Compare commits
21 Commits
Author | SHA1 | Date | |
---|---|---|---|
1f0dca570d | |||
4658885b13 | |||
dd50a98be4 | |||
4416a206ed | |||
51be451cf8 | |||
2ea0fc34f6 | |||
d6635242f0 | |||
|
c5d22940af | ||
2c0dd31b0c | |||
|
22c0ba2138 | ||
|
c5c5336095 | ||
|
7a3307e917 | ||
|
2344282569 | ||
5387e49f25 | |||
d47c75e378 | |||
|
2ce431529e | ||
|
d64121db93 | ||
|
8b91a21033 | ||
|
70d9bad6a5 | ||
|
2dcb114744 | ||
1508331c91 |
@ -0,0 +1,457 @@
|
||||
From f4f100c0dddf1f11b239374a8dc452739b8e6a81 Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Lukoshko <alukoshko@almalinux.org>
|
||||
Date: Thu, 28 Mar 2024 14:24:08 +0000
|
||||
Subject: [PATCH] Improvements for AlmaLinux OS and CloudLinux OS
|
||||
|
||||
Add AlmaLinux OS and CloudLinux OS support to:
|
||||
|
||||
Modules:
|
||||
- cc_ca_certs
|
||||
- cc_ntp
|
||||
- cc_resolv_conf
|
||||
|
||||
Datasources:
|
||||
- Rbx Cloud Datasource
|
||||
|
||||
Systemd services:
|
||||
- cloud-final.service
|
||||
- cloud-init-local.service
|
||||
- cloud-init.service
|
||||
---
|
||||
cloudinit/config/cc_ca_certs.py | 8 ++++
|
||||
cloudinit/config/cc_ntp.py | 11 ++---
|
||||
cloudinit/config/cc_resolv_conf.py | 2 +
|
||||
cloudinit/settings.py | 2 +-
|
||||
cloudinit/sources/DataSourceRbxCloud.py | 2 +-
|
||||
systemd/cloud-final.service.tmpl | 2 +-
|
||||
systemd/cloud-init-local.service.tmpl | 10 ++--
|
||||
systemd/cloud-init.service.tmpl | 2 +-
|
||||
templates/chrony.conf.almalinux.tmpl | 51 ++++++++++++++++++++
|
||||
templates/chrony.conf.cloudlinux.tmpl | 51 ++++++++++++++++++++
|
||||
templates/ntp.conf.almalinux.tmpl | 64 +++++++++++++++++++++++++
|
||||
templates/ntp.conf.cloudlinux.tmpl | 64 +++++++++++++++++++++++++
|
||||
12 files changed, 252 insertions(+), 17 deletions(-)
|
||||
create mode 100644 templates/chrony.conf.almalinux.tmpl
|
||||
create mode 100644 templates/chrony.conf.cloudlinux.tmpl
|
||||
create mode 100644 templates/ntp.conf.almalinux.tmpl
|
||||
create mode 100644 templates/ntp.conf.cloudlinux.tmpl
|
||||
|
||||
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
|
||||
index 8d3fd9a..4dd5843 100644
|
||||
--- a/cloudinit/config/cc_ca_certs.py
|
||||
+++ b/cloudinit/config/cc_ca_certs.py
|
||||
@@ -57,6 +57,12 @@ for distro in (
|
||||
):
|
||||
DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["opensuse"]
|
||||
|
||||
+for distro in (
|
||||
+ "almalinux",
|
||||
+ "cloudlinux",
|
||||
+):
|
||||
+ DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["rhel"]
|
||||
+
|
||||
MODULE_DESCRIPTION = """\
|
||||
This module adds CA certificates to the system's CA store and updates any
|
||||
related files using the appropriate OS-specific utility. The default CA
|
||||
@@ -72,6 +78,8 @@ configuration option ``remove_defaults``.
|
||||
order to provide the ``update-ca-certificates`` command.
