100755 -) +from cloudinit.net import eni, netplan, network_state, networkd, sysconfig from cloudinit.sources import DataSourceAzure as azure - from cloudinit.sources import DataSourceOVF as ovf from cloudinit.sources.helpers import openstack -@@ -81,7 +74,7 @@ def get_parser(parser=None): + from cloudinit.sources.helpers.vmware.imc import guestcust_util +@@ -84,7 +77,7 @@ def get_parser(parser=None): parser.add_argument( "-O", "--output-kind", @@ -55,7 +48,7 @@ index 647fe07b..18b1e7ff 100755 required=True, help="The network config format to emit", ) -@@ -155,9 +148,6 @@ def handle_args(name, args): +@@ -157,9 +150,6 @@ def handle_args(name, args): elif args.output_kind == "sysconfig": r_cls = sysconfig.Renderer config = distro.renderer_configs.get("sysconfig") @@ -66,7 +59,7 @@ index 647fe07b..18b1e7ff 100755 raise RuntimeError("Invalid output_kind") diff --git a/cloudinit/net/activators.py b/cloudinit/net/activators.py -index edbc0c06..e80c26df 100644 +index 7d11a02c..d9a8c4d7 100644 --- a/cloudinit/net/activators.py +++ b/cloudinit/net/activators.py @@ -1,14 +1,15 @@ @@ -74,7 +67,7 @@ index edbc0c06..e80c26df 100644 import logging +import os from abc import ABC, abstractmethod - from typing import Iterable, List, Type + from typing import Dict, Iterable, List, Optional, Type, Union from cloudinit import subp, util from cloudinit.net.eni import available as eni_available @@ -130,10 +123,10 @@ index edbc0c06..e80c26df 100644 diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py deleted file mode 100644 -index 79b0fe0b..00000000 +index 53763d15..00000000 --- a/cloudinit/net/network_manager.py +++ /dev/null -@@ -1,377 +0,0 @@ +@@ -1,393 +0,0 @@ -# Copyright 2022 Red Hat, Inc. -# -# Author: Lubomir Rintel @@ -147,15 +140,16 @@ index 79b0fe0b..00000000 -import itertools -import os -import uuid +-from typing import Optional - -from cloudinit import log as logging -from cloudinit import subp, util -- --from . import renderer --from .network_state import is_ipv6_addr, subnet_is_ipv6 +-from cloudinit.net import is_ipv6_address, renderer, subnet_is_ipv6 +-from cloudinit.net.network_state import NetworkState - -NM_RUN_DIR = "/etc/NetworkManager" -NM_LIB_DIR = "/usr/lib/NetworkManager" +-NM_CFG_FILE = "/etc/NetworkManager/NetworkManager.conf" -LOG = logging.getLogger(__name__) - - @@ -204,7 +198,7 @@ index 79b0fe0b..00000000 - - method_map = { - "static": "manual", -- "dhcp6": "dhcp", +- "dhcp6": "auto", - "ipv6_slaac": "auto", - "ipv6_dhcpv6-stateless": "auto", - "ipv6_dhcpv6-stateful": "auto", @@ -231,8 +225,6 @@ index 79b0fe0b..00000000 - - self.config[family]["method"] = method - self._set_default(family, "may-fail", "false") -- if family == "ipv6": -- self._set_default(family, "addr-gen-mode", "stable-privacy") - - def _add_numbered(self, section, key_prefix, value): - """ @@ -273,7 +265,7 @@ index 79b0fe0b..00000000 - # together. We might be getting an IPv6 name server while - # we're dealing with an IPv4 subnet. Sort this out by figuring - # out the correct family and making sure a valid section exist. -- family = "ipv6" if is_ipv6_addr(dns) else "ipv4" +- family = "ipv6" if is_ipv6_address(dns) else "ipv4" - self._set_default(family, "method", "disabled") - - self._set_default(family, "dns", "") @@ -479,7 +471,12 @@ index 79b0fe0b..00000000 - # Well, what can we do... - return con_id - -- def render_network_state(self, network_state, templates=None, target=None): +- def render_network_state( +- self, +- network_state: NetworkState, +- templates: Optional[dict] = None, +- target=None, +- ) -> None: - # First pass makes sure there's NMConnections for all known - # interfaces that have UUIDs that can be linked to from related - # interfaces @@ -506,16 +503,28 @@ index 79b0fe0b..00000000 - - -def available(target=None): -- target_nm_dir = subp.target_path(target, NM_LIB_DIR) -- return os.path.exists(target_nm_dir) +- # TODO: Move `uses_systemd` to a more appropriate location +- # It is imported here to avoid circular import +- from cloudinit.distros import uses_systemd +- +- config_present = os.path.isfile(subp.target_path(target, path=NM_CFG_FILE)) +- nmcli_present = subp.which("nmcli", target=target) +- service_active = True +- if uses_systemd(): +- try: +- subp.subp(["systemctl", "is-enabled", "NetworkManager.service"]) +- except subp.ProcessExecutionError: +- service_active = False +- +- return config_present and bool(nmcli_present) and service_active - - -# vi: ts=4 expandtab diff --git a/cloudinit/net/renderers.py b/cloudinit/net/renderers.py -index 7edc34b5..c755f04c 100644 +index b241683f..c92b9dcf 100644 --- a/cloudinit/net/renderers.py +++ b/cloudinit/net/renderers.py -@@ -8,7 +8,6 @@ from . import ( +@@ -8,7 +8,6 @@ from cloudinit.net import ( freebsd, netbsd, netplan, @@ -531,31 +540,34 @@ index 7edc34b5..c755f04c 100644 "networkd": networkd, "openbsd": openbsd, "sysconfig": sysconfig, -@@ -30,7 +28,6 @@ DEFAULT_PRIORITY = [ - "eni", - "sysconfig", - "netplan", -- "network-manager", - "freebsd", - "netbsd", - "openbsd", diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index c3b0c795..362e8d19 100644 +index 9abe2279..db084e07 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -5,6 +5,8 @@ import io - import os +@@ -6,6 +6,8 @@ import os import re + from typing import Mapping, Optional +from configobj import ConfigObj + from cloudinit import log as logging from cloudinit import subp, util from cloudinit.distros.parsers import networkmanager_conf, resolv_conf -@@ -64,6 +66,24 @@ def _quote_value(value): +@@ -35,7 +37,7 @@ KNOWN_DISTROS = [ + "TencentOS", + "virtuozzo", + ] +- ++NM_CFG_FILE = "/etc/NetworkManager/NetworkManager.conf" + + def _make_header(sep="#"): + lines = [ +@@ -66,7 +68,26 @@ def _quote_value(value): return value +-class ConfigMap: ++ +def enable_ifcfg_rh(path): + """Add ifcfg-rh to NetworkManager.cfg plugins if main section is present""" + config = ConfigObj(path) @@ -574,10 +586,11 @@ index c3b0c795..362e8d19 100644 + LOG.debug("Enabled ifcfg-rh NetworkManager plugins") + + - class ConfigMap(object): ++class ConfigMap(object): """Sysconfig like dictionary object.""" -@@ -1011,6 +1031,8 @@ class Renderer(renderer.Renderer): + # Why does redhat prefer yes/no to true/false?? +@@ -1013,6 +1034,8 @@ class Renderer(renderer.Renderer): netrules_content = self._render_persistent_net(network_state) netrules_path = subp.target_path(target, self.netrules_path) util.write_file(netrules_path, netrules_content, file_mode) @@ -586,7 +599,7 @@ index c3b0c795..362e8d19 100644 sysconfig_path = subp.target_path(target, templates.get("control")) # Distros configuring /etc/sysconfig/network as a file e.g. Centos -@@ -1049,9 +1071,14 @@ def _supported_vlan_names(rdev, vid): +@@ -1051,9 +1074,14 @@ def _supported_vlan_names(rdev, vid): def available(target=None): @@ -603,7 +616,7 @@ index c3b0c795..362e8d19 100644 expected = ["ifup", "ifdown"] search = ["/sbin", "/usr/sbin"] for p in expected: -@@ -1068,4 +1095,10 @@ def available(target=None): +@@ -1070,4 +1098,10 @@ def available(target=None): return False @@ -615,18 +628,18 @@ index c3b0c795..362e8d19 100644 + # vi: ts=4 expandtab diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index ef21ad76..591241b3 100644 +index 0f523ff8..4434b350 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -21,7 +21,6 @@ from cloudinit.net import ( - interface_has_own_mac, +@@ -23,7 +23,6 @@ from cloudinit.net import ( + mask_and_ipv4_to_bcast_addr, natural_sort_key, netplan, - network_manager, network_state, networkd, renderers, -@@ -612,37 +611,6 @@ dns = none +@@ -617,37 +616,6 @@ dns = none ), ), ], @@ -664,7 +677,7 @@ index ef21ad76..591241b3 100644 }, { "in_data": { -@@ -1105,50 +1073,6 @@ NETWORK_CONFIGS = { +@@ -1110,50 +1078,6 @@ NETWORK_CONFIGS = { USERCTL=no""" ), }, @@ -715,208 +728,7 @@ index ef21ad76..591241b3 100644 "yaml": textwrap.dedent( """ version: 1 -@@ -1221,34 +1145,6 @@ NETWORK_CONFIGS = { - STARTMODE=auto""" - ) - }, -- "expected_network_manager": { -- "cloud-init-iface0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init iface0 -- uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -- type=ethernet -- interface-name=iface0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- -- [ipv4] -- method=auto -- may-fail=false -- -- [ipv6] -- method=dhcp -- may-fail=false -- addr-gen-mode=stable-privacy -- -- """ -- ), -- }, - "yaml": textwrap.dedent( - """\ - version: 1 -@@ -1351,37 +1247,6 @@ NETWORK_CONFIGS = { - """ - ), - }, -- "expected_network_manager": { -- "cloud-init-iface0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init iface0 -- uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -- type=ethernet -- interface-name=iface0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mtu=9000 -- -- [ipv4] -- method=manual -- may-fail=false -- address1=192.168.14.2/24 -- -- [ipv6] -- method=manual -- may-fail=false -- addr-gen-mode=stable-privacy -- address1=2001:1::1/64 -- -- """ -- ), -- }, - }, - "v6_and_v4": { - "expected_sysconfig_opensuse": { -@@ -1392,34 +1257,6 @@ NETWORK_CONFIGS = { - STARTMODE=auto""" - ) - }, -- "expected_network_manager": { -- "cloud-init-iface0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init iface0 -- uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -- type=ethernet -- interface-name=iface0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- -- [ipv6] -- method=dhcp -- may-fail=false -- addr-gen-mode=stable-privacy -- -- [ipv4] -- method=auto -- may-fail=false -- -- """ -- ), -- }, - "yaml": textwrap.dedent( - """\ - version: 1 -@@ -1493,30 +1330,6 @@ NETWORK_CONFIGS = { - """ - ), - }, -- "expected_network_manager": { -- "cloud-init-iface0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init iface0 -- uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -- type=ethernet -- interface-name=iface0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- -- [ipv6] -- method=dhcp -- may-fail=false -- addr-gen-mode=stable-privacy -- -- """ -- ), -- }, - }, - "dhcpv6_accept_ra": { - "expected_eni": textwrap.dedent( -@@ -1724,30 +1537,6 @@ NETWORK_CONFIGS = { - """ - ), - }, -- "expected_network_manager": { -- "cloud-init-iface0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init iface0 -- uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -- type=ethernet -- interface-name=iface0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- -- [ipv6] -- method=auto -- may-fail=false -- addr-gen-mode=stable-privacy -- -- """ -- ), -- }, - }, - "static6": { - "yaml": textwrap.dedent( -@@ -1836,30 +1625,6 @@ NETWORK_CONFIGS = { - """ - ), - }, -- "expected_network_manager": { -- "cloud-init-iface0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init iface0 -- uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -- type=ethernet -- interface-name=iface0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- -- [ipv6] -- method=auto -- may-fail=false -- addr-gen-mode=stable-privacy -- -- """ -- ), -- }, - }, - "dhcpv6_stateful": { - "expected_eni": textwrap.dedent( -@@ -1959,29 +1724,6 @@ NETWORK_CONFIGS = { +@@ -1959,29 +1883,6 @@ NETWORK_CONFIGS = { """ ), }, @@ -946,7 +758,7 @@ index ef21ad76..591241b3 100644 "yaml_v2": textwrap.dedent( """\ version: 2 -@@ -2035,30 +1777,6 @@ NETWORK_CONFIGS = { +@@ -2035,30 +1936,6 @@ NETWORK_CONFIGS = { """ ), }, @@ -977,304 +789,7 @@ index ef21ad76..591241b3 100644 "yaml_v2": textwrap.dedent( """\ version: 2 -@@ -2497,254 +2215,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - USERCTL=no""" - ), - }, -- "expected_network_manager": { -- "cloud-init-eth3.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth3 -- uuid=b7e95dda-7746-5bf8-bf33-6e5f3c926790 -- type=ethernet -- slave-type=bridge -- master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=66:BB:9F:2C:E8:80 -- -- """ -- ), -- "cloud-init-eth5.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth5 -- uuid=5fda13c7-9942-5e90-a41b-1d043bd725dc -- type=ethernet -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=98:BB:9F:2C:E8:8A -- -- [ipv4] -- method=auto -- may-fail=false -- -- """ -- ), -- "cloud-init-ib0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init ib0 -- uuid=11a1dda7-78b4-5529-beba-d9b5f549ad7b -- type=infiniband -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [infiniband] -- transport-mode=datagram -- mtu=9000 -- mac-address=A0:00:02:20:FE:80:00:00:00:00:00:00:EC:0D:9A:03:00:15:E2:C1 -- -- [ipv4] -- method=manual -- may-fail=false -- address1=192.168.200.7/24 -- -- """ -- ), -- "cloud-init-bond0.200.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init bond0.200 -- uuid=88984a9c-ff22-5233-9267-86315e0acaa7 -- type=vlan -- interface-name=bond0.200 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [vlan] -- id=200 -- parent=54317911-f840-516b-a10d-82cb4c1f075c -- -- [ipv4] -- method=auto -- may-fail=false -- -- """ -- ), -- "cloud-init-eth0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth0 -- uuid=1dd9a779-d327-56e1-8454-c65e2556c12c -- type=ethernet -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=C0:D6:9F:2C:E8:80 -- -- """ -- ), -- "cloud-init-eth4.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth4 -- uuid=e27e4959-fb50-5580-b9a4-2073554627b9 -- type=ethernet -- slave-type=bridge -- master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=98:BB:9F:2C:E8:80 -- -- """ -- ), -- "cloud-init-eth1.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth1 -- uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 -- type=ethernet -- slave-type=bond -- master=54317911-f840-516b-a10d-82cb4c1f075c -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=AA:D6:9F:2C:E8:80 -- -- """ -- ), -- "cloud-init-br0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init br0 -- uuid=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -- type=bridge -- interface-name=br0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [bridge] -- stp=false -- priority=22 -- mac-address=BB:BB:BB:BB:BB:AA -- -- [ipv4] -- method=manual -- may-fail=false -- address1=192.168.14.2/24 -- -- [ipv6] -- method=manual -- may-fail=false -- addr-gen-mode=stable-privacy -- address1=2001:1::1/64 -- route1=::/0,2001:4800:78ff:1b::1 -- -- """ -- ), -- "cloud-init-eth0.101.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth0.101 -- uuid=b5acec5e-db80-5935-8b02-0d5619fc42bf -- type=vlan -- interface-name=eth0.101 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [vlan] -- id=101 -- parent=1dd9a779-d327-56e1-8454-c65e2556c12c -- -- [ipv4] -- method=manual -- may-fail=false -- address1=192.168.0.2/24 -- gateway=192.168.0.1 -- dns=192.168.0.10;10.23.23.134; -- dns-search=barley.maas;sacchromyces.maas;brettanomyces.maas; -- address2=192.168.2.10/24 -- -- """ -- ), -- "cloud-init-bond0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init bond0 -- uuid=54317911-f840-516b-a10d-82cb4c1f075c -- type=bond -- interface-name=bond0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [bond] -- mode=active-backup -- miimon=100 -- xmit_hash_policy=layer3+4 -- -- [ipv6] -- method=dhcp -- may-fail=false -- addr-gen-mode=stable-privacy -- -- """ -- ), -- "cloud-init-eth2.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth2 -- uuid=5559a242-3421-5fdd-896e-9cb8313d5804 -- type=ethernet -- slave-type=bond -- master=54317911-f840-516b-a10d-82cb4c1f075c -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=C0:BB:9F:2C:E8:80 -- -- """ -- ), -- }, - "yaml": textwrap.dedent( - """ - version: 1 -@@ -2933,10 +2403,10 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - - type: static - address: 2001:1::1/92 - routes: -- - gateway: 2001:67c:1562::1 -+ - gateway: 2001:67c:1562:1 - network: 2001:67c:1 - netmask: "ffff:ffff::" -- - gateway: 3001:67c:15::1 -+ - gateway: 3001:67c:1562:1 - network: 3001:67c:1 - netmask: "ffff:ffff::" - metric: 10000 -@@ -2981,10 +2451,10 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - - to: 10.1.3.0/24 - via: 192.168.0.3 - - to: 2001:67c:1/32 -- via: 2001:67c:1562::1 -+ via: 2001:67c:1562:1 - - metric: 10000 - to: 3001:67c:1/32 -- via: 3001:67c:15::1 -+ via: 3001:67c:1562:1 - """ - ), - "expected_eni": textwrap.dedent( -@@ -3044,11 +2514,11 @@ iface bond0 inet static - # control-alias bond0 - iface bond0 inet6 static - address 2001:1::1/92 -- post-up route add -A inet6 2001:67c:1/32 gw 2001:67c:1562::1 || true -- pre-down route del -A inet6 2001:67c:1/32 gw 2001:67c:1562::1 || true -- post-up route add -A inet6 3001:67c:1/32 gw 3001:67c:15::1 metric 10000 \ -+ post-up route add -A inet6 2001:67c:1/32 gw 2001:67c:1562:1 || true -+ pre-down route del -A inet6 2001:67c:1/32 gw 2001:67c:1562:1 || true -+ post-up route add -A inet6 3001:67c:1/32 gw 3001:67c:1562:1 metric 10000 \ - || true -- pre-down route del -A inet6 3001:67c:1/32 gw 3001:67c:15::1 metric 10000 \ -+ pre-down route del -A inet6 3001:67c:1/32 gw 3001:67c:1562:1 metric 10000 \ - || true - """ - ), -@@ -3091,8 +2561,8 @@ iface bond0 inet6 static +@@ -3092,8 +2969,8 @@ iface bond0 inet6 static - to: 2001:67c:1562:8007::1/64 via: 2001:67c:1562:8007::aac:40b2 - metric: 10000 @@ -1285,7 +800,7 @@ index ef21ad76..591241b3 100644 """ ), "expected_netplan-v2": textwrap.dedent( -@@ -3124,8 +2594,8 @@ iface bond0 inet6 static +@@ -3125,8 +3002,8 @@ iface bond0 inet6 static - to: 2001:67c:1562:8007::1/64 via: 2001:67c:1562:8007::aac:40b2 - metric: 10000 @@ -1296,249 +811,7 @@ index ef21ad76..591241b3 100644 ethernets: eth0: match: -@@ -3224,8 +2694,8 @@ iface bond0 inet6 static - """\ - # Created by cloud-init on instance boot automatically, do not edit. - # -- 2001:67c:1/32 via 2001:67c:1562::1 dev bond0 -- 3001:67c:1/32 via 3001:67c:15::1 metric 10000 dev bond0 -+ 2001:67c:1/32 via 2001:67c:1562:1 dev bond0 -+ 3001:67c:1/32 via 3001:67c:1562:1 metric 10000 dev bond0 - """ - ), - "route-bond0": textwrap.dedent( -@@ -3248,88 +2718,6 @@ iface bond0 inet6 static - """ - ), - }, -- "expected_network_manager": { -- "cloud-init-bond0s0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init bond0s0 -- uuid=09d0b5b9-67e7-5577-a1af-74d1cf17a71e -- type=ethernet -- slave-type=bond -- master=54317911-f840-516b-a10d-82cb4c1f075c -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=AA:BB:CC:DD:E8:00 -- -- """ -- ), -- "cloud-init-bond0s1.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init bond0s1 -- uuid=4d9aca96-b515-5630-ad83-d13daac7f9d0 -- type=ethernet -- slave-type=bond -- master=54317911-f840-516b-a10d-82cb4c1f075c -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=AA:BB:CC:DD:E8:01 -- -- """ -- ), -- "cloud-init-bond0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init bond0 -- uuid=54317911-f840-516b-a10d-82cb4c1f075c -- type=bond -- interface-name=bond0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [bond] -- mode=active-backup -- miimon=100 -- xmit_hash_policy=layer3+4 -- num_grat_arp=5 -- downdelay=10 -- updelay=20 -- fail_over_mac=active -- primary_reselect=always -- primary=bond0s0 -- -- [ipv4] -- method=manual -- may-fail=false -- address1=192.168.0.2/24 -- gateway=192.168.0.1 -- route1=10.1.3.0/24,192.168.0.3 -- address2=192.168.1.2/24 -- -- [ipv6] -- method=manual -- may-fail=false -- addr-gen-mode=stable-privacy -- address1=2001:1::1/92 -- route1=2001:67c:1/32,2001:67c:1562::1 -- route2=3001:67c:1/32,3001:67c:15::1 -- -- """ -- ), -- }, - }, - "vlan": { - "yaml": textwrap.dedent( -@@ -3413,58 +2801,6 @@ iface bond0 inet6 static - VLAN=yes""" - ), - }, -- "expected_network_manager": { -- "cloud-init-en0.99.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init en0.99 -- uuid=f594e2ed-f107-51df-b225-1dc530a5356b -- type=vlan -- interface-name=en0.99 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [vlan] -- id=99 -- parent=e0ca478b-8d84-52ab-8fae-628482c629b5 -- -- [ipv4] -- method=manual -- may-fail=false -- address1=192.168.2.2/24 -- address2=192.168.1.2/24 -- gateway=192.168.1.1 -- -- [ipv6] -- method=manual -- may-fail=false -- addr-gen-mode=stable-privacy -- address1=2001:1::bbbb/96 -- route1=::/0,2001:1::1 -- -- """ -- ), -- "cloud-init-en0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init en0 -- uuid=e0ca478b-8d84-52ab-8fae-628482c629b5 -- type=ethernet -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=AA:BB:CC:DD:E8:00 -- -- """ -- ), -- }, - }, - "bridge": { - "yaml": textwrap.dedent( -@@ -3573,82 +2909,6 @@ iface bond0 inet6 static - """ - ), - }, -- "expected_network_manager": { -- "cloud-init-br0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init br0 -- uuid=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -- type=bridge -- interface-name=br0 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [bridge] -- stp=false -- priority=22 -- -- [ipv4] -- method=manual -- may-fail=false -- address1=192.168.2.2/24 -- -- """ -- ), -- "cloud-init-eth0.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth0 -- uuid=1dd9a779-d327-56e1-8454-c65e2556c12c -- type=ethernet -- slave-type=bridge -- master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=52:54:00:12:34:00 -- -- [ipv6] -- method=manual -- may-fail=false -- addr-gen-mode=stable-privacy -- address1=2001:1::100/96 -- -- """ -- ), -- "cloud-init-eth1.nmconnection": textwrap.dedent( -- """\ -- # Generated by cloud-init. Changes will be lost. -- -- [connection] -- id=cloud-init eth1 -- uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 -- type=ethernet -- slave-type=bridge -- master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -- -- [user] -- org.freedesktop.NetworkManager.origin=cloud-init -- -- [ethernet] -- mac-address=52:54:00:12:34:01 -- -- [ipv6] -- method=manual -- may-fail=false -- addr-gen-mode=stable-privacy -- address1=2001:1::101/96 -- -- """ -- ), -- }, - }, - "manual": { - "yaml": textwrap.dedent( -@@ -3777,92 +3037,25 @@ iface bond0 inet6 static +@@ -3774,73 +3651,6 @@ iface bond0 inet6 static """ ), }, @@ -1551,12 +824,10 @@ index ef21ad76..591241b3 100644 - id=cloud-init eth0 - uuid=1dd9a779-d327-56e1-8454-c65e2556c12c - type=ethernet -+ }, -+} - +- - [user] - org.freedesktop.NetworkManager.origin=cloud-init - +- - [ethernet] - mac-address=52:54:00:12:34:00 - @@ -1611,44 +882,10 @@ index ef21ad76..591241b3 100644 - """ - ), - }, -- }, --} -- -- --CONFIG_V1_EXPLICIT_LOOPBACK = { -- "version": 1, -- "config": [ -- { -- "name": "eth0", -- "type": "physical", -- "subnets": [{"control": "auto", "type": "dhcp"}], -- }, -- { -- "name": "lo", -- "type": "loopback", -- "subnets": [{"control": "auto", "type": "loopback"}], -- }, -- ], --} -+CONFIG_V1_EXPLICIT_LOOPBACK = { -+ "version": 1, -+ "config": [ -+ { -+ "name": "eth0", -+ "type": "physical", -+ "subnets": [{"control": "auto", "type": "dhcp"}], -+ }, -+ { -+ "name": "lo", -+ "type": "loopback", -+ "subnets": [{"control": "auto", "type": "loopback"}], -+ }, -+ ], -+} - - - CONFIG_V1_SIMPLE_SUBNET = { -@@ -4304,6 +3497,7 @@ class TestRhelSysConfigRendering(CiTestCase): + }, + "v2-dev-name-via-mac-lookup": { + "expected_sysconfig_rhel": { +@@ -4339,6 +4149,7 @@ class TestRhelSysConfigRendering(CiTestCase): with_logs = True @@ -1656,7 +893,7 @@ index ef21ad76..591241b3 100644 scripts_dir = "/etc/sysconfig/network-scripts" header = ( "# Created by cloud-init on instance boot automatically, " -@@ -4878,6 +4072,78 @@ USERCTL=no +@@ -4913,6 +4724,78 @@ USERCTL=no self._compare_files_to_expected(entry[self.expected_name], found) self._assert_headers(found) @@ -1735,7 +972,7 @@ index ef21ad76..591241b3 100644 def test_netplan_dhcp_false_disable_dhcp_in_state(self): """netplan config with dhcp[46]: False should not add dhcp in state""" net_config = yaml.load(NETPLAN_DHCP_FALSE) -@@ -5433,281 +4699,6 @@ STARTMODE=auto +@@ -5609,281 +5492,6 @@ STARTMODE=auto self._assert_headers(found) @@ -2017,7 +1254,7 @@ index ef21ad76..591241b3 100644 class TestEniNetRendering(CiTestCase): @mock.patch("cloudinit.net.util.get_cmdline", return_value="root=myroot") @mock.patch("cloudinit.net.sys_dev_path") -@@ -7145,9 +6136,9 @@ class TestNetworkdRoundTrip(CiTestCase): +@@ -7651,9 +7259,9 @@ class TestNetworkdRoundTrip(CiTestCase): class TestRenderersSelect: @pytest.mark.parametrize( @@ -2029,7 +1266,7 @@ index ef21ad76..591241b3 100644 ( net.RendererNotFoundError, False, -@@ -7155,51 +6146,52 @@ class TestRenderersSelect: +@@ -7661,51 +7269,52 @@ class TestRenderersSelect: False, False, False, @@ -2104,7 +1341,7 @@ index ef21ad76..591241b3 100644 m_networkd_avail.return_value = networkd # networkd presence if isinstance(renderer_selected, str): (renderer_name, _rnd_class) = renderers.select( -@@ -7257,7 +6249,7 @@ class TestNetRenderers(CiTestCase): +@@ -7763,7 +7372,7 @@ class TestNetRenderers(CiTestCase): priority=["sysconfig", "eni"], ) @@ -2114,35 +1351,10 @@ index ef21ad76..591241b3 100644 def test_sysconfig_available_uses_variant_mapping(self, m_info, m_avail): m_avail.return_value = True diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py -index 4525c49c..3c29e2f7 100644 +index afd9056a..b735ea9e 100644 --- a/tests/unittests/test_net_activators.py +++ b/tests/unittests/test_net_activators.py -@@ -41,20 +41,18 @@ NETPLAN_CALL_LIST = [ - - @pytest.fixture - def available_mocks(): -- mocks = namedtuple("Mocks", "m_which, m_file, m_exists") -+ mocks = namedtuple("Mocks", "m_which, m_file") - with patch("cloudinit.subp.which", return_value=True) as m_which: - with patch("os.path.isfile", return_value=True) as m_file: -- with patch("os.path.exists", return_value=True) as m_exists: -- yield mocks(m_which, m_file, m_exists) -+ yield