From 297660622d06bc136fea2dabbc7521371133bc6d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 18 2021 06:46:09 +0000 Subject: import cloud-init-20.3-10.el8 --- diff --git a/.cloud-init.metadata b/.cloud-init.metadata index 9b7ca96..245563f 100644 --- a/.cloud-init.metadata +++ b/.cloud-init.metadata @@ -1 +1 @@ -5f4de38850f9691dc9789bd4db4be512c9717d7b SOURCES/cloud-init-19.4.tar.gz +cbde66f717b7883c4ab64b145042de54f131afab SOURCES/cloud-init-20.3.tar.gz diff --git a/.gitignore b/.gitignore index cc9fcc1..e8608c9 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cloud-init-19.4.tar.gz +SOURCES/cloud-init-20.3.tar.gz diff --git a/SOURCES/0001-Add-initial-redhat-setup.patch b/SOURCES/0001-Add-initial-redhat-setup.patch index 44e4a25..6f85c2d 100644 --- a/SOURCES/0001-Add-initial-redhat-setup.patch +++ b/SOURCES/0001-Add-initial-redhat-setup.patch @@ -1,12 +1,16 @@ -From 4114343d0cd2fc3e5566eed27272480e003c89cc Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Thu, 31 May 2018 16:45:23 +0200 +From 25ea7a28d69518319ae1ed1b3cd510147868fd29 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:49:36 +0200 Subject: Add initial redhat setup Rebase notes (18.5): - added bash_completition file - added cloud-id file +Merged patches (20.3): +- 01900d0 changing ds-identify patch from /usr/lib to /usr/libexec +- 7f47ca3 Render the generator from template instead of cp + Merged patches (19.4): - 4ab5a61 Fix for network configuration not persisting after reboot - 84cf125 Removing cloud-user from wheel @@ -17,38 +21,48 @@ Merged patches (18.5): - 764159f Adding systemd mount options to wait for cloud-init - da4d99e Adding disk_setup to rhel/cloud.cfg - f5c6832 Enable cloud-init by default on vmware + +Conflicts: +cloudinit/config/cc_chef.py: + - Updated header documentation text + - Replacing double quotes by simple quotes + +setup.py: + - Adding missing cmdclass info + +Signed-off-by: Eduardo Otubo --- .gitignore | 1 + - cloudinit/config/cc_chef.py | 6 +- + cloudinit/config/cc_chef.py | 67 ++++- cloudinit/settings.py | 7 +- redhat/.gitignore | 1 + - redhat/Makefile | 71 ++++++ + redhat/Makefile | 71 +++++ redhat/Makefile.common | 37 +++ redhat/cloud-init-tmpfiles.conf | 1 + - redhat/cloud-init.spec.template | 438 ++++++++++++++++++++++++++++++++++ + redhat/cloud-init.spec.template | 517 ++++++++++++++++++++++++++++++++++ redhat/gating.yaml | 9 + redhat/rpmbuild/BUILD/.gitignore | 3 + redhat/rpmbuild/RPMS/.gitignore | 3 + redhat/rpmbuild/SOURCES/.gitignore | 3 + redhat/rpmbuild/SPECS/.gitignore | 3 + redhat/rpmbuild/SRPMS/.gitignore | 3 + - redhat/scripts/frh.py | 27 +++ - redhat/scripts/git-backport-diff | 327 +++++++++++++++++++++++++ - redhat/scripts/git-compile-check | 215 +++++++++++++++++ - redhat/scripts/process-patches.sh | 73 ++++++ + redhat/scripts/frh.py | 27 ++ + redhat/scripts/git-backport-diff | 327 +++++++++++++++++++++ + redhat/scripts/git-compile-check | 215 ++++++++++++++ + redhat/scripts/process-patches.sh | 77 +++++ redhat/scripts/tarball_checksum.sh | 3 + rhel/README.rhel | 5 + rhel/cloud-init-tmpfiles.conf | 1 + - rhel/cloud.cfg | 69 ++++++ + rhel/cloud.cfg | 69 +++++ rhel/systemd/cloud-config.service | 18 ++ rhel/systemd/cloud-config.target | 11 + rhel/systemd/cloud-final.service | 19 ++ - rhel/systemd/cloud-init-local.service | 31 +++ + rhel/systemd/cloud-init-local.service | 31 ++ rhel/systemd/cloud-init.service | 25 ++ rhel/systemd/cloud-init.target | 7 + - setup.py | 70 +----- - tools/read-version | 28 +-- - 30 files changed, 1417 insertions(+), 98 deletions(-) + setup.py | 23 +- + tools/read-version | 28 +- + 30 files changed, 1562 insertions(+), 50 deletions(-) create mode 100644 redhat/.gitignore create mode 100644 redhat/Makefile create mode 100644 redhat/Makefile.common @@ -76,19 +90,82 @@ Merged patches (18.5): create mode 100644 rhel/systemd/cloud-init.target diff --git a/cloudinit/config/cc_chef.py b/cloudinit/config/cc_chef.py -index 0ad6b7f..e4408a4 100644 +index aaf7136..97ef649 100644 --- a/cloudinit/config/cc_chef.py +++ b/cloudinit/config/cc_chef.py -@@ -33,7 +33,7 @@ file). +@@ -6,7 +6,70 @@ + # + # This file is part of cloud-init. See LICENSE file for license information. - chef: - directories: (defaulting to /etc/chef, /var/log/chef, /var/lib/chef, -- /var/cache/chef, /var/backups/chef, /var/run/chef) +-"""Chef: module that configures, starts and installs chef.""" ++""" ++Chef ++---- ++**Summary:** module that configures, starts and installs chef. ++ ++This module enables chef to be installed (from packages or ++from gems, or from omnibus). Before this occurs chef configurations are ++written to disk (validation.pem, client.pem, firstboot.json, client.rb), ++and needed chef folders/directories are created (/etc/chef and /var/log/chef ++and so-on). Then once installing proceeds correctly if configured chef will ++be started (in daemon mode or in non-daemon mode) and then once that has ++finished (if ran in non-daemon mode this will be when chef finishes ++converging, if ran in daemon mode then no further actions are possible since ++chef will have forked into its own process) then a post run function can ++run that can do finishing activities (such as removing the validation pem ++file). ++ ++**Internal name:** ``cc_chef`` ++ ++**Module frequency:** per always ++ ++**Supported distros:** all ++ ++**Config keys**:: ++ ++ chef: ++ directories: (defaulting to /etc/chef, /var/log/chef, /var/lib/chef, + /var/cache/chef, /var/backups/chef, /run/chef) - validation_cert: (optional string to be written to file validation_key) - special value 'system' means set use existing file - validation_key: (optional the path for validation_cert. default -@@ -89,7 +89,7 @@ CHEF_DIRS = tuple([ ++ validation_cert: (optional string to be written to file validation_key) ++ special value 'system' means set use existing file ++ validation_key: (optional the path for validation_cert. default ++ /etc/chef/validation.pem) ++ firstboot_path: (path to write run_list and initial_attributes keys that ++ should also be present in this configuration, defaults ++ to /etc/chef/firstboot.json) ++ exec: boolean to run or not run chef (defaults to false, unless ++ a gem installed is requested ++ where this will then default ++ to true) ++ ++ chef.rb template keys (if falsey, then will be skipped and not ++ written to /etc/chef/client.rb) ++ ++ chef: ++ client_key: ++ encrypted_data_bag_secret: ++ environment: ++ file_backup_path: ++ file_cache_path: ++ json_attribs: ++ log_level: ++ log_location: ++ node_name: ++ omnibus_url: ++ omnibus_url_retries: ++ omnibus_version: ++ pid_file: ++ server_url: ++ show_time: ++ ssl_verify_mode: ++ validation_cert: ++ validation_key: ++ validation_name: ++""" + + import itertools + import json +@@ -31,7 +94,7 @@ CHEF_DIRS = tuple([ '/var/lib/chef', '/var/cache/chef', '/var/backups/chef', @@ -97,15 +174,6 @@ index 0ad6b7f..e4408a4 100644 ]) REQUIRED_CHEF_DIRS = tuple([ '/etc/chef', -@@ -113,7 +113,7 @@ CHEF_RB_TPL_DEFAULTS = { - 'json_attribs': CHEF_FB_PATH, - 'file_cache_path': "/var/cache/chef", - 'file_backup_path': "/var/backups/chef", -- 'pid_file': "/var/run/chef/client.pid", -+ 'pid_file': "/run/chef/client.pid", - 'show_time': True, - 'encrypted_data_bag_secret': None, - } diff --git a/cloudinit/settings.py b/cloudinit/settings.py index ca4ffa8..3a04a58 100644 --- a/cloudinit/settings.py @@ -370,10 +438,10 @@ index 0000000..083c3b6 +Description=Cloud-init target +After=multi-user.target diff --git a/setup.py b/setup.py -index 01a67b9..b2ac9bb 100755 +index cbacf48..d5cd01a 100755 --- a/setup.py +++ b/setup.py -@@ -139,14 +139,6 @@ INITSYS_FILES = { +@@ -125,14 +125,6 @@ INITSYS_FILES = { 'sysvinit_deb': [f for f in glob('sysvinit/debian/*') if is_f(f)], 'sysvinit_openrc': [f for f in glob('sysvinit/gentoo/*') if is_f(f)], 'sysvinit_suse': [f for f in glob('sysvinit/suse/*') if is_f(f)], @@ -388,7 +456,7 @@ index 01a67b9..b2ac9bb 100755 'upstart': [f for f in glob('upstart/*') if is_f(f)], } INITSYS_ROOTS = { -@@ -155,9 +147,6 @@ INITSYS_ROOTS = { +@@ -142,9 +134,6 @@ INITSYS_ROOTS = { 'sysvinit_deb': 'etc/init.d', 'sysvinit_openrc': 'etc/init.d', 'sysvinit_suse': 'etc/init.d', @@ -398,55 +466,7 @@ index 01a67b9..b2ac9bb 100755 'upstart': 'etc/init/', } INITSYS_TYPES = sorted([f.partition(".")[0] for f in INITSYS_ROOTS.keys()]) -@@ -208,47 +197,6 @@ class MyEggInfo(egg_info): - return ret - - --# TODO: Is there a better way to do this?? --class InitsysInstallData(install): -- init_system = None -- user_options = install.user_options + [ -- # This will magically show up in member variable 'init_sys' -- ('init-system=', None, -- ('init system(s) to configure (%s) [default: None]' % -- (", ".join(INITSYS_TYPES)))), -- ] -- -- def initialize_options(self): -- install.initialize_options(self) -- self.init_system = "" -- -- def finalize_options(self): -- install.finalize_options(self) -- -- if self.init_system and isinstance(self.init_system, str): -- self.init_system = self.init_system.split(",") -- -- if len(self.init_system) == 0: -- self.init_system = ['systemd'] -- -- bad = [f for f in self.init_system if f not in INITSYS_TYPES] -- if len(bad) != 0: -- raise DistutilsArgError( -- "Invalid --init-system: %s" % (','.join(bad))) -- -- for system in self.init_system: -- # add data files for anything that starts with '.' -- datakeys = [k for k in INITSYS_ROOTS -- if k.partition(".")[0] == system] -- for k in datakeys: -- if not INITSYS_FILES[k]: -- continue -- self.distribution.data_files.append( -- (INITSYS_ROOTS[k], INITSYS_FILES[k])) -- # Force that command to reinitalize (with new file list) -- self.distribution.reinitialize_command('install_data', True) -- -- - if not in_virtualenv(): - USR = "/" + USR - ETC = "/" + ETC -@@ -258,14 +206,11 @@ if not in_virtualenv(): +@@ -245,14 +234,11 @@ if not in_virtualenv(): INITSYS_ROOTS[k] = "/" + INITSYS_ROOTS[k] data_files = [ @@ -463,7 +483,7 @@ index 01a67b9..b2ac9bb 100755 (USR + '/share/doc/cloud-init', [f for f in glob('doc/*') if is_f(f)]), (USR + '/share/doc/cloud-init/examples', [f for f in glob('doc/examples/*') if is_f(f)]), -@@ -276,15 +221,8 @@ if os.uname()[0] != 'FreeBSD': +@@ -263,8 +249,7 @@ if not platform.system().endswith('BSD'): data_files.extend([ (ETC + '/NetworkManager/dispatcher.d/', ['tools/hook-network-manager']), @@ -471,16 +491,9 @@ index 01a67b9..b2ac9bb 100755 - (LIB + '/udev/rules.d', [f for f in glob('udev/*.rules')]) + ('/usr/lib/udev/rules.d', [f for f in glob('udev/*.rules')]) ]) --# Use a subclass for install that handles --# adding on the right init system configuration files --cmdclass = { -- 'install': InitsysInstallData, -- 'egg_info': MyEggInfo, --} - - requirements = read_requires() - -@@ -299,8 +237,6 @@ setuptools.setup( + # Use a subclass for install that handles + # adding on the right init system configuration files +@@ -286,8 +271,6 @@ setuptools.setup( scripts=['tools/cloud-init-per'], license='Dual-licensed under GPLv3 or Apache 2.0', data_files=data_files, @@ -490,14 +503,14 @@ index 01a67b9..b2ac9bb 100755 'console_scripts': [ 'cloud-init = cloudinit.cmd.main:main', diff --git a/tools/read-version b/tools/read-version -index 6dca659..d43cc8f 100755 +index 02c9064..79755f7 100755 --- a/tools/read-version +++ b/tools/read-version -@@ -65,32 +65,8 @@ output_json = '--json' in sys.argv - src_version = ci_version.version_string() - version_long = None - --if is_gitdir(_tdir) and which("git"): +@@ -71,32 +71,8 @@ version_long = None + is_release_branch_ci = ( + os.environ.get("TRAVIS_PULL_REQUEST_BRANCH", "").startswith("upstream/") + ) +-if is_gitdir(_tdir) and which("git") and not is_release_branch_ci: - flags = [] - if use_tags: - flags = ['--tags'] diff --git a/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch b/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch index 5b6718a..ffa06c2 100644 --- a/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch +++ b/SOURCES/0002-Do-not-write-NM_CONTROLLED-no-in-generated-interface.patch @@ -1,271 +1,278 @@ -From aa7ae9da7e10a5bcf190f8df3072e3864b2d8fb3 Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Thu, 31 May 2018 19:37:55 +0200 +From d9024cd3bd3bf09b05eb75ba3d81bd15f519c9f8 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:49:46 +0200 Subject: Do not write NM_CONTROLLED=no in generated interface config files +Conflicts 20.3: + - Not appplying patch on cloudinit/net/sysconfig.py since it now has a +mechanism to identify if cloud-init is running on RHEL, having the +correct settings for NM_CONTROLLED. + X-downstream-only: true +Signed-off-by: Eduardo Otubo Signed-off-by: Ryan McCabe --- - cloudinit/net/sysconfig.py | 1 - + cloudinit/net/sysconfig.py | 2 +- tests/unittests/test_net.py | 30 ------------------------------ - 2 files changed, 31 deletions(-) + 2 files changed, 1 insertion(+), 31 deletions(-) diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 310cdf0..8bd7e88 100644 +index 0a5d481..23e467d 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -272,7 +272,6 @@ class Renderer(renderer.Renderer): - iface_defaults = tuple([ - ('ONBOOT', True), - ('USERCTL', False), -- ('NM_CONTROLLED', False), - ('BOOTPROTO', 'none'), - ('STARTMODE', 'auto'), - ]) +@@ -277,7 +277,7 @@ class Renderer(renderer.Renderer): + # details about this) + + iface_defaults = { +- 'rhel': {'ONBOOT': True, 'USERCTL': False, 'NM_CONTROLLED': False, ++ 'rhel': {'ONBOOT': True, 'USERCTL': False, + 'BOOTPROTO': 'none'}, + 'suse': {'BOOTPROTO': 'static', 'STARTMODE': 'auto'}, + } diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index 01119e0..a931a3e 100644 +index 54cc846..9985a97 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -530,7 +530,6 @@ GATEWAY=172.19.3.254 +@@ -535,7 +535,6 @@ GATEWAY=172.19.3.254 HWADDR=fa:16:3e:ed:9a:59 IPADDR=172.19.1.34 NETMASK=255.255.252.0 -NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -636,7 +635,6 @@ IPADDR=172.19.1.34 + USERCTL=no +@@ -633,7 +632,6 @@ IPADDR=172.19.1.34 IPADDR1=10.0.0.10 NETMASK=255.255.252.0 NETMASK1=255.255.255.0 -NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -772,7 +770,6 @@ IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64" + USERCTL=no +@@ -754,7 +752,6 @@ IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64" IPV6INIT=yes IPV6_DEFAULTGW=2001:DB8::1 NETMASK=255.255.252.0 -NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -889,7 +886,6 @@ NETWORK_CONFIGS = { + USERCTL=no +@@ -882,7 +879,6 @@ NETWORK_CONFIGS = { BOOTPROTO=none DEVICE=eth1 HWADDR=cf:d6:af:48:e8:80 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -907,7 +903,6 @@ NETWORK_CONFIGS = { + USERCTL=no"""), +@@ -899,7 +895,6 @@ NETWORK_CONFIGS = { IPADDR=192.168.21.3 NETMASK=255.255.255.0 METRIC=10000 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -1022,7 +1017,6 @@ NETWORK_CONFIGS = { + USERCTL=no"""), +@@ -1028,7 +1023,6 @@ NETWORK_CONFIGS = { IPV6ADDR=2001:1::1/64 IPV6INIT=yes NETMASK=255.255.255.0 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -1491,7 +1485,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + USERCTL=no +@@ -1622,7 +1616,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DHCPV6C=yes IPV6INIT=yes MACADDR=aa:bb:cc:dd:ee:ff - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Bond -@@ -1500,7 +1493,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + USERCTL=no"""), +@@ -1630,7 +1623,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BOOTPROTO=dhcp DEVICE=bond0.200 DHCLIENT_SET_DEFAULT_ROUTE=no - NM_CONTROLLED=no ONBOOT=yes PHYSDEV=bond0 - STARTMODE=auto -@@ -1519,7 +1511,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + TYPE=Ethernet +@@ -1647,7 +1639,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true IPV6_DEFAULTGW=2001:4800:78ff:1b::1 MACADDR=bb:bb:bb:bb:bb:aa NETMASK=255.255.255.0 - NM_CONTROLLED=no ONBOOT=yes PRIO=22 - STARTMODE=auto -@@ -1530,7 +1521,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + STP=no +@@ -1657,7 +1648,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BOOTPROTO=none DEVICE=eth0 HWADDR=c0:d6:9f:2c:e8:80 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -1548,7 +1538,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + USERCTL=no"""), +@@ -1674,7 +1664,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true MTU=1500 NETMASK=255.255.255.0 NETMASK1=255.255.255.0 - NM_CONTROLLED=no ONBOOT=yes PHYSDEV=eth0 - STARTMODE=auto -@@ -1560,7 +1549,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + TYPE=Ethernet +@@ -1685,7 +1674,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DEVICE=eth1 HWADDR=aa:d6:9f:2c:e8:80 MASTER=bond0 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto SLAVE=yes -@@ -1571,7 +1559,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + TYPE=Ethernet +@@ -1695,7 +1683,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DEVICE=eth2 HWADDR=c0:bb:9f:2c:e8:80 MASTER=bond0 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto SLAVE=yes -@@ -1582,7 +1569,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + TYPE=Ethernet +@@ -1705,7 +1692,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BRIDGE=br0 DEVICE=eth3 HWADDR=66:bb:9f:2c:e8:80 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -1592,7 +1578,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + USERCTL=no"""), +@@ -1714,7 +1700,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BRIDGE=br0 DEVICE=eth4 HWADDR=98:bb:9f:2c:e8:80 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -1602,7 +1587,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + USERCTL=no"""), +@@ -1723,7 +1708,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true DEVICE=eth5 DHCLIENT_SET_DEFAULT_ROUTE=no HWADDR=98:bb:9f:2c:e8:8a - NM_CONTROLLED=no ONBOOT=no - STARTMODE=manual TYPE=Ethernet -@@ -2088,7 +2072,6 @@ iface bond0 inet6 static + USERCTL=no"""), +@@ -2177,7 +2161,6 @@ iface bond0 inet6 static MTU=9000 NETMASK=255.255.255.0 NETMASK1=255.255.255.0 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Bond -@@ -2099,7 +2082,6 @@ iface bond0 inet6 static + USERCTL=no +@@ -2187,7 +2170,6 @@ iface bond0 inet6 static DEVICE=bond0s0 HWADDR=aa:bb:cc:dd:e8:00 MASTER=bond0 - NM_CONTROLLED=no ONBOOT=yes SLAVE=yes - STARTMODE=auto -@@ -2122,7 +2104,6 @@ iface bond0 inet6 static + TYPE=Ethernet +@@ -2209,7 +2191,6 @@ iface bond0 inet6 static DEVICE=bond0s1 HWADDR=aa:bb:cc:dd:e8:01 MASTER=bond0 - NM_CONTROLLED=no ONBOOT=yes SLAVE=yes - STARTMODE=auto -@@ -2161,7 +2142,6 @@ iface bond0 inet6 static + TYPE=Ethernet +@@ -2266,7 +2247,6 @@ iface bond0 inet6 static BOOTPROTO=none DEVICE=en0 HWADDR=aa:bb:cc:dd:e8:00 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -2180,7 +2160,6 @@ iface bond0 inet6 static + USERCTL=no"""), +@@ -2283,7 +2263,6 @@ iface bond0 inet6 static MTU=2222 NETMASK=255.255.255.0 NETMASK1=255.255.255.0 - NM_CONTROLLED=no ONBOOT=yes PHYSDEV=en0 - STARTMODE=auto -@@ -2222,7 +2201,6 @@ iface bond0 inet6 static + TYPE=Ethernet +@@ -2349,7 +2328,6 @@ iface bond0 inet6 static DEVICE=br0 IPADDR=192.168.2.2 NETMASK=255.255.255.0 - NM_CONTROLLED=no ONBOOT=yes PRIO=22 - STARTMODE=auto -@@ -2238,7 +2216,6 @@ iface bond0 inet6 static - IPADDR6=2001:1::100/96 + STP=no +@@ -2363,7 +2341,6 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:00 IPV6ADDR=2001:1::100/96 IPV6INIT=yes - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -2252,7 +2229,6 @@ iface bond0 inet6 static - IPADDR6=2001:1::101/96 + USERCTL=no +@@ -2375,7 +2352,6 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:01 IPV6ADDR=2001:1::101/96 IPV6INIT=yes - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -2327,7 +2303,6 @@ iface bond0 inet6 static + USERCTL=no +@@ -2469,7 +2445,6 @@ iface bond0 inet6 static HWADDR=52:54:00:12:34:00 IPADDR=192.168.1.2 NETMASK=255.255.255.0 - NM_CONTROLLED=no ONBOOT=no - STARTMODE=manual TYPE=Ethernet -@@ -2338,7 +2313,6 @@ iface bond0 inet6 static + USERCTL=no +@@ -2479,7 +2454,6 @@ iface bond0 inet6 static DEVICE=eth1 HWADDR=52:54:00:12:34:aa MTU=1480 - NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -2348,7 +2322,6 @@ iface bond0 inet6 static + USERCTL=no +@@ -2488,7 +2462,6 @@ iface bond0 inet6 static BOOTPROTO=none DEVICE=eth2 HWADDR=52:54:00:12:34:ff - NM_CONTROLLED=no ONBOOT=no - STARTMODE=manual TYPE=Ethernet -@@ -2766,7 +2739,6 @@ class TestRhelSysConfigRendering(CiTestCase): + USERCTL=no +@@ -2905,7 +2878,6 @@ class TestRhelSysConfigRendering(CiTestCase): BOOTPROTO=dhcp DEVICE=eth1000 HWADDR=07-1c-c6-75-a4-be -NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -2888,7 +2860,6 @@ GATEWAY=10.0.2.2 + USERCTL=no +@@ -3026,7 +2998,6 @@ GATEWAY=10.0.2.2 HWADDR=52:54:00:12:34:00 IPADDR=10.0.2.15 NETMASK=255.255.255.0 -NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -2961,7 +2932,6 @@ USERCTL=no + USERCTL=no +@@ -3096,7 +3067,6 @@ USERCTL=no # BOOTPROTO=dhcp DEVICE=eth0 -NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet + USERCTL=no -- 1.8.3.1 diff --git a/SOURCES/0003-limit-permissions-on-def_log_file.patch b/SOURCES/0003-limit-permissions-on-def_log_file.patch index 7265152..7ec19f6 100644 --- a/SOURCES/0003-limit-permissions-on-def_log_file.patch +++ b/SOURCES/0003-limit-permissions-on-def_log_file.patch @@ -1,6 +1,6 @@ -From f15946568fe731dc9bf477f3f06c9c4e0f74f7c1 Mon Sep 17 00:00:00 2001 -From: Lars Kellogg-Stedman -Date: Fri, 7 Apr 2017 18:50:54 -0400 +From de22eafc9046b8ea6fddda7440df5a05f5a40607 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:49:53 +0200 Subject: limit permissions on def_log_file This sets a default mode of 0600 on def_log_file, and makes this @@ -9,6 +9,8 @@ configurable via the def_log_file_mode option in cloud.cfg. LP: #1541196 Resolves: rhbz#1424612 X-approved-upstream: true + +Signed-off-by: Eduardo Otubo --- cloudinit/settings.py | 1 + cloudinit/stages.py | 3 ++- @@ -28,10 +30,10 @@ index 3a04a58..439eee0 100644 'mount_default_fields': [None, None, 'auto', 'defaults,nofail', '0', '2'], 'ssh_deletekeys': False, diff --git a/cloudinit/stages.py b/cloudinit/stages.py -index 71f3a49..68b83af 100644 +index 765f4aa..d769375 100644 --- a/cloudinit/stages.py +++ b/cloudinit/stages.py -@@ -149,8 +149,9 @@ class Init(object): +@@ -147,8 +147,9 @@ class Init(object): def _initialize_filesystem(self): util.ensure_dirs(self._initial_subdirs()) log_file = util.get_cfg_option_str(self.cfg, 'def_log_file') @@ -43,10 +45,10 @@ index 71f3a49..68b83af 100644 if not perms: perms = {} diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt -index eb84dcf..0e82b83 100644 +index f3ae5e6..b5b1fdd 100644 --- a/doc/examples/cloud-config.txt +++ b/doc/examples/cloud-config.txt -@@ -413,10 +413,14 @@ timezone: US/Eastern +@@ -414,10 +414,14 @@ timezone: US/Eastern # if syslog_fix_perms is a list, it will iterate through and use the # first pair that does not raise error. # diff --git a/SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch b/SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch index 846a2d1..ad8c142 100644 --- a/SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch +++ b/SOURCES/0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch @@ -1,6 +1,6 @@ -From e2b22710db558df261883eaf5dde866c69ba17dd Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Thu, 31 May 2018 20:00:32 +0200 +From bb87d9a83ddbc5bf84fbdab9c58dedc0c9629eea Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:51:34 +0200 Subject: sysconfig: Don't write BOOTPROTO=dhcp for ipv6 dhcp Don't write BOOTPROTO=dhcp for ipv6 dhcp, as BOOTPROTO applies @@ -13,15 +13,17 @@ Signed-off-by: Ryan McCabe Merged patches (19.4): - 6444df4 sysconfig: Don't disable IPV6_AUTOCONF + +Signed-off-by: Eduardo Otubo --- tests/unittests/test_net.