|
||||
"""
|
||||
distros = [
|
||||
+ "almalinux",
|
||||
+ "cloudlinux",
|
||||
"alpine",
|
||||
"debian",
|
||||
"fedora",
|
||||
diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py
|
||||
index 9eef24f..1015d43 100644
|
||||
--- a/cloudinit/config/cc_ntp.py
|
||||
+++ b/cloudinit/config/cc_ntp.py
|
||||
@@ -109,14 +109,6 @@ DISTRO_CLIENT_CONFIG = {
|
||||
"service_name": "ntpd",
|
||||
},
|
||||
},
|
||||
- "centos": {
|
||||
- "ntp": {
|
||||
- "service_name": "ntpd",
|
||||
- },
|
||||
- "chrony": {
|
||||
- "service_name": "chronyd",
|
||||
- },
|
||||
- },
|
||||
"cos": {
|
||||
"chrony": {
|
||||
"service_name": "chronyd",
|
||||
@@ -224,6 +216,9 @@ DISTRO_CLIENT_CONFIG = {
|
||||
for distro in ("opensuse-microos", "opensuse-tumbleweed", "opensuse-leap"):
|
||||
DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["opensuse"]
|
||||
|
||||
+for distro in ("almalinux", "centos", "cloudlinux"):
|
||||
+ DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["rhel"]
|
||||
+
|
||||
for distro in ("sle_hpc", "sle-micro"):
|
||||
DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["sles"]
|
||||
|
||||
diff --git a/cloudinit/config/cc_resolv_conf.py b/cloudinit/config/cc_resolv_conf.py
|
||||
index aa88919..4eb1d76 100644
|
||||
--- a/cloudinit/config/cc_resolv_conf.py
|
||||
+++ b/cloudinit/config/cc_resolv_conf.py
|
||||
@@ -57,7 +57,9 @@ meta: MetaSchema = {
|
||||
"title": "Configure resolv.conf",
|
||||
"description": MODULE_DESCRIPTION,
|
||||
"distros": [
|
||||
+ "almalinux",
|
||||
"alpine",
|
||||
+ "cloudlinux",
|
||||
"fedora",
|
||||
"mariner",
|
||||
"opensuse",
|
||||
diff --git a/cloudinit/settings.py b/cloudinit/settings.py
|
||||
index 5ced21b..51cb115 100644
|
||||
--- a/cloudinit/settings.py
|
||||
+++ b/cloudinit/settings.py
|
||||
@@ -61,7 +61,7 @@ CFG_BUILTIN = {
|
||||
"cloud_dir": "/var/lib/cloud",
|
||||
"templates_dir": "/etc/cloud/templates/",
|
||||
},
|
||||
- "distro": "rhel",
|
||||
+ "distro": "almalinux",
|
||||
"network": {"renderers": None},
|
||||
},
|
||||
"vendor_data": {"enabled": True, "prefix": []},
|
||||
diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py
|
||||
index 9214f1b..14880ec 100644
|
||||
--- a/cloudinit/sources/DataSourceRbxCloud.py
|
||||
+++ b/cloudinit/sources/DataSourceRbxCloud.py
|
||||
@@ -60,7 +60,7 @@ def _sub_arp(cmd):
|
||||
|
||||
def gratuitous_arp(items, distro):
|
||||
source_param = "-S"
|
||||
- if distro.name in ["fedora", "centos", "rhel"]:
|
||||
+ if distro.name in ["almalinux", "fedora", "centos", "cloudlinux", "rhel"]:
|
||||
source_param = "-s"
|
||||
for item in items:
|
||||
try:
