From 93aff1ae285938ed98d77bb8dfadbbc6f5d94dff Mon Sep 17 00:00:00 2001 From: Elkhan Mammadli Date: Tue, 21 Feb 2023 15:20:57 +0400 Subject: [PATCH] Fix and Improve AlmaLinux support Add a new patch to fix some module errors and improve AlmaLinux support - Fix cc_ntp module - Add support for cc_yum_add_repo module - Add support for cc_ca_certs module - Improve the AlmaLinux support in Cloud-init configuration - Improve the AlmaLinux support in Cloud-init systemd services - Add support to Rbx Cloud Datasource Signed-off-by: Elkhan Mammadli --- cloudinit/config/cc_ca_certs.py | 9 +++- cloudinit/config/cc_ntp.py | 8 ++++ cloudinit/settings.py | 2 +- cloudinit/sources/DataSourceRbxCloud.py | 2 +- config/cloud.cfg.tmpl | 10 ++-- packages/pkg-deps.json | 14 ++++++ systemd/cloud-config.service.tmpl | 2 +- systemd/cloud-final.service.tmpl | 4 +- systemd/cloud-init-local.service.tmpl | 12 ++--- systemd/cloud-init.service.tmpl | 4 +- templates/chrony.conf.almalinux.tmpl | 45 ++++++++++++++++++ templates/ntp.conf.almalinux.tmpl | 61 +++++++++++++++++++++++++ tests/unittests/test_net.py | 1 + tests/unittests/test_render_cloudcfg.py | 2 + tools/read-dependencies | 8 +++- tools/run-container | 12 ++--- 16 files changed, 169 insertions(+), 27 deletions(-) create mode 100644 templates/chrony.conf.almalinux.tmpl create mode 100644 templates/ntp.conf.almalinux.tmpl diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index 6084cb4..55746ea 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -19,6 +19,13 @@ DEFAULT_CONFIG = { "ca_cert_update_cmd": ["update-ca-certificates"], } DISTRO_OVERRIDES = { + "almalinux": { + "ca_cert_path": "/usr/share/pki/ca-trust-source/", + "ca_cert_filename": "anchors/cloud-init-ca-certs.crt", + "ca_cert_config": None, + "ca_cert_system_path": "/etc/pki/ca-trust/", + "ca_cert_update_cmd": ["update-ca-trust"], + }, "rhel": { "ca_cert_path": "/usr/share/pki/ca-trust-source/", "ca_cert_filename": "anchors/cloud-init-ca-certs.crt", @@ -43,7 +50,7 @@ can be removed from the system with the configuration option ca-certificates package is installed but not if the ca-certificates-bundle package is installed. """ -distros = ["alpine", "debian", "ubuntu", "rhel"] +distros = ["almalinux", "alpine", "debian", "ubuntu", "rhel"] meta: MetaSchema = { "id": "cc_ca_certs", diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py index 25bba76..a0c29c4 100644 --- a/cloudinit/config/cc_ntp.py +++ b/cloudinit/config/cc_ntp.py @@ -80,6 +80,14 @@ NTP_CLIENT_CONFIG = { # This is Distro-specific configuration overrides of the base config DISTRO_CLIENT_CONFIG = { + "almalinux": { + "ntp": { + "service_name": "ntpd", + }, + "chrony": { + "service_name": "chronyd", + }, + }, "alpine": { "chrony": { "confpath": "/etc/chrony/chrony.conf", diff --git a/cloudinit/settings.py b/cloudinit/settings.py index 71672e1..e8224f8 100644 --- a/cloudinit/settings.py +++ b/cloudinit/settings.py @@ -58,7 +58,7 @@ CFG_BUILTIN = { "cloud_dir": "/var/lib/cloud", "templates_dir": "/etc/cloud/templates/", }, - "distro": "rhel", + "distro": "almalinux", "network": {"renderers": None}, }, "vendor_data": {"enabled": True, "prefix": []}, diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py index 14ac77e..7cd14a1 100644 --- a/cloudinit/sources/DataSourceRbxCloud.py +++ b/cloudinit/sources/DataSourceRbxCloud.py @@ -55,7 +55,7 @@ def _sub_arp(cmd): def gratuitous_arp(items, distro): source_param = "-S" - if distro.name in ["fedora", "centos", "rhel"]: + if distro.name in ["almalinux", "fedora", "centos", "rhel"]: source_param = "-s" for item in items: try: diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl --- a/config/cloud.cfg.tmpl +++ b/config/cloud.cfg.tmpl @@ -2,7 +2,7 @@ # The top level settings are used as module # and system configuration. {% set is_bsd = variant in ["dragonfly", "freebsd", "netbsd", "openbsd"] %} -{% set is_rhel = variant in ["rhel", "centos"] %} +{% set is_rhel = variant in ["rhel", "centos", "almalinux"] %} {% if is_bsd %} syslog_fix_perms: root:wheel {% elif variant in ["suse"] %} diff --git a/packages/pkg-deps.json b/packages/pkg-deps.json