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index a931a3e..1306a0f 100644 +index 9985a97..2cc57fe 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -1483,6 +1483,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -1614,6 +1614,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BOOTPROTO=none DEVICE=bond0 DHCPV6C=yes diff --git a/SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch b/SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch index ce6b66e..08474eb 100644 --- a/SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch +++ b/SOURCES/0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch @@ -1,6 +1,6 @@ -From 9a09efb49c2d7cade1f0ac309293166c3c2d8d7b Mon Sep 17 00:00:00 2001 -From: Vitaly Kuznetsov -Date: Tue, 17 Apr 2018 13:07:54 +0200 +From 9c6562c6d3516df8d11aa7cf7cd9cc62e5c91a70 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 5 Oct 2020 13:51:37 +0200 Subject: DataSourceAzure.py: use hostnamectl to set hostname RH-Author: Vitaly Kuznetsov @@ -32,6 +32,7 @@ Resolves: rhbz#1434109 X-downstream-only: yes +Signed-off-by: Eduardo Otubo Signed-off-by: Vitaly Kuznetsov Signed-off-by: Miroslav Rezanina --- @@ -39,14 +40,14 @@ Signed-off-by: Miroslav Rezanina 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py -index 24f448c..6fb889c 100755 +index f3c6452..1c214db 100755 --- a/cloudinit/sources/DataSourceAzure.py +++ b/cloudinit/sources/DataSourceAzure.py -@@ -256,7 +256,7 @@ def get_hostname(hostname_command='hostname'): +@@ -258,7 +258,7 @@ def get_hostname(hostname_command='hostname'): def set_hostname(hostname, hostname_command='hostname'): -- util.subp([hostname_command, hostname]) +- subp.subp([hostname_command, hostname]) + util.subp(['hostnamectl', 'set-hostname', str(hostname)]) diff --git a/SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch b/SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch index 1dff33f..02058ba 100644 --- a/SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch +++ b/SOURCES/0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch @@ -1,6 +1,6 @@ -From 13ee71a3add0dd2e7c60fc672134e696bd7f6a77 Mon Sep 17 00:00:00 2001 +From bdcad981ac530277529d1c77fb5e9e6f89409bd8 Mon Sep 17 00:00:00 2001 From: Eduardo Otubo -Date: Wed, 20 Mar 2019 11:45:59 +0100 +Date: Mon, 5 Oct 2020 13:51:44 +0200 Subject: include 'NOZEROCONF=yes' in /etc/sysconfig/network RH-Author: Eduardo Otubo @@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 8bd7e88..810b283 100644 +index 23e467d..af093dd 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -754,7 +754,16 @@ class Renderer(renderer.Renderer): +@@ -888,7 +888,16 @@ class Renderer(renderer.Renderer): # Distros configuring /etc/sysconfig/network as a file e.g. Centos if sysconfig_path.endswith('network'): util.ensure_dir(os.path.dirname(sysconfig_path)) @@ -49,10 +49,10 @@ index 8bd7e88..810b283 100644 netcfg.append('NETWORKING_IPV6=yes') netcfg.append('IPV6_AUTOCONF=no') diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index 1306a0f..a931a3e 100644 +index 2cc57fe..9985a97 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -1483,7 +1483,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -1614,7 +1614,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true BOOTPROTO=none DEVICE=bond0 DHCPV6C=yes diff --git a/SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch b/SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch index 0e6eb1f..816a799 100644 --- a/SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch +++ b/SOURCES/0007-Remove-race-condition-between-cloud-init-and-Network.patch @@ -1,6 +1,6 @@ -From 9d951d55a1be44bbeb5df485d14d4f84ddf01142 Mon Sep 17 00:00:00 2001 +From a52c7b659c6569c78aad4b92303f289009da476c Mon Sep 17 00:00:00 2001 From: Eduardo Otubo -Date: Mon, 2 Mar 2020 10:46:35 +0100 +Date: Mon, 5 Oct 2020 13:51:50 +0200 Subject: Remove race condition between cloud-init and NetworkManager Message-id: <20200302104635.11648-1-otubo@redhat.com> @@ -32,25 +32,131 @@ start up so it won't erase resolv.conf upon first shutdown. x-downstream-only: yes resolves: rhbz#1748015, rhbz#1807797 and rhbz#1804780 -Signed-off-by: Eduardo Otubo otubo@redhat.com +Signed-off-by: Eduardo Otubo Signed-off-by: Miroslav Rezanina + +This commit is a squash and also includes the folloowing commits: + +commit 316a17b7c02a87fa9b2981535be0b20d165adc46 +Author: Eduardo Otubo +Date: Mon Jun 1 11:58:06 2020 +0200 + + Make cloud-init.service execute after network is up + + RH-Author: Eduardo Otubo + Message-id: <20200526090804.2047-1-otubo@redhat.com> + Patchwork-id: 96809 + O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up + Bugzilla: 1803928 + RH-Acked-by: Vitaly Kuznetsov + RH-Acked-by: Miroslav Rezanina + + cloud-init.service needs to wait until network is fully up before + continuing executing and configuring its service. + + Signed-off-by: Eduardo Otubo + + x-downstream-only: yes + Resolves: rhbz#1831646 + Signed-off-by: Miroslav Rezanina + +commit 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7 +Author: Eduardo Otubo +Date: Thu May 28 08:44:08 2020 +0200 + + Remove race condition between cloud-init and NetworkManager + + RH-Author: Eduardo Otubo + Message-id: <20200327121911.17699-1-otubo@redhat.com> + Patchwork-id: 94453 + O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager + Bugzilla: 1840648 + RH-Acked-by: Vitaly Kuznetsov + RH-Acked-by: Miroslav Rezanina + RH-Acked-by: Cathy Avery + + cloud-init service is set to start before NetworkManager service starts, + but this does not avoid a race condition between them. NetworkManager + starts before cloud-init can write `dns=none' to the file: + /etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager + doesn't read the configuration and erases all resolv.conf values upon + shutdown. On the next reboot neither cloud-init or NetworkManager will + write anything to resolv.conf, leaving it blank. + + This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init + start up so it won't erase resolv.conf upon first shutdown. + + x-downstream-only: yes + + Signed-off-by: Eduardo Otubo otubo@redhat.com + Signed-off-by: Miroslav Rezanina + +commit e0b48a936433faea7f56dbc29dda35acf7d375f7 +Author: Eduardo Otubo +Date: Thu May 28 08:44:06 2020 +0200 + + Enable ssh_deletekeys by default + + RH-Author: Eduardo Otubo + Message-id: <20200317091705.15715-1-otubo@redhat.com> + Patchwork-id: 94365 + O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default + Bugzilla: 1814152 + RH-Acked-by: Mohammed Gamal + RH-Acked-by: Vitaly Kuznetsov + + The configuration option ssh_deletekeys will trigger the generation + of new ssh keys for every new instance deployed. + + x-downstream-only: yes + resolves: rhbz#1814152 + + Signed-off-by: Eduardo Otubo + Signed-off-by: Miroslav Rezanina --- + rhel/cloud.cfg | 2 +- rhel/systemd/cloud-final.service | 2 ++ - 1 file changed, 2 insertions(+) + rhel/systemd/cloud-init.service | 1 + + 3 files changed, 4 insertions(+), 1 deletion(-) +diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg +index 82e8bf6..9ecba21 100644 +--- a/rhel/cloud.cfg ++++ b/rhel/cloud.cfg +@@ -6,7 +6,7 @@ ssh_pwauth: 0 + + mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] + resize_rootfs_tmp: /dev +-ssh_deletekeys: 0 ++ssh_deletekeys: 1 + ssh_genkeytypes: ~ + syslog_fix_perms: ~ + disable_vmware_customization: false diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service -index 739b7e3..f303483 100644 +index 739b7e3..05add07 100644 --- a/rhel/systemd/cloud-final.service +++ b/rhel/systemd/cloud-final.service @@ -11,6 +11,8 @@ ExecStart=/usr/bin/cloud-init modules --mode=final RemainAfterExit=yes TimeoutSec=0 KillMode=process -+ExecStartPost=/bin/echo "try restart NetworkManager.service" -+ExecStartPost=/usr/bin/systemctl try-restart NetworkManager.service ++ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service" ++ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service # Output needs to appear in instance console output StandardOutput=journal+console +diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service +index d0023a0..0b3d796 100644 +--- a/rhel/systemd/cloud-init.service ++++ b/rhel/systemd/cloud-init.service +@@ -5,6 +5,7 @@ Wants=sshd-keygen.service + Wants=sshd.service + After=cloud-init-local.service + After=NetworkManager.service network.service ++After=NetworkManager-wait-online.service + Before=network-online.target + Before=sshd-keygen.service + Before=sshd.service -- 1.8.3.1 diff --git a/SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch b/SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch index 2fecf7f..c3f45ff 100644 --- a/SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch +++ b/SOURCES/ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch @@ -1,15 +1,15 @@ -From ec14b8ed9cb4264333b80b4361171b1b529c58f3 Mon Sep 17 00:00:00 2001 +From c3a1b3a5d7abe51a1facbdae71aca4b2bca7d6aa Mon Sep 17 00:00:00 2001 From: Eduardo Otubo -Date: Tue, 3 Nov 2020 12:11:45 +0100 -Subject: [PATCH 3/5] Add config modules for controlling IBM PowerVM RMC. +Date: Wed, 28 Oct 2020 20:43:33 +0100 +Subject: [PATCH 2/3] Add config modules for controlling IBM PowerVM RMC. (#584) RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) -RH-MergeRequest: 16: Add config modules for controlling IBM PowerVM RMC. (#584) -RH-Commit: [1/1] 734e2c48d323af31aa36abefae346ef62ba3ef5d (eterrell/cloud-init) -RH-Bugzilla: 1894014 +RH-MergeRequest: 12: Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init +RH-Commit: [1/1] d175c3607a8d4f473573ba0ce42e0f311dbc31ed (eterrell/cloud-init) +RH-Bugzilla: 1886430 -commit f99d4f96b00a9cfec1c721d364cbfd728674e5dc +commit f99d4f96b00a9cfec1c721d364cbfd728674e5dc (upstream/master) Author: Aman306 <45781773+Aman306@users.noreply.github.com> Date: Wed Oct 28 23:36:09 2020 +0530 @@ -27,28 +27,24 @@ Date: Wed Oct 28 23:36:09 2020 +0530 Co-authored-by: Scott Moser -Conflicts: -* Calls to module subp.* are replaced by old calls to util.* since the -patch that groups subp.* calls into its own module are introduced after -19.4 release - and it's a huge reafctoring not worth the cherry-pick. - Signed-off-by: Eduardo Otubo --- - cloudinit/config/cc_refresh_rmc_and_interface.py | 158 +++++++++++++++++++++ - cloudinit/config/cc_reset_rmc.py | 142 ++++++++++++++++++ + cloudinit/config/cc_refresh_rmc_and_interface.py | 159 +++++++++++++++++++++ + cloudinit/config/cc_reset_rmc.py | 143 ++++++++++++++++++ config/cloud.cfg.tmpl | 2 + .../test_handler_refresh_rmc_and_interface.py | 109 ++++++++++++++ - 4 files changed, 411 insertions(+) + tools/.github-cla-signers | 1 + + 5 files changed, 414 insertions(+) create mode 100644 cloudinit/config/cc_refresh_rmc_and_interface.py create mode 100644 cloudinit/config/cc_reset_rmc.py create mode 100644 tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py diff --git a/cloudinit/config/cc_refresh_rmc_and_interface.py b/cloudinit/config/cc_refresh_rmc_and_interface.py new file mode 100644 -index 0000000..07050c4 +index 0000000..146758a --- /dev/null +++ b/cloudinit/config/cc_refresh_rmc_and_interface.py -@@ -0,0 +1,158 @@ +@@ -0,0 +1,159 @@ +# (c) Copyright IBM Corp. 2020 All Rights Reserved +# +# Author: Aman Kumar Sinha @@ -88,6 +84,7 @@ index 0000000..07050c4 +from cloudinit import log as logging +from cloudinit.settings import PER_ALWAYS +from cloudinit import util ++from cloudinit import subp +from cloudinit import netinfo + +import errno @@ -101,7 +98,7 @@ index 0000000..07050c4 + + +def handle(name, _cfg, _cloud, _log, _args): -+ if not util.which(RMCCTRL): ++ if not subp.which(RMCCTRL): + LOG.debug("No '%s' in path, disabled", RMCCTRL) + return + @@ -142,8 +139,8 @@ index 0000000..07050c4 + # IPv6 interface is explicitly brought up, subsequent to which the + # RMC services are restarted to re-establish the communication with + # the hypervisor. -+ util.subp(['ip', 'link', 'set', interface, 'down']) -+ util.subp(['ip', 'link', 'set', interface, 'up']) ++ subp.subp(['ip', 'link', 'set', interface, 'down']) ++ subp.subp(['ip', 'link', 'set', interface, 'up']) + + +def sysconfig_path(iface): @@ -151,7 +148,7 @@ index 0000000..07050c4 + + +def restart_network_manager(): -+ util.subp(['systemctl', 'restart', 'NetworkManager']) ++ subp.subp(['systemctl', 'restart', 'NetworkManager']) + + +def disable_ipv6(iface_file): @@ -202,17 +199,17 @@ index 0000000..07050c4 + # until the subsystem and all resource managers are stopped. + # -s : start Resource Monitoring & Control subsystem. + try: -+ util.subp([RMCCTRL, '-z']) -+ util.subp([RMCCTRL, '-s']) ++ subp.subp([RMCCTRL, '-z']) ++ subp.subp([RMCCTRL, '-s']) + except Exception: + util.logexc(LOG, 'Failed to refresh the RMC subsystem.') + raise diff --git a/cloudinit/config/cc_reset_rmc.py b/cloudinit/config/cc_reset_rmc.py new file mode 100644 -index 0000000..68373ad +index 0000000..1cd7277 --- /dev/null +++ b/cloudinit/config/cc_reset_rmc.py -@@ -0,0 +1,142 @@ +@@ -0,0 +1,143 @@ +# (c) Copyright IBM Corp. 2020 All Rights Reserved +# +# Author: Aman Kumar Sinha @@ -256,6 +253,7 @@ index 0000000..68373ad +from cloudinit import log as logging +from cloudinit.settings import PER_INSTANCE +from cloudinit import util ++from cloudinit import subp + +frequency = PER_INSTANCE + @@ -298,10 +296,10 @@ index 0000000..68373ad + # under the /var/ct directory, generating a new node ID, and making it + # appear as if the RSCT components were just installed + try: -+ out = util.subp([RECFGCT])[0] ++ out = subp.subp([RECFGCT])[0] + LOG.debug(out.strip()) + return out -+ except util.ProcessExecutionError: ++ except subp.ProcessExecutionError: + util.logexc(LOG, 'Failed to reconfigure the RSCT subsystems.') + raise + @@ -329,7 +327,7 @@ index 0000000..68373ad + # Stop the RMC subsystem and all resource managers so that we can make + # some changes to it + try: -+ return util.subp([RMCCTRL, '-z']) ++ return subp.subp([RMCCTRL, '-z']) + except Exception: + util.logexc(LOG, 'Failed to stop the RMC subsystem.') + raise @@ -356,12 +354,12 @@ index 0000000..68373ad + LOG.error(msg) + raise Exception(msg) diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index 87c37ba..52a259c 100644 +index 2beb9b0..7171aaa 100644 --- a/config/cloud.cfg.tmpl +++ b/config/cloud.cfg.tmpl -@@ -121,6 +121,8 @@ cloud_final_modules: +@@ -135,6 +135,8 @@ cloud_final_modules: + - chef - mcollective - {% endif %} - salt-minion + - reset_rmc + - refresh_rmc_and_interface @@ -370,7 +368,7 @@ index 87c37ba..52a259c 100644 - scripts-per-once diff --git a/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py b/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py new file mode 100644 -index 0000000..0c35710 +index 0000000..e13b779 --- /dev/null +++ b/tests/unittests/test_handler/test_handler_refresh_rmc_and_interface.py @@ -0,0 +1,109 @@ @@ -452,7 +450,7 @@ index 0000000..0c35710 + @mock.patch(MPATH + '.disable_ipv6') + @mock.patch(MPATH + '.refresh_ipv6') + @mock.patch(MPATH + '.netinfo.netdev_info') -+ @mock.patch(MPATH + '.util.which') ++ @mock.patch(MPATH + '.subp.which') + def test_handle(self, m_refresh_rmc, + m_netdev_info, m_refresh_ipv6, m_disable_ipv6, + m_restart_nm, m_which): @@ -475,7 +473,7 @@ index 0000000..0c35710 + found = ccrmci.find_ipv6_ifaces() + self.assertEqual(['env5'], found) + -+ @mock.patch(MPATH + '.util.subp') ++ @mock.patch(MPATH + '.subp.subp') + def test_refresh_ipv6(self, m_subp): + """refresh_ipv6 should ip down and up the interface.""" + iface = "myeth0" @@ -483,6 +481,16 @@ index 0000000..0c35710 + m_subp.assert_has_calls([ + mock.call(['ip', 'link', 'set', iface, 'down']), + mock.call(['ip', 'link', 'set', iface, 'up'])]) +diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers +index c67db43..802a35b 100644 +--- a/tools/.github-cla-signers ++++ b/tools/.github-cla-signers +@@ -1,4 +1,5 @@ + AlexBaranowski ++Aman306 + beezly + bipinbachhao + BirknerAlex -- 1.8.3.1 diff --git a/SOURCES/ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch b/SOURCES/ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch new file mode 100644 index 0000000..c31b4b2 --- /dev/null +++ b/SOURCES/ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch @@ -0,0 +1,58 @@ +From 8a7d21fa739901bad847294004266dba76c027af Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 1 Dec 2020 15:51:47 +0100 +Subject: [PATCH 2/4] Adding BOOTPROTO = dhcp to render sysconfig dhcp6 + stateful on RHEL (#685) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 25: Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL (#685) +RH-Commit: [1/1] b7304323096b1e40287950e44cf7aa3cdb4ba99e (eterrell/cloud-init) +RH-Bugzilla: 1859695 + +BOOTPROTO needs to be set to 'dhcp' on RHEL so NetworkManager can +properly acquire ipv6 address. + +rhbz: #1859695 + +Signed-off-by: Eduardo Otubo + +Co-authored-by: Daniel Watkins +Co-authored-by: Scott Moser +--- + cloudinit/net/sysconfig.py | 6 ++++++ + tests/unittests/test_net.py | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index 078636a4..94801a93 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -391,6 +391,12 @@ class Renderer(renderer.Renderer): + # Only IPv6 is DHCP, IPv4 may be static + iface_cfg['BOOTPROTO'] = 'dhcp6' + iface_cfg['DHCLIENT6_MODE'] = 'managed' ++ # only if rhel AND dhcpv6 stateful ++ elif (flavor == 'rhel' and ++ subnet_type == 'ipv6_dhcpv6-stateful'): ++ iface_cfg['BOOTPROTO'] = 'dhcp' ++ iface_cfg['DHCPV6C'] = True ++ iface_cfg['IPV6INIT'] = True + else: + iface_cfg['IPV6INIT'] = True + # Configure network settings using DHCPv6 +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index c0337459..bcd261db 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1359,7 +1359,7 @@ NETWORK_CONFIGS = { + }, + 'expected_sysconfig_rhel': { + 'ifcfg-iface0': textwrap.dedent("""\ +- BOOTPROTO=none ++ BOOTPROTO=dhcp + DEVICE=iface0 + DHCPV6C=yes + IPV6INIT=yes +-- +2.18.4 + diff --git a/SOURCES/ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch b/SOURCES/ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch deleted file mode 100644 index 32e26bd..0000000 --- a/SOURCES/ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 65b26a20b550ae301ca33eafe062a873f53969de Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Wed, 24 Jun 2020 07:34:32 +0200 -Subject: [PATCH 3/4] Change from redhat to rhel in systemd generator tmpl - (#450) - -RH-Author: Eduardo Otubo -Message-id: <20200623154034.28563-3-otubo@redhat.com> -Patchwork-id: 97783 -O-Subject: [RHEL-8.3.0/RHEL-8.2.1 cloud-init PATCH 2/3] Change from redhat to rhel in systemd generator tmpl (#450) -Bugzilla: 1834173 -RH-Acked-by: Cathy Avery -RH-Acked-by: Mohammed Gamal - -commit 650d53d656b612442773453813d8417b234d3752 -Author: Eduardo Otubo -Date: Tue Jun 23 14:41:15 2020 +0200 - - Change from redhat to rhel in systemd generator tmpl (#450) - - The name `redhat' is not used but rather `rhel' to identify the distro. - - Signed-off-by: Eduardo Otubo - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - systemd/cloud-init-generator.tmpl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/systemd/cloud-init-generator.tmpl b/systemd/cloud-init-generator.tmpl -index 45efa24..0773356 100755 ---- a/systemd/cloud-init-generator.tmpl -+++ b/systemd/cloud-init-generator.tmpl -@@ -83,7 +83,7 @@ default() { - - check_for_datasource() { - local ds_rc="" --{% if variant in ["redhat", "fedora", "centos"] %} -+{% if variant in ["rhel", "fedora", "centos"] %} - local dsidentify="/usr/libexec/cloud-init/ds-identify" - {% else %} - local dsidentify="/usr/lib/cloud-init/ds-identify" --- -1.8.3.1 - diff --git a/SOURCES/ci-Changing-notation-of-subp-call.patch b/SOURCES/ci-Changing-notation-of-subp-call.patch deleted file mode 100644 index 68e7819..0000000 --- a/SOURCES/ci-Changing-notation-of-subp-call.patch +++ /dev/null @@ -1,47 +0,0 @@ -From d210f4b6c23d2739f76f9ab348090bcf350c5177 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 31 Aug 2020 09:44:05 +0200 -Subject: [PATCH] Changing notation of subp call - -RH-Author: Eduardo Otubo -Message-id: <20200824142252.16298-1-otubo@redhat.com> -Patchwork-id: 98215 -O-Subject: [RHEL-7.9.z/RHEL-8.2.1/RHEL-8.3.0 cloud-init PATCH] Changing notation of subp call -Bugzilla: 1839662 -RH-Acked-by: Cathy Avery -RH-Acked-by: Mohammed Gamal - -The previous patch was applied upstream on top of a refactoring that moves subp -to its own module (3c551f6e, Move subp into its own module. (#416), release -20.2). - -Downstream we're not there yet, in order to avoid applying the above -commit and add a huge refactoring, I'll just change this call and we can -benefit of this changes in a future rebase. - -x-downstream-only: yes - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - cloudinit/sources/helpers/vmware/imc/guestcust_util.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py -index a270d9f..816f52e 100644 ---- a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py -+++ b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py -@@ -136,8 +136,8 @@ def get_tools_config(section, key, defaultVal): - cmd = ['vmware-toolbox-cmd', 'config', 'get', section, key] - - try: -- (outText, _) = subp.subp(cmd) -- except subp.ProcessExecutionError as e: -+ (outText, _) = util.subp(cmd) -+ except util.ProcessExecutionError as e: - if e.exit_code == 69: - logger.debug( - "vmware-toolbox-cmd returned 69 (unavailable) for cmd: %s." --- -1.8.3.1 - diff --git a/SOURCES/ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch b/SOURCES/ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch deleted file mode 100644 index 672b882..0000000 --- a/SOURCES/ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 94753da021d0849f4858e2c2cb98b3276842b665 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 24 Aug 2020 15:34:24 +0200 -Subject: [PATCH 1/5] DHCP sandboxing failing on noexec mounted /var/tmp (#521) - -RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) -RH-MergeRequest: 1: DHCP sandboxing failing on noexec mounted /var/tmp (#521) -RH-Commit: [1/1] 4971d742aa1de27dff61b07ef9d6d478c0889ded (eterrell/cloud-init) -RH-Bugzilla: 1879989 - -commit db86753f81af73826158c9522f2521f210300e2b -Author: Eduardo Otubo -Date: Mon Aug 24 15:34:24 2020 +0200 - - DHCP sandboxing failing on noexec mounted /var/tmp (#521) - - * DHCP sandboxing failing on noexec mounted /var/tmp - - If /var/tmp is mounted with noexec option the DHCP sandboxing will fail - with Permission Denied. This patch simply avoids this error by checking - the exec permission updating the dhcp path in negative case. - - rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1879989 - - Signed-off-by: Eduardo Otubo - - * Replacing with os.* calls - - * Adding test and removing isfile() useless call. - - Co-authored-by: Rick Harding - -Signed-off-by: Eduardo Otubo ---- - cloudinit/net/dhcp.py | 6 ++++++ - cloudinit/net/tests/test_dhcp.py | 46 ++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 52 insertions(+) - -diff --git a/cloudinit/net/dhcp.py b/cloudinit/net/dhcp.py -index c033cc8..841e72e 100644 ---- a/cloudinit/net/dhcp.py -+++ b/cloudinit/net/dhcp.py -@@ -215,6 +215,12 @@ def dhcp_discovery(dhclient_cmd_path, interface, cleandir): - pid_file = os.path.join(cleandir, 'dhclient.pid') - lease_file = os.path.join(cleandir, 'dhcp.leases') - -+ # In some cases files in /var/tmp may not be executable, launching dhclient -+ # from there will certainly raise 'Permission denied' error. Try launching -+ # the original dhclient instead. -+ if not os.access(sandbox_dhclient_cmd, os.X_OK): -+ sandbox_dhclient_cmd = dhclient_cmd_path -+ - # ISC dhclient needs the interface up to send initial discovery packets. - # Generally dhclient relies on dhclient-script PREINIT action to bring the - # link up before attempting discovery. Since we are using -sf /bin/true, -diff --git a/cloudinit/net/tests/test_dhcp.py b/cloudinit/net/tests/test_dhcp.py -index c3fa1e0..08e2cfb 100644 ---- a/cloudinit/net/tests/test_dhcp.py -+++ b/cloudinit/net/tests/test_dhcp.py -@@ -406,6 +406,52 @@ class TestDHCPDiscoveryClean(CiTestCase): - 'eth9', '-sf', '/bin/true'], capture=True)]) - m_kill.assert_has_calls([mock.call(my_pid, signal.SIGKILL)]) - -+ @mock.patch('cloudinit.net.dhcp.util.get_proc_ppid') -+ @mock.patch('cloudinit.net.dhcp.os.kill') -+ @mock.patch('cloudinit.net.dhcp.subp.subp') -+ def test_dhcp_discovery_outside_sandbox(self, m_subp, m_kill, m_getppid): -+ """dhcp_discovery brings up the interface and runs dhclient. -+ -+ It also returns the parsed dhcp.leases file generated in the sandbox. -+ """ -+ m_subp.return_value = ('', '') -+ tmpdir = self.tmp_dir() -+ dhclient_script = os.path.join(tmpdir, 'dhclient.orig') -+ script_content = '#!/bin/bash\necho fake-dhclient' -+ write_file(dhclient_script, script_content, mode=0o755) -+ lease_content = dedent(""" -+ lease { -+ interface "eth9"; -+ fixed-address 192.168.2.74; -+ option subnet-mask 255.255.255.0; -+ option routers 192.168.2.1; -+ } -+ """) -+ lease_file = os.path.join(tmpdir, 'dhcp.leases') -+ write_file(lease_file, lease_content) -+ pid_file = os.path.join(tmpdir, 'dhclient.pid') -+ my_pid = 1 -+ write_file(pid_file, "%d\n" % my_pid) -+ m_getppid.return_value = 1 # Indicate that dhclient has daemonized -+ -+ with mock.patch('os.access', return_value=False): -+ self.assertCountEqual( -+ [{'interface': 'eth9', 'fixed-address': '192.168.2.74', -+ 'subnet-mask': '255.255.255.0', 'routers': '192.168.2.1'}], -+ dhcp_discovery(dhclient_script, 'eth9', tmpdir)) -+ # dhclient script got copied -+ with open(os.path.join(tmpdir, 'dhclient.orig')) as stream: -+ self.assertEqual(script_content, stream.read()) -+ # Interface was brought up before dhclient called from sandbox -+ m_subp.assert_has_calls([ -+ mock.call( -+ ['ip', 'link', 'set', 'dev', 'eth9', 'up'], capture=True), -+ mock.call( -+ [os.path.join(tmpdir, 'dhclient.orig'), '-1', '-v', '-lf', -+ lease_file, '-pf', os.path.join(tmpdir, 'dhclient.pid'), -+ 'eth9', '-sf', '/bin/true'], capture=True)]) -+ m_kill.assert_has_calls([mock.call(my_pid, signal.SIGKILL)]) -+ - - class TestSystemdParseLeases(CiTestCase): - --- -1.8.3.1 - diff --git a/SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch b/SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch index 017e2c5..7a9f478 100644 --- a/SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch +++ b/SOURCES/ci-DataSourceAzure-update-password-for-defuser-if-exist.patch @@ -1,12 +1,13 @@ -From 5691fd1ce3eb430c8da19538b5988eba7da6d2be Mon Sep 17 00:00:00 2001 +From bcbd6be99d8317793aff905c4222c351a1bf5c46 Mon Sep 17 00:00:00 2001 From: Eduardo Otubo -Date: Thu, 21 Jan 2021 09:57:53 +0100 -Subject: [PATCH] DataSourceAzure: update password for defuser if exists (#671) +Date: Thu, 21 Jan 2021 10:08:49 +0100 +Subject: [PATCH 1/2] DataSourceAzure: update password for defuser if exists + (#671) RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) -RH-MergeRequest: 36: DataSourceAzure: update password for defuser if exists (#671) -RH-Commit: [1/1] a834a44ca127480512137b4258ff01e993fbee41 (eterrell/cloud-init) -RH-Bugzilla: 