|
||||
diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl
|
||||
index bcf8b00..6d34761 100644
|
||||
--- a/systemd/cloud-final.service.tmpl
|
||||
+++ b/systemd/cloud-final.service.tmpl
|
||||
@@ -18,7 +18,7 @@ ExecStart=/usr/bin/cloud-init modules --mode=final
|
||||
RemainAfterExit=yes
|
||||
TimeoutSec=0
|
||||
KillMode=process
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
# Restart NetworkManager if it is present and running.
|
||||
ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \
|
||||
out=$(systemctl show --property=SubState $u) || exit; \
|
||||
diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl
|
||||
index 3a1ca7f..853ae2c 100644
|
||||
--- a/systemd/cloud-init-local.service.tmpl
|
||||
+++ b/systemd/cloud-init-local.service.tmpl
|
||||
@@ -1,23 +1,23 @@
|
||||
## template:jinja
|
||||
[Unit]
|
||||
Description=Initial cloud-init job (pre-networking)
|
||||
-{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel" ] %}
|
||||
DefaultDependencies=no
|
||||
{% endif %}
|
||||
Wants=network-pre.target
|
||||
After=hv_kvp_daemon.service
|
||||
After=systemd-remount-fs.service
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
Requires=dbus.socket
|
||||
After=dbus.socket
|
||||
{% endif %}
|
||||
Before=NetworkManager.service
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
Before=network.service
|
||||
{% endif %}
|
||||
Before=network-pre.target
|
||||
Before=shutdown.target
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
Before=firewalld.target
|
||||
Conflicts=shutdown.target
|
||||
{% endif %}
|
||||
@@ -32,7 +32,7 @@ ConditionEnvironment=!KERNEL_CMDLINE=cloud-init=disabled
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
ExecStartPre=/bin/mkdir -p /run/cloud-init
|
||||
ExecStartPre=/sbin/restorecon /run/cloud-init
|
||||
ExecStartPre=/usr/bin/touch /run/cloud-init/enabled
|
||||
diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl
|
||||
index bf91164..1ae88f7 100644
|
||||
--- a/systemd/cloud-init.service.tmpl
|
||||
+++ b/systemd/cloud-init.service.tmpl
|
||||
@@ -1,7 +1,7 @@
|
||||
## template:jinja
|
||||
[Unit]
|
||||
Description=Initial cloud-init job (metadata service crawler)
|
||||
-{% if variant not in ["photon", "rhel"] %}
|
||||
+{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %}
|
||||
DefaultDependencies=no
|
||||
{% endif %}
|
||||
Wants=cloud-init-local.service
|
||||
diff --git a/templates/chrony.conf.almalinux.tmpl b/templates/chrony.conf.almalinux.tmpl
|
||||
new file mode 100644
|
||||
index 0000000..43b1f5d
|
||||
--- /dev/null
|
||||
+++ b/templates/chrony.conf.almalinux.tmpl
|
||||
@@ -0,0 +1,51 @@
|
||||
+## template:jinja
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+{% for peer in peers -%}
|
||||
+peer {{peer}}
|
||||
+{% endfor %}
|
||||
+{% for a in allow -%}
|
||||
+allow {{a}}
|
||||
+{% endfor %}
|
||||
+
|
||||
+# Record the rate at which the system clock gains/losses time.
|
||||
+driftfile /var/lib/chrony/drift
|
||||
+
|
||||
+# Allow the system clock to be stepped in the first three updates
|
||||
+# if its offset is larger than 1 second.
|
||||
+makestep 1.0 3
|
||||
+
|
||||
+# Enable kernel synchronization of the real-time clock (RTC).
|
||||
+rtcsync
|
||||
+
|
||||
+# Enable hardware timestamping on all interfaces that support it.
|
||||
+#hwtimestamp *
|
||||
+
|
||||
+# Increase the minimum number of selectable sources required to adjust
|
||||
+# the system clock.
|
||||
+#minsources 2
|
||||
+
|
||||
+# Allow NTP client access from local network.
|
||||
+#allow 192.168.0.0/16
|
||||
+
|
||||
+# Serve time even if not synchronized to a time source.
|
||||
+#local stratum 10
|
||||
+
|
||||
+# Specify file containing keys for NTP authentication.
|
||||
+#keyfile /etc/chrony.keys
|
||||
+
|
||||
+# Specify directory for log files.
|
||||
+logdir /var/log/chrony
|
||||
+
|
||||
+# Select which information is logged.
|
||||
+#log measurements statistics tracking
|
||||
diff --git a/templates/chrony.conf.cloudlinux.tmpl b/templates/chrony.conf.cloudlinux.tmpl
|
||||
new file mode 100644
|
||||
index 0000000..43b1f5d
|
||||
--- /dev/null
|
||||
+++ b/templates/chrony.conf.cloudlinux.tmpl
|
||||
@@ -0,0 +1,51 @@
|
||||
+## template:jinja
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+{% for peer in peers -%}
|
||||
+peer {{peer}}
|
||||
+{% endfor %}
|
||||
+{% for a in allow -%}
|
||||
+allow {{a}}
|
||||
+{% endfor %}
|
||||
+
|
||||
+# Record the rate at which the system clock gains/losses time.
|
||||
+driftfile /var/lib/chrony/drift
|
||||
+
|
||||
+# Allow the system clock to be stepped in the first three updates
|
||||
+# if its offset is larger than 1 second.
|
||||
+makestep 1.0 3
|
||||
+
|
||||
+# Enable kernel synchronization of the real-time clock (RTC).
|
||||
+rtcsync
|
||||
+
|
||||
+# Enable hardware timestamping on all interfaces that support it.
|
||||
+#hwtimestamp *
|
||||
+
|
||||
+# Increase the minimum number of selectable sources required to adjust
|
||||
+# the system clock.
|
||||
+#minsources 2
|
||||
+
|
||||
+# Allow NTP client access from local network.
