Compare commits
No commits in common. 'c8' and 'a9' have entirely different histories.
@ -0,0 +1,618 @@
|
||||
diff -aruN cloud-init-22.1/cloudinit/config/cc_ca_certs.py cloud-init-22.1.patched/cloudinit/config/cc_ca_certs.py
|
||||
--- cloud-init-22.1/cloudinit/config/cc_ca_certs.py 2022-02-15 21:02:23
|
||||
+++ cloud-init-22.1.patched/cloudinit/config/cc_ca_certs.py 2023-08-04 12:53:10
|
||||
@@ -19,6 +19,20 @@
|
||||
"ca_cert_update_cmd": ["update-ca-certificates"],
|
||||
}
|
||||
DISTRO_OVERRIDES = {
|
||||
+ "almalinux": {
|
||||
+ "ca_cert_path": "/usr/share/pki/ca-trust-source/",
|
||||
+ "ca_cert_filename": "anchors/cloud-init-ca-certs.crt",
|
||||
+ "ca_cert_config": None,
|
||||
+ "ca_cert_system_path": "/etc/pki/ca-trust/",
|
||||
+ "ca_cert_update_cmd": ["update-ca-trust"],
|
||||
+ },
|
||||
+ "cloudlinux": {
|
||||
+ "ca_cert_path": "/usr/share/pki/ca-trust-source/",
|
||||
+ "ca_cert_filename": "anchors/cloud-init-ca-certs.crt",
|
||||
+ "ca_cert_config": None,
|
||||
+ "ca_cert_system_path": "/etc/pki/ca-trust/",
|
||||
+ "ca_cert_update_cmd": ["update-ca-trust"],
|
||||
+ },
|
||||
"rhel": {
|
||||
"ca_cert_path": "/usr/share/pki/ca-trust-source/",
|
||||
"ca_cert_filename": "anchors/cloud-init-ca-certs.crt",
|
||||
@@ -43,7 +57,7 @@
|
||||
ca-certificates package is installed but not if the
|
||||
ca-certificates-bundle package is installed.
|
||||
"""
|
||||
-distros = ["alpine", "debian", "ubuntu", "rhel"]
|
||||
+distros = ["almalinux", "alpine", "cloudlinux", "debian", "ubuntu", "rhel"]
|
||||
|
||||
meta: MetaSchema = {
|
||||
"id": "cc_ca_certs",
|
||||
diff -aruN cloud-init-22.1/cloudinit/config/cc_ntp.py cloud-init-22.1.patched/cloudinit/config/cc_ntp.py
|
||||
--- cloud-init-22.1/cloudinit/config/cc_ntp.py 2022-02-15 21:02:23
|
||||
+++ cloud-init-22.1.patched/cloudinit/config/cc_ntp.py 2023-08-04 12:53:57
|
||||
@@ -80,6 +80,14 @@
|
||||
|
||||
# This is Distro-specific configuration overrides of the base config
|
||||
DISTRO_CLIENT_CONFIG = {
|
||||
+ "almalinux": {
|
||||
+ "ntp": {
|
||||
+ "service_name": "ntpd",
|
||||
+ },
|
||||
+ "chrony": {
|
||||
+ "service_name": "chronyd",
|
||||
+ },
|
||||
+ },
|
||||
"alpine": {
|
||||
"chrony": {
|
||||
"confpath": "/etc/chrony/chrony.conf",
|
||||
@@ -89,6 +97,14 @@
|
||||
"confpath": "/etc/ntp.conf",
|
||||
"packages": [],
|
||||
"service_name": "ntpd",
|
||||
+ },
|
||||
+ },
|
||||
+ "cloudlinux": {
|
||||
+ "ntp": {
|
||||
+ "service_name": "ntpd",
|
||||
+ },
|
||||
+ "chrony": {
|
||||
+ "service_name": "chronyd",
|
||||
},
|
||||
},
|
||||
"debian": {
|
||||
diff -aruN cloud-init-22.1/cloudinit/settings.py cloud-init-22.1.patched/cloudinit/settings.py
|
||||
--- cloud-init-22.1/cloudinit/settings.py 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/cloudinit/settings.py 2023-08-04 12:46:54
|
||||
@@ -58,7 +58,7 @@
|
||||
'cloud_dir': '/var/lib/cloud',
|
||||
'templates_dir': '/etc/cloud/templates/',
|
||||
},
|
||||
- 'distro': 'rhel',
|
||||
+ 'distro': 'almalinux',
|
||||
'network': {'renderers': None},
|
||||
},
|
||||
"vendor_data": {"enabled": True, "prefix": []},
|
||||
diff -aruN cloud-init-22.1/cloudinit/sources/DataSourceRbxCloud.py cloud-init-22.1.patched/cloudinit/sources/DataSourceRbxCloud.py
|
||||
--- cloud-init-22.1/cloudinit/sources/DataSourceRbxCloud.py 2022-02-15 21:02:23
|
||||
+++ cloud-init-22.1.patched/cloudinit/sources/DataSourceRbxCloud.py 2023-08-04 12:54:44
|
||||
@@ -55,7 +55,7 @@
|
||||
|
||||
def gratuitous_arp(items, distro):
|
||||
source_param = "-S"
|
||||
- if distro.name in ["fedora", "centos", "rhel"]:
|
||||
+ if distro.name in ["almalinux", "fedora", "centos", "cloudlinux", "rhel"]:
|
||||
source_param = "-s"
|
||||
for item in items:
|
||||
try:
|
||||
diff -aruN cloud-init-22.1/config/cloud.cfg.tmpl cloud-init-22.1.patched/config/cloud.cfg.tmpl
|
||||
--- cloud-init-22.1/config/cloud.cfg.tmpl 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/config/cloud.cfg.tmpl 2023-08-04 12:56:00