1916839 +RH-MergeRequest: 37: DataSourceAzure: update password for defuser if exists (#671) +RH-Commit: [1/1] 264092a68a3771cc4ed99dad5b93f7a1433e143a (eterrell/cloud-init) +RH-Bugzilla: 1900892 commit eea754492f074e00b601cf77aa278e3623857c5a Author: Anh Vo @@ -28,10 +29,10 @@ Signed-off-by: Eduardo Otubo 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py -index 6fb889c4..69454c40 100755 +index 1c214db9..d4a2d60f 100755 --- a/cloudinit/sources/DataSourceAzure.py +++ b/cloudinit/sources/DataSourceAzure.py -@@ -1206,7 +1206,7 @@ def read_azure_ovf(contents): +@@ -1231,7 +1231,7 @@ def read_azure_ovf(contents): if password: defuser['lock_passwd'] = False if DEF_PASSWD_REDACTION != password: @@ -41,10 +42,10 @@ index 6fb889c4..69454c40 100755 if defuser: cfg['system_info'] = {'default_user': defuser} diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py -index a809fd87..f141dc6c 100644 +index 47e03bd1..2059990a 100644 --- a/tests/unittests/test_datasource/test_azure.py +++ b/tests/unittests/test_datasource/test_azure.py -@@ -899,6 +899,9 @@ scbus-1 on xpt0 bus 0 +@@ -919,6 +919,9 @@ scbus-1 on xpt0 bus 0 crypt.crypt(odata['UserPassword'], defuser['passwd'][0:pos])) diff --git a/SOURCES/ci-Detect-kernel-version-before-swap-file-creation-428.patch b/SOURCES/ci-Detect-kernel-version-before-swap-file-creation-428.patch deleted file mode 100644 index 341d29e..0000000 --- a/SOURCES/ci-Detect-kernel-version-before-swap-file-creation-428.patch +++ /dev/null @@ -1,230 +0,0 @@ -From 17f972b6fb172fe19d6e115a20664eefdbd3838d Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 24 Aug 2020 15:25:38 +0200 -Subject: [PATCH 3/3] Detect kernel version before swap file creation (#428) - -RH-Author: Eduardo Otubo -Message-id: <20200820092042.5418-4-otubo@redhat.com> -Patchwork-id: 98191 -O-Subject: [RHEL-8.3.0 cloud-init PATCH 3/3] Detect kernel version before swap file creation (#428) -Bugzilla: 1794664 -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Mohammed Gamal - -commit b749548a9eb43b34cce64f8688107645411abc8c -Author: Eduardo Otubo -Date: Tue Aug 18 23:12:02 2020 +0200 - - Detect kernel version before swap file creation (#428) - - According to man page `man 8 swapon', "Preallocated swap files are - supported on XFS since Linux 4.18". This patch checks for kernel version - before attepting to create swapfile, using dd for XFS only on kernel - versions <= 4.18 or btrfs. - - Add new func util.kernel_version which returns a tuple of ints (major, minor) - - Signed-off-by: Eduardo Otubo otubo@redhat.com - -Signed-off-by: Eduardo Otubo otubo@redhat.com -Signed-off-by: Miroslav Rezanina ---- - cloudinit/config/cc_mounts.py | 8 +- - cloudinit/util.py | 4 + - .../unittests/test_handler/test_handler_mounts.py | 107 +++++++++++++++++++++ - tests/unittests/test_util.py | 15 +++ - 4 files changed, 131 insertions(+), 3 deletions(-) - -diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py -index 0573026..e1c43e3 100644 ---- a/cloudinit/config/cc_mounts.py -+++ b/cloudinit/config/cc_mounts.py -@@ -65,7 +65,7 @@ swap file is created. - from string import whitespace - - import logging --import os.path -+import os - import re - - from cloudinit import type_utils -@@ -249,7 +249,8 @@ def create_swapfile(fname, size): - - fstype = util.get_mount_info(swap_dir)[1] - -- if fstype in ("xfs", "btrfs"): -+ if (fstype == "xfs" and -+ util.kernel_version() < (4, 18)) or fstype == "btrfs": - create_swap(fname, size, "dd") - else: - try: -@@ -259,7 +260,8 @@ def create_swapfile(fname, size): - LOG.warning("Will attempt with dd.") - create_swap(fname, size, "dd") - -- util.chmod(fname, 0o600) -+ if os.path.exists(fname): -+ util.chmod(fname, 0o600) - try: - util.subp(['mkswap', fname]) - except util.ProcessExecutionError: -diff --git a/cloudinit/util.py b/cloudinit/util.py -index 5d51ba8..ad89376 100644 ---- a/cloudinit/util.py -+++ b/cloudinit/util.py -@@ -79,6 +79,10 @@ CONTAINER_TESTS = (['systemd-detect-virt', '--quiet', '--container'], - ['lxc-is-container']) - - -+def kernel_version(): -+ return tuple(map(int, os.uname().release.split('.')[:2])) -+ -+ - @lru_cache() - def get_architecture(target=None): - out, _ = subp(['dpkg', '--print-architecture'], capture=True, -diff --git a/tests/unittests/test_handler/test_handler_mounts.py b/tests/unittests/test_handler/test_handler_mounts.py -index 7bcefa0..27bcc6f 100644 ---- a/tests/unittests/test_handler/test_handler_mounts.py -+++ b/tests/unittests/test_handler/test_handler_mounts.py -@@ -132,6 +132,113 @@ class TestSanitizeDevname(test_helpers.FilesystemMockingTestCase): - 'ephemeral0.1', lambda x: disk_path, mock.Mock())) - - -+class TestSwapFileCreation(test_helpers.FilesystemMockingTestCase): -+ -+ def setUp(self): -+ super(TestSwapFileCreation, self).setUp() -+ self.new_root = self.tmp_dir() -+ self.patchOS(self.new_root) -+ -+ self.fstab_path = os.path.join(self.new_root, 'etc/fstab') -+ self.swap_path = os.path.join(self.new_root, 'swap.img') -+ self._makedirs('/etc') -+ -+ self.add_patch('cloudinit.config.cc_mounts.FSTAB_PATH', -+ 'mock_fstab_path', -+ self.fstab_path, -+ autospec=False) -+ -+ self.add_patch('cloudinit.config.cc_mounts.subp.subp', -+ 'm_subp_subp') -+ -+ self.add_patch('cloudinit.config.cc_mounts.util.mounts', -+ 'mock_util_mounts', -+ return_value={ -+ '/dev/sda1': {'fstype': 'ext4', -+ 'mountpoint': '/', -+ 'opts': 'rw,relatime,discard' -+ }}) -+ -+ self.mock_cloud = mock.Mock() -+ self.mock_log = mock.Mock() -+ self.mock_cloud.device_name_to_device = self.device_name_to_device -+ -+ self.cc = { -+ 'swap': { -+ 'filename': self.swap_path, -+ 'size': '512', -+ 'maxsize': '512'}} -+ -+ def _makedirs(self, directory): -+ directory = os.path.join(self.new_root, directory.lstrip('/')) -+ if not os.path.exists(directory): -+ os.makedirs(directory) -+ -+ def device_name_to_device(self, path): -+ if path == 'swap': -+ return self.swap_path -+ else: -+ dev = None -+ -+ return dev -+ -+ @mock.patch('cloudinit.util.get_mount_info') -+ @mock.patch('cloudinit.util.kernel_version') -+ def test_swap_creation_method_fallocate_on_xfs(self, m_kernel_version, -+ m_get_mount_info): -+ m_kernel_version.return_value = (4, 20) -+ m_get_mount_info.return_value = ["", "xfs"] -+ -+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, []) -+ self.m_subp_subp.assert_has_calls([ -+ mock.call(['fallocate', '-l', '0M', self.swap_path], capture=True), -+ mock.call(['mkswap', self.swap_path]), -+ mock.call(['swapon', '-a'])]) -+ -+ @mock.patch('cloudinit.util.get_mount_info') -+ @mock.patch('cloudinit.util.kernel_version') -+ def test_swap_creation_method_xfs(self, m_kernel_version, -+ m_get_mount_info): -+ m_kernel_version.return_value = (3, 18) -+ m_get_mount_info.return_value = ["", "xfs"] -+ -+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, []) -+ self.m_subp_subp.assert_has_calls([ -+ mock.call(['dd', 'if=/dev/zero', -+ 'of=' + self.swap_path, -+ 'bs=1M', 'count=0'], capture=True), -+ mock.call(['mkswap', self.swap_path]), -+ mock.call(['swapon', '-a'])]) -+ -+ @mock.patch('cloudinit.util.get_mount_info') -+ @mock.patch('cloudinit.util.kernel_version') -+ def test_swap_creation_method_btrfs(self, m_kernel_version, -+ m_get_mount_info): -+ m_kernel_version.return_value = (4, 20) -+ m_get_mount_info.return_value = ["", "btrfs"] -+ -+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, []) -+ self.m_subp_subp.assert_has_calls([ -+ mock.call(['dd', 'if=/dev/zero', -+ 'of=' + self.swap_path, -+ 'bs=1M', 'count=0'], capture=True), -+ mock.call(['mkswap', self.swap_path]), -+ mock.call(['swapon', '-a'])]) -+ -+ @mock.patch('cloudinit.util.get_mount_info') -+ @mock.patch('cloudinit.util.kernel_version') -+ def test_swap_creation_method_ext4(self, m_kernel_version, -+ m_get_mount_info): -+ m_kernel_version.return_value = (5, 14) -+ m_get_mount_info.return_value = ["", "ext4"] -+ -+ cc_mounts.handle(None, self.cc, self.mock_cloud, self.mock_log, []) -+ self.m_subp_subp.assert_has_calls([ -+ mock.call(['fallocate', '-l', '0M', self.swap_path], capture=True), -+ mock.call(['mkswap', self.swap_path]), -+ mock.call(['swapon', '-a'])]) -+ -+ - class TestFstabHandling(test_helpers.FilesystemMockingTestCase): - - swap_path = '/dev/sdb1' -diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py -index 0e71db8..87dc8dd 100644 ---- a/tests/unittests/test_util.py -+++ b/tests/unittests/test_util.py -@@ -1177,4 +1177,19 @@ class TestGetProcEnv(helpers.TestCase): - my_ppid = os.getppid() - self.assertEqual(my_ppid, util.get_proc_ppid(my_pid)) - -+ -+class TestKernelVersion(): -+ """test kernel version function""" -+ -+ params = [ -+ ('5.6.19-300.fc32.x86_64', (5, 6)), -+ ('4.15.0-101-generic', (4, 15)), -+ ('3.10.0-1062.12.1.vz7.131.10', (3, 10)), -+ ('4.18.0-144.el8.x86_64', (4, 18))] -+ -+ @mock.patch('os.uname') -+ @pytest.mark.parametrize("uname_release,expected", params) -+ def test_kernel_version(self, m_uname, uname_release, expected): -+ m_uname.return_value.release = uname_release -+ assert expected == util.kernel_version() - # vi: ts=4 expandtab --- -1.8.3.1 - diff --git a/SOURCES/ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch b/SOURCES/ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch deleted file mode 100644 index 046ef0c..0000000 --- a/SOURCES/ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 49e5a49cc007b2a751eea212b4052e92837ebc8a Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 24 Aug 2020 15:25:34 +0200 -Subject: [PATCH 1/3] Do not use fallocate in swap file creation on xfs. (#70) - -RH-Author: Eduardo Otubo -Message-id: <20200820092042.5418-2-otubo@redhat.com> -Patchwork-id: 98194 -O-Subject: [RHEL-8.3.0 cloud-init PATCH 1/3] Do not use fallocate in swap file creation on xfs. (#70) -Bugzilla: 1794664 -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Mohammed Gamal - -commit 6603706eec1c39d9d591c8ffa0ef7171b74d84d6 -Author: Eduardo Otubo -Date: Thu Jan 23 17:41:48 2020 +0100 - - Do not use fallocate in swap file creation on xfs. (#70) - - When creating a swap file on an xfs filesystem, fallocate cannot be used. - Doing so results in failure of swapon and a message like: - swapon: swapfile has holes - - The solution here is to maintain a list (currently containing only XFS) - of filesystems where fallocate cannot be used. The, on those fileystems - use the slower but functional 'dd' method. - - Signed-off-by: Eduardo Otubo - Co-authored-by: Adam Dobrawy - Co-authored-by: Scott Moser - Co-authored-by: Daniel Watkins - - LP: #1781781 - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - cloudinit/config/cc_mounts.py | 67 ++++++++++++++++------ - .../unittests/test_handler/test_handler_mounts.py | 12 ++++ - 2 files changed, 62 insertions(+), 17 deletions(-) - -diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py -index c741c74..4293844 100644 ---- a/cloudinit/config/cc_mounts.py -+++ b/cloudinit/config/cc_mounts.py -@@ -223,13 +223,58 @@ def suggested_swapsize(memsize=None, maxsize=None, fsys=None): - return size - - -+def create_swapfile(fname, size): -+ """Size is in MiB.""" -+ -+ errmsg = "Failed to create swapfile '%s' of size %dMB via %s: %s" -+ -+ def create_swap(fname, size, method): -+ LOG.debug("Creating swapfile in '%s' on fstype '%s' using '%s'", -+ fname, fstype, method) -+ -+ if method == "fallocate": -+ cmd = ['fallocate', '-l', '%dM' % size, fname] -+ elif method == "dd": -+ cmd = ['dd', 'if=/dev/zero', 'of=%s' % fname, 'bs=1M', -+ 'count=%d' % size] -+ -+ try: -+ util.subp(cmd, capture=True) -+ except util.ProcessExecutionError as e: -+ LOG.warning(errmsg, fname, size, method, e) -+ util.del_file(fname) -+ -+ swap_dir = os.path.dirname(fname) -+ util.ensure_dir(swap_dir) -+ -+ fstype = util.get_mount_info(swap_dir)[1] -+ -+ if fstype in ("xfs", "btrfs"): -+ create_swap(fname, size, "dd") -+ else: -+ try: -+ create_swap(fname, size, "fallocate") -+ except util.ProcessExecutionError as e: -+ LOG.warning(errmsg, fname, size, "dd", e) -+ LOG.warning("Will attempt with dd.") -+ create_swap(fname, size, "dd") -+ -+ util.chmod(fname, 0o600) -+ try: -+ util.subp(['mkswap', fname]) -+ except util.ProcessExecutionError: -+ util.del_file(fname) -+ raise -+ -+ - def setup_swapfile(fname, size=None, maxsize=None): - """ - fname: full path string of filename to setup - size: the size to create. set to "auto" for recommended - maxsize: the maximum size - """ -- tdir = os.path.dirname(fname) -+ swap_dir = os.path.dirname(fname) -+ mibsize = str(int(size / (2 ** 20))) - if str(size).lower() == "auto": - try: - memsize = util.read_meminfo()['total'] -@@ -237,28 +282,16 @@ def setup_swapfile(fname, size=None, maxsize=None): - LOG.debug("Not