|
||||
+#allow 192.168.0.0/16
|
||||
+
|
||||
+# Serve time even if not synchronized to a time source.
|
||||
+#local stratum 10
|
||||
+
|
||||
+# Specify file containing keys for NTP authentication.
|
||||
+#keyfile /etc/chrony.keys
|
||||
+
|
||||
+# Specify directory for log files.
|
||||
+logdir /var/log/chrony
|
||||
+
|
||||
+# Select which information is logged.
|
||||
+#log measurements statistics tracking
|
||||
diff --git a/templates/ntp.conf.almalinux.tmpl b/templates/ntp.conf.almalinux.tmpl
|
||||
new file mode 100644
|
||||
index 0000000..9884df5
|
||||
--- /dev/null
|
||||
+++ b/templates/ntp.conf.almalinux.tmpl
|
||||
@@ -0,0 +1,64 @@
|
||||
+## template:jinja
|
||||
+
|
||||
+# For more information about this file, see the man pages
|
||||
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
|
||||
+
|
||||
+driftfile /var/lib/ntp/drift
|
||||
+
|
||||
+# Permit time synchronization with our time source, but do not
|
||||
+# permit the source to query or modify the service on this system.
|
||||
+restrict default kod nomodify notrap nopeer noquery
|
||||
+restrict -6 default kod nomodify notrap nopeer noquery
|
||||
+
|
||||
+# Permit all access over the loopback interface. This could
|
||||
+# be tightened as well, but to do so would effect some of
|
||||
+# the administrative functions.
|
||||
+restrict 127.0.0.1
|
||||
+restrict -6 ::1
|
||||
+
|
||||
+# Hosts on local network are less restricted.
|
||||
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
||||
+
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+{% for peer in peers -%}
|
||||
+peer {{peer}}
|
||||
+{% endfor %}
|
||||
+
|
||||
+#broadcast 192.168.1.255 autokey # broadcast server
|
||||
+#broadcastclient # broadcast client
|
||||
+#broadcast 224.0.1.1 autokey # multicast server
|
||||
+#multicastclient 224.0.1.1 # multicast client
|
||||
+#manycastserver 239.255.254.254 # manycast server
|
||||
+#manycastclient 239.255.254.254 autokey # manycast client
|
||||
+
|
||||
+# Enable public key cryptography.
|
||||
+#crypto
|
||||
+
|
||||
+includefile /etc/ntp/crypto/pw
|
||||
+
|
||||
+# Key file containing the keys and key identifiers used when operating
|
||||
+# with symmetric key cryptography.
|
||||
+keys /etc/ntp/keys
|
||||
+
|
||||
+# Specify the key identifiers which are trusted.
|
||||
+#trustedkey 4 8 42
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpdc utility.
|
||||
+#requestkey 8
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpq utility.
|
||||
+#controlkey 8
|
||||
+
|
||||
+# Enable writing of statistics records.
|
||||
+#statistics clockstats cryptostats loopstats peerstats
|
||||
diff --git a/templates/ntp.conf.cloudlinux.tmpl b/templates/ntp.conf.cloudlinux.tmpl
|
||||
new file mode 100644
|
||||
index 0000000..9884df5
|
||||
--- /dev/null
|
||||
+++ b/templates/ntp.conf.cloudlinux.tmpl
|
||||
@@ -0,0 +1,64 @@
|
||||
+## template:jinja
|
||||
+
|
||||
+# For more information about this file, see the man pages
|
||||
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
|
||||
+
|
||||
+driftfile /var/lib/ntp/drift
|
||||
+
|
||||
+# Permit time synchronization with our time source, but do not
|
||||
+# permit the source to query or modify the service on this system.
|
||||
+restrict default kod nomodify notrap nopeer noquery
|
||||
+restrict -6 default kod nomodify notrap nopeer noquery
|
||||
+
|
||||
+# Permit all access over the loopback interface. This could
|
||||
+# be tightened as well, but to do so would effect some of
|
||||
+# the administrative functions.
|
||||
+restrict 127.0.0.1
|
||||
+restrict -6 ::1
|
||||
+
|
||||
+# Hosts on local network are less restricted.
|
||||
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
||||
+
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+{% for peer in peers -%}
|
||||
+peer {{peer}}
|
||||
+{% endfor %}
|
||||
+
|
||||
+#broadcast 192.168.1.255 autokey # broadcast server
|
||||
+#broadcastclient # broadcast client
|
||||
+#broadcast 224.0.1.1 autokey # multicast server
|
||||
+#multicastclient 224.0.1.1 # multicast client
|
||||
+#manycastserver 239.255.254.254 # manycast server
|
||||
+#manycastclient 239.255.254.254 autokey # manycast client
|
||||
+
|
||||
+# Enable public key cryptography.