|
||||
@@ -2,7 +2,7 @@
|
||||
# The top level settings are used as module
|
||||
# and system configuration.
|
||||
{% set is_bsd = variant in ["dragonfly", "freebsd", "netbsd", "openbsd"] %}
|
||||
-{% set is_rhel = variant in ["rhel", "centos"] %}
|
||||
+{% set is_rhel = variant in ["rhel", "centos", "almalinux", "cloudlinux"] %}
|
||||
{% if is_bsd %}
|
||||
syslog_fix_perms: root:wheel
|
||||
{% elif variant in ["suse"] %}
|
||||
diff -aruN cloud-init-22.1/packages/pkg-deps.json cloud-init-22.1.patched/packages/pkg-deps.json
|
||||
--- cloud-init-22.1/packages/pkg-deps.json 2022-02-15 21:02:23
|
||||
+++ cloud-init-22.1.patched/packages/pkg-deps.json 2023-08-04 12:55:20
|
||||
@@ -1,4 +1,18 @@
|
||||
{
|
||||
+ "almalinux" : {
|
||||
+ "build-requires" : [
|
||||
+ "python3-devel"
|
||||
+ ],
|
||||
+ "requires" : [
|
||||
+ "e2fsprogs",
|
||||
+ "iproute",
|
||||
+ "net-tools",
|
||||
+ "procps",
|
||||
+ "rsyslog",
|
||||
+ "shadow-utils",
|
||||
+ "sudo"
|
||||
+ ]
|
||||
+ },
|
||||
"debian" : {
|
||||
"build-requires" : [
|
||||
"debhelper",
|
||||
@@ -14,6 +28,20 @@
|
||||
]
|
||||
},
|
||||
"centos" : {
|
||||
+ "build-requires" : [
|
||||
+ "python3-devel"
|
||||
+ ],
|
||||
+ "requires" : [
|
||||
+ "e2fsprogs",
|
||||
+ "iproute",
|
||||
+ "net-tools",
|
||||
+ "procps",
|
||||
+ "rsyslog",
|
||||
+ "shadow-utils",
|
||||
+ "sudo"
|
||||
+ ]
|
||||
+ },
|
||||
+ "cloudlinux" : {
|
||||
"build-requires" : [
|
||||
"python3-devel"
|
||||
],
|
||||
diff -aruN cloud-init-22.1/systemd/cloud-config.service.tmpl cloud-init-22.1.patched/systemd/cloud-config.service.tmpl
|
||||
--- cloud-init-22.1/systemd/cloud-config.service.tmpl 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/systemd/cloud-config.service.tmpl 2023-08-04 12:56:40
|
||||
@@ -4,7 +4,7 @@
|
||||
After=network-online.target cloud-config.target
|
||||
After=snapd.seeded.service
|
||||
Wants=network-online.target cloud-config.target
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
ConditionPathExists=!/etc/cloud/cloud-init.disabled
|
||||
ConditionKernelCommandLine=!cloud-init=disabled
|
||||
{% endif %}
|
||||
diff -aruN cloud-init-22.1/systemd/cloud-final.service.tmpl cloud-init-22.1.patched/systemd/cloud-final.service.tmpl
|
||||
--- cloud-init-22.1/systemd/cloud-final.service.tmpl 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/systemd/cloud-final.service.tmpl 2023-08-04 12:57:11
|
||||
@@ -7,7 +7,7 @@
|
||||
Before=apt-daily.service
|
||||
{% endif %}
|
||||
Wants=network-online.target cloud-config.service
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
ConditionPathExists=!/etc/cloud/cloud-init.disabled
|
||||
ConditionKernelCommandLine=!cloud-init=disabled
|
||||
{% endif %}
|
||||
@@ -19,7 +19,7 @@
|
||||
RemainAfterExit=yes
|
||||
TimeoutSec=0
|
||||
KillMode=process
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
# Restart NetworkManager if it is present and running.
|
||||
ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \
|
||||
out=$(systemctl show --property=SubState $u) || exit; \
|
||||
diff -aruN cloud-init-22.1/systemd/cloud-init-local.service.tmpl cloud-init-22.1.patched/systemd/cloud-init-local.service.tmpl
|
||||
--- cloud-init-22.1/systemd/cloud-init-local.service.tmpl 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/systemd/cloud-init-local.service.tmpl 2023-08-04 13:00:54
|
||||
@@ -1,23 +1,23 @@
|
||||
## template:jinja
|
||||
[Unit]
|
||||
Description=Initial cloud-init job (pre-networking)
|
||||
-{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel" ] %}
|
||||
DefaultDependencies=no
|
||||
{% endif %}
|
||||
Wants=network-pre.target
|
||||
After=hv_kvp_daemon.service
|
||||
After=systemd-remount-fs.service
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
Requires=dbus.socket
|
||||
After=dbus.socket
|
||||
{% endif %}
|
||||
Before=NetworkManager.service
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
Before=network.service
|
||||
{% endif %}
|
||||
Before=network-pre.target
|
||||
Before=shutdown.target
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
Before=firewalld.target
|
||||
Conflicts=shutdown.target
|
||||
{% endif %}
|
||||
@@ -26,14 +26,14 @@
|
||||
Conflicts=shutdown.target
|
||||
{% endif %}
|
||||
RequiresMountsFor=/var/lib/cloud
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
ConditionPathExists=!/etc/cloud/cloud-init.disabled
|
||||
ConditionKernelCommandLine=!cloud-init=disabled
|
||||
{% endif %}
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
ExecStartPre=/bin/mkdir -p /run/cloud-init
|
||||
ExecStartPre=/sbin/restorecon /run/cloud-init
|
||||
ExecStartPre=/usr/bin/touch /run/cloud-init/enabled
|
||||
diff -aruN cloud-init-22.1/systemd/cloud-init.service.tmpl cloud-init-22.1.patched/systemd/cloud-init.service.tmpl
|
||||
--- cloud-init-22.1/systemd/cloud-init.service.tmpl 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/systemd/cloud-init.service.tmpl 2023-08-04 13:01:39
|
||||
@@ -1,7 +1,7 @@
|
||||
## template:jinja
|
||||
[Unit]
|
||||
Description=Initial cloud-init job (metadata service crawler)
|
||||
-{% if variant not in ["photon", "rhel"] %}
|
||||
+{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %}
|
||||
DefaultDependencies=no
|
||||
{% endif %}
|
||||
Wants=cloud-init-local.service
|
||||
@@ -37,7 +37,7 @@
|
||||
Conflicts=shutdown.target
|
||||
{% endif %}
|
||||
Before=systemd-user-sessions.service
|
||||
-{% if variant == "rhel" %}
|
||||
+{% if variant in ["almalinux", "cloudlinux", "rhel"] %}
|
||||
ConditionPathExists=!/etc/cloud/cloud-init.disabled
|
||||
ConditionKernelCommandLine=!cloud-init=disabled
|
||||
{% endif %}
|
||||
diff -aruN cloud-init-22.1/templates/chrony.conf.almalinux.tmpl cloud-init-22.1.patched/templates/chrony.conf.almalinux.tmpl
|
||||
--- cloud-init-22.1/templates/chrony.conf.almalinux.tmpl 1970-01-01 02:00:00
|
||||
+++ cloud-init-22.1.patched/templates/chrony.conf.almalinux.tmpl 2023-08-04 12:46:54
|
||||
@@ -0,0 +1,45 @@
|
||||
+## template:jinja
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+
|
||||
+# Record the rate at which the system clock gains/losses time.
