From f4f100c0dddf1f11b239374a8dc452739b8e6a81 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Thu, 28 Mar 2024 14:24:08 +0000 Subject: [PATCH] Improvements for AlmaLinux OS and CloudLinux OS Add AlmaLinux OS and CloudLinux OS support to: Modules: - cc_ca_certs - cc_ntp - cc_resolv_conf Datasources: - Rbx Cloud Datasource Systemd services: - cloud-final.service - cloud-init-local.service - cloud-init.service --- cloudinit/config/cc_ca_certs.py | 8 ++++ cloudinit/config/cc_ntp.py | 11 ++--- cloudinit/config/cc_resolv_conf.py | 2 + cloudinit/settings.py | 2 +- cloudinit/sources/DataSourceRbxCloud.py | 2 +- systemd/cloud-final.service.tmpl | 2 +- systemd/cloud-init-local.service.tmpl | 10 ++-- systemd/cloud-init.service.tmpl | 2 +- templates/chrony.conf.almalinux.tmpl | 51 ++++++++++++++++++++ templates/chrony.conf.cloudlinux.tmpl | 51 ++++++++++++++++++++ templates/ntp.conf.almalinux.tmpl | 64 +++++++++++++++++++++++++ templates/ntp.conf.cloudlinux.tmpl | 64 +++++++++++++++++++++++++ 12 files changed, 252 insertions(+), 17 deletions(-) create mode 100644 templates/chrony.conf.almalinux.tmpl create mode 100644 templates/chrony.conf.cloudlinux.tmpl create mode 100644 templates/ntp.conf.almalinux.tmpl create mode 100644 templates/ntp.conf.cloudlinux.tmpl diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index 8d3fd9a..4dd5843 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -57,6 +57,12 @@ for distro in ( ): DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["opensuse"] +for distro in ( + "almalinux", + "cloudlinux", +): + DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["rhel"] + MODULE_DESCRIPTION = """\ This module adds CA certificates to the system's CA store and updates any related files using the appropriate OS-specific utility. The default CA @@ -72,6 +78,8 @@ configuration option ``remove_defaults``. order to provide the ``update-ca-certificates`` command. """ distros = [ + "almalinux", + "cloudlinux", "alpine", "debian", "fedora", diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py index 9eef24f..1015d43 100644 --- a/cloudinit/config/cc_ntp.py +++ b/cloudinit/config/cc_ntp.py @@ -109,14 +109,6 @@ DISTRO_CLIENT_CONFIG = { "service_name": "ntpd", }, }, - "centos": { - "ntp": { - "service_name": "ntpd", - }, - "chrony": { - "service_name": "chronyd", - }, - }, "cos": { "chrony": { "service_name": "chronyd", @@ -224,6 +216,9 @@ DISTRO_CLIENT_CONFIG = { for distro in ("opensuse-microos", "opensuse-tumbleweed", "opensuse-leap"): DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["opensuse"] +for distro in ("almalinux", "centos", "cloudlinux"): + DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["rhel"] + for distro in ("sle_hpc", "sle-micro"): DISTRO_CLIENT_CONFIG[distro] = DISTRO_CLIENT_CONFIG["sles"] diff --git a/cloudinit/config/cc_resolv_conf.py b/cloudinit/config/cc_resolv_conf.py index aa88919..4eb1d76 100644 --- a/cloudinit/config/cc_resolv_conf.py +++ b/cloudinit/config/cc_resolv_conf.py @@ -57,7 +57,9 @@ meta: MetaSchema = { "title": "Configure resolv.conf", "description": MODULE_DESCRIPTION, "distros": [ + "almalinux", "alpine", + "cloudlinux", "fedora", "mariner", "opensuse", diff --git a/cloudinit/settings.py b/cloudinit/settings.py index 5ced21b..51cb115 100644 --- a/cloudinit/settings.py +++ b/cloudinit/settings.py @@ -61,7 +61,7 @@ CFG_BUILTIN = { "cloud_dir": "/var/lib/cloud", "templates_dir": "/etc/cloud/templates/", }, - "distro": "rhel", + "distro": "almalinux", "network": {"renderers": None}, }, "vendor_data": {"enabled": True, "prefix": []}, diff --git a/cloudinit/sources/DataSourceRbxCloud.py b/cloudinit/sources/DataSourceRbxCloud.py index 9214f1b..14880ec 100644 --- a/cloudinit/sources/DataSourceRbxCloud.py +++ b/cloudinit/sources/DataSourceRbxCloud.py @@ -60,7 +60,7 @@ def _sub_arp(cmd): def gratuitous_arp(items, distro): source_param = "-S" - if distro.name in ["fedora", "centos", "rhel"]: + if distro.name in ["almalinux", "fedora", "centos", "cloudlinux", "rhel"]: source_param = "-s" for item in items: try: diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl index bcf8b00..6d34761 100644 --- a/systemd/cloud-final.service.tmpl +++ b/systemd/cloud-final.service.tmpl @@ -18,7 +18,7 @@ ExecStart=/usr/bin/cloud-init modules --mode=final RemainAfterExit=yes TimeoutSec=0 KillMode=process -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} # Restart NetworkManager if it is present and running. ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ out=$(systemctl show --property=SubState $u) || exit; \ diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl index 3a1ca7f..853ae2c 100644 --- a/systemd/cloud-init-local.service.tmpl +++ b/systemd/cloud-init-local.service.tmpl @@ -1,23 +1,23 @@ ## template:jinja [Unit] Description=Initial cloud-init job (pre-networking) -{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %} +{% if variant in ["almalinux", "cloudlinux", "ubuntu", "unknown", "debian", "rhel" ] %} DefaultDependencies=no {% endif %} Wants=network-pre.target After=hv_kvp_daemon.service After=systemd-remount-fs.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Requires=dbus.socket After=dbus.socket {% endif %} Before=NetworkManager.service -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Before=network.service {% endif %} Before=network-pre.target Before=shutdown.target -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} Before=firewalld.target Conflicts=shutdown.target {% endif %} @@ -32,7 +32,7 @@ ConditionEnvironment=!KERNEL_CMDLINE=cloud-init=disabled [Service] Type=oneshot -{% if variant == "rhel" %} +{% if variant in ["almalinux", "cloudlinux", "rhel"] %} ExecStartPre=/bin/mkdir -p /run/cloud-init ExecStartPre=/sbin/restorecon /run/cloud-init ExecStartPre=/usr/bin/touch /run/cloud-init/enabled diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl index bf91164..1ae88f7 100644 --- a/systemd/cloud-init.service.tmpl +++ b/systemd/cloud-init.service.tmpl @@ -1,7 +1,7 @@ ## template:jinja [Unit] Description=Initial cloud-init job (metadata service crawler) -{% if variant not in ["photon", "rhel"] %} +{% if variant not in ["almalinux", "cloudlinux", "photon", "rhel"] %} DefaultDependencies=no {% endif %} Wants=cloud-init-local.service diff --git a/templates/chrony.conf.almalinux.tmpl b/templates/chrony.conf.almalinux.tmpl new file mode 100644 index 0000000..43b1f5d --- /dev/null +++ b/templates/chrony.conf.almalinux.tmpl @@ -0,0 +1,51 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/templates/chrony.conf.cloudlinux.tmpl b/templates/chrony.conf.cloudlinux.tmpl new file mode 100644 index 0000000..43b1f5d --- /dev/null +++ b/templates/chrony.conf.cloudlinux.tmpl @@ -0,0 +1,51 @@ +## template:jinja +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} +{% for a in allow -%} +allow {{a}} +{% endfor %} + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/templates/ntp.conf.almalinux.tmpl b/templates/ntp.conf.almalinux.tmpl new file mode 100644 index 0000000..9884df5 --- /dev/null +++ b/templates/ntp.conf.almalinux.tmpl @@ -0,0 +1,64 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/templates/ntp.conf.cloudlinux.tmpl b/templates/ntp.conf.cloudlinux.tmpl new file mode 100644 index 0000000..9884df5 --- /dev/null +++ b/templates/ntp.conf.cloudlinux.tmpl @@ -0,0 +1,64 @@ +## template:jinja + +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile /var/lib/ntp/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +{% if pools %}# pools +{% endif %} +{% for pool in pools -%} +pool {{pool}} iburst +{% endfor %} +{%- if servers %}# servers +{% endif %} +{% for server in servers -%} +server {{server}} iburst +{% endfor %} +{% for peer in peers -%} +peer {{peer}} +{% endfor %} + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile /etc/ntp/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats -- 2.27.0