|
||||
+#crypto
|
||||
+
|
||||
+includefile /etc/ntp/crypto/pw
|
||||
+
|
||||
+# Key file containing the keys and key identifiers used when operating
|
||||
+# with symmetric key cryptography.
|
||||
+keys /etc/ntp/keys
|
||||
+
|
||||
+# Specify the key identifiers which are trusted.
|
||||
+#trustedkey 4 8 42
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpdc utility.
|
||||
+#requestkey 8
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpq utility.
|
||||
+#controlkey 8
|
||||
+
|
||||
+# Enable writing of statistics records.
|
||||
+#statistics clockstats cryptostats loopstats peerstats
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,60 @@
|
||||
From 5d6674508c6478fa2ca3d8c5d39b533a0bbb317a Mon Sep 17 00:00:00 2001
|
||||
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
Date: Thu, 20 May 2021 08:53:55 +0200
|
||||
Subject: [PATCH] rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set
|
||||
in cloud.cfg
|
||||
|
||||
RH-Author: Ani Sinha <None>
|
||||
RH-MergeRequest: 113: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in cloud.cfg
|
||||
RH-Jira: RHEL-16572
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-Commit: [1/1] f506bf58dc5458f50624342ec33bcd390aa0b719 (anisinha/rhel-cloud-init)
|
||||
|
||||
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
RH-MergeRequest: 10: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in cloud.cfg
|
||||
RH-Commit: [1/1] 6da989423b9b6e017afbac2f1af3649b0487310f
|
||||
RH-Bugzilla: 1957532
|
||||
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-Acked-by: Cathy Avery <cavery@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
|
||||
|
||||
Currently genkeytypes in cloud.cfg is set to None, so together with
|
||||
ssh_deletekeys=1 cloudinit on first boot it will just delete the existing
|
||||
keys and not generate new ones.
|
||||
|
||||
Just removing that property in cloud.cfg is not enough, because
|
||||
settings.py provides another empty default value that will be used
|
||||
instead, resulting to no key generated even when the property is not defined.
|
||||
|
||||
Removing genkeytypes also in settings.py will default to GENERATE_KEY_NAMES,
|
||||
but since we want only 'rsa', 'ecdsa' and 'ed25519', add back genkeytypes in
|
||||
cloud.cfg with the above defaults.
|
||||
|
||||
Also remove ssh_deletekeys in settings.py as we always need
|
||||
to 1 (and it also defaults to 1).
|
||||
|
||||
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
(cherry picked from commit b545a0cbabe8924d048b7172b30e7aad59ed32d5)
|
||||
(cherry picked from commit 855dec5dcc0892c0f7cedf06b025a794769a2a8d)
|
||||
---
|
||||
cloudinit/settings.py | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/cloudinit/settings.py b/cloudinit/settings.py
|
||||
index a36c518d..859ad546 100644
|
||||
--- a/cloudinit/settings.py
|
||||
+++ b/cloudinit/settings.py
|
||||
@@ -55,8 +55,6 @@ CFG_BUILTIN = {
|
||||
"log_cfgs": [],
|
||||
"syslog_fix_perms": [],
|
||||
"mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"],
|
||||
- "ssh_deletekeys": False,
|
||||
- "ssh_genkeytypes": [],
|
||||
"system_info": {
|
||||
"paths": {
|
||||
"cloud_dir": "/var/lib/cloud",
|
||||
--
|
||||
2.41.0
|
||||
|
112
SOURCES/net-nm-check-for-presence-of-ifcfg.patch
Normal file
112
SOURCES/net-nm-check-for-presence-of-ifcfg.patch
Normal file
@ -0,0 +1,112 @@
|
||||
From d1d5166895da471cff3606c70d4e8ab6eec1c006 Mon Sep 17 00:00:00 2001
|
||||
From: Ani Sinha <anisinha@redhat.com>
|
||||
Date: Thu, 7 Dec 2023 02:39:51 +0530
|
||||
Subject: [PATCH] net/nm: check for presence of ifcfg files when nm connection
|
||||
files are absent (#4645)
|
||||
|
||||
On systems that use network manager to manage connections and activate network
|
||||
interfaces, they may also use ifcfg files for configuring
|
||||
interfaces using ifcfg-rh network manager plugin. When network manager is used
|
||||
as the activator, we need to also check for the presence of ifcfg interface
|
||||
config file when the network manager connection file is absent and if ifcfg-rh
|
||||
plugin is present.