|
||||
+driftfile /var/lib/chrony/drift
|
||||
+
|
||||
+# Allow the system clock to be stepped in the first three updates
|
||||
+# if its offset is larger than 1 second.
|
||||
+makestep 1.0 3
|
||||
+
|
||||
+# Enable kernel synchronization of the real-time clock (RTC).
|
||||
+rtcsync
|
||||
+
|
||||
+# Enable hardware timestamping on all interfaces that support it.
|
||||
+#hwtimestamp *
|
||||
+
|
||||
+# Increase the minimum number of selectable sources required to adjust
|
||||
+# the system clock.
|
||||
+#minsources 2
|
||||
+
|
||||
+# Allow NTP client access from local network.
|
||||
+#allow 192.168.0.0/16
|
||||
+
|
||||
+# Serve time even if not synchronized to a time source.
|
||||
+#local stratum 10
|
||||
+
|
||||
+# Specify file containing keys for NTP authentication.
|
||||
+#keyfile /etc/chrony.keys
|
||||
+
|
||||
+# Specify directory for log files.
|
||||
+logdir /var/log/chrony
|
||||
+
|
||||
+# Select which information is logged.
|
||||
+#log measurements statistics tracking
|
||||
diff -aruN cloud-init-22.1/templates/chrony.conf.cloudlinux.tmpl cloud-init-22.1.patched/templates/chrony.conf.cloudlinux.tmpl
|
||||
--- cloud-init-22.1/templates/chrony.conf.cloudlinux.tmpl 1970-01-01 02:00:00
|
||||
+++ cloud-init-22.1.patched/templates/chrony.conf.cloudlinux.tmpl 2023-08-04 13:02:20
|
||||
@@ -0,0 +1,45 @@
|
||||
+## template:jinja
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+
|
||||
+# Record the rate at which the system clock gains/losses time.
|
||||
+driftfile /var/lib/chrony/drift
|
||||
+
|
||||
+# Allow the system clock to be stepped in the first three updates
|
||||
+# if its offset is larger than 1 second.
|
||||
+makestep 1.0 3
|
||||
+
|
||||
+# Enable kernel synchronization of the real-time clock (RTC).
|
||||
+rtcsync
|
||||
+
|
||||
+# Enable hardware timestamping on all interfaces that support it.
|
||||
+#hwtimestamp *
|
||||
+
|
||||
+# Increase the minimum number of selectable sources required to adjust
|
||||
+# the system clock.
|
||||
+#minsources 2
|
||||
+
|
||||
+# Allow NTP client access from local network.
|
||||
+#allow 192.168.0.0/16
|
||||
+
|
||||
+# Serve time even if not synchronized to a time source.
|
||||
+#local stratum 10
|
||||
+
|
||||
+# Specify file containing keys for NTP authentication.
|
||||
+#keyfile /etc/chrony.keys
|
||||
+
|
||||
+# Specify directory for log files.
|
||||
+logdir /var/log/chrony
|
||||
+
|
||||
+# Select which information is logged.
|
||||
+#log measurements statistics tracking
|
||||
diff -aruN cloud-init-22.1/templates/ntp.conf.almalinux.tmpl cloud-init-22.1.patched/templates/ntp.conf.almalinux.tmpl
|
||||
--- cloud-init-22.1/templates/ntp.conf.almalinux.tmpl 1970-01-01 02:00:00
|
||||
+++ cloud-init-22.1.patched/templates/ntp.conf.almalinux.tmpl 2023-08-04 12:46:54
|
||||
@@ -0,0 +1,61 @@
|
||||
+## template:jinja
|
||||
+
|
||||
+# For more information about this file, see the man pages
|
||||
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
|
||||
+
|
||||
+driftfile /var/lib/ntp/drift
|
||||
+
|
||||
+# Permit time synchronization with our time source, but do not
|
||||
+# permit the source to query or modify the service on this system.
|
||||
+restrict default kod nomodify notrap nopeer noquery
|
||||
+restrict -6 default kod nomodify notrap nopeer noquery
|
||||
+
|
||||
+# Permit all access over the loopback interface. This could
|
||||
+# be tightened as well, but to do so would effect some of
|
||||
+# the administrative functions.
|
||||
+restrict 127.0.0.1
|
||||
+restrict -6 ::1
|
||||
+
|
||||
+# Hosts on local network are less restricted.
|
||||
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
||||
+
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+
|
||||
+#broadcast 192.168.1.255 autokey # broadcast server
|
||||
+#broadcastclient # broadcast client
|
||||
+#broadcast 224.0.1.1 autokey # multicast server
|
||||
+#multicastclient 224.0.1.1 # multicast client
|
||||
+#manycastserver 239.255.254.254 # manycast server
|
||||
+#manycastclient 239.255.254.254 autokey # manycast client
|
||||
+
|
||||
+# Enable public key cryptography.
|
||||
+#crypto
|
||||
+
|
||||
+includefile /etc/ntp/crypto/pw
|
||||
+
|
||||
+# Key file containing the keys and key identifiers used when operating
|
||||
+# with symmetric key cryptography.
|
||||
+keys /etc/ntp/keys
|
||||
+
|
||||
+# Specify the key identifiers which are trusted.
|
||||
+#trustedkey 4 8 42
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpdc utility.
|
||||
+#requestkey 8
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpq utility.
|
||||
+#controlkey 8
|
||||
+
|
||||
+# Enable writing of statistics records.
|
||||
+#statistics clockstats cryptostats loopstats peerstats
|
||||
diff -aruN cloud-init-22.1/templates/ntp.conf.cloudlinux.tmpl cloud-init-22.1.patched/templates/ntp.conf.cloudlinux.tmpl
|
||||
--- cloud-init-22.1/templates/ntp.conf.cloudlinux.tmpl 1970-01-01 02:00:00
|
||||
+++ cloud-init-22.1.patched/templates/ntp.conf.cloudlinux.tmpl 2023-08-04 13:03:08
|
||||
@@ -0,0 +1,61 @@
|
||||
+## template:jinja
|
||||
+
|
||||
+# For more information about this file, see the man pages
|
||||
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
|
||||
+
|
||||
+driftfile /var/lib/ntp/drift
|
||||
+
|
||||
+# Permit time synchronization with our time source, but do not
|
||||
+# permit the source to query or modify the service on this system.
|
||||
+restrict default kod nomodify notrap nopeer noquery
|
||||
+restrict -6 default kod nomodify notrap nopeer noquery
|
||||
+
|
||||
+# Permit all access over the loopback interface. This could
|
||||
+# be tightened as well, but to do so would effect some of
|
||||
+# the administrative functions.
|
||||
+restrict 127.0.0.1
|
||||
+restrict -6 ::1
|
||||
+
|
||||
+# Hosts on local network are less restricted.
|
||||
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
|
||||
+
|
||||
+# Use public servers from the pool.ntp.org project.