mocks(m_which, m_file) - - - @pytest.fixture - def unavailable_mocks(): -- mocks = namedtuple("Mocks", "m_which, m_file, m_exists") -+ mocks = namedtuple("Mocks", "m_which, m_file") - with patch("cloudinit.subp.which", return_value=False) as m_which: - with patch("os.path.isfile", return_value=False) as m_file: -- with patch("os.path.exists", return_value=False) as m_exists: -- yield mocks(m_which, m_file, m_exists) -+ yield mocks(m_which, m_file) - - - class TestSearchAndSelect: -@@ -115,6 +113,10 @@ NETPLAN_AVAILABLE_CALLS = [ +@@ -139,6 +139,10 @@ NETPLAN_AVAILABLE_CALLS = [ (("netplan",), {"search": ["/usr/sbin", "/sbin"], "target": None}), ] @@ -2153,7 +1365,7 @@ index 4525c49c..3c29e2f7 100644 NETWORKD_AVAILABLE_CALLS = [ (("ip",), {"search": ["/usr/sbin", "/bin"], "target": None}), (("systemctl",), {"search": ["/usr/sbin", "/bin"], "target": None}), -@@ -126,6 +128,7 @@ NETWORKD_AVAILABLE_CALLS = [ +@@ -150,6 +154,7 @@ NETWORKD_AVAILABLE_CALLS = [ [ (IfUpDownActivator, IF_UP_DOWN_AVAILABLE_CALLS), (NetplanActivator, NETPLAN_AVAILABLE_CALLS), @@ -2161,82 +1373,7 @@ index 4525c49c..3c29e2f7 100644 (NetworkdActivator, NETWORKD_AVAILABLE_CALLS), ], ) -@@ -141,72 +144,8 @@ IF_UP_DOWN_BRING_UP_CALL_LIST = [ - ] - - NETWORK_MANAGER_BRING_UP_CALL_LIST = [ -- ( -- ( -- [ -- "nmcli", -- "connection", -- "load", -- "".join( -- [ -- "/etc/NetworkManager/system-connections", -- "/cloud-init-eth0.nmconnection", -- ] -- ), -- ], -- ), -- {}, -- ), -- ( -- ( -- [ -- "nmcli", -- "connection", -- "up", -- "filename", -- "".join( -- [ -- "/etc/NetworkManager/system-connections", -- "/cloud-init-eth0.nmconnection", -- ] -- ), -- ], -- ), -- {}, -- ), -- ( -- ( -- [ -- "nmcli", -- "connection", -- "load", -- "".join( -- [ -- "/etc/NetworkManager/system-connections", -- "/cloud-init-eth1.nmconnection", -- ] -- ), -- ], -- ), -- {}, -- ), -- ( -- ( -- [ -- "nmcli", -- "connection", -- "up", -- "filename", -- "".join( -- [ -- "/etc/NetworkManager/system-connections", -- "/cloud-init-eth1.nmconnection", -- ] -- ), -- ], -- ), -- {}, -- ), -+ ((["nmcli", "connection", "up", "ifname", "eth0"],), {}), -+ ((["nmcli", "connection", "up", "ifname", "eth1"],), {}), - ] - - NETWORKD_BRING_UP_CALL_LIST = [ -@@ -230,11 +169,9 @@ class TestActivatorsBringUp: +@@ -254,11 +259,9 @@ class TestActivatorsBringUp: def test_bring_up_interface( self, m_subp, activator, expected_call_list, available_mocks ): @@ -2250,17 +1387,6 @@ index 4525c49c..3c29e2f7 100644 @patch("cloudinit.subp.subp", return_value=("", "")) def test_bring_up_interfaces( -@@ -271,8 +208,8 @@ IF_UP_DOWN_BRING_DOWN_CALL_LIST = [ - ] - - NETWORK_MANAGER_BRING_DOWN_CALL_LIST = [ -- ((["nmcli", "device", "disconnect", "eth0"],), {}), -- ((["nmcli", "device", "disconnect", "eth1"],), {}), -+ ((["nmcli", "connection", "down", "eth0"],), {}), -+ ((["nmcli", "connection", "down", "eth1"],), {}), - ] - - NETWORKD_BRING_DOWN_CALL_LIST = [ -- -2.27.0 +2.37.3 diff --git a/SOURCES/0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch b/SOURCES/0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch deleted file mode 100644 index e596836..0000000 --- a/SOURCES/0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b545a0cbabe8924d048b7172b30e7aad59ed32d5 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Thu, 20 May 2021 08:53:55 +0200 -Subject: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in - cloud.cfg - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 10: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in cloud.cfg -RH-Commit: [1/1] 6da989423b9b6e017afbac2f1af3649b0487310f -RH-Bugzilla: 1957532 -RH-Acked-by: Eduardo Otubo -RH-Acked-by: Cathy Avery -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Mohamed Gamal Morsy - -Currently genkeytypes in cloud.cfg is set to None, so together with -ssh_deletekeys=1 cloudinit on first boot it will just delete the existing -keys and not generate new ones. - -Just removing that property in cloud.cfg is not enough, because -settings.py provides another empty default value that will be used -instead, resulting to no key generated even when the property is not defined. - -Removing genkeytypes also in settings.py will default to GENERATE_KEY_NAMES, -but since we want only 'rsa', 'ecdsa' and 'ed25519', add back genkeytypes in -cloud.cfg with the above defaults. - -Also remove ssh_deletekeys in settings.py as we always need -to 1 (and it also defaults to 1). - -Signed-off-by: Emanuele Giuseppe Esposito ---- - cloudinit/settings.py | 2 -- - rhel/cloud.cfg | 2 +- - 2 files changed, 1 insertion(+), 3 deletions(-) - -diff --git a/cloudinit/settings.py b/cloudinit/settings.py -index 3c2145e9..71672e10 100644 ---- a/cloudinit/settings.py -+++ b/cloudinit/settings.py -@@ -52,8 +52,6 @@ CFG_BUILTIN = { - "def_log_file_mode": 0o600, - "log_cfgs": [], - "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"], -- "ssh_deletekeys": False, -- "ssh_genkeytypes": [], - "syslog_fix_perms": [], - "system_info": { - "paths": { -diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg -index 9ecba215..cbee197a 100644 ---- a/rhel/cloud.cfg -+++ b/rhel/cloud.cfg -@@ -7,7 +7,7 @@ ssh_pwauth: 0 - mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] - resize_rootfs_tmp: /dev - ssh_deletekeys: 1 --ssh_genkeytypes: ~ -+ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] - syslog_fix_perms: ~ - disable_vmware_customization: false - --- -2.31.1 - diff --git a/SOURCES/0007-settings.py-update-settings-for-rhel.patch b/SOURCES/0007-settings.py-update-settings-for-rhel.patch new file mode 100644 index 0000000..5809001 --- /dev/null +++ b/SOURCES/0007-settings.py-update-settings-for-rhel.patch @@ -0,0 +1,47 @@ +From d0c97b400552489ed39ef44fed0889111e528bca Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Tue, 11 Apr 2023 04:20:00 -0400 +Subject: settings.py: update settings for rhel +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Please see commit 5e1e568d7085fd4443 + +(" Add initial redhat setup") +from rhel8.8.0 branch for setings.py. Applying the same for the rebased +cloud-init. + +X-downstream-only: true + +Signed-off-by: Ani Sinha +--- + cloudinit/settings.py | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/cloudinit/settings.py b/cloudinit/settings.py +index 681ea771..88aac6be 100644 +--- a/cloudinit/settings.py ++++ b/cloudinit/settings.py +@@ -54,13 +54,16 @@ CFG_BUILTIN = { + "def_log_file": "/var/log/cloud-init.log", + "def_log_file_mode": 0o600, + "log_cfgs": [], +- "syslog_fix_perms": ["syslog:adm", "root:adm", "root:wheel", "root:root"], ++ "syslog_fix_perms": [], ++ "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"], ++ "ssh_deletekeys": False, ++ "ssh_genkeytypes": [], + "system_info": { + "paths": { + "cloud_dir": "/var/lib/cloud", + "templates_dir": "/etc/cloud/templates/", + }, +- "distro": "ubuntu", ++ "distro": "rhel", + "network": {"renderers": None}, + }, + "vendor_data": {"enabled": True, "prefix": []}, +-- +2.37.3 + diff --git a/SOURCES/ci-Align-rhel-custom-files-with-upstream-1431.patch b/SOURCES/ci-Align-rhel-custom-files-with-upstream-1431.patch deleted file mode 100644 index 7346183..0000000 --- a/SOURCES/ci-Align-rhel-custom-files-with-upstream-1431.patch +++ /dev/null @@ -1,257 +0,0 @@ -From 5c99ba05086b1ec83ce7e0c64edb4add4b47d923 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Thu, 19 May 2022 11:14:39 +0200 -Subject: [PATCH 3/4] Align rhel custom files with upstream (#1431) - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 65: Align rhel custom files with upstream (#1431) -RH-Commit: [1/2] 5d9067175688b1006472a477b0916b81c73d5e07 -RH-Bugzilla: 2082071 -RH-Acked-by: Mohamed Gamal Morsy -RH-Acked-by: Eduardo Otubo -RH-Acked-by: Vitaly Kuznetsov - -commit 9624758f91b61f4711e8d7b5c83075b5d23e0c43 -Author: Emanuele Giuseppe Esposito -Date: Wed May 18 15:18:04 2022 +0200 - - Align rhel custom files with upstream (#1431) - - So far RHEL had its own custom .service and cloud.cfg files, - that diverged from upstream. We always replaced the generated files - with the ones we had. - - This caused only confusion and made it harder to rebase and backport - patches targeting these files. - At the same time, we are going to delete our custom downstream-only files - and use the ones generated by .tmpl. - - The mapping is: - config/cloud.cfg.tmpl -> rhel/cloud.cfg - systemd/* -> rhel/systemd/* - - Such rhel-specific files are open and available in the Centos repo: - https://gitlab.com/redhat/centos-stream/src/cloud-init - - With this commit, we are also introducing modules in cloud.cfg that - were not in the default rhel cfg file, even though they should already - have been there with previous rebases and releases. - Anyways such modules support rhel as distro, and - therefore should cause no harm. - - Signed-off-by: Emanuele Giuseppe Esposito - - RHBZ: 2082071 - -Signed-off-by: Emanuele Giuseppe Esposito ---- - config/cloud.cfg.tmpl | 23 +++++++++++++++++++++++ - systemd/cloud-config.service.tmpl | 4 ++++ - systemd/cloud-final.service.tmpl | 13 +++++++++++++ - systemd/cloud-init-local.service.tmpl | 22 +++++++++++++++++++++- - systemd/cloud-init.service.tmpl | 6 +++++- - tests/unittests/test_render_cloudcfg.py | 1 + - 6 files changed, 67 insertions(+), 2 deletions(-) - -diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index 86beee3c..f4d2fd14 100644 ---- a/config/cloud.cfg.tmpl -+++ b/config/cloud.cfg.tmpl -@@ -34,7 +34,11 @@ disable_root: true - - {% if variant in ["almalinux", "alpine", "amazon", "centos", "cloudlinux", "eurolinux", - "fedora", "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %} -+{% if variant == "rhel" %} -+mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2'] -+{% else %} - mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2'] -+{% endif %} - {% if variant == "amazon" %} - resize_rootfs: noblock - {% endif %} -@@ -66,6 +70,14 @@ network: - config: disabled - {% endif %} - -+{% if variant == "rhel" %} -+# Default redhat settings: -+ssh_deletekeys: true -+ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] -+syslog_fix_perms: ~ -+disable_vmware_customization: false -+{% endif %} -+ - # The modules that run in the 'init' stage - cloud_init_modules: - - migrator -@@ -107,10 +119,15 @@ cloud_config_modules: - {% endif %} - {% if variant not in ["photon"] %} - - ssh-import-id -+{% if variant not in ["rhel"] %} - - keyboard -+{% endif %} - - locale - {% endif %} - - set-passwords -+{% if variant in ["rhel"] %} -+ - rh_subscription -+{% endif %} - {% if variant in ["rhel", "fedora", "photon"] %} - {% if variant not in ["photon"] %} - - spacewalk -@@ -239,6 +256,10 @@ system_info: - name: ec2-user - lock_passwd: True - gecos: EC2 Default User -+{% elif variant == "rhel" %} -+ name: cloud-user -+ lock_passwd: true -+ gecos: Cloud User - {% else %} - name: {{ variant }} - lock_passwd: True -@@ -254,6 +275,8 @@ system_info: - groups: [adm, sudo] - {% elif variant == "arch" %} - groups: [wheel, users] -+{% elif variant == "rhel" %} -+ groups: [adm, systemd-journal] - {% else %} - groups: [wheel, adm, systemd-journal] - {% endif %} -diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl -index 9d928ca2..d5568a6e 100644 ---- a/systemd/cloud-config.service.tmpl -+++ b/systemd/cloud-config.service.tmpl -@@ -4,6 +4,10 @@ Description=Apply the settings specified in cloud-config - After=network-online.target cloud-config.target - After=snapd.seeded.service - Wants=network-online.target cloud-config.target -+{% if variant == "rhel" %} -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+{% endif %} - - [Service] - Type=oneshot -diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl -index 8207b18c..85f423ac 100644 ---- a/systemd/cloud-final.service.tmpl -+++ b/systemd/cloud-final.service.tmpl -@@ -7,6 +7,10 @@ After=multi-user.target - Before=apt-daily.service - {% endif %} - Wants=network-online.target cloud-config.service -+{% if variant == "rhel" %} -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+{% endif %} - - - [Service] -@@ -15,7 +19,16 @@ ExecStart=/usr/bin/cloud-init modules --mode=final - RemainAfterExit=yes - TimeoutSec=0 - KillMode=process -+{% if variant == "rhel" %} -+# Restart NetworkManager if it is present and running. -+ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ -+ out=$(systemctl show --property=SubState $u) || exit; \ -+ [ "$out" = "SubState=running" ] || exit 0; \ -+ systemctl reload-or-try-restart $u' -+{% else %} - TasksMax=infinity -+{% endif %} -+ - - # Output needs to appear in instance console output - StandardOutput=journal+console -diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl -index 7166f640..a6b82650 100644 ---- a/systemd/cloud-init-local.service.tmpl -+++ b/systemd/cloud-init-local.service.tmpl -@@ -1,23 +1,43 @@ - ## template:jinja - [Unit] - Description=Initial cloud-init job (pre-networking) --{% if variant in ["ubuntu", "unknown", "debian"] %} -+{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %} - DefaultDependencies=no - {% endif %} - Wants=network-pre.target - After=hv_kvp_daemon.service - After=systemd-remount-fs.service -+{% if variant == "rhel" %} -+Requires=dbus.socket -+After=dbus.socket -+{% endif %} - Before=NetworkManager.service -+{% if variant == "rhel" %} -+Before=network.service -+{% endif %} - Before=network-pre.target - Before=shutdown.target -+{% if variant == "rhel" %} -+Before=firewalld.target -+Conflicts=shutdown.target -+{% endif %} - {% if variant in ["ubuntu", "unknown", "debian"] %} - Before=sysinit.target - Conflicts=shutdown.target - {% endif %} - RequiresMountsFor=/var/lib/cloud -+{% if variant == "rhel" %} -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+{% endif %} - - [Service] - Type=oneshot -+{% if variant == "rhel" %} -+ExecStartPre=/bin/mkdir -p /run/cloud-init -+ExecStartPre=/sbin/restorecon /run/cloud-init -+ExecStartPre=/usr/bin/touch /run/cloud-init/enabled -+{% endif %} - ExecStart=/usr/bin/cloud-init init --local - ExecStart=/bin/touch /run/cloud-init/network-config-ready - RemainAfterExit=yes -diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl -index e71e5679..c170aef7 100644 ---- a/systemd/cloud-init.service.tmpl -+++ b/systemd/cloud-init.service.tmpl -@@ -1,7 +1,7 @@ - ## template:jinja - [Unit] - Description=Initial cloud-init job (metadata service crawler) --{% if variant not in ["photon"] %} -+{% if variant not in ["photon", "rhel"] %} - DefaultDependencies=no - {% endif %} - Wants=cloud-init-local.service -@@ -36,6 +36,10 @@ Before=shutdown.target - Conflicts=shutdown.target - {% endif %} - Before=systemd-user-sessions.service -+{% if variant == "rhel" %} -+ConditionPathExists=!/etc/cloud/cloud-init.disabled -+ConditionKernelCommandLine=!cloud-init=disabled -+{% endif %} - - [Service] - Type=oneshot -diff --git a/tests/unittests/test_render_cloudcfg.py b/tests/unittests/test_render_cloudcfg.py -index 30fbd1a4..9f95d448 100644 ---- a/tests/unittests/test_render_cloudcfg.py -+++ b/tests/unittests/test_render_cloudcfg.py -@@ -68,6 +68,7 @@ class TestRenderCloudCfg: - default_user_exceptions = { - "amazon": "ec2-user", - "debian": "ubuntu", -+ "rhel": "cloud-user", - "unknown": "ubuntu", - } - default_user = system_cfg["system_info"]["default_user"]["name"] --- -2.35.3 - diff --git a/SOURCES/ci-DS-VMware-modify-a-few-log-level-4284.patch b/SOURCES/ci-DS-VMware-modify-a-few-log-level-4284.patch new file mode 100644 index 0000000..b150d30 --- /dev/null +++ b/SOURCES/ci-DS-VMware-modify-a-few-log-level-4284.patch @@ -0,0 +1,72 @@ +From ca6f3397e1ebdb48f5b85c5cf262356480991430 Mon Sep 17 00:00:00 2001 +From: PengpengSun <40026211+PengpengSun@users.noreply.github.com> +Date: Tue, 25 Jul 2023 05:21:46 +0800 +Subject: [PATCH] DS VMware: modify a few log level (#4284) + +RH-Author: Ani Sinha +RH-MergeRequest: 106: DS VMware: modify a few log level (#4284) +RH-Bugzilla: 2223810 +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Acked-by: Camilla Conte +RH-Commit: [1/1] 1741098157b12b28be03ecdb041fa1f78d7ac042 (anisinha/rhel-cloud-init) + +Multiple ip addresses are common scenario for modern Linux, so set +debug log level for such cases. + +(cherry picked from commit 4a6a9d3f6c8fe213c51f6c1336f1dd378bf4bdca) +Signed-off-by: Ani Sinha +--- + cloudinit/sources/DataSourceVMware.py | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/cloudinit/sources/DataSourceVMware.py b/cloudinit/sources/DataSourceVMware.py +index 07a80222..bc3b5a5f 100644 +--- a/cloudinit/sources/DataSourceVMware.py ++++ b/cloudinit/sources/DataSourceVMware.py +@@ -1,6 +1,6 @@ + # Cloud-Init DataSource for VMware + # +-# Copyright (c) 2018-2022 VMware, Inc. All Rights Reserved. ++# Copyright (c) 2018-2023 VMware, Inc. All Rights Reserved. + # + # Authors: Anish Swaminathan + # Andrew Kutz +@@ -719,7 +719,7 @@ def get_default_ip_addrs(): + af_inet4 = addr4_fams.get(netifaces.AF_INET) + if af_inet4: + if len(af_inet4) > 1: +- LOG.warning( ++ LOG.debug( + "device %s has more than one ipv4 address: %s", + dev4, + af_inet4, +@@ -737,7 +737,7 @@ def get_default_ip_addrs(): + af_inet6 = addr6_fams.get(netifaces.AF_INET6) + if af_inet6: + if len(af_inet6) > 1: +- LOG.warning( ++ LOG.debug( + "device %s has more than one ipv6 address: %s", + dev6, + af_inet6, +@@ -752,7 +752,7 @@ def get_default_ip_addrs(): + af_inet6 = addr4_fams.get(netifaces.AF_INET6) + if af_inet6: + if len(af_inet6) > 1: +- LOG.warning( ++ LOG.debug( + "device %s has more than one ipv6 address: %s", + dev4, + af_inet6, +@@ -767,7 +767,7 @@ def get_default_ip_addrs(): + af_inet4 = addr6_fams.get(netifaces.AF_INET) + if af_inet4: + if len(af_inet4) > 1: +- LOG.warning( ++ LOG.debug( + "device %s has more than one ipv4 address: %s", + dev6, + af_inet4, +-- +2.41.0 + diff --git a/SOURCES/ci-Don-t-change-permissions-of-netrules-target-2076.patch b/SOURCES/ci-Don-t-change-permissions-of-netrules-target-2076.patch new file mode 100644 index 0000000..f03aff0 --- /dev/null +++ b/SOURCES/ci-Don-t-change-permissions-of-netrules-target-2076.patch @@ -0,0 +1,120 @@ +From 285d8d8005db06ea86afc042bc2eec07bf3c6fab Mon Sep 17 00:00:00 2001 +From: James Falcon +Date: Thu, 23 Mar 2023 10:21:56 -0500 +Subject: [PATCH 1/2] Don't change permissions of netrules target (#2076) + +RH-Author: Ani Sinha +RH-MergeRequest: 98: Don't change permissions of netrules target (#2076) +RH-Bugzilla: 2182947 +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Acked-by: Vitaly Kuznetsov +RH-Commit: [1/1] 37fa74519da67b383de87b41108561b09d7b9210 (anisinha/rhel-cloud-init) + +Set permissions if file doesn't exist. Leave them if it does. + +LP: #2011783 + +Co-authored-by: Chad Smith +(cherry picked from commit 56c88cafd1b3606e814069a79f4ec265fc427c87) +Signed-off-by: Ani Sinha +--- + cloudinit/net/eni.py | 4 +++- + cloudinit/net/sysconfig.py | 7 ++++++- + tests/unittests/distros/test_netconfig.py | 20 ++++++++++++++++++-- + 3 files changed, 27 insertions(+), 4 deletions(-) + +diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py +index 53bd35ca..1de3bec2 100644 +--- a/cloudinit/net/eni.py ++++ b/cloudinit/net/eni.py +@@ -576,7 +576,9 @@ class Renderer(renderer.Renderer): + netrules = subp.target_path(target, self.netrules_path) + util.ensure_dir(os.path.dirname(netrules)) + util.write_file( +- netrules, self._render_persistent_net(network_state) ++ netrules, ++ content=self._render_persistent_net(network_state), ++ preserve_mode=True, + ) + + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index db084e07..da6d11b3 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -1033,7 +1033,12 @@ class Renderer(renderer.Renderer): + if self.netrules_path: + netrules_content = self._render_persistent_net(network_state) + netrules_path = subp.target_path(target, self.netrules_path) +- util.write_file(netrules_path, netrules_content, file_mode) ++ util.write_file( ++ netrules_path, ++ content=netrules_content, ++ mode=file_mode, ++ preserve_mode=True, ++ ) + if available_nm(target=target): + enable_ifcfg_rh(subp.target_path(target, path=NM_CFG_FILE)) + +diff --git a/tests/unittests/distros/test_netconfig.py b/tests/unittests/distros/test_netconfig.py +index e9fb0591..b1c89ce3 100644 +--- a/tests/unittests/distros/test_netconfig.py ++++ b/tests/unittests/distros/test_netconfig.py +@@ -458,8 +458,16 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): + def eni_path(self): + return "/etc/network/interfaces.d/50-cloud-init.cfg" + ++ def rules_path(self): ++ return "/etc/udev/rules.d/70-persistent-net.rules" ++ + def _apply_and_verify_eni( +- self, apply_fn, config, expected_cfgs=None, bringup=False ++ self, ++ apply_fn, ++ config, ++ expected_cfgs=None, ++ bringup=False, ++ previous_files=(), + ): + if not expected_cfgs: + raise ValueError("expected_cfg must not be None") +@@ -467,7 +475,11 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): + tmpd = None + with mock.patch("cloudinit.net.eni.available") as m_avail: + m_avail.return_value = True ++ path_modes = {} + with self.reRooted(tmpd) as tmpd: ++ for previous_path, content, mode in previous_files: ++ util.write_file(previous_path, content, mode=mode) ++ path_modes[previous_path] = mode + apply_fn(config, bringup) + + results = dir2dict(tmpd) +@@ -478,7 +490,9 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): + print(results[cfgpath]) + print("----------") + self.assertEqual(expected, results[cfgpath]) +- self.assertEqual(0o644, get_mode(cfgpath, tmpd)) ++ self.assertEqual( ++ path_modes.get(cfgpath, 0o644), get_mode(cfgpath, tmpd) ++ ) + + def test_apply_network_config_and_bringup_filters_priority_eni_ub(self): + """Network activator search priority can be overridden from config.""" +@@ -527,11 +541,13 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): + def test_apply_network_config_eni_ub(self): + expected_cfgs = { + self.eni_path(): V1_NET_CFG_OUTPUT, ++ self.rules_path(): "", + } + self._apply_and_verify_eni( + self.distro.apply_network_config, + V1_NET_CFG, + expected_cfgs=expected_cfgs.copy(), ++ previous_files=((self.rules_path(), "something", 0o660),), + ) + + def test_apply_network_config_ipv6_ub(self): +-- +2.37.3 + diff --git a/SOURCES/ci-Enable-SUSE-based-distros-for-ca-handling-2036.patch b/SOURCES/ci-Enable-SUSE-based-distros-for-ca-handling-2036.patch new file mode 100644 index 0000000..d572afc --- /dev/null +++ b/SOURCES/ci-Enable-SUSE-based-distros-for-ca-handling-2036.patch @@ -0,0 +1,93 @@ +From e5d0944117fba5079de5452307f1bea89147f747 Mon Sep 17 00:00:00 2001 +From: Robert Schweikert +Date: Thu, 23 Feb 2023 16:43:56 -0500 +Subject: [PATCH 04/11] Enable SUSE based distros for ca handling (#2036) + +CA handling in the configuration module was previously not supported +for SUSE based distros. Enable this functionality by creating the +necessary configuration settings. + +Secondly update the test such that it does not bleed through to the +test system. + +(cherry picked from commit 46fcd03187d70f405c748f7a6cfdb02ecb8c6ee7) +Signed-off-by: Ani Sinha +--- + cloudinit/config/cc_ca_certs.py | 31 +++++++++++++++++++++- + tests/unittests/config/test_cc_ca_certs.py | 2 ++ + 2 files changed, 32 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py +index 169b0e18..51b8577c 100644 +--- a/cloudinit/config/cc_ca_certs.py ++++ b/cloudinit/config/cc_ca_certs.py +@@ -32,8 +32,25 @@ DISTRO_OVERRIDES = { + "ca_cert_config": None, + "ca_cert_update_cmd": ["update-ca-trust"], + }, ++ "opensuse": { ++ "ca_cert_path": "/etc/pki/trust/", ++ "ca_cert_local_path": "/usr/share/pki/trust/", ++ "ca_cert_filename": "anchors/cloud-init-ca-cert-{cert_index}.crt", ++ "ca_cert_config": None, ++ "ca_cert_update_cmd": ["update-ca-certificates"], ++ }, + } + ++for distro in ( ++ "opensuse-microos", ++ "opensuse-tumbleweed", ++ "opensuse-leap", ++ "sle_hpc", ++ "sle-micro", ++ "sles", ++): ++ DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["opensuse"] ++ + MODULE_DESCRIPTION = """\ + This module adds CA certificates to the system's CA store and updates any + related files using the appropriate OS-specific utility. The default CA +@@ -48,7 +65,19 @@ configuration option ``remove_defaults``. + Alpine Linux requires the ca-certificates package to be installed in + order to provide the ``update-ca-certificates`` command. + """ +-distros = ["alpine", "debian", "rhel", "ubuntu"] ++distros = [ ++ "alpine", ++ "debian", ++ "rhel", ++ "opensuse", ++ "opensuse-microos", ++ "opensuse-tumbleweed", ++ "opensuse-leap", ++ "sle_hpc", ++ "sle-micro", ++ "sles", ++ "ubuntu", ++] + + meta: MetaSchema = { + "id": "cc_ca_certs", +diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py +index 19e5d422..6db17485 100644 +--- a/tests/unittests/config/test_cc_ca_certs.py ++++ b/tests/unittests/config/test_cc_ca_certs.py +@@ -311,6 +311,7 @@ class TestRemoveDefaultCaCerts(TestCase): + "cloud_dir": tmpdir, + } + ) ++ self.add_patch("cloudinit.config.cc_ca_certs.os.stat", "m_stat") + + def test_commands(self): + ca_certs_content = "# line1\nline2\nline3\n" +@@ -318,6 +319,7 @@ class TestRemoveDefaultCaCerts(TestCase): + "# line1\n# Modified by cloud-init to deselect certs due to" + " user-data\n!line2\n!line3\n" + ) ++ self.m_stat.return_value.st_size = 1 + + for distro_name in cc_ca_certs.distros: + conf = cc_ca_certs._distro_ca_certs_configs(distro_name) +-- +2.39.3 + diff --git a/SOURCES/ci-Ensure-network-ready-before-cloud-init-service-runs-.patch b/SOURCES/ci-Ensure-network-ready-before-cloud-init-service-runs-.patch deleted file mode 100644 