creating swap: failed to read meminfo") - return - -- util.ensure_dir(tdir) -- size = suggested_swapsize(fsys=tdir, maxsize=maxsize, -+ util.ensure_dir(swap_dir) -+ size = suggested_swapsize(fsys=swap_dir, maxsize=maxsize, - memsize=memsize) - - if not size: - LOG.debug("Not creating swap: suggested size was 0") - return - -- mbsize = str(int(size / (2 ** 20))) -- msg = "creating swap file '%s' of %sMB" % (fname, mbsize) -- try: -- util.ensure_dir(tdir) -- util.log_time(LOG.debug, msg, func=util.subp, -- args=[['sh', '-c', -- ('rm -f "$1" && umask 0066 && ' -- '{ fallocate -l "${2}M" "$1" || ' -- 'dd if=/dev/zero "of=$1" bs=1M "count=$2"; } && ' -- 'mkswap "$1" || { r=$?; rm -f "$1"; exit $r; }'), -- 'setup_swap', fname, mbsize]]) -- -- except Exception as e: -- raise IOError("Failed %s: %s" % (msg, e)) -+ util.log_time(LOG.debug, msg="Setting up swap file", func=create_swapfile, -+ args=[fname, mibsize]) - - return fname - -diff --git a/tests/unittests/test_handler/test_handler_mounts.py b/tests/unittests/test_handler/test_handler_mounts.py -index 0fb160b..7bcefa0 100644 ---- a/tests/unittests/test_handler/test_handler_mounts.py -+++ b/tests/unittests/test_handler/test_handler_mounts.py -@@ -181,6 +181,18 @@ class TestFstabHandling(test_helpers.FilesystemMockingTestCase): - - return dev - -+ def test_swap_integrity(self): -+ '''Ensure that the swap file is correctly created and can -+ swapon successfully. Fixing the corner case of: -+ kernel: swapon: swapfile has holes''' -+ -+ fstab = '/swap.img swap swap defaults 0 0\n' -+ -+ with open(cc_mounts.FSTAB_PATH, 'w') as fd: -+ fd.write(fstab) -+ cc = {'swap': ['filename: /swap.img', 'size: 512', 'maxsize: 512']} -+ cc_mounts.handle(None, cc, self.mock_cloud, self.mock_log, []) -+ - def test_fstab_no_swap_device(self): - '''Ensure that cloud-init adds a discovered swap partition - to /etc/fstab.''' --- -1.8.3.1 - diff --git a/SOURCES/ci-Enable-ssh_deletekeys-by-default.patch b/SOURCES/ci-Enable-ssh_deletekeys-by-default.patch deleted file mode 100644 index 866fdb6..0000000 --- a/SOURCES/ci-Enable-ssh_deletekeys-by-default.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 251836a62eb3061b8d26177fd5997a96dccec21b Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Thu, 28 May 2020 08:44:06 +0200 -Subject: [PATCH 3/4] Enable ssh_deletekeys by default - -RH-Author: Eduardo Otubo -Message-id: <20200317091705.15715-1-otubo@redhat.com> -Patchwork-id: 94365 -O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCH] Enable ssh_deletekeys by default -Bugzilla: 1814152 -RH-Acked-by: Mohammed Gamal -RH-Acked-by: Vitaly Kuznetsov - -The configuration option ssh_deletekeys will trigger the generation -of new ssh keys for every new instance deployed. - -x-downstream-only: yes -resolves: rhbz#1814152 - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - rhel/cloud.cfg | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rhel/cloud.cfg b/rhel/cloud.cfg -index 82e8bf6..9ecba21 100644 ---- a/rhel/cloud.cfg -+++ b/rhel/cloud.cfg -@@ -6,7 +6,7 @@ ssh_pwauth: 0 - - mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2'] - resize_rootfs_tmp: /dev --ssh_deletekeys: 0 -+ssh_deletekeys: 1 - ssh_genkeytypes: ~ - syslog_fix_perms: ~ - disable_vmware_customization: false --- -1.8.3.1 - diff --git a/SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch b/SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch index c69e974..a0d9156 100644 --- a/SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch +++ b/SOURCES/ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch @@ -1,13 +1,13 @@ -From 02924179d423c919d0d46e6149da5bb8d26dd0d5 Mon Sep 17 00:00:00 2001 +From 5ded09d5acf4d653fe2cbd54814f53063d265489 Mon Sep 17 00:00:00 2001 From: Eduardo Otubo -Date: Tue, 3 Nov 2020 12:16:37 +0100 -Subject: [PATCH 4/5] Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on +Date: Thu, 29 Oct 2020 15:05:42 +0100 +Subject: [PATCH 1/3] Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634) RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) -RH-MergeRequest: 17: Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634) -RH-Commit: [1/2] ba604c675f7c54a3e1768945a9ba77918ca4a57b (eterrell/cloud-init) -RH-Bugzilla: 1894015 +RH-MergeRequest: 13: [RHEL-8.4.0] Add support for ipv6_autoconf on cloud-init-20.3 +RH-Commit: [1/1] 41e61c35893f4487981a1ad31f9f97a9a740b397 (eterrell/cloud-init) +RH-Bugzilla: 1889635 commit b46e4a8cff667c8441622089cf7d57aeb88220cd Author: Eduardo Otubo @@ -40,15 +40,7 @@ Date: Thu Oct 29 15:05:42 2020 +0100 Signed-off-by: Eduardo Otubo otubo@redhat.com -Conflicts: -* The context of the patches are slightly different from upstream since -the there is more code added around the changes. But nothing interfering -on the patches. -* One minor conflict, removed the "flavor == 'rhel'" check because the -commit that introduced this change is after the 19.4 release. No harm -done since this commit is intended to be shipped to RHEL only anyways. - -Signed-off-by: Eduardo Otubo +Signed-off-by: Eduardo Otubo otubo@redhat.com --- cloudinit/net/network_state.py | 3 +- cloudinit/net/sysconfig.py | 4 + @@ -58,10 +50,10 @@ Signed-off-by: Eduardo Otubo 5 files changed, 115 insertions(+), 2 deletions(-) diff --git a/cloudinit/net/network_state.py b/cloudinit/net/network_state.py -index f3e8e25..2525fc9 100644 +index b2f7d31..d9e7fd5 100644 --- a/cloudinit/net/network_state.py +++ b/cloudinit/net/network_state.py -@@ -822,7 +822,8 @@ def _normalize_subnet(subnet): +@@ -820,7 +820,8 @@ def _normalize_subnet(subnet): if subnet.get('type') in ('static', 'static6'): normal_subnet.update( @@ -72,25 +64,25 @@ index f3e8e25..2525fc9 100644 for r in subnet.get('routes', [])] diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 4b4ed09..4210544 100644 +index af093dd..c078898 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -401,6 +401,10 @@ class Renderer(renderer.Renderer): - ' because ipv4 subnet-level mtu:%s provided.', - iface_cfg.name, iface_cfg[mtu_key], subnet['mtu']) - iface_cfg[mtu_key] = subnet['mtu'] +@@ -451,6 +451,10 @@ class Renderer(renderer.Renderer): + iface_cfg[mtu_key] = subnet['mtu'] + else: + iface_cfg[mtu_key] = subnet['mtu'] + -+ if subnet_is_ipv6(subnet): ++ if subnet_is_ipv6(subnet) and flavor == 'rhel': + iface_cfg['IPV6_FORCE_ACCEPT_RA'] = False + iface_cfg['IPV6_AUTOCONF'] = False elif subnet_type == 'manual': - # If the subnet has an MTU setting, then ONBOOT=True - # to apply the setting + if flavor == 'suse': + LOG.debug('Unknown subnet type setting "%s"', subnet_type) diff --git a/cloudinit/sources/helpers/openstack.py b/cloudinit/sources/helpers/openstack.py -index 0778f45..6ef4f90 100644 +index 65e020c..3e6365f 100644 --- a/cloudinit/sources/helpers/openstack.py +++ b/cloudinit/sources/helpers/openstack.py -@@ -592,11 +592,17 @@ def convert_net_json(network_json=None, known_macs=None): +@@ -602,11 +602,17 @@ def convert_net_json(network_json=None, known_macs=None): elif network['type'] in ['ipv6_slaac', 'ipv6_dhcpv6-stateless', 'ipv6_dhcpv6-stateful']: subnet.update({'type': network['type']}) @@ -110,11 +102,11 @@ index 0778f45..6ef4f90 100644 # Enable accept_ra for stateful and legacy ipv6_dhcp types if network['type'] in ['ipv6_dhcpv6-stateful', 'ipv6_dhcp']: diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py -index 4ea4203..b85a333 100644 +index 8d7b09c..f9fc3a1 100644 --- a/tests/unittests/test_distros/test_netconfig.py +++ b/tests/unittests/test_distros/test_netconfig.py -@@ -673,7 +673,9 @@ class TestNetCfgDistroOpensuse(TestNetCfgDistroBase): - IPADDR6=2607:f0d0:1002:0011::2/64 +@@ -514,7 +514,9 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): + DEVICE=eth0 IPV6ADDR=2607:f0d0:1002:0011::2/64 IPV6INIT=yes + IPV6_AUTOCONF=no @@ -122,12 +114,12 @@ index 4ea4203..b85a333 100644 + IPV6_FORCE_ACCEPT_RA=no NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto + TYPE=Ethernet diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index 2eedb12..b2b7c4b 100644 +index 9985a97..d7a7a65 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -768,7 +768,9 @@ IPADDR6_2=2001:DB10::10/64 +@@ -750,7 +750,9 @@ IPADDR=172.19.1.34 IPV6ADDR=2001:DB8::10/64 IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64" IPV6INIT=yes @@ -136,17 +128,17 @@ index 2eedb12..b2b7c4b 100644 +IPV6_FORCE_ACCEPT_RA=no NETMASK=255.255.252.0 ONBOOT=yes - STARTMODE=auto -@@ -1016,6 +1018,8 @@ NETWORK_CONFIGS = { - IPADDR6=2001:1::1/64 + TYPE=Ethernet +@@ -1022,6 +1024,8 @@ NETWORK_CONFIGS = { + IPADDR=192.168.14.2 IPV6ADDR=2001:1::1/64 IPV6INIT=yes + IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=no NETMASK=255.255.255.0 ONBOOT=yes - STARTMODE=auto -@@ -1201,6 +1205,33 @@ NETWORK_CONFIGS = { + TYPE=Ethernet +@@ -1247,6 +1251,33 @@ NETWORK_CONFIGS = { """), }, }, @@ -180,8 +172,8 @@ index 2eedb12..b2b7c4b 100644 'dhcpv6_stateless': { 'expected_eni': textwrap.dedent("""\ auto lo -@@ -1507,6 +1538,8 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - IPADDR6=2001:1::1/64 +@@ -1636,6 +1667,8 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + IPADDR=192.168.14.2 IPV6ADDR=2001:1::1/64 IPV6INIT=yes + IPV6_AUTOCONF=no @@ -189,8 +181,8 @@ index 2eedb12..b2b7c4b 100644 IPV6_DEFAULTGW=2001:4800:78ff:1b::1 MACADDR=bb:bb:bb:bb:bb:aa NETMASK=255.255.255.0 -@@ -2067,6 +2100,8 @@ iface bond0 inet6 static - IPADDR6=2001:1::1/92 +@@ -2158,6 +2191,8 @@ iface bond0 inet6 static + IPADDR1=192.168.1.2 IPV6ADDR=2001:1::1/92 IPV6INIT=yes + IPV6_AUTOCONF=no @@ -198,8 +190,8 @@ index 2eedb12..b2b7c4b 100644 MTU=9000 NETMASK=255.255.255.0 NETMASK1=255.255.255.0 -@@ -2154,6 +2189,8 @@ iface bond0 inet6 static - IPADDR6=2001:1::bbbb/96 +@@ -2259,6 +2294,8 @@ iface bond0 inet6 static + IPADDR1=192.168.1.2 IPV6ADDR=2001:1::bbbb/96 IPV6INIT=yes + IPV6_AUTOCONF=no @@ -207,27 +199,27 @@ index 2eedb12..b2b7c4b 100644 IPV6_DEFAULTGW=2001:1::1 MTU=2222 NETMASK=255.255.255.0 -@@ -2213,6 +2250,9 @@ iface bond0 inet6 static - IPADDR6=2001:1::100/96 +@@ -2341,6 +2378,9 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:00 IPV6ADDR=2001:1::100/96 IPV6INIT=yes + IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=no + NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -2226,6 +2266,9 @@ iface bond0 inet6 static - IPADDR6=2001:1::101/96 + USERCTL=no +@@ -2352,6 +2392,9 @@ iface bond0 inet6 static + HWADDR=52:54:00:12:34:01 IPV6ADDR=2001:1::101/96 IPV6INIT=yes + IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=no + NM_CONTROLLED=no ONBOOT=yes - STARTMODE=auto TYPE=Ethernet -@@ -3015,6 +3058,61 @@ USERCTL=no + USERCTL=no +@@ -3151,6 +3194,61 @@ USERCTL=no self._compare_files_to_expected(entry[self.expected_name], found) self._assert_headers(found) @@ -289,8 +281,8 @@ index 2eedb12..b2b7c4b 100644 def test_dhcpv6_reject_ra_config_v2(self): entry = NETWORK_CONFIGS['dhcpv6_reject_ra'] found = self._render_and_read(network_config=yaml.load( -@@ -3133,6 +3231,8 @@ USERCTL=no - IPADDR6=2001:db8::100/32 +@@ -3268,6 +3366,8 @@ USERCTL=no + IPADDR=192.168.42.100 IPV6ADDR=2001:db8::100/32 IPV6INIT=yes + IPV6_AUTOCONF=no diff --git a/SOURCES/ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch b/SOURCES/ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch new file mode 100644 index 0000000..aeaa342 --- /dev/null +++ b/SOURCES/ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch @@ -0,0 +1,61 @@ +From d3889c4645a1319c3d677006164b618ee53f4c8b Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 7 Dec 2020 14:23:22 +0100 +Subject: [PATCH 3/4] Fix unit failure of cloud-final.service if NetworkManager + was not present. + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 27: Fix unit failure of cloud-final.service if NetworkManager was not present. +RH-Commit: [1/1] 3c65a2cca140fff48df1ef32919e3cb035506a2b (eterrell/cloud-init) +RH-Bugzilla: 1898943 + +cloud-final.service would fail if NetworkManager was not installed. + +journal -u cloud-final.service would show: + + cloud-init[5328]: Cloud-init v. 19.4 finished at ... + echo[5346]: try restart NetworkManager.service + systemctl[5349]: Failed to reload-or-try-restart + NetworkManager.service: Unit not found. + systemd[1]: cloud-final.service: control process exited, + code=exited status=5 + systemd[1]: Failed to start Execute cloud user/final scripts. + systemd[1]: Unit cloud-final.service entered failed state. + systemd[1]: cloud-final.service failed. + +The change here is to only attempt to restart NetworkManager if it is +present, and its SubState is 'running'. + +The multi-line shell in a systemd unit is less than ideal, but I'm not +aware of any other way of conditionally doing this. + +Note that both of 'try-reload-or-restart' and 'reload-or-try-restart' +will fail if the service is not present. So this would also affect rhel +8 systems that do not use NetworkManager. + +Signed-off-by: Eduardo Otubo +--- + rhel/systemd/cloud-final.service | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service +index 05add077..e281c0cf 100644 +--- a/rhel/systemd/cloud-final.service ++++ b/rhel/systemd/cloud-final.service +@@ -11,8 +11,11 @@ ExecStart=/usr/bin/cloud-init modules --mode=final + RemainAfterExit=yes + TimeoutSec=0 + KillMode=process +-ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service" +-ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service ++# Restart NetworkManager if it is present and running. ++ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ ++ out=$(systemctl show --property=SubState $u) || exit; \ ++ [ "$out" = "SubState=running" ] || exit 0; \ ++ systemctl reload-or-try-restart $u' + + # Output needs to appear in instance console output + StandardOutput=journal+console +-- +2.18.4 + diff --git a/SOURCES/ci-Make-cloud-init.service-execute-after-network-is-up.patch b/SOURCES/ci-Make-cloud-init.service-execute-after-network-is-up.patch deleted file mode 100644 index 74bb8ac..0000000 --- a/SOURCES/ci-Make-cloud-init.service-execute-after-network-is-up.