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
+{% if pools %}# pools
|
||||
+{% endif %}
|
||||
+{% for pool in pools -%}
|
||||
+pool {{pool}} iburst
|
||||
+{% endfor %}
|
||||
+{%- if servers %}# servers
|
||||
+{% endif %}
|
||||
+{% for server in servers -%}
|
||||
+server {{server}} iburst
|
||||
+{% endfor %}
|
||||
+
|
||||
+#broadcast 192.168.1.255 autokey # broadcast server
|
||||
+#broadcastclient # broadcast client
|
||||
+#broadcast 224.0.1.1 autokey # multicast server
|
||||
+#multicastclient 224.0.1.1 # multicast client
|
||||
+#manycastserver 239.255.254.254 # manycast server
|
||||
+#manycastclient 239.255.254.254 autokey # manycast client
|
||||
+
|
||||
+# Enable public key cryptography.
|
||||
+#crypto
|
||||
+
|
||||
+includefile /etc/ntp/crypto/pw
|
||||
+
|
||||
+# Key file containing the keys and key identifiers used when operating
|
||||
+# with symmetric key cryptography.
|
||||
+keys /etc/ntp/keys
|
||||
+
|
||||
+# Specify the key identifiers which are trusted.
|
||||
+#trustedkey 4 8 42
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpdc utility.
|
||||
+#requestkey 8
|
||||
+
|
||||
+# Specify the key identifier to use with the ntpq utility.
|
||||
+#controlkey 8
|
||||
+
|
||||
+# Enable writing of statistics records.
|
||||
+#statistics clockstats cryptostats loopstats peerstats
|
||||
diff -aruN cloud-init-22.1/tests/unittests/test_net.py cloud-init-22.1.patched/tests/unittests/test_net.py
|
||||
--- cloud-init-22.1/tests/unittests/test_net.py 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/tests/unittests/test_net.py 2023-08-04 13:04:10
|
||||
@@ -6254,8 +6254,10 @@
|
||||
def test_sysconfig_available_uses_variant_mapping(self, m_info, m_avail):
|
||||
m_avail.return_value = True
|
||||
variants = [
|
||||
+ "almalinux",
|
||||
"suse",
|
||||
"centos",
|
||||
+ "cloudlinux",
|
||||
"eurolinux",
|
||||
"fedora",
|
||||
"rhel",
|
||||
diff -aruN cloud-init-22.1/tests/unittests/test_render_cloudcfg.py cloud-init-22.1.patched/tests/unittests/test_render_cloudcfg.py
|
||||
--- cloud-init-22.1/tests/unittests/test_render_cloudcfg.py 2023-08-04 12:47:34
|
||||
+++ cloud-init-22.1.patched/tests/unittests/test_render_cloudcfg.py 2023-08-04 13:04:48
|
||||
@@ -9,9 +9,11 @@
|
||||
|
||||
# TODO(Look to align with tools.render-cloudcfg or cloudinit.distos.OSFAMILIES)
|
||||
DISTRO_VARIANTS = [
|
||||
+ "almalinux",
|
||||
"amazon",
|
||||
"arch",
|
||||
"centos",
|
||||
+ "cloudlinux",
|
||||
"debian",
|
||||
"eurolinux",
|
||||
"fedora",
|
||||
@@ -66,7 +68,9 @@
|
||||
system_cfg = util.load_yaml(stream.read())
|
||||
|
||||
default_user_exceptions = {
|
||||
+ "almalinux": "almalinux",
|
||||
"amazon": "ec2-user",
|
||||
+ "cloudlinux": "cloudlinux",
|
||||
"debian": "ubuntu",
|
||||
"rhel": "cloud-user",
|
||||
"centos": "cloud-user",
|
||||
diff -aruN cloud-init-22.1/tools/read-dependencies cloud-init-22.1.patched/tools/read-dependencies
|
||||
--- cloud-init-22.1/tools/read-dependencies 2022-02-15 21:02:23
|
||||
+++ cloud-init-22.1.patched/tools/read-dependencies 2023-08-04 13:06:19
|
||||
@@ -22,7 +22,9 @@
|
||||
|
||||
# Map the appropriate package dir needed for each distro choice
|
||||
DISTRO_PKG_TYPE_MAP = {
|
||||
+ 'almalinux': 'redhat',
|
||||
'centos': 'redhat',
|
||||
+ 'cloudlinux': 'redhat',
|
||||
'eurolinux': 'redhat',
|
||||
'miraclelinux': 'redhat',
|
||||
'rocky': 'redhat',
|
||||
@@ -68,14 +70,18 @@
|
||||
'--auto-agree-with-licenses']
|
||||
|
||||
DRY_DISTRO_INSTALL_PKG_CMD = {
|
||||
+ 'almalinux': ['yum', 'install', '--assumeyes'],
|
||||
'rocky': ['yum', 'install', '--assumeyes'],
|
||||
'centos': ['yum', 'install', '--assumeyes'],
|
||||
+ 'cloudlinux': ['yum', 'install', '--assumeyes'],
|
||||
'eurolinux': ['yum', 'install', '--assumeyes'],
|
||||
'miraclelinux': ['yum', 'install', '--assumeyes'],
|
||||
'redhat': ['yum', 'install', '--assumeyes'],
|
||||
}
|
||||
|
||||
DISTRO_INSTALL_PKG_CMD = {
|
||||
+ 'almalinux': MAYBE_RELIABLE_YUM_INSTALL,
|
||||
+ 'cloudlinux': MAYBE_RELIABLE_YUM_INSTALL,
|
||||
'rocky': MAYBE_RELIABLE_YUM_INSTALL,
|
||||
'eurolinux': MAYBE_RELIABLE_YUM_INSTALL,
|
||||
'miraclelinux': MAYBE_RELIABLE_YUM_INSTALL,
|
||||
@@ -90,6 +96,8 @@
|
||||
|
||||
# List of base system packages required to enable ci automation
|
||||
CI_SYSTEM_BASE_PKGS = {
|
||||
+ 'almalinux': ['python3-tox'],
|
||||
+ 'cloudlinux': ['python3-tox'],
|
||||
'common': ['make', 'sudo', 'tar'],
|
||||
'eurolinux': ['python3-tox'],
|
||||
'miraclelinux': ['python3-tox'],
|
||||
@@ -285,10 +293,10 @@
|
||||
cmd = DRY_DISTRO_INSTALL_PKG_CMD[distro]
|
||||
install_cmd.extend(cmd)
|
||||
|
||||
- if distro in ['centos', 'redhat', 'rocky', 'eurolinux']:
|
||||
+ if distro in ['almalinux', 'cloudlinux', 'centos', 'redhat', 'rocky', 'eurolinux']:
|
||||
# CentOS and Redhat need epel-release to access oauthlib and jsonschema
|
