From 1eb69f434883ca685c5ee6136203f28231e18039 Mon Sep 17 00:00:00 2001 From: Elkhan Mammadli Date: Tue, 10 Oct 2023 02:11:23 +0400 Subject: [PATCH 1/1] Improvements for AlmaLinux OS and CloudLinux OS Add AlmaLinux OS and CloudLinux OS support to: Modules: - cc_ca_certs - cc_ntp - cc_resolv_conf Datasources: - Rbx Cloud Datasource Systemd services: - cloud-config.service - cloud-final.service - cloud-init-local.service - cloud-init.service Signed-off-by: Elkhan Mammadli --- cloudinit/config/cc_ca_certs.py | 8 ++++ cloudinit/config/cc_ntp.py | 11 ++--- cloudinit/config/cc_resolv_conf.py | 2 + cloudinit/settings.py | 2 +- cloudinit/sources/DataSourceRbxCloud.py | 2 +- systemd/cloud-config.service.tmpl | 2 +- systemd/cloud-final.service.tmpl | 4 +- systemd/cloud-init-local.service.tmpl | 12 ++--- systemd/cloud-init.service.tmpl | 4 +- templates/chrony.conf.almalinux.tmpl | 45 ++++++++++++++++++ templates/chrony.conf.cloudlinux.tmpl | 45 ++++++++++++++++++ templates/ntp.conf.almalinux.tmpl | 61 +++++++++++++++++++++++++ templates/ntp.conf.cloudlinux.tmpl | 61 +++++++++++++++++++++++++ 13 files changed, 238 insertions(+), 21 deletions(-) create mode 100644 templates/chrony.conf.almalinux.tmpl create mode 100644 templates/chrony.conf.cloudlinux.tmpl create mode 100644 templates/ntp.conf.almalinux.tmpl create mode 100644 templates/ntp.conf.cloudlinux.tmpl diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index 4dc0868..1665d30 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -51,6 +51,12 @@ for distro in ( ): DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["opensuse"] +for distro in ( + "almalinux", + "cloudlinux", +): + DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["rhel"] + MODULE_DESCRIPTION = """\ This module adds CA certificates to the system's CA store and updates any related files using the appropriate OS-specific utility. The default CA @@ -66,6 +72,8 @@ configuration option ``remove_defaults``. order to provide the ``update-ca-certificates`` command. """ distros = [ + "almalinux", + "cloudlinux", "alpine", "debian", "rhel", diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py index b5620f3..eae4099 100644 --- a/cloudinit/config/cc_ntp.py +++ b/cloudinit/config/cc_ntp.py @@ -110,14 +110,6 @@ DISTRO_CLIENT_CONFIG = { "service_name": "ntpd", }, }, - "centos": { - "ntp": { - "service_name": "ntpd", - }, - "chrony": { - "service_name": "chronyd", - }, - }, "cos": { "chrony": { "service_name": "chronyd", @@ -225,6 +217,9 @@ DISTRO_CLIENT_CONFIG = { for distro in ("opensuse-microos", "opensuse-tumbleweed", "opensuse-leap"): DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["opensuse"] +for distro in ("almalinux", "centos", "cloudlinux"): + DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["rhel"] + for distro in ("sle_hpc", "sle-micro"): DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["sles"] diff --git a/cloudinit/config/cc_resolv_conf.py b/cloudinit/config/cc_resolv_conf.py index 4629ca7..21057a1 100644 --- a/cloudinit/config/cc_resolv_conf.py +++ b/cloudinit/config/cc_resolv_conf.py @@ -58,7 +58,9 @@ meta: MetaSchema = { "title": "Configure resolv.conf", "description": MODULE_DESCRIPTION, "distros": [ + "almalinux", "alpine", + "cloudlinux", "fedora", "mariner", "opensuse", diff --git a/cloudinit/settings.py b/cloudinit/settings.py index a36c518..9f0a5f4 100644 --- a/cloudinit/settings.py +++ b/cloudinit/settings.py @@ -62,7 +62,7 @@ CFG_BUILTIN = { "cloud_dir": "/var/lib/cloud", "templates_dir": "/etc/cloud/templates/", }, - "distro": "rhel", + "distro": "almalinux", "network": {"renderers": None}, }, "vendor_data": {"enabled": True, "prefix": []}, diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py index 6890562..0b3c80c 100644 --- a/cloudinit/sources/DataSourceRbxCloud.py +++ b/cloudinit/sources/DataSourceRbxCloud.py @@ -60,7 +60,7 @@ def _sub_arp(cmd): def gratuitous_arp(items, distro): source_param = "-S" - if distro.name in ["fedora", "centos", "rhel"]: + if distro.name in ["almalinux", "fedora", "centos", "cloudlinux", "rhel"]: source_param = "-s" for item in items: try: diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl index d5568a6..a4d6038 100644 --- a/systemd/cloud-config.service.tmpl +++ b/systemd/cloud-config.service.tmpl @@ -4,7 +4,7 @@ Description=Apply the settings specified in cloud-config After=network-online.target cloud-config.target After=snapd.seeded.service Wants=network-online.target cloud-config.target -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl index 85f423a..578c7f4 100644 --- a/systemd/cloud-final.service.tmpl +++ b/systemd/cloud-final.service.tmpl @@ -7,7 +7,7 @@ After=multi-user.target Before=apt-daily.service {% endif %} Wants=network-online.target cloud-config.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} @@ -19,7 +19,7 @@ ExecStart=/usr/bin/cloud-init modules --mode=final RemainAfterExit=yes TimeoutSec=0 KillMode=process -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} # Restart NetworkManager if it is present and running. ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ out=$(systemctl show --property=SubState $u) || exit; \ diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl index 6f3f9d8..f5521c4 100644 --- a/systemd/cloud-init-local.service.tmpl +++ b/systemd/cloud-init-local.service.tmpl @@ -1,23 +1,23 @@ ## template:jinja [Unit] Description=Initial cloud-init job (pre-networking) -{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %} +{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel" ] %} DefaultDependencies=no {% endif %} Wants=network-pre.target After=hv_kvp_daemon.service After=systemd-remount-fs.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Requires=dbus.socket After=dbus.socket {% endif %} Before=NetworkManager.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Before=network.service {% endif %} Before=network-pre.target Before=shutdown.target -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Before=firewalld.target Conflicts=shutdown.target {% endif %} @@ -26,14 +26,14 @@ Before=sysinit.target Conflicts=shutdown.target {% endif %} RequiresMountsFor=/var/lib/cloud -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} [Service] Type=oneshot -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ExecStartPre=/bin/mkdir -p /run/cloud-init ExecStartPre=/sbin/restorecon /run/cloud-init ExecStartPre=/usr/bin/touch /run/cloud-init/enabled diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl index 1b1f9a8..875555d 100644 --- a/systemd/cloud-init.service.tmpl +++ b/systemd/cloud-init.service.tmpl @@ -1,7 +1,7 @@ ## template:jinja [Unit] Description=Initial cloud-init job (metadata service crawler) -{% if variant not in ["photon", "rhel"] %} +{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %} DefaultDependencies=no {% endif %} Wants=cloud-init-local.service @@ -39,7 +39,7 @@ Before=shutdown.target Conflicts=shutdown.target {% endif %} Before=systemd-user-sessions.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} diff --git a/templates/chrony.conf.almalinux.tmpl b/templates/chrony.conf.almalinux.tmpl new file mode 100644 index 0000000..5b3542e --- /dev/null +++ b/templates/chrony.conf.almalinux.tmpl @@ -0,0 +1,45 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/templates/chrony.conf.cloudlinux.tmpl b/templates/chrony.conf.cloudlinux.tmpl new file mode 100644 index 0000000..5b3542e --- /dev/null +++ b/templates/chrony.conf.cloudlinux.tmpl @@ -0,0 +1,45 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/templates/ntp.conf.almalinux.tmpl b/templates/ntp.conf.almalinux.tmpl new file mode 100644 index 0000000..62b4776 --- /dev/null +++ b/templates/ntp.conf.almalinux.tmpl @@ -0,0 +1,61 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/templates/ntp.conf.cloudlinux.tmpl b/templates/ntp.conf.cloudlinux.tmpl new file mode 100644 index 0000000..62b4776 --- /dev/null +++ b/templates/ntp.conf.cloudlinux.tmpl @@ -0,0 +1,61 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats -- 2.41.0