|
||||
Hence, with this change, network manager activator first tries to use network
|
||||
manager connection files to bring up or bring down the interface. If the
|
||||
connection files are not present and if ifcfg-rh plugin is present, it tries to
|
||||
use ifcfg files for the interface. If the plugin or the ifcfg files are not
|
||||
present, the activator fails to activate or deactivate the interface and it
|
||||
bails out with warning log.
|
||||
|
||||
Fixes: GH-4640
|
||||
|
||||
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
||||
---
|
||||
cloudinit/net/activators.py | 7 +++++++
|
||||
cloudinit/net/network_manager.py | 33 ++++++++++++++++++++++++++++++--
|
||||
2 files changed, 38 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/cloudinit/net/activators.py b/cloudinit/net/activators.py
|
||||
index e69da40d371..dd85886212c 100644
|
||||
--- a/cloudinit/net/activators.py
|
||||
+++ b/cloudinit/net/activators.py
|
||||
@@ -135,6 +135,13 @@ class NetworkManagerActivator(NetworkActivator):
|
||||
from cloudinit.net.network_manager import conn_filename
|
||||
|
||||
filename = conn_filename(device_name)
|
||||
+ if filename is None:
|
||||
+ LOG.warning(
|
||||
+ "Unable to find an interface config file. "
|
||||
+ "Unable to bring up interface."
|
||||
+ )
|
||||
+ return False
|
||||
+
|
||||
cmd = ["nmcli", "connection", "load", filename]
|
||||
if _alter_interface(cmd, device_name):
|
||||
cmd = ["nmcli", "connection", "up", "filename", filename]
|
||||
diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py
|
||||
index 8a99eb3a1c5..76a0ac15eaa 100644
|
||||
--- a/cloudinit/net/network_manager.py
|
||||
+++ b/cloudinit/net/network_manager.py
|
||||
@@ -17,10 +17,12 @@ from cloudinit import log as logging
|
||||
from cloudinit import subp, util
|
||||
from cloudinit.net import is_ipv6_address, renderer, subnet_is_ipv6
|
||||
from cloudinit.net.network_state import NetworkState
|
||||
+from cloudinit.net.sysconfig import available_nm_ifcfg_rh
|
||||
|
||||
NM_RUN_DIR = "/etc/NetworkManager"
|
||||
NM_LIB_DIR = "/usr/lib/NetworkManager"
|
||||
NM_CFG_FILE = "/etc/NetworkManager/NetworkManager.conf"
|
||||
+IFCFG_CFG_FILE = "/etc/sysconfig/network-scripts"
|
||||
NM_IPV6_ADDR_GEN_CONF = """# This is generated by cloud-init. Do not edit.
|
||||
#
|
||||
[.config]
|
||||
@@ -374,7 +376,7 @@ class Renderer(renderer.Renderer):
|
||||
for con_id, conn in self.connections.items():
|
||||
if not conn.valid():
|
||||
continue
|
||||
- name = conn_filename(con_id, target)
|
||||
+ name = nm_conn_filename(con_id, target)
|
||||
util.write_file(name, conn.dump(), 0o600)
|
||||
|
||||
# Select EUI64 to be used by default by NM for creating the address
|
||||
@@ -384,12 +386,39 @@ class Renderer(renderer.Renderer):
|
||||
)
|
||||
|
||||
|
||||
-def conn_filename(con_id, target=None):
|
||||
+def nm_conn_filename(con_id, target=None):
|
||||
target_con_dir = subp.target_path(target, NM_RUN_DIR)
|
||||
con_file = f"cloud-init-{con_id}.nmconnection"
|
||||
return f"{target_con_dir}/system-connections/{con_file}"
|
||||
|
||||
|
||||
+def sysconfig_conn_filename(devname, target=None):
|
||||
+ target_con_dir = subp.target_path(target, IFCFG_CFG_FILE)
|
||||
+ con_file = f"ifcfg-{devname}"
|
||||
+ return f"{target_con_dir}/{con_file}"
|
||||
+
|
||||
+
|
||||
+def conn_filename(devname):
|
||||
+ """
|
||||
+ This function returns the name of the interface config file.
|
||||
+ It first checks for presence of network manager connection file.