||||
subprocess.check_call(install_cmd + ['epel-release'])
|
||||
- if distro in ['suse', 'opensuse', 'redhat', 'rocky', 'centos', 'eurolinux']:
|
||||
+ if distro in ['almalinux', 'cloudlinux', 'suse', 'opensuse', 'redhat', 'rocky', 'centos', 'eurolinux']:
|
||||
pkg_list.append('rpm-build')
|
||||
subprocess.check_call(install_cmd + pkg_list)
|
||||
|
||||
diff -aruN cloud-init-22.1/tools/run-container cloud-init-22.1.patched/tools/run-container
|
||||
--- cloud-init-22.1/tools/run-container 2022-02-15 21:02:23
|
||||
+++ cloud-init-22.1.patched/tools/run-container 2023-08-04 13:07:29
|
||||
@@ -102,7 +102,7 @@
|
||||
}
|
||||
local t=${gitdir%/*}
|
||||
case "$t" in
|
||||
- */worktrees)
|
||||
+ */worktrees)
|
||||
if [ -f "${t%worktrees}/config" ]; then
|
||||
gitdir="${t%worktrees}"
|
||||
fi
|
||||
@@ -191,7 +191,7 @@
|
||||
|
||||
get_os_info() {
|
||||
# run inside container, set OS_NAME, OS_VERSION
|
||||
- # example OS_NAME are centos, debian, opensuse, rockylinux
|
||||
+ # example OS_NAME are almalinux, centos, cloudlinux, debian, opensuse, rockylinux
|
||||
[ -n "${OS_NAME:-}" -a -n "${OS_VERSION:-}" ] && return 0
|
||||
if [ -f /etc/os-release ]; then
|
||||
OS_NAME=$(sh -c '. /etc/os-release; echo $ID')
|
||||
@@ -247,7 +247,7 @@
|
||||
install_packages() {
|
||||
get_os_info || return
|
||||
case "$OS_NAME" in
|
||||
- centos|rocky*) yum_install "$@";;
|
||||
+ almalinux|centos|cloudlinux|rocky*) yum_install "$@";;
|
||||
opensuse) zypper_install "$@";;
|
||||
debian|ubuntu) apt_install "$@";;
|
||||
*) error "Do not know how to install packages on ${OS_NAME}";
|
||||
@@ -486,16 +486,16 @@
|
||||
|
||||
local build_pkg="" build_srcpkg="" pkg_ext="" distflag=""
|
||||
case "$OS_NAME" in
|
||||
- centos|rocky) distflag="--distro=redhat";;
|
||||
+ almalinux|centos|cloudlinux|rocky) distflag="--distro=redhat";;
|
||||
opensuse) distflag="--distro=suse";;
|
||||
esac
|
||||
|
||||
case "$OS_NAME" in
|
||||
debian|ubuntu)
|
||||
- build_pkg="./packages/bddeb -d"
|
||||
+ build_pkg="./packages/bddeb -d"
|
||||
build_srcpkg="./packages/bddeb -S -d"
|
||||
pkg_ext=".deb";;
|
||||
- centos|opensuse|rocky)
|
||||
+ almalinux|centos|cloudlinux|opensuse|rocky)
|
||||
build_pkg="./packages/brpm $distflag"
|
||||
build_srcpkg="./packages/brpm $distflag --srpm"
|
||||
pkg_ext=".rpm";;
|
||||
@ -0,0 +1,42 @@
|
||||
From b952fa472be3f417e0d857c8647a1b930624c247 Mon Sep 17 00:00:00 2001
|
||||
From: Eduardo Otubo <otubo@redhat.com>
|
||||
Date: Fri, 25 Feb 2022 05:05:17 -0500
|
||||
Subject: Adding _netdev to the default mount configuration
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 21: Adding _netdev to the default mount configuration
|
||||
RH-Commit: [1/1] 250860a24db396a5088d207d6526a0028ac73eb3 (otubo/cloud-init-src)
|
||||
RH-Bugzilla: 1998445
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
|
||||
Adding _netdev option also to the default configuration for RHEL.
|
||||
|
||||
rhbz: 1998445
|
||||
x-downstream-only: yes
|
||||
|
||||
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
||||
|
||||
patch_name: ci-Adding-_netdev-to-the-default-mount-configuration.patch
|
||||
present_in_specfile: true
|
||||
location_in_specfile: 29
|
||||
---
|
||||
rhel/cloud.cfg | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
|
||||
index 9ecba215..1ec1a6c6 100644
|
||||
--- a/rhel/cloud.cfg
|
||||
+++ b/rhel/cloud.cfg
|
||||
@@ -4,7 +4,7 @@ users:
|
||||
disable_root: 1
|
||||
ssh_pwauth: 0
|
||||
|
||||
-mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
|
||||
+mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2']
|
||||
resize_rootfs_tmp: /dev
|
||||
ssh_deletekeys: 1
|
||||
ssh_genkeytypes: ~
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -0,0 +1,49 @@
|
||||
From a14df44ffdc880ae16c691901e2671458ab234ff Mon Sep 17 00:00:00 2001
|
||||
From: Eduardo Otubo <otubo@redhat.com>
|
||||
Date: Thu, 17 Feb 2022 15:32:35 +0100
|
||||
Subject: Setting highest autoconnect priority for network-scripts
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
RH-MergeRequest: 22: Setting highest autoconnect priority for network-scripts
|
||||
RH-Commit: [1/1] 34f1d62f8934a983a124df95b861a1e448681d3b (otubo/cloud-init-src)
|
||||
RH-Bugzilla: 2036060
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||
|
||||
Set the highest autoconnect priority for network-scripts which is
|
||||
loaded by NetworkManager ifcfg-rh plugin. Note that keyfile is the only
|
||||
and default existing plugin on RHEL9, by setting the highest autoconnect
|
||||
priority for network-scripts, NetworkManager will activate
|
||||
network-scripts but keyfile. Network-scripts path:
|
||||
|
||||
Since this is a blocking issue, we decided to have this one-liner
|
||||
downstream-only patch so we can move forward and have a better
|
||||
NetworkManager support later on the release.