index cc65e3e..0000000 --- a/SOURCES/ci-Ensure-network-ready-before-cloud-init-service-runs-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From df1c0f391537071c34652ee6df9bff87e5aea230 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Wed, 14 Dec 2022 09:20:47 +0100 -Subject: [PATCH] Ensure network ready before cloud-init service runs on RHEL - (#1893) - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 87: Ensure network ready before cloud-init service runs on RHEL (#1893) -RH-Bugzilla: 2151861 -RH-Acked-by: Mohamed Gamal Morsy -RH-Acked-by: Camilla Conte -RH-Commit: [1/1] 5bb5f6f94a205854633fb1606ccc68e838c2030d - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2151861 - -commit 6e725f36647407d201af0603d7db11fc96a93d4d -Author: James Falcon -Date: Tue Dec 13 10:55:23 2022 -0600 - - Ensure network ready before cloud-init service runs on RHEL (#1893) - - LP: #1998655 - -Signed-off-by: Emanuele Giuseppe Esposito ---- - systemd/cloud-init.service.tmpl | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl -index c170aef7..fc984d5c 100644 ---- a/systemd/cloud-init.service.tmpl -+++ b/systemd/cloud-init.service.tmpl -@@ -16,6 +16,7 @@ After=networking.service - "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %} - After=network.service - After=NetworkManager.service -+After=NetworkManager-wait-online.service - {% endif %} - {% if variant in ["suse"] %} - After=wicked.service --- -2.38.1 - diff --git a/SOURCES/ci-Handle-non-existent-ca-cert-config-situation-2073.patch b/SOURCES/ci-Handle-non-existent-ca-cert-config-situation-2073.patch new file mode 100644 index 0000000..3edfde9 --- /dev/null +++ b/SOURCES/ci-Handle-non-existent-ca-cert-config-situation-2073.patch @@ -0,0 +1,88 @@ +From 8b9627be7ed3e44c6890e52723cb86375f56a0e4 Mon Sep 17 00:00:00 2001 +From: Shreenidhi Shedi <53473811+sshedi@users.noreply.github.com> +Date: Fri, 17 Mar 2023 03:01:22 +0530 +Subject: [PATCH 05/11] Handle non existent ca-cert-config situation (#2073) + +Currently if a cert file doesn't exist, cc_ca_certs module crashes +This fix makes it possible to handle it gracefully. + +Also, out_lines variable may not be available if os.stat returns 0. +This issue is also taken care of. + +Added tests for the same. + +(cherry picked from commit 3634678465e7b8f8608bcb9a1f5773ae7837cbe9) +Signed-off-by: Ani Sinha +--- + cloudinit/config/cc_ca_certs.py | 19 +++++++++++++------ + tests/unittests/config/test_cc_ca_certs.py | 12 ++++++++++++ + 2 files changed, 25 insertions(+), 6 deletions(-) + +diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py +index 51b8577c..4dc08681 100644 +--- a/cloudinit/config/cc_ca_certs.py ++++ b/cloudinit/config/cc_ca_certs.py +@@ -177,14 +177,20 @@ def disable_system_ca_certs(distro_cfg): + + @param distro_cfg: A hash providing _distro_ca_certs_configs function. + """ +- if distro_cfg["ca_cert_config"] is None: ++ ++ ca_cert_cfg_fn = distro_cfg["ca_cert_config"] ++ ++ if not ca_cert_cfg_fn or not os.path.exists(ca_cert_cfg_fn): + return ++ + header_comment = ( + "# Modified by cloud-init to deselect certs due to user-data" + ) ++ + added_header = False +- if os.stat(distro_cfg["ca_cert_config"]).st_size != 0: +- orig = util.load_file(distro_cfg["ca_cert_config"]) ++ ++ if os.stat(ca_cert_cfg_fn).st_size: ++ orig = util.load_file(ca_cert_cfg_fn) + out_lines = [] + for line in orig.splitlines(): + if line == header_comment: +@@ -197,9 +203,10 @@ def disable_system_ca_certs(distro_cfg): + out_lines.append(header_comment) + added_header = True + out_lines.append("!" + line) +- util.write_file( +- distro_cfg["ca_cert_config"], "\n".join(out_lines) + "\n", omode="wb" +- ) ++ ++ util.write_file( ++ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb" ++ ) + + + def remove_default_ca_certs(distro_cfg): +diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py +index 6db17485..5f1894e7 100644 +--- a/tests/unittests/config/test_cc_ca_certs.py ++++ b/tests/unittests/config/test_cc_ca_certs.py +@@ -365,6 +365,18 @@ class TestRemoveDefaultCaCerts(TestCase): + else: + assert mock_subp.call_count == 0 + ++ def test_non_existent_cert_cfg(self): ++ self.m_stat.return_value.st_size = 0 ++ ++ for distro_name in cc_ca_certs.distros: ++ conf = cc_ca_certs._distro_ca_certs_configs(distro_name) ++ with ExitStack() as mocks: ++ mocks.enter_context( ++ mock.patch.object(util, "delete_dir_contents") ++ ) ++ mocks.enter_context(mock.patch.object(subp, "subp")) ++ cc_ca_certs.disable_default_ca_certs(distro_name, conf) ++ + + class TestCACertsSchema: + """Directly test schema rather than through handle.""" +-- +2.39.3 + diff --git a/SOURCES/ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch b/SOURCES/ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch new file mode 100644 index 0000000..36b379b --- /dev/null +++ b/SOURCES/ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch @@ -0,0 +1,309 @@ +From dd1a79fc5c0b5f486ca2e66ed3a45c8f4f7b1f15 Mon Sep 17 00:00:00 2001 +From: James Falcon +Date: Wed, 26 Apr 2023 15:11:55 -0500 +Subject: [PATCH 2/2] Make user/vendor data sensitive and remove log + permissions (#2144) + +RH-Author: Ani Sinha +RH-MergeRequest: 99: Make user/vendor data sensitive and remove log permissions (#2144) +RH-Bugzilla: 2190081 +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Acked-by: Vitaly Kuznetsov +RH-Commit: [1/1] 1b34e2c9c61a90abb88f2df87d41f96b54e79ff7 (anisinha/rhel-cloud-init) + +Because user data and vendor data may contain sensitive information, +this commit ensures that any user data or vendor data written to +instance-data.json gets redacted and is only available to root user. + +Also, modify the permissions of cloud-init.log to be 640, so that +sensitive data leaked to the log isn't world readable. +Additionally, remove the logging of user data and vendor data to +cloud-init.log from the Vultr datasource. + +Conflicts: + cloudinit/sources/DataSourceVultr.py + - editor directives missing in file on upstream version. + +LP: #2013967 +CVE: CVE-2023-1786 +(cherry picked from commit a378b7e4f47375458651c0972e7cd813f6fe0a6b) +Signed-off-by: Ani Sinha +--- + cloudinit/sources/DataSourceLXD.py | 9 ++++++--- + cloudinit/sources/DataSourceVultr.py | 14 ++++++-------- + cloudinit/sources/__init__.py | 28 +++++++++++++++++++++++++--- + cloudinit/stages.py | 4 +++- + tests/unittests/sources/test_init.py | 27 ++++++++++++++++++++++++++- + tests/unittests/test_stages.py | 18 +++++++++++------- + 6 files changed, 77 insertions(+), 23 deletions(-) + +diff --git a/cloudinit/sources/DataSourceLXD.py b/cloudinit/sources/DataSourceLXD.py +index ab440cc8..e4cae91a 100644 +--- a/cloudinit/sources/DataSourceLXD.py ++++ b/cloudinit/sources/DataSourceLXD.py +@@ -14,7 +14,7 @@ import stat + import time + from enum import Flag, auto + from json.decoder import JSONDecodeError +-from typing import Any, Dict, List, Optional, Union, cast ++from typing import Any, Dict, List, Optional, Tuple, Union, cast + + import requests + from requests.adapters import HTTPAdapter +@@ -168,11 +168,14 @@ class DataSourceLXD(sources.DataSource): + _network_config: Union[Dict, str] = sources.UNSET + _crawled_metadata: Union[Dict, str] = sources.UNSET + +- sensitive_metadata_keys = ( +- "merged_cfg", ++ sensitive_metadata_keys: Tuple[ ++ str, ... ++ ] = sources.DataSource.sensitive_metadata_keys + ( + "user.meta-data", + "user.vendor-data", + "user.user-data", ++ "cloud-init.user-data", ++ "cloud-init.vendor-data", + ) + + skip_hotplug_detect = True +diff --git a/cloudinit/sources/DataSourceVultr.py b/cloudinit/sources/DataSourceVultr.py +index 9d7c84fb..660e9f14 100644 +--- a/cloudinit/sources/DataSourceVultr.py ++++ b/cloudinit/sources/DataSourceVultr.py +@@ -5,6 +5,8 @@ + # Vultr Metadata API: + # https://www.vultr.com/metadata/ + ++from typing import Tuple ++ + import cloudinit.sources.helpers.vultr as vultr + from cloudinit import log as log + from cloudinit import sources, util, version +@@ -28,6 +30,10 @@ class DataSourceVultr(sources.DataSource): + + dsname = "Vultr" + ++ sensitive_metadata_keys: Tuple[ ++ str, ... ++ ] = sources.DataSource.sensitive_metadata_keys + ("startup-script",) ++ + def __init__(self, sys_cfg, distro, paths): + super(DataSourceVultr, self).__init__(sys_cfg, distro, paths) + self.ds_cfg = util.mergemanydict( +@@ -54,13 +60,8 @@ class DataSourceVultr(sources.DataSource): + self.get_datasource_data(self.metadata) + + # Dump some data so diagnosing failures is manageable +- LOG.debug("Vultr Vendor Config:") +- LOG.debug(util.json_dumps(self.metadata["vendor-data"])) + LOG.debug("SUBID: %s", self.metadata["instance-id"]) + LOG.debug("Hostname: %s", self.metadata["local-hostname"]) +- if self.userdata_raw is not None: +- LOG.debug("User-Data:") +- LOG.debug(self.userdata_raw) + + return True + +@@ -146,7 +147,4 @@ if __name__ == "__main__": + config = md["vendor-data"] + sysinfo = vultr.get_sysinfo() + +- print(util.json_dumps(sysinfo)) +- print(util.json_dumps(config)) +- + # vi: ts=4 expandtab +diff --git a/cloudinit/sources/__init__.py b/cloudinit/sources/__init__.py +index 565e1754..5c6ae8b1 100644 +--- a/cloudinit/sources/__init__.py ++++ b/cloudinit/sources/__init__.py +@@ -110,7 +110,10 @@ def process_instance_metadata(metadata, key_path="", sensitive_keys=()): + sub_key_path = key_path + "/" + key + else: + sub_key_path = key +- if key in sensitive_keys or sub_key_path in sensitive_keys: ++ if ( ++ key.lower() in sensitive_keys ++ or sub_key_path.lower() in sensitive_keys ++ ): + sens_keys.append(sub_key_path) + if isinstance(val, str) and val.startswith("ci-b64:"): + base64_encoded_keys.append(sub_key_path) +@@ -132,6 +135,12 @@ def redact_sensitive_keys(metadata, redact_value=REDACT_SENSITIVE_VALUE): + + Replace any keys values listed in 'sensitive_keys' with redact_value. + """ ++ # While 'sensitive_keys' should already sanitized to only include what ++ # is in metadata, it is possible keys will overlap. For example, if ++ # "merged_cfg" and "merged_cfg/ds/userdata" both match, it's possible that ++ # "merged_cfg" will get replaced first, meaning "merged_cfg/ds/userdata" ++ # no longer represents a valid key. ++ # Thus, we still need to do membership checks in this function. + if not metadata.get("sensitive_keys", []): + return metadata + md_copy = copy.deepcopy(metadata) +@@ -139,9 +148,14 @@ def redact_sensitive_keys(metadata, redact_value=REDACT_SENSITIVE_VALUE): + path_parts = key_path.split("/") + obj = md_copy + for path in path_parts: +- if isinstance(obj[path], dict) and path != path_parts[-1]: ++ if ( ++ path in obj ++ and isinstance(obj[path], dict) ++ and path != path_parts[-1] ++ ): + obj = obj[path] +- obj[path] = redact_value ++ if path in obj: ++ obj[path] = redact_value + return md_copy + + +@@ -249,6 +263,14 @@ class DataSource(CloudInitPickleMixin, metaclass=abc.ABCMeta): + sensitive_metadata_keys: Tuple[str, ...] = ( + "merged_cfg", + "security-credentials", ++ "userdata", ++ "user-data", ++ "user_data", ++ "vendordata", ++ "vendor-data", ++ # Provide ds/vendor_data to avoid redacting top-level ++ # "vendor_data": {enabled: True} ++ "ds/vendor_data", + ) + + # True on datasources that may not see hotplugged devices reflected +diff --git a/cloudinit/stages.py b/cloudinit/stages.py +index a624a6fb..1326d205 100644 +--- a/cloudinit/stages.py ++++ b/cloudinit/stages.py +@@ -204,7 +204,9 @@ class Init: + log_file = util.get_cfg_option_str(self.cfg, "def_log_file") + log_file_mode = util.get_cfg_option_int(self.cfg, "def_log_file_mode") + if log_file: +- util.ensure_file(log_file, mode=0o640, preserve_mode=True) ++ # At this point the log file should have already been created ++ # in the setupLogging function of log.py ++ util.ensure_file(log_file, mode=0o640, preserve_mode=False) + perms = self.cfg.get("syslog_fix_perms") + if not perms: + perms = {} +diff --git a/tests/unittests/sources/test_init.py b/tests/unittests/sources/test_init.py +index 0447e02c..eb27198f 100644 +--- a/tests/unittests/sources/test_init.py ++++ b/tests/unittests/sources/test_init.py +@@ -458,12 +458,24 @@ class TestDataSource(CiTestCase): + "cred2": "othersekret", + } + }, ++ "someother": { ++ "nested": { ++ "userData": "HIDE ME", ++ } ++ }, ++ "VENDOR-DAta": "HIDE ME TOO", + }, + ) + self.assertCountEqual( + ( + "merged_cfg", + "security-credentials", ++ "userdata", ++ "user-data", ++ "user_data", ++ "vendordata", ++ "vendor-data", ++ "ds/vendor_data", + ), + datasource.sensitive_metadata_keys, + ) +@@ -490,7 +502,9 @@ class TestDataSource(CiTestCase): + "base64_encoded_keys": [], + "merged_cfg": REDACT_SENSITIVE_VALUE, + "sensitive_keys": [ ++ "ds/meta_data/VENDOR-DAta", + "ds/meta_data/some/security-credentials", ++ "ds/meta_data/someother/nested/userData", + "merged_cfg", + ], + "sys_info": sys_info, +@@ -500,6 +514,7 @@ class TestDataSource(CiTestCase): + "availability_zone": "myaz", + "cloud-name": "subclasscloudname", + "cloud_name": "subclasscloudname", ++ "cloud_id": "subclasscloudname", + "distro": "ubuntu", + "distro_release": "focal", + "distro_version": "20.04", +@@ -522,14 +537,18 @@ class TestDataSource(CiTestCase): + "ds": { + "_doc": EXPERIMENTAL_TEXT, + "meta_data": { ++ "VENDOR-DAta": REDACT_SENSITIVE_VALUE, + "availability_zone": "myaz", + "local-hostname": "test-subclass-hostname", + "region": "myregion", + "some": {"security-credentials": REDACT_SENSITIVE_VALUE}, ++ "someother": { ++ "nested": {"userData": REDACT_SENSITIVE_VALUE} ++ }, + }, + }, + } +- self.assertCountEqual(expected, redacted) ++ self.assertEqual(expected, redacted) + file_stat = os.stat(json_file) + self.assertEqual(0o644, stat.S_IMODE(file_stat.st_mode)) + +@@ -574,6 +593,12 @@ class TestDataSource(CiTestCase): + ( + "merged_cfg", + "security-credentials", ++ "userdata", ++ "user-data", ++ "user_data", ++ "vendordata", ++ "vendor-data", ++ "ds/vendor_data", + ), + datasource.sensitive_metadata_keys, + ) +diff --git a/tests/unittests/test_stages.py b/tests/unittests/test_stages.py +index 15a7e973..a61f9df9 100644 +--- a/tests/unittests/test_stages.py ++++ b/tests/unittests/test_stages.py +@@ -606,19 +606,23 @@ class TestInit_InitializeFilesystem: + # Assert we create it 0o640 by default if it doesn't already exist + assert 0o640 == stat.S_IMODE(log_file.stat().mode) + +- def test_existing_file_permissions_are_not_modified(self, init, tmpdir): +- """If the log file already exists, we should not modify its permissions ++ def test_existing_file_permissions(self, init, tmpdir): ++ """Test file permissions are set as expected. ++ ++ CIS Hardening requires 640 permissions. These permissions are ++ currently hardcoded on every boot, but if there's ever a reason ++ to change this, we need to then ensure that they ++ are *not* set every boot. + + See https://bugs.launchpad.net/cloud-init/+bug/1900837. + """ +- # Use a mode that will never be made the default so this test will +- # always be valid +- mode = 0o606 + log_file = tmpdir.join("cloud-init.log") + log_file.ensure() +- log_file.chmod(mode) ++ # Use a mode that will never be made the default so this test will ++ # always be valid ++ log_file.chmod(0o606) + init._cfg = {"def_log_file": str(log_file)} + + init._initialize_filesystem() + +- assert mode == stat.S_IMODE(log_file.stat().mode) ++ assert 0o640 == stat.S_IMODE(log_file.stat().mode) +-- +2.37.3 + diff --git a/SOURCES/ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch b/SOURCES/ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch new file mode 100644 index 0000000..2a5a2a1 --- /dev/null +++ b/SOURCES/ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch @@ -0,0 +1,293 @@ +From e9e49fc09636609ec5cf55984bee01784da52083 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Fri, 4 Aug 2023 08:58:26 +0530 +Subject: [PATCH] NM renderer: set default IPv6 addr-gen-mode for all + interfaces to eui64 (#4291) + +RH-Author: Ani Sinha +RH-MergeRequest: 107: NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64 (#4291) +RH-Bugzilla: 2229460 +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/1] 2a8ed5a008d6fac5ab5263d94703a065ff3c192f (anisinha/rhel-cloud-init) + +By default, NetworkManager renderer in cloud-init does not set any specific +method for IPV6 addr-gen-mode in the keyfiles it writes. Hence, implicitly the +mode is set to `eui64` in the absence of any global addr-gen-mode option in +NetworkManager configuration. +Later when other interfaces get added via D-Bus API or by using nmcli commands +without explictly setting an addr-gen-mode, NM auto generates new profiles for +those interfaces with addr-gen-mode set to `stable-privacy`. This introduces +inconsistency of configurations between interfaces based on how they were +added. This can cause problems for the customers. + +In this change, cloud-init overrides NetworkManager's preferred default of +`stable-privacy` to use EUI64 using a drop in NetworkManager configuration +file. This setting can be overriden by using global-connection-defaults +setting in /etc/NetworkManager/NetworkManager.conf file. + +RHBZ: 2188388 + +Signed-off-by: Ani Sinha +(cherry picked from commit d41264cb4297a4b143a23f3677d33b81fbfc6e8e) + +Conflicts: + tests/unittests/test_net.py +--- + cloudinit/net/network_manager.py | 21 ++++++++ + tests/unittests/test_net.py | 91 +++++++++++++++++++++++++------- + 2 files changed, 94 insertions(+), 18 deletions(-) + +diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py +index ca216928..8047f796 100644 +--- a/cloudinit/net/network_manager.py ++++ b/cloudinit/net/network_manager.py +@@ -21,6 +21,15 @@ from cloudinit.net.network_state import NetworkState + NM_RUN_DIR = "/etc/NetworkManager" + NM_LIB_DIR = "/usr/lib/NetworkManager" + NM_CFG_FILE = "/etc/NetworkManager/NetworkManager.conf" ++NM_IPV6_ADDR_GEN_CONF = """# This is generated by cloud-init. Do not edit. ++# ++[.config] ++ enable=nm-version-min:1.40 ++[connection.30-cloud-init-ip6-addr-gen-mode] ++ # Select EUI64 to be used if the profile does not specify it. ++ ipv6.addr-gen-mode=0 ++ ++""" + LOG = logging.getLogger(__name__) + + +@@ -368,6 +377,12 @@ class Renderer(renderer.Renderer): + name = conn_filename(con_id, target) + util.write_file(name, conn.dump(), 0o600) + ++ # Select EUI64 to be used by default by NM for creating the address ++ # for use with RFC4862 IPv6 Stateless Address Autoconfiguration. ++ util.write_file( ++ cloud_init_nm_conf_filename(target), NM_IPV6_ADDR_GEN_CONF, 0o600 ++ ) ++ + + def conn_filename(con_id, target=None): + target_con_dir = subp.target_path(target, NM_RUN_DIR) +@@ -375,6 +390,12 @@ def conn_filename(con_id, target=None): + return f"{target_con_dir}/system-connections/{con_file}" + + ++def cloud_init_nm_conf_filename(target=None): ++ target_con_dir = subp.target_path(target, NM_RUN_DIR) ++ conf_file = "30-cloud-init-ip6-addr-gen-mode.conf" ++ return f"{target_con_dir}/conf.d/{conf_file}" ++ ++ + def available(target=None): + # TODO: Move `uses_systemd` to a more appropriate location + # It is imported here to avoid circular import +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 6274f12d..aa4098b8 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -5628,9 +5628,25 @@ class TestNetworkManagerRendering(CiTestCase): + with_logs = True + + scripts_dir = "/etc/NetworkManager/system-connections" ++ conf_dir = "/etc/NetworkManager/conf.d" + + expected_name = "expected_network_manager" + ++ expected_conf_d = { ++ "30-cloud-init-ip6-addr-gen-mode.conf": textwrap.dedent( ++ """\ ++ # This is generated by cloud-init. Do not edit. ++ # ++ [.config] ++ enable=nm-version-min:1.40 ++ [connection.30-cloud-init-ip6-addr-gen-mode] ++ # Select EUI64 to be used if the profile does not specify it. ++ ipv6.addr-gen-mode=0 ++ ++ """ ++ ), ++ } ++ + def _get_renderer(self): + return network_manager.Renderer() + +@@ -5649,11 +5665,19 @@ class TestNetworkManagerRendering(CiTestCase): + renderer.render_network_state(ns, target=dir) + return dir2dict(dir) + +- def _compare_files_to_expected(self, expected, found): ++ def _compare_files_to_expected( ++ self, expected_scripts, expected_conf, found ++ ): + orig_maxdiff = self.maxDiff +- expected_d = dict( +- (os.path.join(self.scripts_dir, k), v) for k, v in expected.items() ++ conf_d = dict( ++ (os.path.join(self.conf_dir, k), v) ++ for k, v in expected_conf.items() ++ ) ++ scripts_d = dict( ++ (os.path.join(self.scripts_dir, k), v) ++ for k, v in expected_scripts.items() + ) ++ expected_d = {**conf_d, **scripts_d} + + try: + self.maxDiff = None +@@ -5714,6 +5738,7 @@ class TestNetworkManagerRendering(CiTestCase): + """ + ), + }, ++ self.expected_conf_d, + found, + ) + +@@ -5769,8 +5794,9 @@ class TestNetworkManagerRendering(CiTestCase): + gateway=10.0.2.2 + + """ +- ), ++ ) + }, ++ self.expected_conf_d, + found, + ) + +@@ -5806,33 +5832,44 @@ class TestNetworkManagerRendering(CiTestCase): + """ + ), + }, ++ self.expected_conf_d, + found, + ) + + def test_bond_config(self): + entry = NETWORK_CONFIGS["bond"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_vlan_config(self): + entry = NETWORK_CONFIGS["vlan"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_bridge_config(self): + entry = NETWORK_CONFIGS["bridge"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_manual_config(self): + entry = NETWORK_CONFIGS["manual"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_all_config(self): + entry = NETWORK_CONFIGS["all"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + self.assertNotIn( + "WARNING: Network config: ignoring eth0.101 device-level mtu", + self.logs.getvalue(), +@@ -5841,12 +5878,16 @@ class TestNetworkManagerRendering(CiTestCase): + def test_small_config(self): + entry = NETWORK_CONFIGS["small"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_v4_and_v6_static_config(self): + entry = NETWORK_CONFIGS["v4_and_v6_static"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + expected_msg = ( + "WARNING: Network config: ignoring iface0 device-level mtu:8999" + " because ipv4 subnet-level mtu:9000 provided." +@@ -5856,41 +5897,55 @@ class TestNetworkManagerRendering(CiTestCase): + def test_dhcpv6_only_config(self): + entry = NETWORK_CONFIGS["dhcpv6_only"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_simple_render_ipv6_slaac(self): + entry = NETWORK_CONFIGS["ipv6_slaac"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_dhcpv6_stateless_config(self): + entry = NETWORK_CONFIGS["dhcpv6_stateless"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_wakeonlan_disabled_config_v2(self): + entry = NETWORK_CONFIGS["wakeonlan_disabled"] + found = self._render_and_read( + network_config=yaml.load(entry["yaml_v2"]) + ) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_wakeonlan_enabled_config_v2(self): + entry = NETWORK_CONFIGS["wakeonlan_enabled"] + found = self._render_and_read( + network_config=yaml.load(entry["yaml_v2"]) + ) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_render_v4_and_v6(self): + entry = NETWORK_CONFIGS["v4_and_v6"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + def test_render_v6_and_v4(self): + entry = NETWORK_CONFIGS["v6_and_v4"] + found = self._render_and_read(network_config=yaml.load(entry["yaml"])) +- self._compare_files_to_expected(entry[self.expected_name], found) ++ self._compare_files_to_expected( ++ entry[self.expected_name], self.expected_conf_d, found ++ ) + + + @mock.patch( +-- +2.37.3 + diff --git a/SOURCES/ci-Remove-rhel-specific-files.patch b/SOURCES/ci-Remove-rhel-specific-files.patch deleted file mode 100644 index 6765543..0000000 --- a/SOURCES/ci-Remove-rhel-specific-files.patch +++ /dev/null @@ -1,373 +0,0 @@ -From d43f0d93386f123892451d923c2b3c6fe7130c39 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Thu, 19 May 2022 11:38:22 +0200 -Subject: [PATCH 4/4] Remove rhel specific files - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 65: Align rhel custom files with upstream (#1431) -RH-Commit: [2/2] 5e31f0bcb500682e7746ccbd2e628c2ef339d6c6 -RH-Bugzilla: 2082071 -RH-Acked-by: Mohamed Gamal Morsy -RH-Acked-by: Eduardo Otubo -RH-Acked-by: Vitaly Kuznetsov - -Remove all files in rhel/ directory and related commands that copy -and replace them with the generated ones. - -Also adjust setup.py, align it with upstream: -- by default, after rhel 8.3 ds-identify is in /usr/libexec, so no need to move it manually -- bash-completions work also in /usr/share, as upstream -- udev also works in /lib/udev - -Also remove rhel/README since it is outdated (chef is used in cloud.cfg) and cloud-init-tmpfiles.conf, -as it exists also in .distro. - -X-downstream-only: yes - -Signed-off-by: Emanuele Giuseppe Esposito ---- - redhat/cloud-init.spec.template | 21 ++------ - rhel/README.rhel | 5 -- - rhel/cloud-init-tmpfiles.conf | 1 - - rhel/cloud.cfg | 69 --------------------------- - rhel/systemd/cloud-config.service | 18 ------- - rhel/systemd/cloud-config.target | 11 ----- - rhel/systemd/cloud-final.service | 24 ---------- - rhel/systemd/cloud-init-local.service | 31 ------------ - rhel/systemd/cloud-init.service | 26 ---------- - rhel/systemd/cloud-init.target | 7 --- - setup.py | 28 ++++++++++- - 11 files changed, 31 insertions(+), 210 deletions(-) - delete mode 100644 rhel/README.rhel - delete mode 100644 rhel/cloud-init-tmpfiles.conf - delete mode 100644 rhel/cloud.cfg - delete mode 100644 rhel/systemd/cloud-config.service - delete mode 100644 rhel/systemd/cloud-config.target - delete mode 100644 rhel/systemd/cloud-final.service - delete mode 100644 rhel/systemd/cloud-init-local.service - delete mode 100644 rhel/systemd/cloud-init.service - delete mode 100644 rhel/systemd/cloud-init.target - - -diff --git a/rhel/README.rhel b/rhel/README.rhel -deleted file mode 100644 -index aa29630d..00000000 ---- a/rhel/README.rhel -+++ /dev/null -@@ -1,5 +0,0 @@ --The following cloud-init modules are currently unsupported on this OS: -- - apt_update_upgrade ('apt_update', 'apt_upgrade', 'apt_mirror', 'apt_preserve_sources_list', 'apt_old_mirror', 'apt_sources', 'debconf_selections', 'packages' options) -- - byobu ('byobu_by_default' option) -- - chef -- - grub_dpkg -diff --git a/rhel/cloud-init-tmpfiles.conf b/rhel/cloud-init-tmpfiles.conf -deleted file mode 100644 -index 0c6d2a3b..00000000 ---- a/rhel/cloud-init-tmpfiles.conf -+++ /dev/null -@@ -1 +0,0 @@ --d /run/cloud-init 0700 root root - - -diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg -deleted file mode 100644 -index cbee197a..00000000 ---- a/rhel/cloud.cfg -+++ /dev/null -@@ -1,69 +0,0 @@ --users: -- - default -- --disable_root: 1 --ssh_pwauth: 0 -- --mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] --resize_rootfs_tmp: /dev --ssh_deletekeys: 1 --ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] --syslog_fix_perms: ~ --disable_vmware_customization: false -- --cloud_init_modules: -- - disk_setup -- - migrator -- - bootcmd -- - write-files -- - growpart -- - resizefs -- - set_hostname -- - update_hostname -- - update_etc_hosts -- - rsyslog -- - users-groups -- - ssh -- --cloud_config_modules: -- - mounts -- - locale -- - set-passwords -- - rh_subscription -- - yum-add-repo -- - package-update-upgrade-install -- - timezone -- - puppet -- - chef -- - salt-minion -- - mcollective -- - disable-ec2-metadata -- - runcmd -- --cloud_final_modules: -- - rightscale_userdata -- - scripts-per-once -- - scripts-per-boot -- - scripts-per-instance -- - scripts-user -- - ssh-authkey-fingerprints -- - keys-to-console -- - phone-home -- - final-message -- - power-state-change -- --system_info: -- default_user: -- name: cloud-user -- lock_passwd: true -- gecos: Cloud User -- groups: [adm, systemd-journal] -- sudo: ["ALL=(ALL) NOPASSWD:ALL"] -- shell: /bin/bash -- distro: rhel -- paths: -- cloud_dir: /var/lib/cloud -- templates_dir: /etc/cloud/templates -- ssh_svcname: sshd -- --# vim:syntax=yaml -diff --git a/rhel/systemd/cloud-config.service b/rhel/systemd/cloud-config.service -deleted file mode 100644 -index f3dcd4be..00000000 ---- a/rhel/systemd/cloud-config.service -+++ /dev/null -@@ -1,18 +0,0 @@ --[Unit] --Description=Apply the settings specified in cloud-config --After=network-online.target cloud-config.target --Wants=network-online.target cloud-config.target --ConditionPathExists=!