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 301b1770d3e2580c3ee168261a9a97d143cc5f59 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 1 Jun 2020 11:58:06 +0200 -Subject: [PATCH] Make cloud-init.service execute after network is up - -RH-Author: Eduardo Otubo -Message-id: <20200526090804.2047-1-otubo@redhat.com> -Patchwork-id: 96809 -O-Subject: [RHEL-8.2.1 cloud-init PATCH] Make cloud-init.service execute after network is up -Bugzilla: 1803928 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina - -cloud-init.service needs to wait until network is fully up before -continuing executing and configuring its service. - -Signed-off-by: Eduardo Otubo - -x-downstream-only: yes -Resolves: rhbz#1831646 -Signed-off-by: Miroslav Rezanina ---- - rhel/systemd/cloud-init.service | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/rhel/systemd/cloud-init.service b/rhel/systemd/cloud-init.service -index d0023a0..0b3d796 100644 ---- a/rhel/systemd/cloud-init.service -+++ b/rhel/systemd/cloud-init.service -@@ -5,6 +5,7 @@ Wants=sshd-keygen.service - Wants=sshd.service - After=cloud-init-local.service - After=NetworkManager.service network.service -+After=NetworkManager-wait-online.service - Before=network-online.target - Before=sshd-keygen.service - Before=sshd.service --- -1.8.3.1 - diff --git a/SOURCES/ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch b/SOURCES/ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch new file mode 100644 index 0000000..3860cd1 --- /dev/null +++ b/SOURCES/ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch @@ -0,0 +1,49 @@ +From 15852ea6958c18e3830aa9244b36cd0decc93b95 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Thu, 7 Jan 2021 16:51:30 +0100 +Subject: [PATCH] Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful + on RHEL (#753) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 29: Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful on RHEL (#753) +RH-Commit: [1/1] 46943f83071d243bcc61f9d987b4fe7d9cf98596 (eterrell/cloud-init) +RH-Bugzilla: 1859695 + +IPV6_AUTOCONF needs to be set to 'no' on RHEL so NetworkManager can +properly acquire ipv6 address. + +rhbz: #1859695 + +Signed-off-by: Eduardo Otubo +--- + cloudinit/net/sysconfig.py | 1 + + tests/unittests/test_net.py | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py +index 94801a93..1793977d 100644 +--- a/cloudinit/net/sysconfig.py ++++ b/cloudinit/net/sysconfig.py +@@ -397,6 +397,7 @@ class Renderer(renderer.Renderer): + iface_cfg['BOOTPROTO'] = 'dhcp' + iface_cfg['DHCPV6C'] = True + iface_cfg['IPV6INIT'] = True ++ iface_cfg['IPV6_AUTOCONF'] = False + else: + iface_cfg['IPV6INIT'] = True + # Configure network settings using DHCPv6 +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index bcd261db..844d5ba8 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -1363,6 +1363,7 @@ NETWORK_CONFIGS = { + DEVICE=iface0 + DHCPV6C=yes + IPV6INIT=yes ++ IPV6_AUTOCONF=no + IPV6_FORCE_ACCEPT_RA=yes + DEVICE=iface0 + NM_CONTROLLED=no +-- +2.18.4 + diff --git a/SOURCES/ci-Remove-race-condition-between-cloud-init-and-Network.patch b/SOURCES/ci-Remove-race-condition-between-cloud-init-and-Network.patch deleted file mode 100644 index d8c99fd..0000000 --- a/SOURCES/ci-Remove-race-condition-between-cloud-init-and-Network.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0422ba0e773d1a8257a3f2bf3db05f3bc7917eb7 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Thu, 28 May 2020 08:44:08 +0200 -Subject: [PATCH 4/4] Remove race condition between cloud-init and - NetworkManager - -RH-Author: Eduardo Otubo -Message-id: <20200327121911.17699-1-otubo@redhat.com> -Patchwork-id: 94453 -O-Subject: [RHEL-7.9/RHEL-8.2.0 cloud-init PATCHv2] Remove race condition between cloud-init and NetworkManager -Bugzilla: 1840648 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Cathy Avery - -cloud-init service is set to start before NetworkManager service starts, -but this does not avoid a race condition between them. NetworkManager -starts before cloud-init can write `dns=none' to the file: -/etc/NetworkManager/conf.d/99-cloud-init.conf. This way NetworkManager -doesn't read the configuration and erases all resolv.conf values upon -shutdown. On the next reboot neither cloud-init or NetworkManager will -write anything to resolv.conf, leaving it blank. - -This patch introduces a NM reload (try-reload-or-restart) at the end of cloud-init -start up so it won't erase resolv.conf upon first shutdown. - -x-downstream-only: yes - -Signed-off-by: Eduardo Otubo otubo@redhat.com -Signed-off-by: Miroslav Rezanina ---- - rhel/systemd/cloud-final.service | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/rhel/systemd/cloud-final.service b/rhel/systemd/cloud-final.service -index f303483..05add07 100644 ---- a/rhel/systemd/cloud-final.service -+++ b/rhel/systemd/cloud-final.service -@@ -11,8 +11,8 @@ ExecStart=/usr/bin/cloud-init modules --mode=final - RemainAfterExit=yes - TimeoutSec=0 - KillMode=process --ExecStartPost=/bin/echo "try restart NetworkManager.service" --ExecStartPost=/usr/bin/systemctl try-restart NetworkManager.service -+ExecStartPost=/bin/echo "trying to reload or restart NetworkManager.service" -+ExecStartPost=/usr/bin/systemctl try-reload-or-restart NetworkManager.service - - # Output needs to appear in instance console output - StandardOutput=journal+console --- -1.8.3.1 - diff --git a/SOURCES/ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch b/SOURCES/ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch new file mode 100644 index 0000000..a7f4117 --- /dev/null +++ b/SOURCES/ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch @@ -0,0 +1,80 @@ +From 4dde2a9bed58aba13c730bf4a7314b21038d7a31 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Mon, 25 Jan 2021 16:24:29 +0100 +Subject: [PATCH 2/2] Revert "ssh_util: handle non-default AuthorizedKeysFile + config (#586)" (#775) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 38: Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" (#775) +RH-Commit: [1/1] aec2860c773ad1921f3949dc622543e81860c5bf (eterrell/cloud-init) +RH-Bugzilla: 1919972 + +commit cdc5b81f33aee0ed3ef1ae239e5cec1906d0178a +Author: Daniel Watkins +Date: Tue Jan 19 12:23:23 2021 -0500 + + Revert "ssh_util: handle non-default AuthorizedKeysFile config (#586)" (#775) + + This reverts commit b0e73814db4027dba0b7dc0282e295b7f653325c. + +Signed-off-by: Eduardo Otubo +--- + cloudinit/ssh_util.py | 6 +++--- + tests/unittests/test_sshutil.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py +index d5113996..c08042d6 100644 +--- a/cloudinit/ssh_util.py ++++ b/cloudinit/ssh_util.py +@@ -262,13 +262,13 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG): + + except (IOError, OSError): + # Give up and use a default key filename +- auth_key_fns.append(default_authorizedkeys_file) ++ auth_key_fns[0] = default_authorizedkeys_file + util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in SSH " + "config from %r, using 'AuthorizedKeysFile' file " + "%r instead", DEF_SSHD_CFG, auth_key_fns[0]) + +- # always store all the keys in the first file configured on sshd_config +- return (auth_key_fns[0], parse_authorized_keys(auth_key_fns)) ++ # always store all the keys in the user's private file ++ return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns)) + + + def setup_user_keys(keys, username, options=None): +diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py +index 88a111e3..fd1d1bac 100644 +--- a/tests/unittests/test_sshutil.py ++++ b/tests/unittests/test_sshutil.py +@@ -593,7 +593,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + fpw.pw_name, sshd_config) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual(authorized_keys, auth_key_fn) ++ self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +@@ -610,7 +610,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + sshd_config = self.tmp_path('sshd_config') + util.write_file( + sshd_config, +- "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys) ++ "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys) + ) + + (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( +@@ -618,7 +618,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + ) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual(user_keys, auth_key_fn) ++ self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +-- +2.18.4 + diff --git a/SOURCES/ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch b/SOURCES/ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch deleted file mode 100644 index d12df6d..0000000 --- a/SOURCES/ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 07755100b11abd4d429577f9f3f57a2c43592089 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 17 Aug 2020 11:14:45 +0200 -Subject: [PATCH 1/2] When tools.conf does not exist, running cmd - "vmware-toolbox-cmd config get deployPkg enable-custom-scripts", the return - code will be EX_UNAVAILABLE(69), on this condition, it should not take it as - error. (#413) - -RH-Author: Eduardo Otubo -Message-id: <20200710094434.9711-1-otubo@redhat.com> -Patchwork-id: 97934 -O-Subject: [RHEL-7.9.z/RHEL-8.2.1/RHEL-8.3.0 cloud-init PATCH] When tools.conf does not exist, running cmd "vmware-toolbox-cmd config get deployPkg enable-custom-scripts", the return code will be EX_UNAVAILABLE(69), on this condition, it should not take it as error. (#413) -Bugzilla: 1839662 -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Mohammed Gamal - -From: chengcheng-chcheng <63850735+chengcheng-chcheng@users.noreply.github.com> - -The diff seems slightly different from upstream because of some parts -being in different positions. But the final result is the file patched -guestcust_util.py (within this block) exactly identical to the one -upstream. - -Also: Sorry for the commit message being just a Subject and this being -enormous. I kept the original from upstream. - -commit c6d09af67626c2f2241c64c10c9e27e8752ba87b -Author: chengcheng-chcheng <63850735+chengcheng-chcheng@users.noreply.github.com> -Date: Wed Jun 10 00:20:47 2020 +0800 - - When tools.conf does not exist, running cmd "vmware-toolbox-cmd config get deployPkg enable-custom-scripts", the return code will be EX_UNAVAILABLE(69), on this condition, it should not take it as error. (#413) - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - .../sources/helpers/vmware/imc/guestcust_util.py | 33 +++++++++++++--------- - 1 file changed, 20 insertions(+), 13 deletions(-) - -diff --git a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py -index 3d369d0..a270d9f 100644 ---- a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py -+++ b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py -@@ -133,23 +133,30 @@ def get_tools_config(section, key, defaultVal): - 'vmware-toolbox-cmd not installed, returning default value') - return defaultVal - -- retValue = defaultVal - cmd = ['vmware-toolbox-cmd', 'config', 'get', section, key] - - try: -- (outText, _) = util.subp(cmd) -- m = re.match(r'([^=]+)=(.*)', outText) -- if m: -- retValue = m.group(2).strip() -- logger.debug("Get tools config: [%s] %s = %s", -- section, key, retValue) -- else: -+ (outText, _) = subp.subp(cmd) -+ except subp.ProcessExecutionError as e: -+ if e.exit_code == 69: - logger.debug( -- "Tools config: [%s] %s is not found, return default value: %s", -- section, key, retValue) -- except util.ProcessExecutionError as e: -- logger.error("Failed running %s[%s]", cmd, e.exit_code) -- logger.exception(e) -+ "vmware-toolbox-cmd returned 69 (unavailable) for cmd: %s." -+ " Return default value: %s", " ".join(cmd), defaultVal) -+ else: -+ logger.error("Failed running %s[%s]", cmd, e.exit_code) -+ logger.exception(e) -+ return defaultVal -+ -+ retValue = defaultVal -+ m = re.match(r'([^=]+)=(.