|
||||
|
||||
rhbz: 2036060
|
||||
x-downstream-only: yes
|
||||
|
||||
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
||||
|
||||
patch_name: ci-Setting-highest-autoconnect-priority-for-network-scr.patch
|
||||
present_in_specfile: true
|
||||
location_in_specfile: 30
|
||||
---
|
||||
cloudinit/net/sysconfig.py | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
|
||||
index d8c53312..b50035b5 100644
|
||||
--- a/cloudinit/net/sysconfig.py
|
||||
+++ b/cloudinit/net/sysconfig.py
|
||||
@@ -337,6 +337,7 @@ class Renderer(renderer.Renderer):
|
||||
"ONBOOT": True,
|
||||
"USERCTL": False,
|
||||
"BOOTPROTO": "none",
|
||||
+ "AUTOCONNECT_PRIORITY": 999
|
||||
},
|
||||
"suse": {"BOOTPROTO": "static", "STARTMODE": "auto"},
|
||||
}
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
From ffa647e83efd4293bd027e9e390274aad8a12d94 Mon Sep 17 00:00:00 2001
|
||||
From: Eduardo Otubo <otubo@redhat.com>
|
||||
Date: Fri, 7 May 2021 13:36:13 +0200
|
||||
Subject: include 'NOZEROCONF=yes' in /etc/sysconfig/network
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
Message-id: <20190320114559.23708-1-otubo@redhat.com>
|
||||
Patchwork-id: 84937
|
||||
O-Subject: [RHEL-7.7 cloud-init PATCH] include 'NOZEROCONF=yes' in /etc/sysconfig/network
|
||||
Bugzilla: 1653131
|
||||
RH-Acked-by: Cathy Avery <cavery@redhat.com>
|
||||
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
The option NOZEROCONF=yes is not included by default in
|
||||
/etc/sysconfig/network, which is required by Overcloud instances. The
|
||||
patch also includes tests for the modifications.
|
||||
|
||||
X-downstream-only: yes
|
||||
Resolves: rhbz#1653131
|
||||
|
||||
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
cloudinit/net/sysconfig.py | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
|
||||
index e06ddee7..362e8d19 100644
|
||||
--- a/cloudinit/net/sysconfig.py
|
||||
+++ b/cloudinit/net/sysconfig.py
|
||||
@@ -1038,7 +1038,16 @@ class Renderer(renderer.Renderer):
|
||||
# Distros configuring /etc/sysconfig/network as a file e.g. Centos
|
||||
if sysconfig_path.endswith("network"):
|
||||
util.ensure_dir(os.path.dirname(sysconfig_path))
|
||||
- netcfg = [_make_header(), "NETWORKING=yes"]
|
||||
+ netcfg = []
|
||||
+ for line in util.load_file(sysconfig_path, quiet=True).split("\n"):
|
||||
+ if "cloud-init" in line:
|
||||
+ break
|
||||
+ if not line.startswith(("NETWORKING=",
|
||||
+ "IPV6_AUTOCONF=",
|
||||
+ "NETWORKING_IPV6=")):
|
||||
+ netcfg.append(line)
|
||||
+ # Now generate the cloud-init portion of sysconfig/network
|
||||
+ netcfg.extend([_make_header(), "NETWORKING=yes"])
|
||||
if network_state.use_ipv6:
|
||||
netcfg.append("NETWORKING_IPV6=yes")
|
||||
netcfg.append("IPV6_AUTOCONF=no")
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -1,148 +0,0 @@
|
||||
From 386f0a82bfdfd62e506bf4251c17263260d3250a Mon Sep 17 00:00:00 2001
|
||||
From: Eduardo Otubo <otubo@redhat.com>
|
||||
Date: Fri, 7 May 2021 13:36:14 +0200
|
||||
Subject: Remove race condition between cloud-init and NetworkManager
|
||||
|
||||
Message-id: <20200302104635.11648-1-otubo@redhat.com>
|
||||
Patchwork-id: 94098
|
||||
O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Remove race condition between cloud-init and NetworkManager
|
||||
Bugzilla: 1807797
|
||||
RH-Acked-by: Cathy Avery <cavery@redhat.com>
|
||||
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
|
||||
|
||||
BZ: 1748015
|
||||
BRANCH: rhel7/master-18.5
|
||||
BREW: 26924611
|
||||
|
||||
BZ: 1807797
|
||||
BRANCH: rhel820/master-18.5
|
||||
BREW: 26924957
|
||||
|
||||
cloud-init service is set to start before NetworkManager service starts,
|
||||
but this does not avoid a race condition between them. NetworkManager
|
||||
starts before cloud-init can write `dns=none' to the file:
|
||||
/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager
|
||||
doesn't read the configuration and erases all resolv.conf values upon
|
||||
shutdown. On the next reboot neither cloud-init or NetworkManager will
|
||||
write anything to resolv.conf, leaving it blank.
|
||||
|
||||
This patch introduces a NM reload (try-restart) at the end of cloud-init
|
||||
start up so it won't erase resolv.conf upon first shutdown.
|
||||
|
||||
x-downstream-only: yes
|
||||
resolves: rhbz#1748015, rhbz#1807797 and rhbz#1804780
|
||||
|
||||
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
This commit is a squash and also includes the folloowing commits:
|
||||
|
||||
commit 316a17b7c02a87fa9b2981535be0b20d165adc46
|
||||
Author: Eduardo Otubo <otubo@redhat.com>
|
||||
Date: Mon Jun 1 11:58:06 2020 +0200
|
||||
|
||||
Make cloud-init.service execute after network is up
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
Message-id: <20200526090804.2047-1-otubo@redhat.com>
|
||||
Patchwork-id: 96809
|
||||
O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up
|
||||
Bugzilla: 1803928
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
cloud-init.service needs to wait until network is fully up before
|
||||
continuing executing and configuring its service.
|
||||
|
||||
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
||||
|
||||
x-downstream-only: yes
|
||||
Resolves: rhbz#1831646
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
commit 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7
|
||||
Author: Eduardo Otubo <otubo@redhat.com>
|
||||
Date: Thu May 28 08:44:08 2020 +0200
|
||||
|
||||
Remove race condition between cloud-init and NetworkManager
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
Message-id: <20200327121911.17699-1-otubo@redhat.com>
|
||||
Patchwork-id: 94453
|
||||
O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager
|
||||
Bugzilla: 1840648
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Cathy Avery <cavery@redhat.com>
|
||||
|
||||
cloud-init service is set to start before NetworkManager service starts,
|
||||
but this does not avoid a race condition between them. NetworkManager
|
||||
starts before cloud-init can write `dns=none' to the file:
|
||||
/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager
|
||||
doesn't read the configuration and erases all resolv.conf values upon
|
||||
shutdown. On the next reboot neither cloud-init or NetworkManager will
|
||||
write anything to resolv.conf, leaving it blank.