|
||||
+ If absent and ifcfg-rh plugin for network manager is available,
|
||||
+ it returns the name of the ifcfg file if it is present. If the
|
||||
+ plugin is not present or the plugin is present but ifcfg file is
|
||||
+ not, it returns None.
|
||||
+ This function is called from NetworkManagerActivator class in
|
||||
+ activators.py.
|
||||
+ """
|
||||
+ conn_file = nm_conn_filename(devname)
|
||||
+ # If the network manager connection file is absent, also check for
|
||||
+ # presence of ifcfg files for the same interface (if nm-ifcfg-rh plugin is
|
||||
+ # present, network manager can handle ifcfg files). If both network manager
|
||||
+ # connection file and ifcfg files are absent, return None.
|
||||
+ if not os.path.isfile(conn_file) and available_nm_ifcfg_rh():
|
||||
+ conn_file = sysconfig_conn_filename(devname)
|
||||
+ return conn_file if os.path.isfile(conn_file) else None
|
||||
+
|
||||
+
|
||||
def cloud_init_nm_conf_filename(target=None):
|
||||
target_con_dir = subp.target_path(target, NM_RUN_DIR)
|
||||
conf_file = "30-cloud-init-ip6-addr-gen-mode.conf"
|
129
SOURCES/tests-unittests-add-a-new-unit-test.patch
Normal file
129
SOURCES/tests-unittests-add-a-new-unit-test.patch
Normal file
@ -0,0 +1,129 @@
|
||||
From bb474df78bfe45ea5f05907eb710e8d5de764fc8 Mon Sep 17 00:00:00 2001
|
||||
From: Ani Sinha <anisinha@redhat.com>
|
||||
Date: Thu, 7 Dec 2023 21:03:13 +0530
|
||||
Subject: [PATCH] tests/unittests: add a new unit test for network manager net
|
||||
activator (#4672)
|
||||
|
||||
Some changes in behavior in network manager net activator was brought in with
|
||||
the commit
|
||||
d1d5166895da ("net/nm: check for presence of ifcfg files when nm connection files are absent")
|
||||
|
||||
This change adds some unit tests that exercizes network manager activator's
|
||||
bring_up_interface() method that tests failure scenarios as well as cases
|
||||
where an ifcfg file is used to bring the interface up.
|
||||
|
||||
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
||||
---
|
||||
tests/unittests/test_net_activators.py | 103 +++++++++++++++++++++++++
|
||||
1 file changed, 103 insertions(+)
|
||||
|
||||
diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py
|
||||
index 2a363ec415b..d53701efafb 100644
|
||||
--- a/tests/unittests/test_net_activators.py
|
||||
+++ b/tests/unittests/test_net_activators.py
|
||||
@@ -347,3 +347,105 @@ class TestActivatorsBringDown:
|
||||
activator.bring_down_all_interfaces(network_state)
|
||||
for call in m_subp.call_args_list:
|
||||
assert call in expected_call_list
|
||||
+
|
||||
+class TestNetworkManagerActivatorBringUp:
|
||||
+ @patch("cloudinit.subp.subp", return_value=("", ""))
|
||||
+ @patch(
|
||||
+ "cloudinit.net.network_manager.available_nm_ifcfg_rh",
|
||||
+ return_value=True,
|
||||
+ )
|
||||
+ @patch("os.path.isfile")
|
||||
+ @patch("os.path.exists", return_value=True)
|
||||
+ def test_bring_up_interface_no_nm_conn(
|
||||
+ self, m_exists, m_isfile, m_plugin, m_subp
|
||||
+ ):
|
||||
+ """
|
||||
+ There is no network manager connection file but ifcfg-rh plugin is
|
||||
+ present and ifcfg interface config files are also present. In this
|
||||
+ case, we should use ifcfg files.