/etc/cloud/cloud-init.disabled --ConditionKernelCommandLine=!cloud-init=disabled -- --[Service] --Type=oneshot --ExecStart=/usr/bin/cloud-init modules --mode=config --RemainAfterExit=yes --TimeoutSec=0 -- --# Output needs to appear in instance console output --StandardOutput=journal+console -- --[Install] --WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-config.target b/rhel/systemd/cloud-config.target -deleted file mode 100644 -index ae9b7d02..00000000 ---- a/rhel/systemd/cloud-config.target -+++ /dev/null -@@ -1,11 +0,0 @@ --# cloud-init normally emits a "cloud-config" upstart event to inform third --# parties that cloud-config is available, which does us no good when we're --# using systemd. cloud-config.target serves as this synchronization point --# instead. Services that would "start on cloud-config" with upstart can --# instead use "After=cloud-config.target" and "Wants=cloud-config.target" --# as appropriate. -- --[Unit] --Description=Cloud-config availability --Wants=cloud-init-local.service cloud-init.service --After=cloud-init-local.service cloud-init.service -diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service -deleted file mode 100644 -index e281c0cf..00000000 ---- a/rhel/systemd/cloud-final.service -+++ /dev/null -@@ -1,24 +0,0 @@ --[Unit] --Description=Execute cloud user/final scripts --After=network-online.target cloud-config.service rc-local.service --Wants=network-online.target cloud-config.service --ConditionPathExists=!/etc/cloud/cloud-init.disabled --ConditionKernelCommandLine=!cloud-init=disabled -- --[Service] --Type=oneshot --ExecStart=/usr/bin/cloud-init modules --mode=final --RemainAfterExit=yes --TimeoutSec=0 --KillMode=process --# Restart NetworkManager if it is present and running. --ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ -- out=$(systemctl show --property=SubState $u) || exit; \ -- [ "$out" = "SubState=running" ] || exit 0; \ -- systemctl reload-or-try-restart $u' -- --# Output needs to appear in instance console output --StandardOutput=journal+console -- --[Install] --WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-init-local.service b/rhel/systemd/cloud-init-local.service -deleted file mode 100644 -index 8f9f6c9f..00000000 ---- a/rhel/systemd/cloud-init-local.service -+++ /dev/null -@@ -1,31 +0,0 @@ --[Unit] --Description=Initial cloud-init job (pre-networking) --DefaultDependencies=no --Wants=network-pre.target --After=systemd-remount-fs.service --Requires=dbus.socket --After=dbus.socket --Before=NetworkManager.service network.service --Before=network-pre.target --Before=shutdown.target --Before=firewalld.target --Conflicts=shutdown.target --RequiresMountsFor=/var/lib/cloud --ConditionPathExists=!/etc/cloud/cloud-init.disabled --ConditionKernelCommandLine=!cloud-init=disabled -- --[Service] --Type=oneshot --ExecStartPre=/bin/mkdir -p /run/cloud-init --ExecStartPre=/sbin/restorecon /run/cloud-init --ExecStartPre=/usr/bin/touch /run/cloud-init/enabled --ExecStart=/usr/bin/cloud-init init --local --ExecStart=/bin/touch /run/cloud-init/network-config-ready --RemainAfterExit=yes --TimeoutSec=0 -- --# Output needs to appear in instance console output --StandardOutput=journal+console -- --[Install] --WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service -deleted file mode 100644 -index 0b3d796d..00000000 ---- a/rhel/systemd/cloud-init.service -+++ /dev/null -@@ -1,26 +0,0 @@ --[Unit] --Description=Initial cloud-init job (metadata service crawler) --Wants=cloud-init-local.service --Wants=sshd-keygen.service --Wants=sshd.service --After=cloud-init-local.service --After=NetworkManager.service network.service --After=NetworkManager-wait-online.service --Before=network-online.target --Before=sshd-keygen.service --Before=sshd.service --Before=systemd-user-sessions.service --ConditionPathExists=!/etc/cloud/cloud-init.disabled --ConditionKernelCommandLine=!cloud-init=disabled -- --[Service] --Type=oneshot --ExecStart=/usr/bin/cloud-init init --RemainAfterExit=yes --TimeoutSec=0 -- --# Output needs to appear in instance console output --StandardOutput=journal+console -- --[Install] --WantedBy=cloud-init.target -diff --git a/rhel/systemd/cloud-init.target b/rhel/systemd/cloud-init.target -deleted file mode 100644 -index 083c3b6f..00000000 ---- a/rhel/systemd/cloud-init.target -+++ /dev/null -@@ -1,7 +0,0 @@ --# cloud-init target is enabled by cloud-init-generator --# To disable it you can either: --# a.) boot with kernel cmdline of 'cloud-init=disabled' --# b.) touch a file /etc/cloud/cloud-init.disabled --[Unit] --Description=Cloud-init target --After=multi-user.target -diff --git a/setup.py b/setup.py -index 3c377eaa..a9132d2c 100755 ---- a/setup.py -+++ b/setup.py -@@ -139,6 +139,21 @@ INITSYS_FILES = { - "sysvinit_deb": [f for f in glob("sysvinit/debian/*") if is_f(f)], - "sysvinit_openrc": [f for f in glob("sysvinit/gentoo/*") if is_f(f)], - "sysvinit_suse": [f for f in glob("sysvinit/suse/*") if is_f(f)], -+ "systemd": [ -+ render_tmpl(f) -+ for f in ( -+ glob("systemd/*.tmpl") -+ + glob("systemd/*.service") -+ + glob("systemd/*.socket") -+ + glob("systemd/*.target") -+ ) -+ if (is_f(f) and not is_generator(f)) -+ ], -+ "systemd.generators": [ -+ render_tmpl(f, mode=0o755) -+ for f in glob("systemd/*") -+ if is_f(f) and is_generator(f) -+ ], - "upstart": [f for f in glob("upstart/*") if is_f(f)], - } - INITSYS_ROOTS = { -@@ -148,6 +163,10 @@ INITSYS_ROOTS = { - "sysvinit_deb": "etc/init.d", - "sysvinit_openrc": "etc/init.d", - "sysvinit_suse": "etc/init.d", -+ "systemd": pkg_config_read("systemd", "systemdsystemunitdir"), -+ "systemd.generators": pkg_config_read( -+ "systemd", "systemdsystemgeneratordir" -+ ), - "upstart": "etc/init/", - } - INITSYS_TYPES = sorted([f.partition(".")[0] for f in INITSYS_ROOTS.keys()]) -@@ -262,13 +281,15 @@ data_files = [ - ( - USR_LIB_EXEC + "/cloud-init", - [ -+ "tools/ds-identify", - "tools/hook-hotplug", - "tools/uncloud-init", - "tools/write-ssh-key-fingerprints", - ], - ), - ( -- ETC + "/bash_completion.d", ["bash_completion/cloud-init"], -+ USR + "/share/bash-completion/completions", -+ ["bash_completion/cloud-init"], - ), - (USR + "/share/doc/cloud-init", [f for f in glob("doc/*") if is_f(f)]), - ( -@@ -287,7 +308,8 @@ if not platform.system().endswith("BSD"): - ETC + "/NetworkManager/dispatcher.d/", - ["tools/hook-network-manager"], - ), -- ("/usr/lib/udev/rules.d", [f for f in glob("udev/*.rules")]), -+ (ETC + "/dhcp/dhclient-exit-hooks.d/", ["tools/hook-dhclient"]), -+ (LIB + "/udev/rules.d", [f for f in glob("udev/*.rules")]), - ( - ETC + "/systemd/system/sshd-keygen@.service.d/", - ["systemd/disable-sshd-keygen-if-cloud-init-active.conf"], -@@ -317,6 +339,8 @@ setuptools.setup( - scripts=["tools/cloud-init-per"], - license="Dual-licensed under GPLv3 or Apache 2.0", - data_files=data_files, -+ install_requires=requirements, -+ cmdclass=cmdclass, - entry_points={ - "console_scripts": [ - "cloud-init = cloudinit.cmd.main:main", --- -2.35.3 - diff --git a/SOURCES/ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch b/SOURCES/ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch new file mode 100644 index 0000000..f8efe4a --- /dev/null +++ b/SOURCES/ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch @@ -0,0 +1,102 @@ +From f7aaef405cd87d7d969f28401f3a4a7538d57c76 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Thu, 4 May 2023 15:34:43 +0530 +Subject: [PATCH 1/7] Revert "Manual revert "Use Network-Manager and Netplan as + default renderers for RHEL and Fedora (#1465)"" + +RH-Author: Ani Sinha +RH-MergeRequest: 103: [RHEL8] Support configuring network by NM keyfiles +RH-Bugzilla: 2219528 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/7] 65838b451e21f92cf92d2d4967015c48816f82f9 + +This reverts commit 0616dbd3f523395b619960b67b3b65c2f0ea15f4. + +This is patch 1 of the two patches that re-enables NM renderer. This change +can be ignored while rebasing to latest upstream. + +X-downstream-only: true +Signed-off-by: Ani Sinha +--- + cloudinit/net/renderers.py | 1 + + config/cloud.cfg.tmpl | 3 +++ + doc/rtd/reference/network-config.rst | 16 ++++++++++++++-- + 3 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/cloudinit/net/renderers.py b/cloudinit/net/renderers.py +index c92b9dcf..022ff938 100644 +--- a/cloudinit/net/renderers.py ++++ b/cloudinit/net/renderers.py +@@ -28,6 +28,7 @@ DEFAULT_PRIORITY = [ + "eni", + "sysconfig", + "netplan", ++ "network-manager", + "freebsd", + "netbsd", + "openbsd", +diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl +index 12f32c51..7238c102 100644 +--- a/config/cloud.cfg.tmpl ++++ b/config/cloud.cfg.tmpl +@@ -381,6 +381,9 @@ system_info: + {% elif variant in ["dragonfly"] %} + network: + renderers: ['freebsd'] ++{% elif variant in ["fedora"] or is_rhel %} ++ network: ++ renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni'] + {% elif variant == "openmandriva" %} + network: + renderers: ['network-manager', 'networkd'] +diff --git a/doc/rtd/reference/network-config.rst b/doc/rtd/reference/network-config.rst +index bc52afa5..ea331f1c 100644 +--- a/doc/rtd/reference/network-config.rst ++++ b/doc/rtd/reference/network-config.rst +@@ -176,6 +176,16 @@ this state, ``cloud-init`` delegates rendering of the configuration to + distro-supported formats. The following ``renderers`` are supported in + ``cloud-init``: + ++NetworkManager ++-------------- ++ ++`NetworkManager`_ is the standard Linux network configuration tool suite. It ++supports a wide range of networking setups. Configuration is typically stored ++in :file:`/etc/NetworkManager`. ++ ++It is the default for a number of Linux distributions; notably Fedora, ++CentOS/RHEL, and their derivatives. ++ + ENI + --- + +@@ -213,6 +223,7 @@ preference) is as follows: + - ENI + - Sysconfig + - Netplan ++- NetworkManager + - FreeBSD + - NetBSD + - OpenBSD +@@ -223,6 +234,7 @@ preference) is as follows: + + - **ENI**: using ``ifup``, ``ifdown`` to manage device setup/teardown + - **Netplan**: using ``netplan apply`` to manage device setup/teardown ++- **NetworkManager**: using ``nmcli`` to manage device setup/teardown + - **Networkd**: using ``ip`` to manage device setup/teardown + + When applying the policy, ``cloud-init`` checks if the current instance has the +@@ -232,8 +244,8 @@ supplying an updated configuration in cloud-config. :: + + system_info: + network: +- renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] +- activators: ['eni', 'netplan', 'networkd'] ++ renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] ++ activators: ['eni', 'netplan', 'network-manager', 'networkd'] + + Network configuration tools + =========================== +-- +2.39.3 + diff --git a/SOURCES/ci-Add-native-NetworkManager-support-1224.patch b/SOURCES/ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch similarity index 58% rename from SOURCES/ci-Add-native-NetworkManager-support-1224.patch rename to SOURCES/ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch index aad448a..595b8ef 100644 --- a/SOURCES/ci-Add-native-NetworkManager-support-1224.patch +++ b/SOURCES/ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch @@ -1,67 +1,39 @@ -From 0d93e53fd05c44b62e3456b7580c9de8135e6b5a Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Mon, 2 May 2022 14:21:24 +0200 -Subject: [PATCH 1/4] Add native NetworkManager support (#1224) +From 7ac066b494e07c14087298ed2ffde347172f1683 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Thu, 4 May 2023 15:39:17 +0530 +Subject: [PATCH 2/7] Revert "Revert "Add native NetworkManager support + (#1224)"" -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 57: Add native NetworkManager support (#1224) -RH-Commit: [1/2] 56b9ed40840a4930c421c2749e8aa385097bef93 -RH-Bugzilla: 2059872 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Jon Maloy -RH-Acked-by: Eduardo Otubo +RH-Author: Ani Sinha +RH-MergeRequest: 103: [RHEL8] Support configuring network by NM keyfiles +RH-Bugzilla: 2219528 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [2/7] d4edad28b5e2a4eb99cf846bedc139a86ea63227 -commit feda344e6cf9d37b09bc13cf333a717d1654c26c -Author: Lubomir Rintel -Date: Fri Feb 25 23:33:20 2022 +0100 +This reverts commit df17359efbf873396cd49bbd87b1680700cdda41 . - Add native NetworkManager support (#1224) +This is patch 2 of the two patches that re-enables NM renderer. This change can +be ignored while rebasing to latest upstream. - Fedora currently relies on sysconfig/ifcfg renderer. This is not too great, - because Fedora (also RHEL since version 8) dropped support for the legacy - network service that uses ifcfg files long ago. - - In turn, Fedora ended up patching cloud-init downstream to utilize - NetworkManager's ifcfg compatibility mode [1]. This seems to have worked - for a while, nevertheless the NetworkManager's ifcfg backend is reaching - the end of its useful life too [2]. - - [1] https://src.fedoraproject.org/rpms/cloud-init/blob/rawhide/f/cloud-init-21.3-nm-controlled.patch - [2] https://fedoraproject.org/wiki/Changes/NoIfcfgFiles - - Let's not mangle things downstream and make vanilla cloud-init work great - on Fedora instead. - - This also means that the sysconfig compatibility with - Network Manager was removed. - - Firstly, this relies upon the fact that you can get ifcfg support by adding - it to NetworkManager.conf. That is not guaranteed and certainly will not - be case in future. - - Secondly, cloud-init always generates configuration with - NM_CONTROLLED=no, so the generated ifcfg files are no good for - NetworkManager. Fedora patches around this by just removing those lines - in their cloud-init package. - -Signed-off-by: Emanuele Giuseppe Esposito +X-downstream-only: true +Signed-off-by: Ani Sinha --- - cloudinit/cmd/devel/net_convert.py | 14 +- - cloudinit/net/activators.py | 25 +- - cloudinit/net/network_manager.py | 377 +++++++ - cloudinit/net/renderers.py | 3 + - cloudinit/net/sysconfig.py | 37 +- - tests/unittests/test_net.py | 1270 +++++++++++++++++++++--- - tests/unittests/test_net_activators.py | 93 +- - 7 files changed, 1625 insertions(+), 194 deletions(-) + cloudinit/cmd/devel/net_convert.py | 14 +- + cloudinit/net/activators.py | 25 +- + cloudinit/net/network_manager.py | 393 ++++++++++++++++ + cloudinit/net/renderers.py | 2 + + cloudinit/net/sysconfig.py | 42 +- + tests/unittests/test_net.py | 597 ++++++++++++++++++++----- + tests/unittests/test_net_activators.py | 11 +- + 7 files changed, 923 insertions(+), 161 deletions(-) create mode 100644 cloudinit/net/network_manager.py diff --git a/cloudinit/cmd/devel/net_convert.py b/cloudinit/cmd/devel/net_convert.py -index 18b1e7ff..647fe07b 100755 +index 1a0a31ac..eee49860 100755 --- a/cloudinit/cmd/devel/net_convert.py +++ b/cloudinit/cmd/devel/net_convert.py -@@ -7,7 +7,14 @@ import os - import sys +@@ -10,7 +10,14 @@ import sys + import yaml from cloudinit import distros, log, safeyaml -from cloudinit.net import eni, netplan, network_state, networkd, sysconfig @@ -74,9 +46,9 @@ index 18b1e7ff..647fe07b 100755 + sysconfig, +) from cloudinit.sources import DataSourceAzure as azure - from cloudinit.sources import DataSourceOVF as ovf from cloudinit.sources.helpers import openstack -@@ -74,7 +81,7 @@ def get_parser(parser=None): + from cloudinit.sources.helpers.vmware.imc import guestcust_util +@@ -77,7 +84,7 @@ def get_parser(parser=None): parser.add_argument( "-O", "--output-kind", @@ -85,7 +57,7 @@ index 18b1e7ff..647fe07b 100755 required=True, help="The network config format to emit", ) -@@ -148,6 +155,9 @@ def handle_args(name, args): +@@ -150,6 +157,9 @@ def handle_args(name, args): elif args.output_kind == "sysconfig": r_cls = sysconfig.Renderer config = distro.renderer_configs.get("sysconfig") @@ -96,7 +68,7 @@ index 18b1e7ff..647fe07b 100755 raise RuntimeError("Invalid output_kind") diff --git a/cloudinit/net/activators.py b/cloudinit/net/activators.py -index e80c26df..edbc0c06 100644 +index d9a8c4d7..7d11a02c 100644 --- a/cloudinit/net/activators.py +++ b/cloudinit/net/activators.py @@ -1,15 +1,14 @@ @@ -104,7 +76,7 @@ index e80c26df..edbc0c06 100644 import logging -import os from abc import ABC, abstractmethod - from typing import Iterable, List, Type + from typing import Dict, Iterable, List, Optional, Type, Union from cloudinit import subp, util from cloudinit.net.eni import available as eni_available @@ -160,10 +132,10 @@ index e80c26df..edbc0c06 100644 diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py new file mode 100644 -index 00000000..79b0fe0b +index 00000000..53763d15 --- /dev/null +++ b/cloudinit/net/network_manager.py -@@ -0,0 +1,377 @@ +@@ -0,0 +1,393 @@ +# Copyright 2022 Red Hat, Inc. +# +# Author: Lubomir Rintel @@ -177,15 +149,16 @@ index 00000000..79b0fe0b +import itertools +import os +import uuid ++from typing import Optional + +from cloudinit import log as logging +from cloudinit import subp, util -+ -+from . import renderer -+from .network_state import is_ipv6_addr, subnet_is_ipv6 ++from cloudinit.net import is_ipv6_address, renderer, subnet_is_ipv6 ++from cloudinit.net.network_state import NetworkState + +NM_RUN_DIR = "/etc/NetworkManager" +NM_LIB_DIR = "/usr/lib/NetworkManager" ++NM_CFG_FILE = "/etc/NetworkManager/NetworkManager.conf" +LOG = logging.getLogger(__name__) + + @@ -234,7 +207,7 @@ index 00000000..79b0fe0b + + method_map = { + "static": "manual", -+ "dhcp6": "dhcp", ++ "dhcp6": "auto", + "ipv6_slaac": "auto", + "ipv6_dhcpv6-stateless": "auto", + "ipv6_dhcpv6-stateful": "auto", @@ -261,8 +234,6 @@ index 00000000..79b0fe0b + + self.config[family]["method"] = method + self._set_default(family, "may-fail", "false") -+ if family == "ipv6": -+ self._set_default(family, "addr-gen-mode", "stable-privacy") + + def _add_numbered(self, section, key_prefix, value): + """ @@ -303,7 +274,7 @@ index 00000000..79b0fe0b + # together. We might be getting an IPv6 name server while + # we're dealing with an IPv4 subnet. Sort this out by figuring + # out the correct family and making sure a valid section exist. -+ family = "ipv6" if is_ipv6_addr(dns) else "ipv4" ++ family = "ipv6" if is_ipv6_address(dns) else "ipv4" + self._set_default(family, "method", "disabled") + + self._set_default(family, "dns", "") @@ -509,7 +480,12 @@ index 00000000..79b0fe0b + # Well, what can we do... + return con_id + -+ def render_network_state(self, network_state, templates=None, target=None): ++ def render_network_state( ++ self, ++ network_state: NetworkState, ++ templates: Optional[dict] = None, ++ target=None, ++ ) -> None: + # First pass makes sure there's NMConnections for all known + # interfaces that have UUIDs that can be linked to from related + # interfaces @@ -536,16 +512,28 @@ index 00000000..79b0fe0b + + +def available(target=None): -+ target_nm_dir = subp.target_path(target, NM_LIB_DIR) -+ return os.path.exists(target_nm_dir) ++ # TODO: Move `uses_systemd` to a more appropriate location ++ # It is imported here to avoid circular import ++ from cloudinit.distros import uses_systemd ++ ++ config_present = os.path.isfile(subp.target_path(target, path=NM_CFG_FILE)) ++ nmcli_present = subp.which("nmcli", target=target) ++ service_active = True ++ if uses_systemd(): ++ try: ++ subp.subp(["systemctl", "is-enabled", "NetworkManager.service"]) ++ except subp.ProcessExecutionError: ++ service_active = False ++ ++ return config_present and bool(nmcli_present) and service_active + + +# vi: ts=4 expandtab diff --git a/cloudinit/net/renderers.py b/cloudinit/net/renderers.py -index c755f04c..7edc34b5 100644 +index 022ff938..fcf7feba 100644 --- a/cloudinit/net/renderers.py +++ b/cloudinit/net/renderers.py -@@ -8,6 +8,7 @@ from . import ( +@@ -8,6 +8,7 @@ from cloudinit.net import ( freebsd, netbsd, netplan, @@ -561,31 +549,33 @@ index c755f04c..7edc34b5 100644 "networkd": networkd, "openbsd": openbsd, "sysconfig": sysconfig, -@@ -28,6 +30,7 @@ DEFAULT_PRIORITY = [ - "eni", - "sysconfig", - "netplan", -+ "network-manager", - "freebsd", - "netbsd", - "openbsd", diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 362e8d19..c3b0c795 100644 +index da6d11b3..f7ac5898 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -5,8 +5,6 @@ import io - import os +@@ -6,8 +6,6 @@ import os import re + from typing import Mapping, Optional -from configobj import ConfigObj - from cloudinit import log as logging from cloudinit import subp, util from cloudinit.distros.parsers import networkmanager_conf, resolv_conf -@@ -66,24 +64,6 @@ def _quote_value(value): +@@ -37,7 +35,7 @@ KNOWN_DISTROS = [ + "TencentOS", + "virtuozzo", + ] +-NM_CFG_FILE = "/etc/NetworkManager/NetworkManager.conf" ++ + + def _make_header(sep="#"): + lines = [ +@@ -68,26 +66,7 @@ def _quote_value(value): return value +- -def enable_ifcfg_rh(path): - """Add ifcfg-rh to NetworkManager.cfg plugins if main section is present""" - config = ConfigObj(path) @@ -604,19 +594,21 @@ index 362e8d19..c3b0c795 100644 - LOG.debug("Enabled ifcfg-rh NetworkManager plugins") - - - class ConfigMap(object): +-class ConfigMap(object): ++class ConfigMap: """Sysconfig like dictionary object.""" -@@ -1031,8 +1011,6 @@ class Renderer(renderer.Renderer): - netrules_content = self._render_persistent_net(network_state) - netrules_path = subp.target_path(target, self.netrules_path) - util.write_file(netrules_path, netrules_content, file_mode) + # Why does redhat prefer yes/no to true/false?? +@@ -1039,8 +1018,6 @@ class Renderer(renderer.Renderer): + mode=file_mode, + preserve_mode=True, + ) - if available_nm(target=target): - enable_ifcfg_rh(subp.target_path(target, path=NM_CFG_FILE)) sysconfig_path = subp.target_path(target, templates.get("control")) # Distros configuring /etc/sysconfig/network as a file e.g. Centos -@@ -1071,14 +1049,9 @@ def _supported_vlan_names(rdev, vid): +@@ -1079,14 +1056,9 @@ def _supported_vlan_names(rdev, vid): def available(target=None): @@ -633,7 +625,7 @@ index 362e8d19..c3b0c795 100644 expected = ["ifup", "ifdown"] search = ["/sbin", "/usr/sbin"] for p in expected: -@@ -1095,10 +1068,4 @@ def available_sysconfig(target=None): +@@ -1103,10 +1075,4 @@ def available_sysconfig(target=None): return False @@ -645,18 +637,18 @@ index 362e8d19..c3b0c795 100644 - # vi: ts=4 expandtab diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index 591241b3..ef21ad76 100644 +index 4434b350..0f523ff8 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -21,6 +21,7 @@ from cloudinit.net import ( - interface_has_own_mac, +@@ -23,6 +23,7 @@ from cloudinit.net import ( + mask_and_ipv4_to_bcast_addr, natural_sort_key, netplan, + network_manager, network_state, networkd, renderers, -@@ -611,6 +612,37 @@ dns = none +@@ -616,6 +617,37 @@ dns = none ), ), ], @@ -694,7 +686,7 @@ index 591241b3..ef21ad76 100644 }, { "in_data": { -@@ -1073,6 +1105,50 @@ NETWORK_CONFIGS = { +@@ -1078,6 +1110,50 @@ NETWORK_CONFIGS = { USERCTL=no""" ), }, @@ -745,208 +737,7 @@ index 591241b3..ef21ad76 100644 "yaml": textwrap.dedent( """ version: 1 -@@ -1145,6 +1221,34 @@ NETWORK_CONFIGS = { - STARTMODE=auto""" - ) - }, -+ "expected_network_manager": { -+ "cloud-init-iface0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init iface0 -+ uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -+ type=ethernet -+ interface-name=iface0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ -+ [ipv4] -+ method=auto -+ may-fail=false -+ -+ [ipv6] -+ method=dhcp -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ -+ """ -+ ), -+ }, - "yaml": textwrap.dedent( - """\ - version: 1 -@@ -1247,6 +1351,37 @@ NETWORK_CONFIGS = { - """ - ), - }, -+ "expected_network_manager": { -+ "cloud-init-iface0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init iface0 -+ uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -+ type=ethernet -+ interface-name=iface0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mtu=9000 -+ -+ [ipv4] -+ method=manual -+ may-fail=false -+ address1=192.168.14.2/24 -+ -+ [ipv6] -+ method=manual -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ address1=2001:1::1/64 -+ -+ """ -+ ), -+ }, - }, - "v6_and_v4": { - "expected_sysconfig_opensuse": { -@@ -1257,6 +1392,34 @@ NETWORK_CONFIGS = { - STARTMODE=auto""" - ) - }, -+ "expected_network_manager": { -+ "cloud-init-iface0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init iface0 -+ uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -+ type=ethernet -+ interface-name=iface0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ -+ [ipv6] -+ method=dhcp -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ -+ [ipv4] -+ method=auto -+ may-fail=false -+ -+ """ -+ ), -+ }, - "yaml": textwrap.dedent( - """\ - version: 1 -@@ -1330,6 +1493,30 @@ NETWORK_CONFIGS = { - """ - ), - }, -+ "expected_network_manager": { -+ "cloud-init-iface0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init iface0 -+ uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -+ type=ethernet -+ interface-name=iface0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ -+ [ipv6] -+ method=dhcp -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ -+ """ -+ ), -+ }, - }, - "dhcpv6_accept_ra": { - "expected_eni": textwrap.dedent( -@@ -1537,6 +1724,30 @@ NETWORK_CONFIGS = { - """ - ), - }, -+ "expected_network_manager": { -+ "cloud-init-iface0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init iface0 -+ uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -+ type=ethernet -+ interface-name=iface0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ -+ [ipv6] -+ method=auto -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ -+ """ -+ ), -+ }, - }, - "static6": { - "yaml": textwrap.dedent( -@@ -1625,6 +1836,30 @@ NETWORK_CONFIGS = { - """ - ), - }, -+ "expected_network_manager": { -+ "cloud-init-iface0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init iface0 -+ uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 -+ type=ethernet -+ interface-name=iface0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ -+ [ipv6] -+ method=auto -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ -+ """ -+ ), -+ }, - }, - "dhcpv6_stateful": { - "expected_eni": textwrap.dedent( -@@ -1724,6 +1959,29 @@ NETWORK_CONFIGS = { +@@ -1883,6 +1959,29 @@ NETWORK_CONFIGS = { """ ), }, @@ -976,7 +767,7 @@ index 591241b3..ef21ad76 100644 "yaml_v2": textwrap.dedent( """\ version: 2 -@@ -1777,6 +2035,30 @@ NETWORK_CONFIGS = { +@@ -1936,6 +2035,30 @@ NETWORK_CONFIGS = { """ ), }, @@ -1007,304 +798,7 @@ index 591241b3..ef21ad76 100644 "yaml_v2": textwrap.dedent( """\ version: 2 -@@ -2215,6 +2497,254 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - USERCTL=no""" - ), - }, -+ "expected_network_manager": { -+ "cloud-init-eth3.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth3 -+ uuid=b7e95dda-7746-5bf8-bf33-6e5f3c926790 -+ type=ethernet -+ slave-type=bridge -+ master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=66:BB:9F:2C:E8:80 -+ -+ """ -+ ), -+ "cloud-init-eth5.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth5 -+ uuid=5fda13c7-9942-5e90-a41b-1d043bd725dc -+ type=ethernet -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=98:BB:9F:2C:E8:8A -+ -+ [ipv4] -+ method=auto -+ may-fail=false -+ -+ """ -+ ), -+ "cloud-init-ib0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init ib0 -+ uuid=11a1dda7-78b4-5529-beba-d9b5f549ad7b -+ type=infiniband -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [infiniband] -+ transport-mode=datagram -+ mtu=9000 -+ mac-address=A0:00:02:20:FE:80:00:00:00:00:00:00:EC:0D:9A:03:00:15:E2:C1 -+ -+ [ipv4] -+ method=manual -+ may-fail=false -+ address1=192.168.200.7/24 -+ -+ """ -+ ), -+ "cloud-init-bond0.200.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init bond0.200 -+ uuid=88984a9c-ff22-5233-9267-86315e0acaa7 -+ type=vlan -+ interface-name=bond0.200 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [vlan] -+ id=200 -+ parent=54317911-f840-516b-a10d-82cb4c1f075c -+ -+ [ipv4] -+ method=auto -+ may-fail=false -+ -+ """ -+ ), -+ "cloud-init-eth0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth0 -+ uuid=1dd9a779-d327-56e1-8454-c65e2556c12c -+ type=ethernet -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=C0:D6:9F:2C:E8:80 -+ -+ """ -+ ), -+ "cloud-init-eth4.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth4 -+ uuid=e27e4959-fb50-5580-b9a4-2073554627b9 -+ type=ethernet -+ slave-type=bridge -+ master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=98:BB:9F:2C:E8:80 -+ -+ """ -+ ), -+ "cloud-init-eth1.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth1 -+ uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 -+ type=ethernet -+ slave-type=bond -+ master=54317911-f840-516b-a10d-82cb4c1f075c -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=AA:D6:9F:2C:E8:80 -+ -+ """ -+ ), -+ "cloud-init-br0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init br0 -+ uuid=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -+ type=bridge -+ interface-name=br0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [bridge] -+ stp=false -+ priority=22 -+ mac-address=BB:BB:BB:BB:BB:AA -+ -+ [ipv4] -+ method=manual -+ may-fail=false -+ address1=192.168.14.2/24 -+ -+ [ipv6] -+ method=manual -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ address1=2001:1::1/64 -+ route1=::/0,2001:4800:78ff:1b::1 -+ -+ """ -+ ), -+ "cloud-init-eth0.101.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth0.101 -+ uuid=b5acec5e-db80-5935-8b02-0d5619fc42bf -+ type=vlan -+ interface-name=eth0.101 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [vlan] -+ id=101 -+ parent=1dd9a779-d327-56e1-8454-c65e2556c12c -+ -+ [ipv4] -+ method=manual -+ may-fail=false -+ address1=192.168.0.2/24 -+ gateway=192.168.0.1 -+ dns=192.168.0.10;10.23.23.134; -+ dns-search=barley.maas;sacchromyces.maas;brettanomyces.maas; -+ address2=192.168.2.10/24 -+ -+ """ -+ ), -+ "cloud-init-bond0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init bond0 -+ uuid=54317911-f840-516b-a10d-82cb4c1f075c -+ type=bond -+ interface-name=bond0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [bond] -+ mode=active-backup -+ miimon=100 -+ xmit_hash_policy=layer3+4 -+ -+ [ipv6] -+ method=dhcp -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ -+ """ -+ ), -+ "cloud-init-eth2.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth2 -+ uuid=5559a242-3421-5fdd-896e-9cb8313d5804 -+ type=ethernet -+ slave-type=bond -+ master=54317911-f840-516b-a10d-82cb4c1f075c -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=C0:BB:9F:2C:E8:80 -+ -+ """ -+ ), -+ }, - "yaml": textwrap.dedent( - """ - version: 1 -@@ -2403,10 +2933,10 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - - type: static - address: 2001:1::1/92 - routes: -- - gateway: 2001:67c:1562:1 -+ - gateway: 2001:67c:1562::1 - network: 2001:67c:1 - netmask: "ffff:ffff::" -- - gateway: 3001:67c:1562:1 -+ - gateway: 3001:67c:15::1 - network: 3001:67c:1 - netmask: "ffff:ffff::" - metric: 10000 -@@ -2451,10 +2981,10 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - - to: 10.1.3.0/24 - via: 192.168.0.3 - - to: 2001:67c:1/32 -- via: 2001:67c:1562:1 -+ via: 2001:67c:1562::1 - - metric: 10000 - to: 3001:67c:1/32 -- via: 3001:67c:1562:1 -+ via: 3001:67c:15::1 - """ - ), - "expected_eni": textwrap.dedent( -@@ -2514,11 +3044,11 @@ iface bond0 inet static - # control-alias bond0 - iface bond0 inet6 static - address 2001:1::1/92 -- post-up route add -A inet6 2001:67c:1/32 gw 2001:67c:1562:1 || true -- pre-down route del -A inet6 2001:67c:1/32 gw 2001:67c:1562:1 || true -- post-up route add -A inet6 3001:67c:1/32 gw 3001:67c:1562:1 metric 10000 \ -+ post-up route add -A inet6 2001:67c:1/32 gw 2001:67c:1562::1 || true -+ pre-down route del -A inet6 2001:67c:1/32 gw 2001:67c:1562::1 || true -+ post-up route add -A inet6 3001:67c:1/32 gw 3001:67c:15::1 metric 10000 \ - || true -- pre-down route del -A inet6 3001:67c:1/32 gw 3001:67c:1562:1 metric 10000 \ -+ pre-down route del -A inet6 3001:67c:1/32 gw 3001:67c:15::1 metric 10000 \ - || true - """ - ), -@@ -2561,8 +3091,8 @@ iface bond0 inet6 static +@@ -2969,8 +3092,8 @@ iface bond0 inet6 static - to: 2001:67c:1562:8007::1/64 via: 2001:67c:1562:8007::aac:40b2 - metric: 10000 @@ -1315,7 +809,7 @@ index 591241b3..ef21ad76 100644 """ ), "expected_netplan-v2": textwrap.dedent( -@@ -2594,8 +3124,8 @@ iface bond0 inet6 static +@@ -3002,8 +3125,8 @@ iface bond0 inet6 static - to: 2001:67c:1562:8007::1/64 via: 2001:67c:1562:8007::aac:40b2 - metric: 10000 @@ -1326,194 +820,11 @@ index 591241b3..ef21ad76 100644 ethernets: eth0: match: -@@ -2694,8 +3224,8 @@ iface bond0 inet6 static - """\ - # Created by cloud-init on instance boot automatically, do not edit. - # -- 2001:67c:1/32 via 2001:67c:1562:1 dev bond0 -- 3001:67c:1/32 via 3001:67c:1562:1 metric 10000 dev bond0 -+ 2001:67c:1/32 via 2001:67c:1562::1 dev bond0 -+ 3001:67c:1/32 via 3001:67c:15::1 metric 10000 dev bond0 - """ - ), - "route-bond0": textwrap.dedent( -@@ -2718,6 +3248,88 @@ iface bond0 inet6 static - """ - ), - }, -+ "expected_network_manager": { -+ "cloud-init-bond0s0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init bond0s0 -+ uuid=09d0b5b9-67e7-5577-a1af-74d1cf17a71e -+ type=ethernet -+ slave-type=bond -+ master=54317911-f840-516b-a10d-82cb4c1f075c -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=AA:BB:CC:DD:E8:00 -+ -+ """ -+ ), -+ "cloud-init-bond0s1.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init bond0s1 -+ uuid=4d9aca96-b515-5630-ad83-d13daac7f9d0 -+ type=ethernet -+ slave-type=bond -+ master=54317911-f840-516b-a10d-82cb4c1f075c -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=AA:BB:CC:DD:E8:01 -+ -+ """ -+ ), -+ "cloud-init-bond0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init bond0 -+ uuid=54317911-f840-516b-a10d-82cb4c1f075c -+ type=bond -+ interface-name=bond0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [bond] -+ mode=active-backup -+ miimon=100 -+ xmit_hash_policy=layer3+4 -+ num_grat_arp=5 -+ downdelay=10 -+ updelay=20 -+ fail_over_mac=active -+ primary_reselect=always -+ primary=bond0s0 -+ -+ [ipv4] -+ method=manual -+ may-fail=false -+ address1=192.168.0.2/24 -+ gateway=192.168.0.1 -+ route1=10.1.3.0/24,192.168.0.3 -+ address2=192.168.1.2/24 -+ -+ [ipv6] -+ method=manual -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ address1=2001:1::1/92 -+ route1=2001:67c:1/32,2001:67c:1562::1 -+ route2=3001:67c:1/32,3001:67c:15::1 -+ -+ """ -+ ), -+ }, - }, - "vlan": { - "yaml": textwrap.dedent( -@@ -2801,6 +3413,58 @@ iface bond0 inet6 static - VLAN=yes""" - ), - }, -+ "expected_network_manager": { -+ "cloud-init-en0.99.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init en0.99 -+ uuid=f594e2ed-f107-51df-b225-1dc530a5356b -+ type=vlan -+ interface-name=en0.99 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [vlan] -+ id=99 -+ parent=e0ca478b-8d84-52ab-8fae-628482c629b5 -+ -+ [ipv4] -+ method=manual -+ may-fail=false -+ address1=192.168.2.2/24 -+ address2=192.168.1.2/24 -+ gateway=192.168.1.1 -+ -+ [ipv6] -+ method=manual -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ address1=2001:1::bbbb/96 -+ route1=::/0,2001:1::1 -+ -+ """ -+ ), -+ "cloud-init-en0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init en0 -+ uuid=e0ca478b-8d84-52ab-8fae-628482c629b5 -+ type=ethernet -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=AA:BB:CC:DD:E8:00 -+ -+ """ -+ ), -+ }, - }, - "bridge": { - "yaml": textwrap.dedent( -@@ -2909,6 +3573,82 @@ iface bond0 inet6 static +@@ -3651,6 +3774,73 @@ iface bond0 inet6 static """ ), }, + "expected_network_manager": { -+ "cloud-init-br0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init br0 -+ uuid=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -+ type=bridge -+ interface-name=br0 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [bridge] -+ stp=false -+ priority=22 -+ -+ [ipv4] -+ method=manual -+ may-fail=false -+ address1=192.168.2.2/24 -+ -+ """ -+ ), + "cloud-init-eth0.nmconnection": textwrap.dedent( + """\ + # Generated by cloud-init. Changes will be lost. @@ -1522,8 +833,6 @@ index 591241b3..ef21ad76 100644 + id=cloud-init eth0 + uuid=1dd9a779-d327-56e1-8454-c65e2556c12c + type=ethernet -+ slave-type=bridge -+ master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 + + [user] + org.freedesktop.NetworkManager.origin=cloud-init @@ -1531,81 +840,6 @@ index 591241b3..ef21ad76 100644 + [ethernet] + mac-address=52:54:00:12:34:00 + -+ [ipv6] -+ method=manual -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ address1=2001:1::100/96 -+ -+ """ -+ ), -+ "cloud-init-eth1.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. -+ -+ [connection] -+ id=cloud-init eth1 -+ uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 -+ type=ethernet -+ slave-type=bridge -+ master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 -+ -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init -+ -+ [ethernet] -+ mac-address=52:54:00:12:34:01 -+ -+ [ipv6] -+ method=manual -+ may-fail=false -+ addr-gen-mode=stable-privacy -+ address1=2001:1::101/96 -+ -+ """ -+ ), -+ }, - }, - "manual": { - "yaml": textwrap.dedent( -@@ -3037,28 +3777,95 @@ iface bond0 inet6 static - """ - ), - }, -- }, --} -+ "expected_network_manager": { -+ "cloud-init-eth0.nmconnection": textwrap.dedent( -+ """\ -+ # Generated by cloud-init. Changes will be lost. - -+ [connection] -+ id=cloud-init eth0 -+ uuid=1dd9a779-d327-56e1-8454-c65e2556c12c -+ type=ethernet - --CONFIG_V1_EXPLICIT_LOOPBACK = { -- "version": 1, -- "config": [ -- { -- "name": "eth0", -- "type": "physical", -- "subnets": [{"control": "auto", "type": "dhcp"}], -- }, -- { -- "name": "lo", -- "type": "loopback", -- "subnets": [{"control": "auto", "type": "loopback"}], -- }, -- ], --} -+ [user] -+ org.freedesktop.NetworkManager.origin=cloud-init - -+ [ethernet] -+ mac-address=52:54:00:12:34:00 - --CONFIG_V1_SIMPLE_SUBNET = { + [ipv4] + method=manual + may-fail=false @@ -1657,32 +891,10 @@ index 591241b3..ef21ad76 100644 + """ + ), + }, -+ }, -+} -+ -+ -+CONFIG_V1_EXPLICIT_LOOPBACK = { -+ "version": 1, -+ "config": [ -+ { -+ "name": "eth0", -+ "type": "physical", -+ "subnets": [{"control": "auto", "type": "dhcp"}], -+ }, -+ { -+ "name": "lo", -+ "type": "loopback", -+ "subnets": [{"control": "auto", "type": "loopback"}], -+ }, -+ ], -+} -+ -+ -+CONFIG_V1_SIMPLE_SUBNET = { - "version": 1, - "config": [ - { -@@ -3497,7 +4304,6 @@ class TestRhelSysConfigRendering(CiTestCase): + }, + "v2-dev-name-via-mac-lookup": { + "expected_sysconfig_rhel": { +@@ -4149,7 +4339,6 @@ class TestRhelSysConfigRendering(CiTestCase): with_logs = True @@ -1690,7 +902,7 @@ index 591241b3..ef21ad76 100644 scripts_dir = "/etc/sysconfig/network-scripts" header = ( "# Created by cloud-init on instance boot automatically, " -@@ -4072,78 +4878,6 @@ USERCTL=no +@@ -4724,78 +4913,6 @@ USERCTL=no self._compare_files_to_expected(entry[self.expected_name], found) self._assert_headers(found) @@ -1769,7 +981,7 @@ index 591241b3..ef21ad76 100644 def test_netplan_dhcp_false_disable_dhcp_in_state(self): """netplan config with dhcp[46]: False should not add dhcp in state""" net_config = yaml.load(NETPLAN_DHCP_FALSE) -@@ -4699,6 +5433,281 @@ STARTMODE=auto +@@ -5492,6 +5609,281 @@ STARTMODE=auto self._assert_headers(found) @@ -2051,7 +1263,7 @@ index 591241b3..ef21ad76 100644 class TestEniNetRendering(CiTestCase): @mock.patch("cloudinit.net.util.get_cmdline", return_value="root=myroot") @mock.patch("cloudinit.net.sys_dev_path") -@@ -6136,9 +7145,9 @@ class TestNetworkdRoundTrip(CiTestCase): +@@ -7259,9 +7651,9 @@ class TestNetworkdRoundTrip(CiTestCase): class TestRenderersSelect: @pytest.mark.parametrize( @@ -2063,7 +1275,7 @@ index 591241b3..ef21ad76 100644 ( net.RendererNotFoundError, False, -@@ -6146,52 +7155,51 @@ class TestRenderersSelect: +@@ -7269,52 +7661,51 @@ class TestRenderersSelect: False, False, False, @@ -2138,7 +1350,7 @@ index 591241b3..ef21ad76 100644 m_networkd_avail.return_value = networkd # networkd presence if isinstance(renderer_selected, str): (renderer_name, _rnd_class) = renderers.select( -@@ -6249,7 +7257,7 @@ class TestNetRenderers(CiTestCase): +@@ -7372,7 +7763,7 @@ class TestNetRenderers(CiTestCase): priority=["sysconfig", "eni"], ) @@ -2148,35 +1360,10 @@ index 591241b3..ef21ad76 100644 def test_sysconfig_available_uses_variant_mapping(self, m_info, m_avail): m_avail.return_value = True diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py -index 3c29e2f7..4525c49c 100644 +index b735ea9e..afd9056a 100644 --- a/tests/unittests/test_net_activators.py +++ b/tests/unittests/test_net_activators.py -@@ -41,18 +41,20 @@ NETPLAN_CALL_LIST = [ - - @pytest.fixture - def available_mocks(): -- mocks = namedtuple("Mocks", "m_which, m_file") -+ mocks = namedtuple("Mocks", "m_which, m_file, m_exists") - with patch("cloudinit.subp.which", return_value=True) as m_which: - with patch("os.path.isfile", return_value=True) as m_file: -- yield mocks(m_which, m_file) -+ with patch("os.path.exists", return_value=True) as m_exists: -+ yield mocks(m_which, m_file, m_exists) - - - @pytest.fixture - def unavailable_mocks(): -- mocks = namedtuple("Mocks", "m_which, m_file") -+ mocks = namedtuple("Mocks", "m_which, m_file, m_exists") - with patch("cloudinit.subp.which", return_value=False) as m_which: - with patch("os.path.isfile", return_value=False) as m_file: -- yield mocks(m_which, m_file) -+ with patch("os.path.exists", return_value=False) as m_exists: -+ yield mocks(m_which, m_file, m_exists) - - - class TestSearchAndSelect: -@@ -113,10 +115,6 @@ NETPLAN_AVAILABLE_CALLS = [ +@@ -139,10 +139,6 @@ NETPLAN_AVAILABLE_CALLS = [ (("netplan",), {"search": ["/usr/sbin", "/sbin"], "target": None}), ] @@ -2187,7 +1374,7 @@ index 3c29e2f7..4525c49c 100644 NETWORKD_AVAILABLE_CALLS = [ (("ip",), {"search": ["/usr/sbin", "/bin"], "target": None}), (("systemctl",), {"search": ["/usr/sbin", "/bin"], "target": None}), -@@ -128,7 +126,6 @@ NETWORKD_AVAILABLE_CALLS = [ +@@ -154,7 +150,6 @@ NETWORKD_AVAILABLE_CALLS = [ [ (IfUpDownActivator, IF_UP_DOWN_AVAILABLE_CALLS), (NetplanActivator, NETPLAN_AVAILABLE_CALLS), @@ -2195,82 +1382,7 @@ index 3c29e2f7..4525c49c 100644 (NetworkdActivator, NETWORKD_AVAILABLE_CALLS), ], ) -@@ -144,8 +141,72 @@ IF_UP_DOWN_BRING_UP_CALL_LIST = [ - ] - - NETWORK_MANAGER_BRING_UP_CALL_LIST = [ -- ((["nmcli", "connection", "up", "ifname", "eth0"],), {}), -- ((["nmcli", "connection", "up", "ifname", "eth1"],), {}), -+ ( -+ ( -+ [ -+ "nmcli", -+ "connection", -+ "load", -+ "".join( -+ [ -+ "/etc/NetworkManager/system-connections", -+ "/cloud-init-eth0.nmconnection", -+ ] -+ ), -+ ], -+ ), -+ {}, -+ ), -+ ( -+ ( -+ [ -+ "nmcli", -+ "connection", -+ "up", -+ "filename", -+ "".join( -+ [ -+ "/etc/NetworkManager/system-connections", -+ "/cloud-init-eth0.nmconnection", -+ ] -+ ), -+ ], -+ ), -+ {}, -+ ), -+ ( -+ ( -+ [ -+ "nmcli", -+ "connection", -+ "load", -+ "".join( -+ [ -+ "/etc/NetworkManager/system-connections", -+ "/cloud-init-eth1.nmconnection", -+ ] -+ ), -+ ], -+ ), -+ {}, -+ ), -+ ( -+ ( -+ [ -+ "nmcli", -+ "connection", -+ "up", -+ "filename", -+ "".join( -+ [ -+ "/etc/NetworkManager/system-connections", -+ "/cloud-init-eth1.nmconnection", -+ ] -+ ), -+ ], -+ ), -+ {}, -+ ), - ] - - NETWORKD_BRING_UP_CALL_LIST = [ -@@ -169,9 +230,11 @@ class TestActivatorsBringUp: +@@ -259,9 +254,11 @@ class TestActivatorsBringUp: def test_bring_up_interface( self, m_subp, activator, expected_call_list, available_mocks ): @@ -2284,17 +1396,6 @@ index 3c29e2f7..4525c49c 100644 @patch("cloudinit.subp.subp", return_value=("", "")) def test_bring_up_interfaces( -@@ -208,8 +271,8 @@ IF_UP_DOWN_BRING_DOWN_CALL_LIST = [ - ] - - NETWORK_MANAGER_BRING_DOWN_CALL_LIST = [ -- ((["nmcli", "connection", "down", "eth0"],), {}), -- ((["nmcli", "connection", "down", "eth1"],), {}), -+ ((["nmcli", "device", "disconnect", "eth0"],), {}), -+ ((["nmcli", "device", "disconnect", "eth1"],), {}), - ] - - NETWORKD_BRING_DOWN_CALL_LIST = [ -- -2.35.3 +2.39.3 diff --git a/SOURCES/ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch b/SOURCES/ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch deleted file mode 100644 index 6532fab..0000000 --- a/SOURCES/ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 02e7b89c157f8c3243f0d91cf5652cf27db44b72 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Mon, 8 Aug 2022 10:10:26 +0200 -Subject: [PATCH 2/2] Revert "Use Network-Manager and Netplan as default - renderers for RHEL and Fedora (#1465)" - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 81: Revert "Use Network-Manager and Netplan as default renderers for RHEL and Fedora (#1465)" -RH-Commit: [2/2] 746b2e33356376e250b799261031676174e8ccc9 -RH-Bugzilla: 2107464 2110066 2117526 2104393 2098624 -RH-Acked-by: Eduardo Otubo -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Mohamed Gamal Morsy - -As NM is reverted, remove also documentation and any trace of it. -This reverts commit 13ded463a6a0b1b0bf0dffc0a997f006dd25c4f3. - -Signed-off-by: Emanuele Giuseppe Esposito ---- - config/cloud.cfg.tmpl | 3 --- - doc/rtd/topics/network-config.rst | 12 +----------- - 2 files changed, 1 insertion(+), 14 deletions(-) - -diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index f4d2fd14..80ab4f96 100644 ---- a/config/cloud.cfg.tmpl -+++ b/config/cloud.cfg.tmpl -@@ -353,7 +353,4 @@ system_info: - {% elif variant in ["dragonfly"] %} - network: - renderers: ['freebsd'] --{% elif variant in ["rhel", "fedora"] %} -- network: -- renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni'] - {% endif %} -diff --git a/doc/rtd/topics/network-config.rst b/doc/rtd/topics/network-config.rst -index f503caab..c461a3fe 100644 ---- a/doc/rtd/topics/network-config.rst -+++ b/doc/rtd/topics/network-config.rst -@@ -188,15 +188,6 @@ generated configuration into an internal network configuration state. From - this state `Cloud-init`_ delegates rendering of the configuration to Distro - supported formats. The following ``renderers`` are supported in cloud-init: - --- **NetworkManager** -- --`NetworkManager `_ is the standard Linux network --configuration tool suite. It supports a wide range of networking setups. --Configuration is typically stored in ``/etc/NetworkManager``. -- --It is the default for a number of Linux distributions, notably Fedora; --CentOS/RHEL; and derivatives. -- - - **ENI** - - /etc/network/interfaces or ``ENI`` is supported by the ``ifupdown`` package -@@ -224,7 +215,6 @@ is as follows: - - ENI - - Sysconfig - - Netplan --- NetworkManager - - When applying the policy, `Cloud-init`_ checks if the current instance has the - correct binaries and paths to support the renderer. The first renderer that -@@ -233,7 +223,7 @@ supplying an updated configuration in cloud-config. :: - - system_info: - network: -- renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] -+ renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] - - - Network Configuration Tools --- -2.27.0 - diff --git a/SOURCES/ci-Revert-limit-permissions-on-def_log_file.patch b/SOURCES/ci-Revert-limit-permissions-on-def_log_file.patch new file mode 100644 index 0000000..f753861 --- /dev/null +++ b/SOURCES/ci-Revert-limit-permissions-on-def_log_file.patch @@ -0,0 +1,63 @@ +From fcd4f7c99e866abb93d0a56f5967b35dbec4088c Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Fri, 7 Jul 2023 16:05:48 +0530 +Subject: [PATCH 06/11] Revert "limit permissions on def_log_file" + +This reverts commit 1308991156950833f62ec1464b1aef3673864c02. +This patch seems to be not doing anythiing at all. + +X-downstream-only: true + +Signed-off-by: Ani Sinha +--- + cloudinit/settings.py | 1 - + cloudinit/stages.py | 1 - + doc/examples/cloud-config.txt | 4 ---- + 3 files changed, 6 deletions(-) + +diff --git a/cloudinit/settings.py b/cloudinit/settings.py +index 88aac6be..a36c518d 100644 +--- a/cloudinit/settings.py ++++ b/cloudinit/settings.py +@@ -52,7 +52,6 @@ CFG_BUILTIN = { + "None", + ], + "def_log_file": "/var/log/cloud-init.log", +- "def_log_file_mode": 0o600, + "log_cfgs": [], + "syslog_fix_perms": [], + "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"], +diff --git a/cloudinit/stages.py b/cloudinit/stages.py +index 1326d205..21f30a1f 100644 +--- a/cloudinit/stages.py ++++ b/cloudinit/stages.py +@@ -202,7 +202,6 @@ class Init: + def _initialize_filesystem(self): + util.ensure_dirs(self._initial_subdirs()) + log_file = util.get_cfg_option_str(self.cfg, "def_log_file") +- log_file_mode = util.get_cfg_option_int(self.cfg, "def_log_file_mode") + if log_file: + # At this point the log file should have already been created + # in the setupLogging function of log.py +diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt +index b6d16c9c..15d788f3 100644 +--- a/doc/examples/cloud-config.txt ++++ b/doc/examples/cloud-config.txt +@@ -383,14 +383,10 @@ timezone: US/Eastern + # if syslog_fix_perms is a list, it will iterate through and use the + # first pair that does not raise error. + # +-# 'def_log_file' will be created with mode 'def_log_file_mode', which +-# is specified as a numeric value and defaults to 0600. +-# + # the default values are '/var/log/cloud-init.log' and 'syslog:adm' + # the value of 'def_log_file' should match what is configured in logging + # if either is empty, then no change of ownership will be done + def_log_file: /var/log/my-logging-file.log +-def_log_file_mode: 0600 + syslog_fix_perms: syslog:root + + # you can set passwords for a user or multiple users +-- +2.39.3 + diff --git a/SOURCES/ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch b/SOURCES/ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch new file mode 100644 index 0000000..b2e00e1 --- /dev/null +++ b/SOURCES/ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch @@ -0,0 +1,44 @@ +From c33a3f27e449371e36f19269f81883c5a50131bb Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Thu, 8 Jun 2023 03:29:13 +0530 +Subject: [PATCH 7/7] Set default renderer as sysconfig for centos/rhel (#4165) + +RH-Author: Ani Sinha +RH-MergeRequest: 103: [RHEL8] Support configuring network by NM keyfiles +RH-Bugzilla: 2219528 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [7/7] aec68bb518c82bfd6b67fbe89b72bbda81c01cf9 + +Currently, network manager is disabled on c9s and therefore sysconfig is used as the primary renderer for network configuration. We do not want to change this for c9s even when network-manager renderer is re-enabled as it would mean a big behaviour change for cloud-init in the centos 9 stream. + +This change bumps up the priority for sysconfig renderer so that it is used as the primary renderer on c9s and other downstream distributions derived from it. In the next major centos stream release, we may use network manager as the default renderer and make changes accordingly. + +RHBZ: 2209349 + +Signed-off-by: Ani Sinha +(cherry picked from commit a1f375095bd0ac8628c4fdc79538dc177bb9ff99) +--- + config/cloud.cfg.tmpl | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl +index 7238c102..020340f9 100644 +--- a/config/cloud.cfg.tmpl ++++ b/config/cloud.cfg.tmpl +@@ -381,9 +381,12 @@ system_info: + {% elif variant in ["dragonfly"] %} + network: + renderers: ['freebsd'] +-{% elif variant in ["fedora"] or is_rhel %} ++{% elif variant in ["fedora"] %} + network: + renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni'] ++{% elif is_rhel %} ++ network: ++ renderers: ['sysconfig', 'eni', 'netplan', 'network-manager', 'networkd' ] + {% elif variant == "openmandriva" %} + network: + renderers: ['network-manager', 'networkd'] +-- +2.39.3 + diff --git a/SOURCES/ci-Support-EC2-tags-in-instance-metadata-1309.patch b/SOURCES/ci-Support-EC2-tags-in-instance-metadata-1309.patch deleted file mode 100644 index 6e8e0fb..0000000 --- a/SOURCES/ci-Support-EC2-tags-in-instance-metadata-1309.patch +++ /dev/null @@ -1,164 +0,0 @@ -From fbec3008305845072a787f46008bbb82d89dec53 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Mon, 30 May 2022 16:46:41 +0200 -Subject: [PATCH] Support EC2 tags in instance metadata (#1309) - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 70: Support EC2 tags in instance metadata (#1309) -RH-Commit: [1/1] 2497547016173a4c6e7d3c900f80de390d445c44 -RH-Bugzilla: 2082686 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Mohamed Gamal Morsy - -commit 40c52ce1f4049449b04f93226721f63af874c5c7 -Author: Eduardo Dobay -Date: Wed Apr 6 01:28:01 2022 -0300 - - Support EC2 tags in instance metadata (#1309) - - Add support for newer EC2 metadata versions (up to 2021-03-23), so that - tags can be retrieved from the `ds.meta_data.tags` field, as well as - with any new fields that might have been added since the 2018-09-24 - version. - -Signed-off-by: Emanuele Giuseppe Esposito ---- - cloudinit/sources/DataSourceEc2.py | 5 +++-- - doc/rtd/topics/datasources/ec2.rst | 28 ++++++++++++++++++++++------ - tests/unittests/sources/test_ec2.py | 26 +++++++++++++++++++++++++- - tools/.github-cla-signers | 1 + - 4 files changed, 51 insertions(+), 9 deletions(-) - -diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py -index 03b3870c..a030b498 100644 ---- a/cloudinit/sources/DataSourceEc2.py -+++ b/cloudinit/sources/DataSourceEc2.py -@@ -61,8 +61,9 @@ class DataSourceEc2(sources.DataSource): - min_metadata_version = "2009-04-04" - - # Priority ordered list of additional metadata versions which will be tried -- # for extended metadata content. IPv6 support comes in 2016-09-02 -- extended_metadata_versions = ["2018-09-24", "2016-09-02"] -+ # for extended metadata content. IPv6 support comes in 2016-09-02. -+ # Tags support comes in 2021-03-23. -+ extended_metadata_versions = ["2021-03-23", "2018-09-24", "2016-09-02"] - - # Setup read_url parameters per get_url_params. - url_max_wait = 120 -diff --git a/doc/rtd/topics/datasources/ec2.rst b/doc/rtd/topics/datasources/ec2.rst -index 94e4158d..77232269 100644 ---- a/doc/rtd/topics/datasources/ec2.rst -+++ b/doc/rtd/topics/datasources/ec2.rst -@@ -38,11 +38,26 @@ Userdata is accessible via the following URL: - GET http://169.254.169.254/2009-04-04/user-data - 1234,fred,reboot,true | 4512,jimbo, | 173,,, - --Note that there are multiple versions of this data provided, cloud-init --by default uses **2009-04-04** but newer versions can be supported with --relative ease (newer versions have more data exposed, while maintaining --backward compatibility with the previous versions). --Version **2016-09-02** is required for secondary IP address support. -+Note that there are multiple EC2 Metadata versions of this data provided -+to instances. cloud-init will attempt to use the most recent API version it -+supports in order to get latest API features and instance-data. If a given -+API version is not exposed to the instance, those API features will be -+unavailable to the instance. -+ -+ -++----------------+----------------------------------------------------------+ -++ EC2 version | supported instance-data/feature | -++================+==========================================================+ -++ **2021-03-23** | Required for Instance tag support. This feature must be | -+| | enabled individually on each instance. See the | -+| | `EC2 tags user guide`_. | -++----------------+----------------------------------------------------------+ -+| **2016-09-02** | Required for secondary IP address support. | -++----------------+----------------------------------------------------------+ -+| **2009-04-04** | Minimum supports EC2 API version for meta-data and | -+| | user-data. | -++----------------+----------------------------------------------------------+ -+ - - To see which versions are supported from your cloud provider use the following - URL: -@@ -71,7 +86,7 @@ configuration (in `/etc/cloud/cloud.cfg` or `/etc/cloud/cloud.cfg.d/`). - - The settings that may be configured are: - -- * **metadata_urls**: This list of urls will be searched for an Ec2 -+ * **metadata_urls**: This list of urls will be searched for an EC2 - metadata service. The first entry that successfully returns a 200 response - for //meta-data/instance-id will be selected. - (default: ['http://169.254.169.254', 'http://instance-data:8773']). -@@ -121,4 +136,5 @@ Notes - For example: the primary NIC will have a DHCP route-metric of 100, - the next NIC will be 200. - -+.. _EC2 tags user guide: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS - .. vi: textwidth=79 -diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py -index b376660d..7c8a5ea5 100644 ---- a/tests/unittests/sources/test_ec2.py -+++ b/tests/unittests/sources/test_ec2.py -@@ -210,6 +210,17 @@ SECONDARY_IP_METADATA_2018_09_24 = { - - M_PATH_NET = "cloudinit.sources.DataSourceEc2.net." - -+TAGS_METADATA_2021_03_23 = { -+ **DEFAULT_METADATA, -+ "tags": { -+ "instance": { -+ "Environment": "production", -+ "Application": "test", -+ "TagWithoutValue": "", -+ } -+ }, -+} -+ - - def _register_ssh_keys(rfunc, base_url, keys_data): - """handle ssh key inconsistencies. -@@ -670,7 +681,7 @@ class TestEc2(test_helpers.HttprettyTestCase): - logs_with_redacted = [log for log in all_logs if REDACT_TOK in log] - logs_with_token = [log for log in all_logs if "API-TOKEN" in log] - self.assertEqual(1, len(logs_with_redacted_ttl)) -- self.assertEqual(81, len(logs_with_redacted)) -+ self.assertEqual(83, len(logs_with_redacted)) - self.assertEqual(0, len(logs_with_token)) - - @mock.patch("cloudinit.net.dhcp.maybe_perform_dhcp_discovery") -@@ -811,6 +822,19 @@ class TestEc2(test_helpers.HttprettyTestCase): - ) - self.assertIn("Crawl of metadata service took", self.logs.getvalue()) - -+ def test_get_instance_tags(self): -+ ds = self._setup_ds( -+ platform_data=self.valid_platform_data, -+ sys_cfg={"datasource": {"Ec2": {"strict_id": False}}}, -+ md={"md": TAGS_METADATA_2021_03_23}, -+ ) -+ self.assertTrue(ds.get_data()) -+ self.assertIn("tags", ds.metadata) -+ self.assertIn("instance", ds.metadata["tags"]) -+ instance_tags = ds.metadata["tags"]["instance"] -+ self.assertEqual(instance_tags["Application"], "test") -+ self.assertEqual(instance_tags["Environment"], "production") -+ - - class TestGetSecondaryAddresses(test_helpers.CiTestCase): - -diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers -index ac157a2f..9f71ea0c 100644 ---- a/tools/.github-cla-signers -+++ b/tools/.github-cla-signers -@@ -26,6 +26,7 @@ dermotbradley - dhensby - eandersson - eb3095 -+edudobay - emmanuelthome - eslerm - esposem --- -2.27.0 - diff --git a/SOURCES/ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch b/SOURCES/ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch deleted file mode 100644 index 04d5e1f..0000000 --- a/SOURCES/ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 13ded463a6a0b1b0bf0dffc0a997f006dd25c4f3 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Thu, 19 May 2022 15:51:27 +0200 -Subject: [PATCH 2/4] Use Network-Manager and Netplan as default renderers for - RHEL and Fedora (#1465) - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 57: Add native NetworkManager support (#1224) -RH-Commit: [2/2] f2f977564bea496b0d76c0cef242959d03c2c73e -RH-Bugzilla: 2059872 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Jon Maloy -RH-Acked-by: Eduardo Otubo - -commit 7703aa98b89c8daba207c28a0422268ead10019a -Author: Emanuele Giuseppe Esposito -Date: Thu May 19 15:05:01 2022 +0200 - - Use Network-Manager and Netplan as default renderers for RHEL and Fedora (#1465) - - This is adapted from Neal Gompa's PR: - https://github.com/canonical/cloud-init/pull/1435 - - The only difference is that we are not modifying renderers.py (thus - modifying the priority of all distros), but just tweaking cloud.cfg to - apply this change to Fedora and RHEL. Other distros can optionally - add themselves afterwards. - - net: Prefer Netplan and NetworkManager renderers by default - - NetworkManager is used by default on a variety of Linux distributions, - and exists as a cross-distribution network management service. - - Additionally, add information about the NetworkManager renderer to - the cloud-init documentation. - - Because Netplan can be explicitly used to manage NetworkManager, - it needs to be preferred before NetworkManager. - - This change is a follow-up to #1224, which added the native - NetworkManager renderer. - This patch has been deployed on Fedora's cloud-init package throughout - the development of Fedora Linux 36 to verify that it works. - - This should also make it tremendously easier for Linux distributions - to use cloud-init because now a standard configuration is supported - by default. - - Signed-off-by: Neal Gompa - - Signed-off-by: Emanuele Giuseppe Esposito - -Signed-off-by: Emanuele Giuseppe Esposito ---- - config/cloud.cfg.tmpl | 3 +++ - doc/rtd/topics/network-config.rst | 12 +++++++++++- - 2 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index fb4b456c..86beee3c 100644 ---- a/config/cloud.cfg.tmpl -+++ b/config/cloud.cfg.tmpl -@@ -330,4 +330,7 @@ system_info: - {% elif variant in ["dragonfly"] %} - network: - renderers: ['freebsd'] -+{% elif variant in ["rhel", "fedora"] %} -+ network: -+ renderers: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni'] - {% endif %} -diff --git a/doc/rtd/topics/network-config.rst b/doc/rtd/topics/network-config.rst -index c461a3fe..f503caab 100644 ---- a/doc/rtd/topics/network-config.rst -+++ b/doc/rtd/topics/network-config.rst -@@ -188,6 +188,15 @@ generated configuration into an internal network configuration state. From - this state `Cloud-init`_ delegates rendering of the configuration to Distro - supported formats. The following ``renderers`` are supported in cloud-init: - -+- **NetworkManager** -+ -+`NetworkManager `_ is the standard Linux network -+configuration tool suite. It supports a wide range of networking setups. -+Configuration is typically stored in ``/etc/NetworkManager``. -+ -+It is the default for a number of Linux distributions, notably Fedora; -+CentOS/RHEL; and derivatives. -+ - - **ENI** - - /etc/network/interfaces or ``ENI`` is supported by the ``ifupdown`` package -@@ -215,6 +224,7 @@ is as follows: - - ENI - - Sysconfig - - Netplan -+- NetworkManager - - When applying the policy, `Cloud-init`_ checks if the current instance has the - correct binaries and paths to support the renderer. The first renderer that -@@ -223,7 +233,7 @@ supplying an updated configuration in cloud-config. :: - - system_info: - network: -- renderers: ['netplan', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] -+ renderers: ['netplan', 'network-manager', 'eni', 'sysconfig', 'freebsd', 'netbsd', 'openbsd'] - - - Network Configuration Tools --- -2.35.3 - diff --git a/SOURCES/ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch b/SOURCES/ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch deleted file mode 100644 index 69ec964..0000000 --- a/SOURCES/ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch +++ /dev/null @@ -1,84 +0,0 @@ -From ddfd2eba79b4849309c37472dfb5852811b03391 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Thu, 19 Jan 2023 09:46:10 +0100 -Subject: [PATCH] cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if - it's empty (#1967) - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 88: cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty (#1967) -RH-Bugzilla: 2162258 -RH-Acked-by: Mohamed Gamal Morsy -RH-Acked-by: Jon Maloy -RH-Commit: [1/1] 04aaaf46290c4488dd46c9c2673b0bf038b7d311 - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2162258 - -commit 9c7502a801763520639c66125eb373123d1e4f44 -Author: Emanuele Giuseppe Esposito -Date: Wed Jan 18 17:55:16 2023 +0100 - - cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty (#1967) - - If the file exists but is empty, do nothing. - Otherwise cloud-init will crash because it does not handle the empty file. - - RHBZ: 2140893 - - Signed-off-by: Emanuele Giuseppe Esposito - -Signed-off-by: Emanuele Giuseppe Esposito ---- - cloudinit/config/cc_set_hostname.py | 2 +- - tests/unittests/config/test_cc_set_hostname.py | 17 +++++++++++++++++ - 2 files changed, 18 insertions(+), 1 deletion(-) - -diff --git a/cloudinit/config/cc_set_hostname.py b/cloudinit/config/cc_set_hostname.py -index eb0ca328..9d78f6ad 100644 ---- a/cloudinit/config/cc_set_hostname.py -+++ b/cloudinit/config/cc_set_hostname.py -@@ -86,7 +86,7 @@ def handle(name, cfg, cloud, log, _args): - # distro._read_hostname implementation so we only validate one artifact. - prev_fn = os.path.join(cloud.get_cpath("data"), "set-hostname") - prev_hostname = {} -- if os.path.exists(prev_fn): -+ if os.path.exists(prev_fn) and os.stat(prev_fn).st_size > 0: - prev_hostname = util.load_json(util.load_file(prev_fn)) - hostname_changed = hostname != prev_hostname.get( - "hostname" -diff --git a/tests/unittests/config/test_cc_set_hostname.py b/tests/unittests/config/test_cc_set_hostname.py -index fd994c4e..a819039b 100644 ---- a/tests/unittests/config/test_cc_set_hostname.py -+++ b/tests/unittests/config/test_cc_set_hostname.py -@@ -5,6 +5,7 @@ import os - import shutil - import tempfile - from io import BytesIO -+from pathlib import Path - from unittest import mock - - from configobj import ConfigObj -@@ -204,5 +205,21 @@ class TestHostname(t_help.FilesystemMockingTestCase): - str(ctx_mgr.exception), - ) - -+ def test_ignore_empty_previous_artifact_file(self): -+ cfg = { -+ "hostname": "blah", -+ "fqdn": "blah.blah.blah.yahoo.com", -+ } -+ distro = self._fetch_distro("debian") -+ paths = helpers.Paths({"cloud_dir": self.tmp}) -+ ds = None -+ cc = cloud.Cloud(ds, paths, {}, distro, None) -+ self.patchUtils(self.tmp) -+ prev_fn = Path(cc.get_cpath("data")) / "set-hostname" -+ prev_fn.touch() -+ cc_set_hostname.handle("cc_set_hostname", cfg, cc, LOG, []) -+ contents = util.load_file("/etc/hostname") -+ self.assertEqual("blah", contents.strip()) -+ - - # vi: ts=4 expandtab --- -2.39.1 - diff --git a/SOURCES/ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch b/SOURCES/ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch deleted file mode 100644 index 8949652..0000000 --- a/SOURCES/ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 528136e7f6c307f035f8db0f14313a213697d2d0 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Thu, 8 Sep 2022 17:42:26 +0200 -Subject: [PATCH] cloud.cfg.tmpl: make sure "centos" settings are identical to - "rhel" (#1639) - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 83: cloud.cfg.tmpl: make sure "centos" settings are identical to "rhel" (#1639) -RH-Bugzilla: 2115576 -RH-Acked-by: Camilla Conte -RH-Acked-by: Jon Maloy -RH-Commit: [1/1] f503ce4f79b7d783cd0a4e1ed0977e63a4715031 - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2115576 - -commit 7593243a1abe2ccaf4698579720999380a4da73b -Author: Emanuele Giuseppe Esposito -Date: Wed Sep 7 14:53:26 2022 +0200 - - cloud.cfg.tmpl: make sure "centos" settings are identical to "rhel" (#1639) - - We have a couple of bugs where centos does not have the default user as rhel. - This PR makes sure the configuration is exactly the same. - - Signed-off-by: Emanuele Giuseppe Esposito - - RHBZ: 2115565 - RHBZ: 2115576 - Conflicts: - config/cloud.cfg.tmpl: "openmandriva" distro added in the options - -Signed-off-by: Emanuele Giuseppe Esposito ---- - config/cloud.cfg.tmpl | 27 +++++++++++++------------ - tests/unittests/test_render_cloudcfg.py | 1 + - 2 files changed, 15 insertions(+), 13 deletions(-) - -diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index 80ab4f96..08b6efbc 100644 ---- a/config/cloud.cfg.tmpl -+++ b/config/cloud.cfg.tmpl -@@ -2,6 +2,7 @@ - # The top level settings are used as module - # and system configuration. - {% set is_bsd = variant in ["dragonfly", "freebsd", "netbsd", "openbsd"] %} -+{% set is_rhel = variant in ["rhel", "centos"] %} - {% if is_bsd %} - syslog_fix_perms: root:wheel - {% elif variant in ["suse"] %} -@@ -32,9 +33,9 @@ disable_root: false - disable_root: true - {% endif %} - --{% if variant in ["almalinux", "alpine", "amazon", "centos", "cloudlinux", "eurolinux", -- "fedora", "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %} --{% if variant == "rhel" %} -+{% if variant in ["almalinux", "alpine", "amazon", "cloudlinux", "eurolinux", -+ "fedora", "miraclelinux", "openEuler", "openmandriva", "rocky", "virtuozzo"] or is_rhel %} -+{% if is_rhel %} - mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2'] - {% else %} - mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2'] -@@ -70,7 +71,7 @@ network: - config: disabled - {% endif %} - --{% if variant == "rhel" %} -+{% if is_rhel %} - # Default redhat settings: - ssh_deletekeys: true - ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] -@@ -119,16 +120,16 @@ cloud_config_modules: - {% endif %} - {% if variant not in ["photon"] %} - - ssh-import-id --{% if variant not in ["rhel"] %} -+{% if not is_rhel %} - - keyboard - {% endif %} - - locale - {% endif %} - - set-passwords --{% if variant in ["rhel"] %} -+{% if is_rhel %} - - rh_subscription - {% endif %} --{% if variant in ["rhel", "fedora", "photon"] %} -+{% if variant in ["fedora", "openmandriva", "photon"] or is_rhel %} - {% if variant not in ["photon"] %} - - spacewalk - {% endif %} -@@ -193,9 +194,9 @@ cloud_final_modules: - # (not accessible to handlers/transforms) - system_info: - # This will affect which distro class gets used --{% if variant in ["almalinux", "alpine", "amazon", "arch", "centos", "cloudlinux", "debian", -+{% if variant in ["almalinux", "alpine", "amazon", "arch", "cloudlinux", "debian", - "eurolinux", "fedora", "freebsd", "gentoo", "netbsd", "miraclelinux", "openbsd", "openEuler", -- "photon", "rhel", "rocky", "suse", "ubuntu", "virtuozzo"] %} -+ "openmandriva", "photon", "rocky", "suse", "ubuntu", "virtuozzo"] or is_rhel %} - distro: {{ variant }} - {% elif variant in ["dragonfly"] %} - distro: dragonflybsd -@@ -248,15 +249,15 @@ system_info: - primary: http://ports.ubuntu.com/ubuntu-ports - security: http://ports.ubuntu.com/ubuntu-ports - ssh_svcname: ssh --{% elif variant in ["almalinux", "alpine", "amazon", "arch", "centos", "cloudlinux", "eurolinux", -- "fedora", "gentoo", "miraclelinux", "openEuler", "rhel", "rocky", "suse", "virtuozzo"] %} -+{% elif variant in ["almalinux", "alpine", "amazon", "arch", "cloudlinux", "eurolinux", -+ "fedora", "gentoo", "miraclelinux", "openEuler", "openmandriva", "rocky", "suse", "virtuozzo"] or is_rhel %} - # Default user name + that default users groups (if added/used) - default_user: - {% if variant == "amazon" %} - name: ec2-user - lock_passwd: True - gecos: EC2 Default User --{% elif variant == "rhel" %} -+{% elif is_rhel %} - name: cloud-user - lock_passwd: true - gecos: Cloud User -@@ -275,7 +276,7 @@ system_info: - groups: [adm, sudo] - {% elif variant == "arch" %} - groups: [wheel, users] --{% elif variant == "rhel" %} -+{% elif is_rhel %} - groups: [adm, systemd-journal] - {% else %} - groups: [wheel, adm, systemd-journal] -diff --git a/tests/unittests/test_render_cloudcfg.py b/tests/unittests/test_render_cloudcfg.py -index 9f95d448..1a6e2715 100644 ---- a/tests/unittests/test_render_cloudcfg.py -+++ b/tests/unittests/test_render_cloudcfg.py -@@ -69,6 +69,7 @@ class TestRenderCloudCfg: - "amazon": "ec2-user", - "debian": "ubuntu", - "rhel": "cloud-user", -+ "centos": "cloud-user", - "unknown": "ubuntu", - } - default_user = system_cfg["system_info"]["default_user"]["name"] --- -2.37.3 - diff --git a/SOURCES/ci-cosmetic-fix-tox-formatting.patch b/SOURCES/ci-cosmetic-fix-tox-formatting.patch new file mode 100644 index 0000000..ce1795c --- /dev/null +++ b/SOURCES/ci-cosmetic-fix-tox-formatting.patch @@ -0,0 +1,35 @@ +From 9f560fd70f64cbe1827e2e490206d245f3ac7812 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Fri, 7 Jul 2023 15:38:14 +0530 +Subject: [PATCH 08/11] cosmetic: fix tox formatting + +This is a cosmetic formatting change that makes tox happy. + +X-downstream-only: true + +fixes: 06b2d8279628eb5d0 ("include 'NOZEROCONF=yes' in /etc/sysconfig/network") +Signed-off-by: Ani Sinha +--- + cloudinit/net/sysconfig.