|
||||
|
||||
This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init
|
||||
start up so it won't erase resolv.conf upon first shutdown.
|
||||
|
||||
x-downstream-only: yes
|
||||
|
||||
Signed-off-by: Eduardo Otubo otubo@redhat.com
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
commit e0b48a936433faea7f56dbc29dda35acf7d375f7
|
||||
Author: Eduardo Otubo <otubo@redhat.com>
|
||||
Date: Thu May 28 08:44:06 2020 +0200
|
||||
|
||||
Enable ssh_deletekeys by default
|
||||
|
||||
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
||||
Message-id: <20200317091705.15715-1-otubo@redhat.com>
|
||||
Patchwork-id: 94365
|
||||
O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default
|
||||
Bugzilla: 1814152
|
||||
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
The configuration option ssh_deletekeys will trigger the generation
|
||||
of new ssh keys for every new instance deployed.
|
||||
|
||||
x-downstream-only: yes
|
||||
resolves: rhbz#1814152
|
||||
|
||||
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
rhel/cloud.cfg | 2 +-
|
||||
rhel/systemd/cloud-init.service | 1 +
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg
|
||||
index 82e8bf62..9ecba215 100644
|
||||
--- a/rhel/cloud.cfg
|
||||
+++ b/rhel/cloud.cfg
|
||||
@@ -6,7 +6,7 @@ ssh_pwauth: 0
|
||||
|
||||
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
|
||||
resize_rootfs_tmp: /dev
|
||||
-ssh_deletekeys: 0
|
||||
+ssh_deletekeys: 1
|
||||
ssh_genkeytypes: ~
|
||||
syslog_fix_perms: ~
|
||||
disable_vmware_customization: false
|
||||
diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service
|
||||
index d0023a05..0b3d796d 100644
|
||||
--- a/rhel/systemd/cloud-init.service
|
||||
+++ b/rhel/systemd/cloud-init.service
|
||||
@@ -5,6 +5,7 @@ Wants=sshd-keygen.service
|
||||
Wants=sshd.service
|
||||
After=cloud-init-local.service
|
||||
After=NetworkManager.service network.service
|
||||
+After=NetworkManager-wait-online.service
|
||||
Before=network-online.target
|
||||
Before=sshd-keygen.service
|
||||
Before=sshd.service
|
||||
--
|
||||
2.31.1
|
||||
|
||||
@ -0,0 +1,516 @@
|
||||
From 1176a788c23697099093b4d8a9a21f10f71ebb12 Mon Sep 17 00:00:00 2001
|
||||
From: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
Date: Wed, 1 Feb 2023 10:47:07 +0100
|
||||
Subject: [PATCH] Allow growpart to resize encrypted partitions (#1316)
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2166245
|
||||
|
||||
commit d95a331d1035d52443c470e0c00765a2c2b271cc
|
||||
Author: James Falcon <james.falcon@canonical.com>
|
||||
Date: Tue Apr 26 19:03:13 2022 -0500
|
||||
|
||||
Allow growpart to resize encrypted partitions (#1316)
|
||||
|
||||
Adds the ability for growpart to resize a LUKS formatted partition.
|
||||
This involves resizing the underlying partition as well as the
|
||||
filesystem. 'cryptsetup' is used for resizing.
|
||||
|
||||
This relies on a file present at /cc_growpart_keydata containing
|
||||
json formatted 'key' and 'slot' keys, with the key being
|
||||
base64 encoded. After resize, cloud-init will destroy
|
||||
the luks slot used for resizing and remove the key file.
|
||||
|
||||
Conflicts:
|
||||
cloudinit/config/cc_growpart.py (includes only)
|
||||
|
||||
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
---
|
||||
cloudinit/config/cc_growpart.py | 171 +++++++++++++++-
|
||||
test-requirements.txt | 1 +
|
||||
tests/unittests/config/test_cc_growpart.py | 228 +++++++++++++++++++++
|
||||
tox.ini | 1 +
|
||||
4 files changed, 400 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cloudinit/config/cc_growpart.py b/cloudinit/config/cc_growpart.py
|
||||
index 43334caa..bdf17aba 100644
|
||||
--- a/cloudinit/config/cc_growpart.py
|
||||
+++ b/cloudinit/config/cc_growpart.py
|
||||
@@ -64,10 +64,16 @@ growpart is::
|
||||
ignore_growroot_disabled: <true/false>
|
||||
"""
|
||||
|
||||
+import base64
|
||||
+import copy
|
||||
+import json
|
||||
import os
|
||||
import os.path
|
||||
import re
|
||||
import stat
|
||||
+from contextlib import suppress
|
||||
+from pathlib import Path
|
||||
+from typing import Tuple
|
||||
|
||||
from cloudinit import log as logging
|
||||
from cloudinit import subp, temp_utils, util
|
||||
@@ -81,6 +87,8 @@ DEFAULT_CONFIG = {
|
||||
"ignore_growroot_disabled": False,
|
||||
}
|
||||
|
||||
+KEYDATA_PATH = Path("/cc_growpart_keydata")
|
||||
+
|
||||
|
||||
class RESIZE(object):
|
||||
SKIPPED = "SKIPPED"
|
||||
@@ -289,10 +297,128 @@ def devent2dev(devent):
|
||||
return dev
|
||||
|
||||
|
||||
+def get_mapped_device(blockdev):
|
||||
+ """Returns underlying block device for a mapped device.
|
||||
+
|
||||
+ If it is mapped, blockdev will usually take the form of
|
||||
+ /dev/mapper/some_name
|
||||
+
|
||||
+ If blockdev is a symlink pointing to a /dev/dm-* device, return
|
||||
+ the device pointed to. Otherwise, return None.
|
||||
+ """
|
||||
+ realpath = os.path.realpath(blockdev)
|
||||
+ if realpath.startswith("/dev/dm-"):
|
||||
+ LOG.debug("%s is a mapped device pointing to %s", blockdev, realpath)
|
||||
+ return realpath
|
||||
+ return None
|
||||
+
|
||||
+
|
||||
+def is_encrypted(blockdev, partition) -> bool:
|
||||
+ """
|
||||
+ Check if a device is an encrypted device. blockdev should have
|
||||
+ a /dev/dm-* path whereas partition is something like /dev/sda1.