index eaf1346..0aa70f6 100644 --- a/packages/pkg-deps.json +++ b/packages/pkg-deps.json @@ -1,4 +1,18 @@ { + "almalinux" : { + "build-requires" : [ + "python3-devel" + ], + "requires" : [ + "e2fsprogs", + "iproute", + "net-tools", + "procps", + "rsyslog", + "shadow-utils", + "sudo" + ] + }, "debian" : { "build-requires" : [ "debhelper", diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl index d5568a6..4b88f83 100644 --- a/systemd/cloud-config.service.tmpl +++ b/systemd/cloud-config.service.tmpl @@ -4,7 +4,7 @@ Description=Apply the settings specified in cloud-config After=network-online.target cloud-config.target After=snapd.seeded.service Wants=network-online.target cloud-config.target -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl index 85f423a..aa5990c 100644 --- a/systemd/cloud-final.service.tmpl +++ b/systemd/cloud-final.service.tmpl @@ -7,7 +7,7 @@ After=multi-user.target Before=apt-daily.service {% endif %} Wants=network-online.target cloud-config.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} @@ -19,7 +19,7 @@ ExecStart=/usr/bin/cloud-init modules --mode=final RemainAfterExit=yes TimeoutSec=0 KillMode=process -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} # Restart NetworkManager if it is present and running. ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ out=$(systemctl show --property=SubState $u) || exit; \ diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl index a6b8265..29ac717 100644 --- a/systemd/cloud-init-local.service.tmpl +++ b/systemd/cloud-init-local.service.tmpl @@ -1,23 +1,23 @@ ## template:jinja [Unit] Description=Initial cloud-init job (pre-networking) -{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %} +{% if variant in ["almalinux", "ubuntu", "unknown", "debian", "rhel" ] %} DefaultDependencies=no {% endif %} Wants=network-pre.target After=hv_kvp_daemon.service After=systemd-remount-fs.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} Requires=dbus.socket After=dbus.socket {% endif %} Before=NetworkManager.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} Before=network.service {% endif %} Before=network-pre.target Before=shutdown.target -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} Before=firewalld.target Conflicts=shutdown.target {% endif %} @@ -26,14 +26,14 @@ Before=sysinit.target Conflicts=shutdown.target {% endif %} RequiresMountsFor=/var/lib/cloud -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} [Service] Type=oneshot -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} ExecStartPre=/bin/mkdir -p /run/cloud-init ExecStartPre=/sbin/restorecon /run/cloud-init ExecStartPre=/usr/bin/touch /run/cloud-init/enabled diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl index fc984d5..92dd985 100644 --- a/systemd/cloud-init.service.tmpl +++ b/systemd/cloud-init.service.tmpl @@ -1,7 +1,7 @@ ## template:jinja [Unit] Description=Initial cloud-init job (metadata service crawler) -{% if variant not in ["photon", "rhel"] %} +{% if variant not in ["almalinux", "photon", "rhel"] %} DefaultDependencies=no {% endif %} Wants=cloud-init-local.service @@ -37,7 +37,7 @@ Before=shutdown.target Conflicts=shutdown.target {% endif %} Before=systemd-user-sessions.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "rhel"] %} ConditionPathExists=!/etc/cloud/cloud-init.disabled ConditionKernelCommandLine=!cloud-init=disabled {% endif %} diff --git a/templates/chrony.conf.almalinux.tmpl b/templates/chrony.conf.almalinux.tmpl new file mode 100644 index 0000000..5b3542e --- /dev/null +++ b/templates/chrony.conf.almalinux.tmpl @@ -0,0 +1,45 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/templates/ntp.conf.almalinux.tmpl b/templates/ntp.conf.almalinux.tmpl new file mode 100644 index 0000000..62b4776 --- /dev/null +++ b/templates/ntp.conf.almalinux.tmpl @@ -0,0 +1,61 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py index 591241b..05aa3f9 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py @@ -6254,6 +6254,7 @@ class TestNetRenderers(CiTestCase): def test_sysconfig_available_uses_variant_mapping(self, m_info, m_avail): m_avail.return_value = True variants = [ + "almalinux", "suse", "centos", "eurolinux", diff --git a/tests/unittests/test_render_cloudcfg.py b/tests/unittests/test_render_cloudcfg.py index 9f95d44..f1844e9 100644 --- a/tests/unittests/test_render_cloudcfg.py +++ b/tests/unittests/test_render_cloudcfg.py @@ -9,6 +9,7 @@ from tests.unittests.helpers import cloud_init_project_dir # TODO(Look to align with tools.render-cloudcfg or cloudinit.distos.OSFAMILIES) DISTRO_VARIANTS = [ + "almalinux", "amazon", "arch", "centos", @@ -66,6 +67,7 @@ class TestRenderCloudCfg: system_cfg = util.load_yaml(stream.read()) default_user_exceptions = { + "almalinux": "almalinux", "amazon": "ec2-user", "debian": "ubuntu", "rhel": "cloud-user", diff --git a/tools/read-dependencies b/tools/read-dependencies index efa5879..7888c8f 100755 --- a/tools/read-dependencies +++ b/tools/read-dependencies @@ -22,6 +22,7 @@ DEFAULT_REQUIREMENTS = 'requirements.txt' # Map the appropriate package dir needed for each distro choice DISTRO_PKG_TYPE_MAP = { + 'almalinux': 'redhat', 'centos': 'redhat', 'eurolinux': 'redhat', 'miraclelinux': 'redhat', @@ -68,6 +69,7 @@ ZYPPER_INSTALL = [ '--auto-agree-with-licenses'] DRY_DISTRO_INSTALL_PKG_CMD = { + 'almalinux': ['yum', 'install', '--assumeyes'], 'rocky': ['yum', 'install', '--assumeyes'], 'centos': ['yum', 'install', '--assumeyes'], 'eurolinux': ['yum', 'install', '--assumeyes'], @@ -76,6 +78,7 @@ DRY_DISTRO_INSTALL_PKG_CMD = { } DISTRO_INSTALL_PKG_CMD = { + 'almalinux': MAYBE_RELIABLE_YUM_INSTALL, 'rocky': MAYBE_RELIABLE_YUM_INSTALL, 'eurolinux': MAYBE_RELIABLE_YUM_INSTALL, 'miraclelinux': MAYBE_RELIABLE_YUM_INSTALL, @@ -90,6 +93,7 @@ DISTRO_INSTALL_PKG_CMD = { # List of base system packages required to enable ci automation CI_SYSTEM_BASE_PKGS = { + 'almalinux': ['python3-tox'], 'common': ['make', 'sudo', 'tar'], 'eurolinux': ['python3-tox'], 'miraclelinux': ['python3-tox'], @@ -285,10 +289,10 @@ def pkg_install(pkg_list, distro, test_distro=False, dry_run=False): cmd = DRY_DISTRO_INSTALL_PKG_CMD[distro] install_cmd.extend(cmd) - if distro in ['centos', 'redhat', 'rocky', 'eurolinux']: + if distro in ['almalinux', 'centos', 'redhat', 'rocky', 'eurolinux']: # CentOS and Redhat need epel-release to access oauthlib and jsonschema subprocess.check_call(install_cmd + ['epel-release']) - if distro in ['suse', 'opensuse', 'redhat', 'rocky', 'centos', 'eurolinux']: + if distro in ['almalinux', 'suse', 'opensuse', 'redhat', 'rocky', 'centos', 'eurolinux']: pkg_list.append('rpm-build') subprocess.check_call(install_cmd + pkg_list) diff --git a/tools/run-container b/tools/run-container index e049dfd..02088aa 100755 --- a/tools/run-container +++ b/tools/run-container @@ -102,7 +102,7 @@ inject_cloud_init(){ } local t=${gitdir%/*} case "$t" in - */worktrees) + */worktrees) if [ -f "${t%worktrees}/config" ]; then gitdir="${t%worktrees}" fi @@ -191,7 +191,7 @@ os_info() { get_os_info() { # run inside container, set OS_NAME, OS_VERSION - # example OS_NAME are centos, debian, opensuse, rockylinux + # example OS_NAME are almalinux, centos, debian, opensuse, rockylinux [ -n "${OS_NAME:-}" -a -n "${OS_VERSION:-}" ] && return 0 if [ -f /etc/os-release ]; then OS_NAME=$(sh -c '. /etc/os-release; echo $ID') @@ -247,7 +247,7 @@ apt_install() { install_packages() { get_os_info || return case "$OS_NAME" in - centos|rocky*) yum_install "$@";; + almalinux|centos|rocky*) yum_install "$@";; opensuse) zypper_install "$@";; debian|ubuntu) apt_install "$@";; *) error "Do not know how to install packages on ${OS_NAME}"; @@ -486,16 +486,16 @@ main() { local build_pkg="" build_srcpkg="" pkg_ext="" distflag="" case "$OS_NAME" in - centos|rocky) distflag="--distro=redhat";; + almalinux|centos|rocky) distflag="--distro=redhat";; opensuse) distflag="--distro=suse";; esac case "$OS_NAME" in debian|ubuntu) - build_pkg="./packages/bddeb -d" + build_pkg="./packages/bddeb -d" build_srcpkg="./packages/bddeb -S -d" pkg_ext=".deb";; - centos|opensuse|rocky) + almalinux|centos|opensuse|rocky) build_pkg="./packages/brpm $distflag" build_srcpkg="./packages/brpm $distflag --srpm" pkg_ext=".rpm";; -- 2.39.2