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index 5bf3e7ca..421564ee 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -1028,9 +1028,9 @@ class Renderer(renderer.Renderer): + for line in util.load_file(sysconfig_path, quiet=True).split("\n"): + if "cloud-init" in line: + break +- if not line.startswith(("NETWORKING=", +- "IPV6_AUTOCONF=", +- "NETWORKING_IPV6=")): ++ if not line.startswith( ++ ("NETWORKING=", "IPV6_AUTOCONF=", "NETWORKING_IPV6=") ++ ): + netcfg.append(line) + # Now generate the cloud-init portion of sysconfig/network + netcfg.extend([_make_header(), "NETWORKING=yes"]) +-- +2.39.3 + diff --git a/SOURCES/ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch b/SOURCES/ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch new file mode 100644 index 0000000..10879be --- /dev/null +++ b/SOURCES/ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch @@ -0,0 +1,183 @@ +From 0de2584f99c49b5d22bc7d1d08070d53b8fc1b3b Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Thu, 20 Jul 2023 23:56:01 +0530 +Subject: [PATCH 11/11] logging: keep current file mode of log file if its + stricter than the new mode (#4250) + +RH-Author: Ani Sinha +RH-MergeRequest: 105: [RHEL 8.9] logging: keep current file mode of log file if its stricter than the new mode (#4250) +RH-Bugzilla: 2222501 +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/1] 2733073d4dd119e29d1cf227e787afa15c9f8991 + +By default, the cloud init log file is created with mode 0o644 with +`preserve_mode` parameter of `write_file()` set to False. This means that when +an existing log file is found, its mode will be unconditionally reset to the +mode 0o644. It is possible that this might cause the change of the mode of the +log file from the current more stricter mode to a less strict mode +(when the new mode 0o644 is less strict than the existing mode of the file). + +In order to mitigate the above issue, check the current mode of the log file +and if the current mode is stricter than the default new mode 0o644, then +preserve the current mode of the file. + +Fixes GH-4243 + +Signed-off-by: Ani Sinha +(cherry picked from commit a0e4ec15a1adffabd1c539879514eae4807c834c) +Signed-off-by: Ani Sinha + + Conflicts: + tests/unittests/test_util.py +--- + cloudinit/stages.py | 15 ++++++++++++++- + cloudinit/util.py | 23 +++++++++++++++++++++++ + tests/unittests/test_stages.py | 23 ++++++++++++++++------- + tests/unittests/test_util.py | 24 ++++++++++++++++++++++++ + 4 files changed, 77 insertions(+), 8 deletions(-) + +diff --git a/cloudinit/stages.py b/cloudinit/stages.py +index 21f30a1f..979179af 100644 +--- a/cloudinit/stages.py ++++ b/cloudinit/stages.py +@@ -200,12 +200,25 @@ class Init: + self._initialize_filesystem() + + def _initialize_filesystem(self): ++ mode = 0o640 ++ fmode = None ++ + util.ensure_dirs(self._initial_subdirs()) + log_file = util.get_cfg_option_str(self.cfg, "def_log_file") + if log_file: + # At this point the log file should have already been created + # in the setupLogging function of log.py +- util.ensure_file(log_file, mode=0o640, preserve_mode=False) ++ ++ try: ++ fmode = util.get_permissions(log_file) ++ except OSError: ++ pass ++ ++ # if existing file mode fmode is stricter, do not change it. ++ if fmode and util.compare_permission(fmode, mode) < 0: ++ mode = fmode ++ ++ util.ensure_file(log_file, mode, preserve_mode=False) + perms = self.cfg.get("syslog_fix_perms") + if not perms: + perms = {} +diff --git a/cloudinit/util.py b/cloudinit/util.py +index 8ba3e2b6..00892d6f 100644 +--- a/cloudinit/util.py ++++ b/cloudinit/util.py +@@ -2087,6 +2087,29 @@ def safe_int(possible_int): + return None + + ++def compare_permission(mode1, mode2): ++ """Compare two file modes in octal. ++ ++ If mode1 is less restrictive than mode2 return 1 ++ If mode1 is more restrictive than mode2 return -1 ++ If mode1 is same as mode2, return 0 ++ ++ The comparison starts from the permission of the ++ set of users in "others" and then works up to the ++ permission of "user" set. ++ """ ++ # Convert modes to octal and reverse the last 3 digits ++ # so 0o640 would be become 0o046 ++ mode1_oct = oct(mode1)[2:].rjust(3, "0") ++ mode2_oct = oct(mode2)[2:].rjust(3, "0") ++ m1 = int(mode1_oct[:-3] + mode1_oct[-3:][::-1], 8) ++ m2 = int(mode2_oct[:-3] + mode2_oct[-3:][::-1], 8) ++ ++ # Then do a traditional cmp() ++ # https://docs.python.org/3.0/whatsnew/3.0.html#ordering-comparisons ++ return (m1 > m2) - (m1 < m2) ++ ++ + def chmod(path, mode): + real_mode = safe_int(mode) + if path and real_mode: +diff --git a/tests/unittests/test_stages.py b/tests/unittests/test_stages.py +index a61f9df9..831ea9f2 100644 +--- a/tests/unittests/test_stages.py ++++ b/tests/unittests/test_stages.py +@@ -606,13 +606,22 @@ class TestInit_InitializeFilesystem: + # Assert we create it 0o640 by default if it doesn't already exist + assert 0o640 == stat.S_IMODE(log_file.stat().mode) + +- def test_existing_file_permissions(self, init, tmpdir): ++ @pytest.mark.parametrize( ++ "set_perms,expected_perms", ++ [ ++ (0o640, 0o640), ++ (0o606, 0o640), ++ (0o600, 0o600), ++ ], ++ ) ++ def test_existing_file_permissions( ++ self, init, tmpdir, set_perms, expected_perms ++ ): + """Test file permissions are set as expected. + +- CIS Hardening requires 640 permissions. These permissions are +- currently hardcoded on every boot, but if there's ever a reason +- to change this, we need to then ensure that they +- are *not* set every boot. ++ CIS Hardening requires 640 permissions. If the file has looser ++ permissions, then hard code 640. If the file has tighter ++ permissions, then leave them as they are + + See https://bugs.launchpad.net/cloud-init/+bug/1900837. + """ +@@ -620,9 +629,9 @@ class TestInit_InitializeFilesystem: + log_file.ensure() + # Use a mode that will never be made the default so this test will + # always be valid +- log_file.chmod(0o606) ++ log_file.chmod(set_perms) + init._cfg = {"def_log_file": str(log_file)} + + init._initialize_filesystem() + +- assert 0o640 == stat.S_IMODE(log_file.stat().mode) ++ assert expected_perms == stat.S_IMODE(log_file.stat().mode) +diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py +index 07142a86..af96da05 100644 +--- a/tests/unittests/test_util.py ++++ b/tests/unittests/test_util.py +@@ -3026,3 +3026,27 @@ class TestVersion: + ) + def test_from_str(self, str_ver, cls_ver): + assert util.Version.from_str(str_ver) == cls_ver ++ ++ ++class TestComparePermissions: ++ @pytest.mark.parametrize( ++ "perm1,perm2,expected", ++ [ ++ (0o777, 0o777, 0), ++ (0o000, 0o000, 0), ++ (0o421, 0o421, 0), ++ (0o1640, 0o1640, 0), ++ (0o1407, 0o1600, 1), ++ (0o1600, 0o1407, -1), ++ (0o407, 0o600, 1), ++ (0o600, 0o407, -1), ++ (0o007, 0o700, 1), ++ (0o700, 0o007, -1), ++ (0o077, 0o100, 1), ++ (0o644, 0o640, 1), ++ (0o640, 0o600, 1), ++ (0o600, 0o400, 1), ++ ], ++ ) ++ def test_compare_permissions(self, perm1, perm2, expected): ++ assert util.compare_permission(perm1, perm2) == expected +-- +2.39.3 + diff --git a/SOURCES/ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch b/SOURCES/ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch new file mode 100644 index 0000000..b37d469 --- /dev/null +++ b/SOURCES/ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch @@ -0,0 +1,71 @@ +From 3b68f70013c84ae9efbc31aa35641b61041fd62a Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Mon, 22 May 2023 22:06:28 +0530 +Subject: [PATCH 5/7] net/sysconfig: enable sysconfig renderer if network + manager has ifcfg-rh plugin (#4132) + +RH-Author: Ani Sinha +RH-MergeRequest: 103: [RHEL8] Support configuring network by NM keyfiles +RH-Bugzilla: 2219528 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [5/7] 4d1602e39fbf85277e50a1fde046a0b528a18364 + +Some distributions like RHEL does not have ifup and ifdown +scripts that traditionally handled ifcfg-eth* files. Instead RHEL +uses network manager with ifcfg-rh plugin to handle ifcfg +scripts. Therefore, the sysconfig should check for the +existence of ifcfg-rh plugin in addition to checking for the +existence of ifup and ifdown scripts in order to determine if it +can handle ifcfg files. If either the plugin or ifup/ifdown scripts +are present, sysconfig renderer can be enabled. + +fixes: #4131 +RHBZ: 2194050 + +Signed-off-by: Ani Sinha +(cherry picked from commit 009dbf85a72a9077b2267d377b2ff46639fb3def) +--- + cloudinit/net/sysconfig.py | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index f7ac5898..5bf3e7ca 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -1,6 +1,7 @@ + # This file is part of cloud-init. See LICENSE file for license information. + + import copy ++import glob + import io + import os + import re +@@ -1058,7 +1059,25 @@ def _supported_vlan_names(rdev, vid): + def available(target=None): + if not util.system_info()["variant"] in KNOWN_DISTROS: + return False ++ if available_sysconfig(target): ++ return True ++ if available_nm_ifcfg_rh(target): ++ return True ++ return False ++ ++ ++def available_nm_ifcfg_rh(target=None): ++ # The ifcfg-rh plugin of NetworkManager is installed. ++ # NetworkManager can handle the ifcfg files. ++ return glob.glob( ++ subp.target_path( ++ target, ++ "usr/lib*/NetworkManager/*/libnm-settings-plugin-ifcfg-rh.so", ++ ) ++ ) ++ + ++def available_sysconfig(target=None): + expected = ["ifup", "ifdown"] + search = ["/sbin", "/usr/sbin"] + for p in expected: +-- +2.39.3 + diff --git a/SOURCES/ci-network-manager-Set-higher-autoconnect-priority-for-.patch b/SOURCES/ci-network-manager-Set-higher-autoconnect-priority-for-.patch new file mode 100644 index 0000000..e6dc651 --- /dev/null +++ b/SOURCES/ci-network-manager-Set-higher-autoconnect-priority-for-.patch @@ -0,0 +1,410 @@ +From f3f9a6933ba2c348d0ccd92706b1c17655f91625 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Tue, 23 May 2023 20:38:31 +0530 +Subject: [PATCH 6/7] network-manager: Set higher autoconnect priority for nm + keyfiles (#3671) + +RH-Author: Ani Sinha +RH-MergeRequest: 103: [RHEL8] Support configuring network by NM keyfiles +RH-Bugzilla: 2219528 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [6/7] f263baba1870ed035bd1662ddeb0ab5bcb6a8cd1 + +cloud init generated keyfiles by network manager renderer for network +interfaces can sometimes conflict with existing keyfiles that are left as an +artifact of an upgrade process or are old user generated keyfiles. When two +such keyfiles are present, the existing keyfile can take precedence over the +cloud init generated keyfile making the later ineffective. Removing the old +keyfile blindly by cloud init would also not be correct since there would be +no way to enforce a different interface configuration if one needs it. + +This change adds an autoconnect-priority value for cloud init generated keyfile +so that the cloud init configuration takes precedence over the existing old +keyfile configuration in the default case. The priority values range from 0 +to 999. We set a value of 120 so that it would be high enough in the default +case and result in cloud init keyfile to take precedence but not too high so +that if the user generated keyfile needs to take precedence, the user can do +so by using a higher value than the one used by cloud init key file, between +the values 121 and 999. + +RHBZ: 2196231 + +Signed-off-by: Ani Sinha +(cherry picked from commit f663e94ac50bc518e694cbd167fdab216fcff029) +--- + cloudinit/net/network_manager.py | 1 + + tests/unittests/cmd/devel/test_net_convert.py | 1 + + .../cloud-init-encc000.2653.nmconnection | 1 + + .../cloud-init-encc000.nmconnection | 1 + + .../cloud-init-zz-all-en.nmconnection | 1 + + .../cloud-init-zz-all-eth.nmconnection | 1 + + tests/unittests/test_net.py | 36 +++++++++++++++++++ + 7 files changed, 42 insertions(+) + +diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py +index 2752f52f..ca216928 100644 +--- a/cloudinit/net/network_manager.py ++++ b/cloudinit/net/network_manager.py +@@ -43,6 +43,7 @@ class NMConnection: + self.config["connection"] = { + "id": f"cloud-init {con_id}", + "uuid": str(uuid.uuid5(CI_NM_UUID, con_id)), ++ "autoconnect-priority": "120", + } + + # This is not actually used anywhere, but may be useful in future +diff --git a/tests/unittests/cmd/devel/test_net_convert.py b/tests/unittests/cmd/devel/test_net_convert.py +index 100aa8de..71654750 100644 +--- a/tests/unittests/cmd/devel/test_net_convert.py ++++ b/tests/unittests/cmd/devel/test_net_convert.py +@@ -74,6 +74,7 @@ SAMPLE_NETWORK_MANAGER_CONTENT = """\ + [connection] + id=cloud-init eth0 + uuid=1dd9a779-d327-56e1-8454-c65e2556c12c ++autoconnect-priority=120 + type=ethernet + interface-name=eth0 + +diff --git a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.2653.nmconnection b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.2653.nmconnection +index 80483d4f..f44485d2 100644 +--- a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.2653.nmconnection ++++ b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.2653.nmconnection +@@ -3,6 +3,7 @@ + [connection] + id=cloud-init encc000.2653 + uuid=116aaf19-aabc-50ea-b480-e9aee18bda59 ++autoconnect-priority=120 + type=vlan + interface-name=encc000.2653 + +diff --git a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.nmconnection b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.nmconnection +index 3368388d..fbdfbc65 100644 +--- a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.nmconnection ++++ b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-encc000.nmconnection +@@ -3,6 +3,7 @@ + [connection] + id=cloud-init encc000 + uuid=f869ebd3-f175-5747-bf02-d0d44d687248 ++autoconnect-priority=120 + type=ethernet + interface-name=encc000 + +diff --git a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-en.nmconnection b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-en.nmconnection +index 16120bc1..dce56c7d 100644 +--- a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-en.nmconnection ++++ b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-en.nmconnection +@@ -3,6 +3,7 @@ + [connection] + id=cloud-init zz-all-en + uuid=159daec9-cba3-5101-85e7-46d831857f43 ++autoconnect-priority=120 + type=ethernet + interface-name=zz-all-en + +diff --git a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-eth.nmconnection b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-eth.nmconnection +index df44d546..ee436bf2 100644 +--- a/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-eth.nmconnection ++++ b/tests/unittests/net/artifacts/no_matching_mac/etc/NetworkManager/system-connections/cloud-init-zz-all-eth.nmconnection +@@ -3,6 +3,7 @@ + [connection] + id=cloud-init zz-all-eth + uuid=23a83d8a-d7db-5133-a77b-e68a6ac61ec9 ++autoconnect-priority=120 + type=ethernet + interface-name=zz-all-eth + +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 0f523ff8..7abe61b9 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -631,6 +631,7 @@ dns = none + [connection] + id=cloud-init eth0 + uuid=1dd9a779-d327-56e1-8454-c65e2556c12c ++autoconnect-priority=120 + type=ethernet + + [user] +@@ -1118,6 +1119,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init eth1 + uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -1135,6 +1137,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init eth99 + uuid=b1b88000-1f03-5360-8377-1a2205efffb4 ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -1234,6 +1237,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -1364,6 +1368,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -1404,6 +1409,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -1504,6 +1510,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -1734,6 +1741,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -1845,6 +1853,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -1967,6 +1976,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -2043,6 +2053,7 @@ NETWORK_CONFIGS = { + [connection] + id=cloud-init iface0 + uuid=8ddfba48-857c-5e86-ac09-1b43eae0bf70 ++ autoconnect-priority=120 + type=ethernet + interface-name=iface0 + +@@ -2507,6 +2518,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init eth3 + uuid=b7e95dda-7746-5bf8-bf33-6e5f3c926790 ++ autoconnect-priority=120 + type=ethernet + slave-type=bridge + master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 +@@ -2526,6 +2538,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init eth5 + uuid=5fda13c7-9942-5e90-a41b-1d043bd725dc ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -2547,6 +2560,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init ib0 + uuid=11a1dda7-78b4-5529-beba-d9b5f549ad7b ++ autoconnect-priority=120 + type=infiniband + + [user] +@@ -2571,6 +2585,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init bond0.200 + uuid=88984a9c-ff22-5233-9267-86315e0acaa7 ++ autoconnect-priority=120 + type=vlan + interface-name=bond0.200 + +@@ -2594,6 +2609,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init eth0 + uuid=1dd9a779-d327-56e1-8454-c65e2556c12c ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -2611,6 +2627,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init eth4 + uuid=e27e4959-fb50-5580-b9a4-2073554627b9 ++ autoconnect-priority=120 + type=ethernet + slave-type=bridge + master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 +@@ -2630,6 +2647,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init eth1 + uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 ++ autoconnect-priority=120 + type=ethernet + slave-type=bond + master=54317911-f840-516b-a10d-82cb4c1f075c +@@ -2649,6 +2667,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init br0 + uuid=dee46ce4-af7a-5e7c-aa08-b25533ae9213 ++ autoconnect-priority=120 + type=bridge + interface-name=br0 + +@@ -2680,6 +2699,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init eth0.101 + uuid=b5acec5e-db80-5935-8b02-0d5619fc42bf ++ autoconnect-priority=120 + type=vlan + interface-name=eth0.101 + +@@ -2708,6 +2728,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init bond0 + uuid=54317911-f840-516b-a10d-82cb4c1f075c ++ autoconnect-priority=120 + type=bond + interface-name=bond0 + +@@ -2732,6 +2753,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + [connection] + id=cloud-init eth2 + uuid=5559a242-3421-5fdd-896e-9cb8313d5804 ++ autoconnect-priority=120 + type=ethernet + slave-type=bond + master=54317911-f840-516b-a10d-82cb4c1f075c +@@ -3257,6 +3279,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init bond0s0 + uuid=09d0b5b9-67e7-5577-a1af-74d1cf17a71e ++ autoconnect-priority=120 + type=ethernet + slave-type=bond + master=54317911-f840-516b-a10d-82cb4c1f075c +@@ -3276,6 +3299,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init bond0s1 + uuid=4d9aca96-b515-5630-ad83-d13daac7f9d0 ++ autoconnect-priority=120 + type=ethernet + slave-type=bond + master=54317911-f840-516b-a10d-82cb4c1f075c +@@ -3295,6 +3319,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init bond0 + uuid=54317911-f840-516b-a10d-82cb4c1f075c ++ autoconnect-priority=120 + type=bond + interface-name=bond0 + +@@ -3421,6 +3446,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init en0.99 + uuid=f594e2ed-f107-51df-b225-1dc530a5356b ++ autoconnect-priority=120 + type=vlan + interface-name=en0.99 + +@@ -3453,6 +3479,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init en0 + uuid=e0ca478b-8d84-52ab-8fae-628482c629b5 ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -3580,6 +3607,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init br0 + uuid=dee46ce4-af7a-5e7c-aa08-b25533ae9213 ++ autoconnect-priority=120 + type=bridge + interface-name=br0 + +@@ -3604,6 +3632,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init eth0 + uuid=1dd9a779-d327-56e1-8454-c65e2556c12c ++ autoconnect-priority=120 + type=ethernet + slave-type=bridge + master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 +@@ -3628,6 +3657,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init eth1 + uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 ++ autoconnect-priority=120 + type=ethernet + slave-type=bridge + master=dee46ce4-af7a-5e7c-aa08-b25533ae9213 +@@ -3782,6 +3812,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init eth0 + uuid=1dd9a779-d327-56e1-8454-c65e2556c12c ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -3804,6 +3835,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init eth1 + uuid=3c50eb47-7260-5a6d-801d-bd4f587d6b58 ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -3826,6 +3858,7 @@ iface bond0 inet6 static + [connection] + id=cloud-init eth2 + uuid=5559a242-3421-5fdd-896e-9cb8313d5804 ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -5688,6 +5721,7 @@ class TestNetworkManagerRendering(CiTestCase): + [connection] + id=cloud-init eth1000 + uuid=8c517500-0c95-5308-9c8a-3092eebc44eb ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -5742,6 +5776,7 @@ class TestNetworkManagerRendering(CiTestCase): + [connection] + id=cloud-init interface0 + uuid=8b6862ed-dbd6-5830-93f7-a91451c13828 ++ autoconnect-priority=120 + type=ethernet + + [user] +@@ -5778,6 +5813,7 @@ class TestNetworkManagerRendering(CiTestCase): + [connection] + id=cloud-init eth0 + uuid=1dd9a779-d327-56e1-8454-c65e2556c12c ++ autoconnect-priority=120 + type=ethernet + interface-name=eth0 + +-- +2.39.3 + diff --git a/SOURCES/ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch b/SOURCES/ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch new file mode 100644 index 0000000..91230cc --- /dev/null +++ b/SOURCES/ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch @@ -0,0 +1,40 @@ +From 2db9b803e64171d2c8d8a3ad465b0fb979abf146 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Mon, 22 May 2023 21:33:53 +0530 +Subject: [PATCH 4/7] network_manager: add a method for ipv6 static IP + configuration (#4127) + +RH-Author: Ani Sinha +RH-MergeRequest: 103: [RHEL8] Support configuring network by NM keyfiles +RH-Bugzilla: 2219528 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [4/7] dfc67da03ac11c18439c3500b8cfba6a66a7428e + +The static IP configuration for IPv6 in the method_map is missing for +network manager renderer. This is causing cloud-init to generate a keyfile with +IPv6 method as "auto" instead of "manual". This fixes this issue. + +fixes: #4126 +RHBZ: 2196284 + +Signed-off-by: Ani Sinha +(cherry picked from commit 5d440856cb6d2b4c908015fe4eb7227615c17c8b) +--- + cloudinit/net/network_manager.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py +index 744c0cbb..2752f52f 100644 +--- a/cloudinit/net/network_manager.py ++++ b/cloudinit/net/network_manager.py +@@ -69,6 +69,7 @@ class NMConnection: + + method_map = { + "static": "manual", ++ "static6": "manual", + "dhcp6": "auto", + "ipv6_slaac": "auto", + "ipv6_dhcpv6-stateless": "auto", +-- +2.39.3 + diff --git a/SOURCES/ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch b/SOURCES/ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch new file mode 100644 index 0000000..7851853 --- /dev/null +++ b/SOURCES/ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch @@ -0,0 +1,58 @@ +From 2e5e0383567191808e2054cb236bdbd785540b26 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Mon, 22 May 2023 21:30:01 +0530 +Subject: [PATCH 3/7] nm: generate ipv6 stateful dhcp config at par with + sysconfig (#4115) + +RH-Author: Ani Sinha +RH-MergeRequest: 103: [RHEL8] Support configuring network by NM keyfiles +RH-Bugzilla: 2219528 +RH-Acked-by: Miroslav Rezanina +RH-Commit: [3/7] cf60e9477ac047f9e7e58c2fc528745fc2ae4248 + +The sysconfig renderer sets the following in the ifcfg file for IPV6 stateful +DHCP configuration: + + BOOTPROTO = "dhcp" + DHCPV6C = True + IPV6INIT = True + IPV6_AUTOCONF = False + +This should result in + [ipv6] + method=dhcp + +in the network manager generated keyfile as DHCPV6C is set and +IPV6_AUTOCONF is not set. Unfortunately the network manager renderer +deviates from this and generates: + [ipv6] + method=auto + +in it's rendered keyfile. This change fixes this deviation and sets the +IPV6 dhcp stateful configuration in alignment with what is generated by the +sysconfig renderer. + +RHBZ: 2207716 + +Signed-off-by: Ani Sinha +(cherry picked from commit ea573ba6fc25fe49a6a1a322eeb5259b6238d78b) +--- + cloudinit/net/network_manager.