|
||||
+ """
|
||||
+ if not subp.which("cryptsetup"):
|
||||
+ LOG.debug("cryptsetup not found. Assuming no encrypted partitions")
|
||||
+ return False
|
||||
+ try:
|
||||
+ subp.subp(["cryptsetup", "status", blockdev])
|
||||
+ except subp.ProcessExecutionError as e:
|
||||
+ if e.exit_code == 4:
|
||||
+ LOG.debug("Determined that %s is not encrypted", blockdev)
|
||||
+ else:
|
||||
+ LOG.warning(
|
||||
+ "Received unexpected exit code %s from "
|
||||
+ "cryptsetup status. Assuming no encrypted partitions.",
|
||||
+ e.exit_code,
|
||||
+ )
|
||||
+ return False
|
||||
+ with suppress(subp.ProcessExecutionError):
|
||||
+ subp.subp(["cryptsetup", "isLuks", partition])
|
||||
+ LOG.debug("Determined that %s is encrypted", blockdev)
|
||||
+ return True
|
||||
+ return False
|
||||
+
|
||||
+
|
||||
+def get_underlying_partition(blockdev):
|
||||
+ command = ["dmsetup", "deps", "--options=devname", blockdev]
|
||||
+ dep: str = subp.subp(command)[0] # type: ignore
|
||||
+ # Returned result should look something like:
|
||||
+ # 1 dependencies : (vdb1)
|
||||
+ if not dep.startswith("1 depend"):
|
||||
+ raise RuntimeError(
|
||||
+ f"Expecting '1 dependencies' from 'dmsetup'. Received: {dep}"
|
||||
+ )
|
||||
+ try:
|
||||
+ return f'/dev/{dep.split(": (")[1].split(")")[0]}'
|
||||
+ except IndexError as e:
|
||||
+ raise RuntimeError(
|
||||
+ f"Ran `{command}`, but received unexpected stdout: `{dep}`"
|
||||
+ ) from e
|
||||
+
|
||||
+
|
||||
+def resize_encrypted(blockdev, partition) -> Tuple[str, str]:
|
||||
+ """Use 'cryptsetup resize' to resize LUKS volume.
|
||||
+
|
||||
+ The loaded keyfile is json formatted with 'key' and 'slot' keys.
|
||||
+ key is base64 encoded. Example:
|
||||
+ {"key":"XFmCwX2FHIQp0LBWaLEMiHIyfxt1SGm16VvUAVledlY=","slot":5}
|
||||
+ """
|
||||
+ if not KEYDATA_PATH.exists():
|
||||
+ return (RESIZE.SKIPPED, "No encryption keyfile found")
|
||||
+ try:
|
||||
+ with KEYDATA_PATH.open() as f:
|
||||
+ keydata = json.load(f)
|
||||
+ key = keydata["key"]
|
||||
+ decoded_key = base64.b64decode(key)
|
||||
+ slot = keydata["slot"]
|
||||
+ except Exception as e:
|
||||
+ raise RuntimeError(
|
||||
+ "Could not load encryption key. This is expected if "
|
||||
+ "the volume has been previously resized."
|
||||
+ ) from e
|
||||
+
|
||||
+ try:
|
||||
+ subp.subp(
|
||||
+ ["cryptsetup", "--key-file", "-", "resize", blockdev],
|
||||
+ data=decoded_key,
|
||||
+ )
|
||||
+ finally:
|
||||
+ try:
|
||||
+ subp.subp(
|
||||
+ [
|
||||
+ "cryptsetup",
|
||||
+ "luksKillSlot",
|
||||
+ "--batch-mode",
|
||||
+ partition,
|
||||
+ str(slot),
|
||||
+ ]
|
||||
+ )
|
||||
+ except subp.ProcessExecutionError as e:
|
||||
+ LOG.warning(
|
||||
+ "Failed to kill luks slot after resizing encrypted volume: %s",
|
||||
+ e,
|
||||
+ )
|
||||
+ try:
|
||||
+ KEYDATA_PATH.unlink()
|
||||
+ except Exception:
|
||||
+ util.logexc(
|
||||
+ LOG, "Failed to remove keyfile after resizing encrypted volume"
|
||||
+ )
|
||||
+
|
||||
+ return (
|
||||
+ RESIZE.CHANGED,
|
||||
+ f"Successfully resized encrypted volume '{blockdev}'",
|
||||
+ )
|
||||
+
|
||||
+
|
||||
def resize_devices(resizer, devices):
|
||||
# returns a tuple of tuples containing (entry-in-devices, action, message)
|
||||
+ devices = copy.copy(devices)
|
||||
info = []
|
||||
- for devent in devices:
|
||||
+
|
||||
+ while devices:
|
||||
+ devent = devices.pop(0)
|
||||
try:
|
||||
blockdev = devent2dev(devent)
|
||||
except ValueError as e:
|
||||
@@ -329,6 +455,49 @@ def resize_devices(resizer, devices):
|
||||
)
|
||||
continue
|
||||
|
||||
+ underlying_blockdev = get_mapped_device(blockdev)
|
||||
+ if underlying_blockdev:
|
||||
+ try:
|
||||
+ # We need to resize the underlying partition first
|
||||
+ partition = get_underlying_partition(blockdev)
|
||||
+ if is_encrypted(underlying_blockdev, partition):
|
||||
+ if partition not in [x[0] for x in info]:
|
||||
+ # We shouldn't attempt to resize this mapped partition
|
||||
+ # until the underlying partition is resized, so re-add
|
||||
+ # our device to the beginning of the list we're
|
||||
+ # iterating over, then add our underlying partition
|
||||
+ # so it can get processed first
|
||||
+ devices.insert(0, devent)
|
||||
+ devices.insert(0, partition)
|
||||
+ continue
|
||||
+ status, message = resize_encrypted(blockdev, partition)
|
||||
+ info.append(
|
||||
+ (
|
||||
+ devent,
|
||||
+ status,
|
||||
+ message,
|
||||
+ )
|
||||
+ )
|
||||
+ else:
|
||||
+ info.append(
|
||||
+ (
|
||||
+ devent,
|
||||
+ RESIZE.SKIPPED,
|
||||
+ f"Resizing mapped device ({blockdev}) skipped "
|
||||
+ "as it is not encrypted.",
|
||||
+ )
|
||||
+ )
|
||||
+ except Exception as e:
|
||||
+ info.append(
|
||||
+ (
|
||||
+ devent,
|
||||