|
||||
+ """
|
||||
+
|
||||
+ def fake_isfile_no_nmconn(filename):
|
||||
+ return False if filename.endswith(".nmconnection") else True
|
||||
+
|
||||
+ m_isfile.side_effect = fake_isfile_no_nmconn
|
||||
+
|
||||
+ expected_call_list = [
|
||||
+ (
|
||||
+ (
|
||||
+ [
|
||||
+ "nmcli",
|
||||
+ "connection",
|
||||
+ "load",
|
||||
+ "".join(
|
||||
+ [
|
||||
+ "/etc/sysconfig/network-scripts/ifcfg-eth0",
|
||||
+ ]
|
||||
+ ),
|
||||
+ ],
|
||||
+ ),
|
||||
+ {},
|
||||
+ ),
|
||||
+ (
|
||||
+ (
|
||||
+ [
|
||||
+ "nmcli",
|
||||
+ "connection",
|
||||
+ "up",
|
||||
+ "filename",
|
||||
+ "".join(
|
||||
+ [
|
||||
+ "/etc/sysconfig/network-scripts/ifcfg-eth0",
|
||||
+ ]
|
||||
+ ),
|
||||
+ ],
|
||||
+ ),
|
||||
+ {},
|
||||
+ ),
|
||||
+ ]
|
||||
+
|
||||
+ index = 0
|
||||
+ assert NetworkManagerActivator.bring_up_interface("eth0")
|
||||
+ for call in m_subp.call_args_list:
|
||||
+ assert call == expected_call_list[index]
|
||||
+ index += 1
|
||||
+
|
||||
+ @patch("cloudinit.subp.subp", return_value=("", ""))
|
||||
+ @patch(
|
||||
+ "cloudinit.net.network_manager.available_nm_ifcfg_rh",
|
||||
+ return_value=False,
|
||||
+ )
|
||||
+ @patch("os.path.isfile")
|
||||
+ @patch("os.path.exists", return_value=True)
|
||||
+ def test_bring_up_interface_no_plugin_no_nm_conn(
|
||||
+ self, m_exists, m_isfile, m_plugin, m_subp
|
||||
+ ):
|
||||
+ """
|
||||
+ The ifcfg-rh plugin is absent and nmconnection file is also
|
||||
+ not present. In this case, we can't use ifcfg file and the
|
||||
+ interface bring up should fail.
|
||||
+ """
|
||||
+
|
||||
+ def fake_isfile_no_nmconn(filename):
|
||||
+ return False if filename.endswith(".nmconnection") else True
|
||||
+
|
||||
+ m_isfile.side_effect = fake_isfile_no_nmconn
|
||||
+ assert not NetworkManagerActivator.bring_up_interface("eth0")
|
||||
+
|
||||
+ @patch("cloudinit.subp.subp", return_value=("", ""))
|
||||
+ @patch(
|
||||
+ "cloudinit.net.network_manager.available_nm_ifcfg_rh",
|
||||
+ return_value=True,
|
||||
+ )
|
||||
+ @patch("os.path.isfile", return_value=False)
|
||||
+ @patch("os.path.exists", return_value=True)
|
||||
+ def test_bring_up_interface_no_conn_file(
|
||||
+ self, m_exists, m_isfile, m_plugin, m_subp
|
||||
+ ):
|
||||
+ """
|
||||
+ Neither network manager connection files are present nor
|
||||
+ ifcfg files are present. Even if ifcfg-rh plugin is present,
|
||||
+ we can not bring up the interface. So bring_up_interface()
|
||||
+ should fail.
|
||||
+ """
|
||||
+ assert not NetworkManagerActivator.bring_up_interface("eth0")
|
@ -6,7 +6,7 @@
|
||||
|
||||
Name: cloud-init
|
||||
Version: 23.4
|
||||
Release: 7%{?dist}.8
|
||||
Release: 7%{?dist}.8.alma.1
|
||||
Summary: Cloud instance init scripts
|
||||
|
||||
Group: System Environment/Base
|
||||
@ -58,6 +58,9 @@ Patch31: ci-fix-Clean-cache-if-no-datasource-fallback-5499.patch
|
||||
# For RHEL-54155 - [RHEL 8.10] cloud-init schema validation fails.
|
||||
Patch32: ci-fix-Add-subnet-ipv4-ipv6-to-network-schema-5191.patch
|
||||
|
||||
# AlmaLinux OS patches
|
||||
Patch100: 0001-Improvements-for-AlmaLinux-OS-and-CloudLinux-OS.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
@ -272,6 +275,9 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
|
||||
|
||||
%changelog
|
||||
* Tue Sep 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 23.4-7.el8_10.8.alma.1
|
||||
- 0001-Improvements-for-AlmaLinux-OS-and-CloudLinux-OS.patch
|
||||
|
||||
* Tue Aug 20 2024 Jon Maloy <jmaloy@redhat.com> - 23.4-7.el8_10.8
|
||||
- ci-fix-Add-subnet-ipv4-ipv6-to-network-schema-5191.patch [RHEL-54155]
|
||||
- Resolves: RHEL-54155
|
||||
|
Loading…
Reference in New Issue
Block a user