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py +index 53763d15..744c0cbb 100644 +--- a/cloudinit/net/network_manager.py ++++ b/cloudinit/net/network_manager.py +@@ -72,7 +72,7 @@ class NMConnection: + "dhcp6": "auto", + "ipv6_slaac": "auto", + "ipv6_dhcpv6-stateless": "auto", +- "ipv6_dhcpv6-stateful": "auto", ++ "ipv6_dhcpv6-stateful": "dhcp", + "dhcp4": "auto", + "dhcp": "auto", + } +-- +2.39.3 + diff --git a/SOURCES/ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch b/SOURCES/ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch new file mode 100644 index 0000000..b0c4a53 --- /dev/null +++ b/SOURCES/ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch @@ -0,0 +1,65 @@ +From 5a3db5dddab530ad45aaaa0e20fdaadc9a82a7c9 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Tue, 4 Apr 2023 19:59:07 +0530 +Subject: [PATCH] rhel: make sure previous-hostname file ends with a new line + (#2108) + +RH-Author: Ani Sinha +RH-MergeRequest: 97: rhel: make sure previous-hostname file ends with a new line (#2108) +RH-Bugzilla: 2182407 +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Acked-by: Jon Maloy +RH-Commit: [1/1] 126208f85cc3bf5f2264bd5a71524716b28a7686 (anisinha/rhel-cloud-init) + +cloud-init strips new line from "/etc/hostname" on rhel distro when processing +"/var/lib/cloud/data/previous-hostname". Although this does not pose a serious +issue, it is still better if the behavior is similar to other distros like +Ubuntu where /previous-hostname does end with a new line. Fix this issue by +using hostname parser in rhel similar to debian. + +Signed-off-by: Ani Sinha +(cherry picked from commit 6d42aa8e2c1a5454a658ab4e2b9cead2677c77cd) +Signed-off-by: Ani Sinha +--- + cloudinit/distros/rhel.py | 5 ++++- + tools/.github-cla-signers | 1 + + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/distros/rhel.py b/cloudinit/distros/rhel.py +index df7dc3d6..9625709e 100644 +--- a/cloudinit/distros/rhel.py ++++ b/cloudinit/distros/rhel.py +@@ -13,6 +13,7 @@ from cloudinit import distros, helpers + from cloudinit import log as logging + from cloudinit import subp, util + from cloudinit.distros import rhel_util ++from cloudinit.distros.parsers.hostname import HostnameConf + from cloudinit.settings import PER_INSTANCE + + LOG = logging.getLogger(__name__) +@@ -111,7 +112,9 @@ class Distro(distros.Distro): + # systemd will never update previous-hostname for us, so + # we need to do it ourselves + if self.uses_systemd() and filename.endswith("/previous-hostname"): +- util.write_file(filename, hostname) ++ conf = HostnameConf("") ++ conf.set_hostname(hostname) ++ util.write_file(filename, str(conf), 0o644) + elif self.uses_systemd(): + subp.subp(["hostnamectl", "set-hostname", str(hostname)]) + else: +diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers +index d8cca015..457dacf4 100644 +--- a/tools/.github-cla-signers ++++ b/tools/.github-cla-signers +@@ -9,6 +9,7 @@ andgein + andrew-lee-metaswitch + andrewbogott + andrewlukoshko ++ani-sinha + antonyc + aswinrajamannar + beantaxi +-- +2.37.3 + diff --git a/SOURCES/ci-setup.py-adjust-udev-rules-default-path-1513.patch b/SOURCES/ci-setup.py-adjust-udev-rules-default-path-1513.patch deleted file mode 100644 index 1385aae..0000000 --- a/SOURCES/ci-setup.py-adjust-udev-rules-default-path-1513.patch +++ /dev/null @@ -1,57 +0,0 @@ -From ed7060ac1d5003f70fc3da4d6006a1a958a47b04 Mon Sep 17 00:00:00 2001 -From: Emanuele Giuseppe Esposito -Date: Mon, 20 Jun 2022 10:31:14 +0200 -Subject: [PATCH 2/2] setup.py: adjust udev/rules default path (#1513) - -RH-Author: Emanuele Giuseppe Esposito -RH-MergeRequest: 80: setup.py: adjust udev/rules default path (#1513) -RH-Commit: [2/2] 2cb64b004acbe1b6a30f943b0da51d2d1f2f0d50 (eesposit/cloud-init) -RH-Bugzilla: 2096269 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Mohamed Gamal Morsy - -commit 70715125f3af118ae242770e61064c24f41e9a02 -Author: Emanuele Giuseppe Esposito -Date: Thu Jun 16 20:39:42 2022 +0200 - - setup.py: adjust udev/rules default path (#1513) - - RHEL must put cloudinit .rules files in /usr/lib/udev/rules.d - This place is a rhel standard and since it is used by all packages - cannot be modified. - - Signed-off-by: Emanuele Giuseppe Esposito - -Signed-off-by: Emanuele Giuseppe Esposito ---- - setup.py | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index a9132d2c..fdf27cd7 100755 ---- a/setup.py -+++ b/setup.py -@@ -302,6 +302,11 @@ data_files = [ - ), - ] - if not platform.system().endswith("BSD"): -+ -+ RULES_PATH = LIB -+ if os.path.isfile("/etc/redhat-release"): -+ RULES_PATH = "/usr/lib" -+ - data_files.extend( - [ - ( -@@ -309,7 +314,7 @@ if not platform.system().endswith("BSD"): - ["tools/hook-network-manager"], - ), - (ETC + "/dhcp/dhclient-exit-hooks.d/", ["tools/hook-dhclient"]), -- (LIB + "/udev/rules.d", [f for f in glob("udev/*.rules")]), -+ (RULES_PATH + "/udev/rules.d", [f for f in glob("udev/*.rules")]), - ( - ETC + "/systemd/system/sshd-keygen@.service.d/", - ["systemd/disable-sshd-keygen-if-cloud-init-active.conf"], --- -2.31.1 - diff --git a/SOURCES/ci-test-fixes-changes-to-apply-RHEL-specific-config-set.patch b/SOURCES/ci-test-fixes-changes-to-apply-RHEL-specific-config-set.patch new file mode 100644 index 0000000..c3a1042 --- /dev/null +++ b/SOURCES/ci-test-fixes-changes-to-apply-RHEL-specific-config-set.patch @@ -0,0 +1,47 @@ +From 866817455283619c706e837a77fb31adf3bdd3ce Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Fri, 23 Jun 2023 17:54:04 +0530 +Subject: [PATCH 07/11] test fixes: changes to apply RHEL specific config + settings to tests + +X-downstream-only: true + +fixes: c4d66915520554adedff9b ("Add initial redhat changes") +Signed-off-by: Ani Sinha +--- + tests/unittests/cmd/test_main.py | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/tests/unittests/cmd/test_main.py b/tests/unittests/cmd/test_main.py +index e9ad0bb8..435d3be3 100644 +--- a/tests/unittests/cmd/test_main.py ++++ b/tests/unittests/cmd/test_main.py +@@ -119,14 +119,19 @@ class TestMain(FilesystemMockingTestCase): + { + "def_log_file": "/var/log/cloud-init.log", + "log_cfgs": [], +- "syslog_fix_perms": [ +- "syslog:adm", +- "root:adm", +- "root:wheel", +- "root:root", +- ], + "vendor_data": {"enabled": True, "prefix": []}, + "vendor_data2": {"enabled": True, "prefix": []}, ++ "syslog_fix_perms": [], ++ "ssh_deletekeys": False, ++ "ssh_genkeytypes": [], ++ "mount_default_fields": [ ++ None, ++ None, ++ "auto", ++ "defaults,nofail", ++ "0", ++ "2", ++ ], + } + ) + updated_cfg.pop("system_info") +-- +2.39.3 + diff --git a/SOURCES/ci-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch b/SOURCES/ci-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch new file mode 100644 index 0000000..1b43058 --- /dev/null +++ b/SOURCES/ci-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch @@ -0,0 +1,286 @@ +From 3a070f23440c9eb6e0e5fb3605e36285e8a5b727 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Fri, 23 Jun 2023 16:54:24 +0530 +Subject: [PATCH 03/11] test fixes: remove NM_CONTROLLED=no from tests + +X-downstream-only: true +fixes: b3b96bff187e9 ("Do not write NM_CONTROLLED=no in generated interface config files") + +Signed-off-by: Ani Sinha +--- + tests/unittests/cmd/devel/test_net_convert.py | 1 - + tests/unittests/distros/test_netconfig.py | 8 ------- + tests/unittests/test_net.py | 23 ------------------- + 3 files changed, 32 deletions(-) + +diff --git a/tests/unittests/cmd/devel/test_net_convert.py b/tests/unittests/cmd/devel/test_net_convert.py +index 71654750..e0114a2e 100644 +--- a/tests/unittests/cmd/devel/test_net_convert.py ++++ b/tests/unittests/cmd/devel/test_net_convert.py +@@ -62,7 +62,6 @@ SAMPLE_SYSCONFIG_CONTENT = """\ + # + BOOTPROTO=dhcp + DEVICE=eth0 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +diff --git a/tests/unittests/distros/test_netconfig.py b/tests/unittests/distros/test_netconfig.py +index b1c89ce3..7f9ac054 100644 +--- a/tests/unittests/distros/test_netconfig.py ++++ b/tests/unittests/distros/test_netconfig.py +@@ -723,7 +723,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + GATEWAY=192.168.1.254 + IPADDR=192.168.1.5 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -733,7 +732,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + """\ + BOOTPROTO=dhcp + DEVICE=eth1 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -764,7 +762,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + IPV6_AUTOCONF=no + IPV6_DEFAULTGW=2607:f0d0:1002:0011::1 + IPV6_FORCE_ACCEPT_RA=no +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -774,7 +771,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + """\ + BOOTPROTO=dhcp + DEVICE=eth1 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -821,7 +817,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + HWADDR=00:16:3e:60:7c:df + IPADDR=192.10.1.2 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -833,7 +828,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + DEVICE=infra0 + IPADDR=10.0.1.2 + NETMASK=255.255.0.0 +- NM_CONTROLLED=no + ONBOOT=yes + PHYSDEV=eth0 + USERCTL=no +@@ -869,7 +863,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + DEVICE=eth0 + IPADDR=192.10.1.2 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -881,7 +874,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + DEVICE=eth0.1001 + IPADDR=10.0.1.2 + NETMASK=255.255.0.0 +- NM_CONTROLLED=no + ONBOOT=yes + PHYSDEV=eth0 + USERCTL=no +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 7abe61b9..6274f12d 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1495,7 +1495,6 @@ NETWORK_CONFIGS = { + DHCPV6C=yes + IPV6INIT=yes + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1586,7 +1585,6 @@ NETWORK_CONFIGS = { + IPV6INIT=yes + IPV6_FORCE_ACCEPT_RA=yes + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1662,7 +1660,6 @@ NETWORK_CONFIGS = { + IPV6INIT=yes + IPV6_FORCE_ACCEPT_RA=no + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1726,7 +1723,6 @@ NETWORK_CONFIGS = { + IPV6_AUTOCONF=yes + IPV6INIT=yes + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1781,7 +1777,6 @@ NETWORK_CONFIGS = { + IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=no + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1838,7 +1833,6 @@ NETWORK_CONFIGS = { + IPV6_AUTOCONF=yes + IPV6INIT=yes + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1920,7 +1914,6 @@ NETWORK_CONFIGS = { + IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=yes + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -1961,7 +1954,6 @@ NETWORK_CONFIGS = { + """\ + BOOTPROTO=dhcp + DEVICE=iface0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -2038,7 +2030,6 @@ NETWORK_CONFIGS = { + BOOTPROTO=dhcp + DEVICE=iface0 + ETHTOOL_OPTS="wol g" +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -2504,7 +2495,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + IPADDR=192.168.200.7 + MTU=9000 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=InfiniBand + USERCTL=no""" +@@ -3576,7 +3566,6 @@ iface bond0 inet6 static + IPV6INIT=yes + IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=no +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -3592,7 +3581,6 @@ iface bond0 inet6 static + IPV6INIT=yes + IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=no +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -3882,7 +3870,6 @@ iface bond0 inet6 static + BOOTPROTO=none + DEVICE=eth0 + HWADDR=cf:d6:af:48:e8:80 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no""" +@@ -4718,7 +4705,6 @@ HWADDR=fa:16:3e:25:b4:59 + IPADDR=51.68.89.122 + MTU=1500 + NETMASK=255.255.240.0 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -4732,7 +4718,6 @@ DEVICE=eth1 + DHCLIENT_SET_DEFAULT_ROUTE=no + HWADDR=fa:16:3e:b1:ca:29 + MTU=9000 +-NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -4983,7 +4968,6 @@ USERCTL=no + IPV6_FORCE_ACCEPT_RA=no + IPV6_DEFAULTGW=2001:db8::1 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -5015,7 +4999,6 @@ USERCTL=no + """\ + BOOTPROTO=none + DEVICE=eno1 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -5028,7 +5011,6 @@ USERCTL=no + IPADDR=192.6.1.9 + MTU=1495 + NETMASK=255.255.255.0 +- NM_CONTROLLED=no + ONBOOT=yes + PHYSDEV=eno1 + USERCTL=no +@@ -5064,7 +5046,6 @@ USERCTL=no + IPADDR=10.101.8.65 + MTU=1334 + NETMASK=255.255.255.192 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Bond + USERCTL=no +@@ -5076,7 +5057,6 @@ USERCTL=no + BOOTPROTO=none + DEVICE=enp0s0 + MASTER=bond0 +- NM_CONTROLLED=no + ONBOOT=yes + SLAVE=yes + TYPE=Bond +@@ -5089,7 +5069,6 @@ USERCTL=no + BOOTPROTO=none + DEVICE=enp0s1 + MASTER=bond0 +- NM_CONTROLLED=no + ONBOOT=yes + SLAVE=yes + TYPE=Bond +@@ -5120,7 +5099,6 @@ USERCTL=no + DEVICE=eno1 + HWADDR=07-1c-c6-75-a4-be + METRIC=100 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +@@ -5211,7 +5189,6 @@ USERCTL=no + IPV6_FORCE_ACCEPT_RA=no + MTU=1400 + NETMASK=255.255.248.0 +- NM_CONTROLLED=no + ONBOOT=yes + TYPE=Ethernet + USERCTL=no +-- +2.39.3 + diff --git a/SOURCES/ci-tools-read-version-fix-the-tool-so-that-it-can-handl.patch b/SOURCES/ci-tools-read-version-fix-the-tool-so-that-it-can-handl.patch new file mode 100644 index 0000000..2fbe8d7 --- /dev/null +++ b/SOURCES/ci-tools-read-version-fix-the-tool-so-that-it-can-handl.patch @@ -0,0 +1,117 @@ +From 32d3430eb9e8ef5c354ee294ec6b8de61f05292a Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Thu, 20 Jul 2023 00:19:25 +0530 +Subject: [PATCH 02/11] tools/read-version: fix the tool so that it can handle + version parsing errors (#4234) + +git describe may not return version/tags in the format that the read-version +tool expects. Make the tool robust so that it can gracefully handle +version strings that are not in the regular format. +We use regex to capture the details we care about, but if we cannot find them, +we won't traceback and will continue to use version and version_long as +expected. + +Signed-off-by: Ani Sinha +(cherry picked from commit 6543c88e0781b3c2e170fdaffbe6ba9f268e986c) +--- + tools/read-version | 68 +++++++++++++++++++++++++++++----------------- + 1 file changed, 43 insertions(+), 25 deletions(-) + +diff --git a/tools/read-version b/tools/read-version +index 5a71e6c7..7575683c 100755 +--- a/tools/read-version ++++ b/tools/read-version +@@ -2,6 +2,7 @@ + + import os + import json ++import re + import subprocess + import sys + +@@ -50,6 +51,37 @@ def is_gitdir(path): + return False + + ++def get_version_details(version, version_long): ++ release = None ++ extra = None ++ commit = None ++ distance = None ++ ++ # Should match upstream version number. E.g., 23.1 or 23.1.2 ++ short_regex = r"(\d+\.\d+\.?\d*)" ++ # Should match version including upstream version, distance, and commit ++ # E.g., 23.1.2-10-g12ab34cd ++ long_regex = r"(\d+\.\d+\.?\d*){1}.*-(\d+)+-g([a-f0-9]{8}){1}.*" ++ ++ short_match = re.search(short_regex, version) ++ long_match = re.search(long_regex, version_long) ++ if long_match: ++ release, distance, commit = long_match.groups() ++ extra = f"-{distance}-g{commit}" ++ elif short_match: ++ release = short_match.groups()[0] ++ ++ return { ++ "release": release, ++ "version": version, ++ "version_long": version_long, ++ "extra": extra, ++ "commit": commit, ++ "distance": distance, ++ "is_release_branch_ci": is_release_branch_ci, ++ } ++ ++ + use_long = "--long" in sys.argv or os.environ.get("CI_RV_LONG") + use_tags = "--tags" in sys.argv or os.environ.get("CI_RV_TAGS") + output_json = "--json" in sys.argv +@@ -104,33 +136,19 @@ else: + version = src_version + version_long = "" + +-# version is X.Y.Z[+xxx.gHASH] +-# version_long is None or X.Y.Z-xxx-gHASH +-release = version.partition("-")[0] +-extra = None +-commit = None +-distance = None +- +-if version_long: +- info = version_long.partition("-")[2] +- extra = f"-{info}" +- distance, commit = info.split("-") +- # remove the 'g' from gHASH +- commit = commit[1:] +- +-data = { +- "release": release, +- "version": version, +- "version_long": version_long, +- "extra": extra, +- "commit": commit, +- "distance": distance, +- "is_release_branch_ci": is_release_branch_ci, +-} ++ ++details = get_version_details(version, version_long) + + if output_json: +- sys.stdout.write(json.dumps(data, indent=1) + "\n") ++ sys.stdout.write(json.dumps(details, indent=1) + "\n") + else: +- sys.stdout.write(version + "\n") ++ output = "" ++ if details["release"]: ++ output += details["release"] ++ if details["extra"]: ++ output += details["extra"] ++ if not output: ++ output = src_version ++ sys.stdout.write(output + "\n") + + sys.exit(0) +-- +2.39.3 + diff --git a/SPECS/cloud-init.spec b/SPECS/cloud-init.spec index 2658782..3457b46 100644 --- a/SPECS/cloud-init.spec +++ b/SPECS/cloud-init.spec @@ -5,8 +5,8 @@ %global debug_package %{nil} Name: cloud-init -Version: 22.1 -Release: 8%{?dist} +Version: 23.1.1 +Release: 10%{?dist} Summary: Cloud instance init scripts Group: System Environment/Base @@ -15,42 +15,45 @@ URL: http://launchpad.net/cloud-init Source0: https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz Source1: cloud-init-tmpfiles.conf -Patch0001: 0001-Add-initial-redhat-setup.patch Patch0002: 0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch Patch0003: 0003-limit-permissions-on-def_log_file.patch Patch0004: 0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch -Patch0005: 0005-Remove-race-condition-between-cloud-init-and-Network.patch -Patch0006: 0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch -# For bz#2059872 - [RHEL-8]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles -Patch7: ci-Add-native-NetworkManager-support-1224.patch -# For bz#2059872 - [RHEL-8]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles -Patch8: ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch -# For bz#2082071 - Align cloud.cfg file and systemd with cloud-init upstream .tmpl files -Patch9: ci-Align-rhel-custom-files-with-upstream-1431.patch -# For bz#2082071 - Align cloud.cfg file and systemd with cloud-init upstream .tmpl files -Patch10: ci-Remove-rhel-specific-files.patch -# For bz#2082686 - [cloud][init] Add support for reading tags from instance metadata -Patch11: ci-Support-EC2-tags-in-instance-metadata-1309.patch -# For bz#2096269 - Adjust udev/rules default path[RHEL-8] -Patch12: ci-setup.py-adjust-udev-rules-default-path-1513.patch -# For bz#2107464 - [RHEL-8.7] Cannot run sysconfig when changing the priority of network renderers -# For bz#2110066 - DNS integration with OpenStack/cloud-init/NetworkManager is not working -# For bz#2117526 - [RHEL8.7] Revert patch of configuring networking by NM keyfiles -# For bz#2104393 - [RHEL-8.7]Failed to config static IP and IPv6 according to VMware Customization Config File -# For bz#2098624 - [RHEL-8.7] IPv6 not workable when cloud-init configure network using NM keyfiles -Patch13: ci-Revert-Add-native-NetworkManager-support-1224.patch -# For bz#2107464 - [RHEL-8.7] Cannot run sysconfig when changing the priority of network renderers -# For bz#2110066 - DNS integration with OpenStack/cloud-init/NetworkManager is not working -# For bz#2117526 - [RHEL8.7] Revert patch of configuring networking by NM keyfiles -# For bz#2104393 - [RHEL-8.7]Failed to config static IP and IPv6 according to VMware Customization Config File -# For bz#2098624 - [RHEL-8.7] IPv6 not workable when cloud-init configure network using NM keyfiles -Patch14: ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch -# For bz#2115576 - cloud-init configures user "centos" or "rhel" instead of "cloud-user" with cloud-init-22.1 -Patch15: ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch -# For bz#2151861 - [RHEL-8] Ensure network ready before cloud-init service runs on RHEL -Patch16: ci-Ensure-network-ready-before-cloud-init-service-runs-.patch -# For bz#2162258 - systemd[1]: Failed to start Initial cloud-init job after reboot system via sysrq 'b' [RHEL-8] -Patch17: ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch +Patch0005: 0005-Manual-revert-Use-Network-Manager-and-Netplan-as-def.patch +Patch0006: 0006-Revert-Add-native-NetworkManager-support-1224.patch +Patch0007: 0007-settings.py-update-settings-for-rhel.patch +# For bz#2182407 - cloud-init strips new line from "/etc/hostname" when processing "/var/lib/cloud/data/previous-hostname" +Patch8: ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch +# For bz#2182947 - Request to backport "Don't change permissions of netrules target (#2076)" +Patch9: ci-Don-t-change-permissions-of-netrules-target-2076.patch +# For bz#2190081 - CVE-2023-1786 cloud-init: sensitive data could be exposed in logs [rhel-8] +Patch10: ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch +# For bz#2219528 - [RHEL8] Support configuring network by NM keyfiles +Patch11: ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch +# For bz#2219528 - [RHEL8] Support configuring network by NM keyfiles +Patch12: ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch +# For bz#2219528 - [RHEL8] Support configuring network by NM keyfiles +Patch13: ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch +# For bz#2219528 - [RHEL8] Support configuring network by NM keyfiles +Patch14: ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch +# For bz#2219528 - [RHEL8] Support configuring network by NM keyfiles +Patch15: ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch +# For bz#2219528 - [RHEL8] Support configuring network by NM keyfiles +Patch16: ci-network-manager-Set-higher-autoconnect-priority-for-.patch +# For bz#2219528 - [RHEL8] Support configuring network by NM keyfiles +Patch17: ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch +Patch19: ci-tools-read-version-fix-the-tool-so-that-it-can-handl.patch +Patch20: ci-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch +Patch21: ci-Enable-SUSE-based-distros-for-ca-handling-2036.patch +Patch22: ci-Handle-non-existent-ca-cert-config-situation-2073.patch +Patch23: ci-Revert-limit-permissions-on-def_log_file.patch +Patch24: ci-test-fixes-changes-to-apply-RHEL-specific-config-set.patch +Patch25: ci-cosmetic-fix-tox-formatting.patch +# For bz#2222501 - Don't change log permissions if they are already more restrictive [rhel-8] +Patch28: ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch +# For bz#2223810 - [cloud-init] [RHEL8.9]There are warning logs if dev has more than one IPV6 address on ESXi +Patch29: ci-DS-VMware-modify-a-few-log-level-4284.patch +# For bz#2229460 - [rhel-8.9] [RFE] Configure "ipv6.addr-gen-mode=eui64' as default in NetworkManager +Patch30: ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch BuildArch: noarch @@ -167,7 +170,27 @@ if [ $1 -eq 1 ] ; then /bin/systemctl enable cloud-init-local.service >/dev/null 2>&1 || : /bin/systemctl enable cloud-init.target >/dev/null 2>&1 || : elif [ $1 -eq 2 ]; then - # Upgrade. If the upgrade is from a version older than 0.7.9-8, + # Upgrade + # RHBZ 2210012 - check for null ssh_genkeytypes value in cloud.cfg that + # breaks ssh connectivity after upgrade to a newer version of cloud-init. + if [ -f %{_sysconfdir}/cloud/cloud.cfg.rpmnew ] && grep -q '^\s*ssh_genkeytypes:\s*~\s*$' %{_sysconfdir}/cloud/cloud.cfg ; then + echo "***********************************************" + echo "*** WARNING!!!! ***" + echo "" + echo "ssh_genkeytypes set to null in /etc/cloud/cloud.cfg!" + echo "SSH access might be broken after reboot. Please check the following KCS" + echo "for more detailed information:" + echo "" + echo "https://access.redhat.com/solutions/6988034" + echo "" + echo "Please reconcile the differences between /etc/cloud/cloud.cfg and " + echo "/etc/cloud/cloud.cfg.rpmnew and update ssh_genkeytypes configuration in " + echo "/etc/cloud/cloud.cfg to a list of keytype values, something like:" + echo "ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']" + echo "" + echo "************************************************" + fi + # If the upgrade is from a version older than 0.7.9-8, # there will be stale systemd config /bin/systemctl is-enabled cloud-config.service >/dev/null 2>&1 && /bin/systemctl reenable cloud-config.service >/dev/null 2>&1 || : @@ -199,12 +222,25 @@ fi %postun %systemd_postun cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service +if [ -f /etc/ssh/sshd_config.d/50-cloud-init.conf ] ; then + echo "/etc/ssh/sshd_config.d/50-cloud-init.conf not removed" +fi + +if [ -f /etc/NetworkManager/conf.d/99-cloud-init.conf ] ; then + echo "/etc/NetworkManager/conf.d/99-cloud-init.conf not removed" +fi + +if [ -f /etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf ] ; then + echo "/etc/NetworkManager/conf.d/30-cloud-init-ip6-addr-gen-mode.conf not removed" +fi + %files %license LICENSE %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg %dir %{_sysconfdir}/cloud/cloud.cfg.d %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/*.cfg %doc %{_sysconfdir}/cloud/cloud.cfg.d/README +%doc %{_sysconfdir}/cloud/clean.d/README %dir %{_sysconfdir}/cloud/templates %config(noreplace) %{_sysconfdir}/cloud/templates/* %{_unitdir}/cloud-config.service @@ -236,6 +272,62 @@ fi %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %changelog +* Fri Aug 25 2023 Camilla Conte - 23.1.1-10 +- Resolves: bz#2233047 + ([RHEL 8.9] Inform user when cloud-init generated config files are left during uninstalling) + +* Wed Aug 09 2023 Jon Maloy - 23.1.1-9 +- ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch [bz#2229460] +- Resolves: bz#2229460 + ([rhel-8.9] [RFE] Configure "ipv6.addr-gen-mode=eui64' as default in NetworkManager) + +* Thu Jul 27 2023 Camilla Conte - 23.1.1-8 +- ci-DS-VMware-modify-a-few-log-level-4284.patch [bz#2223810] +- Resolves: bz#2223810 + ([cloud-init] [RHEL8.9]There are warning logs if dev has more than one IPV6 address on ESXi) + +* Tue Jul 25 2023 Miroslav Rezanina - 23.1.1-7 +- ci-logging-keep-current-file-mode-of-log-file-if-its-st.patch [bz#2222501] +- Resolves: bz#2222501 + (Don't change log permissions if they are already more restrictive [rhel-8]) + +* Mon Jul 10 2023 Miroslav Rezanina - 23.1.1-6 +- ci-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch [bz#2219528] +- ci-Revert-Revert-Add-native-NetworkManager-support-1224.patch [bz#2219528] +- ci-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch [bz#2219528] +- ci-network_manager-add-a-method-for-ipv6-static-IP-conf.patch [bz#2219528] +- ci-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch [bz#2219528] +- ci-network-manager-Set-higher-autoconnect-priority-for-.patch [bz#2219528] +- ci-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch [bz#2219528] +- Resolves: bz#2219528 + ([RHEL8] Support configuring network by NM keyfiles) + +* Tue Jul 4 2023 Camilla Conte - 23.1.1-5 +- ci-Add-warning-during-upgrade-from-an-old-version-with-.patch [bz#2210012] +- Resolves: bz#2210012 + ([cloud-init] System didn't generate ssh host keys and lost ssh connection after cloud-init removed them with updated cloud-init package.) + +* Wed May 03 2023 Jon Maloy - 23.1.1-3 +- ci-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182947] +- ci-Make-user-vendor-data-sensitive-and-remove-log-permi.patch [bz#2190081] +- Resolves: bz#2182947 + (Request to backport "Don't change permissions of netrules target (#2076)") +- Resolves: bz#2190081 + (CVE-2023-1786 cloud-init: sensitive data could be exposed in logs [rhel-8]) + +* Tue Apr 25 2023 Jon Maloy - 23.1.1-2 +- ci-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch [bz#2182407] +- Resolves: bz#2182407 + (cloud-init strips new line from "/etc/hostname" when processing "/var/lib/cloud/data/previous-hostname") + +* Fri Apr 21 2023 Jon Maloy - 23.1.1-1 +- limit-permissions-on-def_log_file.patch +- Resolves bz#1424612 +- include-NOZEROCONF-yes-in-etc-sysconfig-network.patch +- Resolves bz#1653131 +- Rebase to 23.1.1 [bz#2172821] +- Resolves: bz#2172821 + * Mon Jan 30 2023 Camilla Conte - 22.1-8 - ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch [bz#2162258] - Resolves: bz#2162258 @@ -294,6 +386,8 @@ fi * Fri Apr 01 2022 Camilla Conte - 21.1-15 - ci-Detect-a-Python-version-change-and-clear-the-cache-8.patch [bz#1935826] - ci-Fix-MIME-policy-failure-on-python-version-upgrade-93.patch [bz#1935826] +- Resolves: bz#1935826 + ([rhel-8] Cloud-init init stage fails after upgrade from RHEL7 to RHEL8.) * Fri Feb 25 2022 Jon Maloy - 21.1-14 - ci-Fix-IPv6-netmask-format-for-sysconfig-1215.patch [bz#2046540]