*)', outText) -+ if m: -+ retValue = m.group(2).strip() -+ logger.debug("Get tools config: [%s] %s = %s", -+ section, key, retValue) -+ else: -+ logger.debug( -+ "Tools config: [%s] %s is not found, return default value: %s", -+ section, key, retValue) - - return retValue - --- -1.8.3.1 - diff --git a/SOURCES/ci-cc_mounts-fix-incorrect-format-specifiers-316.patch b/SOURCES/ci-cc_mounts-fix-incorrect-format-specifiers-316.patch deleted file mode 100644 index 9498e0a..0000000 --- a/SOURCES/ci-cc_mounts-fix-incorrect-format-specifiers-316.patch +++ /dev/null @@ -1,90 +0,0 @@ -From c3a019b57cade8e6c3963f6bd2c7c15cd67e561c Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Wed, 2 Sep 2020 14:59:06 +0200 -Subject: [PATCH] cc_mounts: fix incorrect format specifiers (#316) - -RH-Author: Eduardo Otubo -Message-id: <20200825131749.4989-1-otubo@redhat.com> -Patchwork-id: 98217 -O-Subject: [RHEL-8.3.0 cloud-init PATCH] cc_mounts: fix incorrect format specifiers (#316) -Bugzilla: 1794664 -RH-Acked-by: Mohammed Gamal -RH-Acked-by: Cathy Avery - -Conflicts: Not exactly a conflict, but removed optional notations -"variable: type" and "-> type" from function header create_swapfile() as -it is only available on Python >= 3.5 and this patch is for RHEL-7.9 -only (Python 2.*). The rest of the cherry-pick was clean. - -commit 9d7b35ce23aaf8741dd49b16e359c96591be3c76 -Author: Daniel Watkins -Date: Wed Apr 15 16:53:08 2020 -0400 - - cc_mounts: fix incorrect format specifiers (#316) - - LP: #1872836 - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - cloudinit/config/cc_mounts.py | 6 +++--- - cloudinit/config/tests/test_mounts.py | 22 ++++++++++++++++++++++ - 2 files changed, 25 insertions(+), 3 deletions(-) - create mode 100644 cloudinit/config/tests/test_mounts.py - -diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py -index e1c43e3..55b6770 100644 ---- a/cloudinit/config/cc_mounts.py -+++ b/cloudinit/config/cc_mounts.py -@@ -226,17 +226,17 @@ def suggested_swapsize(memsize=None, maxsize=None, fsys=None): - def create_swapfile(fname, size): - """Size is in MiB.""" - -- errmsg = "Failed to create swapfile '%s' of size %dMB via %s: %s" -+ errmsg = "Failed to create swapfile '%s' of size %sMB via %s: %s" - - def create_swap(fname, size, method): - LOG.debug("Creating swapfile in '%s' on fstype '%s' using '%s'", - fname, fstype, method) - - if method == "fallocate": -- cmd = ['fallocate', '-l', '%dM' % size, fname] -+ cmd = ['fallocate', '-l', '%sM' % size, fname] - elif method == "dd": - cmd = ['dd', 'if=/dev/zero', 'of=%s' % fname, 'bs=1M', -- 'count=%d' % size] -+ 'count=%s' % size] - - try: - util.subp(cmd, capture=True) -diff --git a/cloudinit/config/tests/test_mounts.py b/cloudinit/config/tests/test_mounts.py -new file mode 100644 -index 0000000..c7dad61 ---- /dev/null -+++ b/cloudinit/config/tests/test_mounts.py -@@ -0,0 +1,22 @@ -+# This file is part of cloud-init. See LICENSE file for license information. -+from unittest import mock -+ -+from cloudinit.config.cc_mounts import create_swapfile -+ -+ -+M_PATH = 'cloudinit.config.cc_mounts.' -+ -+ -+class TestCreateSwapfile: -+ -+ @mock.patch(M_PATH + 'util.subp') -+ def test_happy_path(self, m_subp, tmpdir): -+ swap_file = tmpdir.join("swap-file") -+ fname = str(swap_file) -+ -+ # Some of the calls to util.subp should create the swap file; this -+ # roughly approximates that -+ m_subp.side_effect = lambda *args, **kwargs: swap_file.write('') -+ -+ create_swapfile(fname, '') -+ assert mock.call(['mkswap', fname]) in m_subp.call_args_list --- -1.8.3.1 - diff --git a/SOURCES/ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch b/SOURCES/ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch deleted file mode 100644 index a49ca1e..0000000 --- a/SOURCES/ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e7a0cd9aa71dfd7715eca4b393db0aa348e05f8f Mon Sep 17 00:00:00 2001 -From: jmaloy -Date: Thu, 28 May 2020 08:43:58 +0200 -Subject: [PATCH 1/4] cc_set_password: increase random pwlength from 9 to 20 - (#189) - -RH-Author: jmaloy -Message-id: <20200313015002.3297-2-jmaloy@redhat.com> -Patchwork-id: 94253 -O-Subject: [RHEL-8.2 cloud-init PATCH 1/1] cc_set_password: increase random pwlength from 9 to 20 (#189) -Bugzilla: 1812171 -RH-Acked-by: Eduardo Otubo -RH-Acked-by: Miroslav Rezanina - -From: Ryan Harper - -Increasing the bits of security from 52 to 115. - -LP: #1860795 -(cherry picked from commit 42788bf24a1a0a5421a2d00a7f59b59e38ba1a14) -Signed-off-by: Jon Maloy -Signed-off-by: Miroslav Rezanina ---- - cloudinit/config/cc_set_passwords.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py -index c3c5b0f..0742234 100755 ---- a/cloudinit/config/cc_set_passwords.py -+++ b/cloudinit/config/cc_set_passwords.py -@@ -236,7 +236,7 @@ def handle(_name, cfg, cloud, log, args): - raise errors[-1] - - --def rand_user_password(pwlen=9): -+def rand_user_password(pwlen=20): - return util.rand_str(pwlen, select_from=PW_SET) - - --- -1.8.3.1 - diff --git a/SOURCES/ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch b/SOURCES/ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch deleted file mode 100644 index f339ffd..0000000 --- a/SOURCES/ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch +++ /dev/null @@ -1,46 +0,0 @@ -From f67f56e85c0fdb1c94527a6a1795bbacd2e6fdb0 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Wed, 24 Jun 2020 07:34:34 +0200 -Subject: [PATCH 4/4] cloud-init.service.tmpl: use "rhel" instead of "redhat" - (#452) - -RH-Author: Eduardo Otubo -Message-id: <20200623154034.28563-4-otubo@redhat.com> -Patchwork-id: 97784 -O-Subject: [RHEL-8.3.0/RHEL-8.2.1 cloud-init PATCH 3/3] cloud-init.service.tmpl: use "rhel" instead of "redhat" (#452) -Bugzilla: 1834173 -RH-Acked-by: Cathy Avery -RH-Acked-by: Mohammed Gamal - -From: Daniel Watkins - -commit ddc4c2de1b1e716b31384af92f5356bfc6136944 -Author: Daniel Watkins -Date: Tue Jun 23 09:43:04 2020 -0400 - - cloud-init.service.tmpl: use "rhel" instead of "redhat" (#452) - - We use "rhel" consistently everywhere else. - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - systemd/cloud-init.service.tmpl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl -index 9ad3574..af6d9a8 100644 ---- a/systemd/cloud-init.service.tmpl -+++ b/systemd/cloud-init.service.tmpl -@@ -10,7 +10,7 @@ After=systemd-networkd-wait-online.service - {% if variant in ["ubuntu", "unknown", "debian"] %} - After=networking.service - {% endif %} --{% if variant in ["centos", "fedora", "redhat"] %} -+{% if variant in ["centos", "fedora", "rhel"] %} - After=network.service - After=NetworkManager.service - {% endif %} --- -1.8.3.1 - diff --git a/SOURCES/ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch b/SOURCES/ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch deleted file mode 100644 index 44e8e45..0000000 --- a/SOURCES/ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch +++ /dev/null @@ -1,350 +0,0 @@ -From f6dc3cf39a4884657478a47894ce8a76ec9a72c5 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Wed, 24 Jun 2020 07:34:29 +0200 -Subject: [PATCH 1/4] ec2: Do not log IMDSv2 token values, instead use REDACTED - (#219) - -RH-Author: Eduardo Otubo -Message-id: <20200505082940.18316-1-otubo@redhat.com> -Patchwork-id: 96264 -O-Subject: [RHEL-7.9/RHEL-8.3 cloud-init PATCH] ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) -Bugzilla: 1822343 -RH-Acked-by: Cathy Avery -RH-Acked-by: Mohammed Gamal -RH-Acked-by: Vitaly Kuznetsov - -Note: There's no RHEL-8.3/cloud-init-19.4 branch yet, but it should be -queued to be applied on top of it when it's created. - -commit 87cd040ed8fe7195cbb357ed3bbf53cd2a81436c -Author: Ryan Harper -Date: Wed Feb 19 15:01:09 2020 -0600 - - ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) - - Instead of logging the token values used log the headers and replace the actual - values with the string 'REDACTED'. This allows users to examine cloud-init.log - and see that the IMDSv2 token header is being used but avoids leaving the value - used in the log file itself. - - LP: #1863943 - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - cloudinit/ec2_utils.py | 12 ++++++++-- - cloudinit/sources/DataSourceEc2.py | 35 +++++++++++++++++++---------- - cloudinit/url_helper.py | 27 ++++++++++++++++------ - tests/unittests/test_datasource/test_ec2.py | 17 ++++++++++++++ - 4 files changed, 70 insertions(+), 21 deletions(-) - -diff --git a/cloudinit/ec2_utils.py b/cloudinit/ec2_utils.py -index 57708c1..34acfe8 100644 ---- a/cloudinit/ec2_utils.py -+++ b/cloudinit/ec2_utils.py -@@ -142,7 +142,8 @@ def skip_retry_on_codes(status_codes, _request_args, cause): - def get_instance_userdata(api_version='latest', - metadata_address='http://169.254.169.254', - ssl_details=None, timeout=5, retries=5, -- headers_cb=None, exception_cb=None): -+ headers_cb=None, headers_redact=None, -+ exception_cb=None): - ud_url = url_helper.combine_url(metadata_address, api_version) - ud_url = url_helper.combine_url(ud_url, 'user-data') - user_data = '' -@@ -155,7 +156,8 @@ def get_instance_userdata(api_version='latest', - SKIP_USERDATA_CODES) - response = url_helper.read_file_or_url( - ud_url, ssl_details=ssl_details, timeout=timeout, -- retries=retries, exception_cb=exception_cb, headers_cb=headers_cb) -+ retries=retries, exception_cb=exception_cb, headers_cb=headers_cb, -+ headers_redact=headers_redact) - user_data = response.contents - except url_helper.UrlError as e: - if e.code not in SKIP_USERDATA_CODES: -@@ -169,11 +171,13 @@ def _get_instance_metadata(tree, api_version='latest', - metadata_address='http://169.254.169.254', - ssl_details=None, timeout=5, retries=5, - leaf_decoder=None, headers_cb=None, -+ headers_redact=None, - exception_cb=None): - md_url = url_helper.combine_url(metadata_address, api_version, tree) - caller = functools.partial( - url_helper.read_file_or_url, ssl_details=ssl_details, - timeout=timeout, retries=retries, headers_cb=headers_cb, -+ headers_redact=headers_redact, - exception_cb=exception_cb) - - def mcaller(url): -@@ -197,6 +201,7 @@ def get_instance_metadata(api_version='latest', - metadata_address='http://169.254.169.254', - ssl_details=None, timeout=5, retries=5, - leaf_decoder=None, headers_cb=None, -+ headers_redact=None, - exception_cb=None): - # Note, 'meta-data' explicitly has trailing /. - # this is required for CloudStack (LP: #1356855) -@@ -204,6 +209,7 @@ def get_instance_metadata(api_version='latest', - metadata_address=metadata_address, - ssl_details=ssl_details, timeout=timeout, - retries=retries, leaf_decoder=leaf_decoder, -+ headers_redact=headers_redact, - headers_cb=headers_cb, - exception_cb=exception_cb) - -@@ -212,12 +218,14 @@ def get_instance_identity(api_version='latest', - metadata_address='http://169.254.169.254', - ssl_details=None, timeout=5, retries=5, - leaf_decoder=None, headers_cb=None, -+ headers_redact=None, - exception_cb=None): - return _get_instance_metadata(tree='dynamic/instance-identity', - api_version=api_version, - metadata_address=metadata_address, - ssl_details=ssl_details, timeout=timeout, - retries=retries, leaf_decoder=leaf_decoder, -+ headers_redact=headers_redact, - headers_cb=headers_cb, - exception_cb=exception_cb) - # vi: ts=4 expandtab -diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py -index b9f346a..0f2bfef 100644 ---- a/cloudinit/sources/DataSourceEc2.py -+++ b/cloudinit/sources/DataSourceEc2.py -@@ -31,6 +31,9 @@ STRICT_ID_DEFAULT = "warn" - API_TOKEN_ROUTE = 'latest/api/token' - API_TOKEN_DISABLED = '_ec2_disable_api_token' - AWS_TOKEN_TTL_SECONDS = '21600' -+AWS_TOKEN_PUT_HEADER = 'X-aws-ec2-metadata-token' -+AWS_TOKEN_REQ_HEADER = AWS_TOKEN_PUT_HEADER + '-ttl-seconds' -+AWS_TOKEN_REDACT = [AWS_TOKEN_PUT_HEADER, AWS_TOKEN_REQ_HEADER] - - - class CloudNames(object): -@@ -158,7 +161,8 @@ class DataSourceEc2(sources.DataSource): - for api_ver in self.extended_metadata_versions: - url = url_tmpl.format(self.metadata_address, api_ver) - try: -- resp = uhelp.readurl(url=url, headers=headers) -+ resp = uhelp.readurl(url=url, headers=headers, -+ headers_redact=AWS_TOKEN_REDACT) - except uhelp.UrlError as e: - LOG.debug('url %s raised exception %s', url, e) - else: -@@ -180,6 +184,7 @@ class DataSourceEc2(sources.DataSource): - self.identity = ec2.get_instance_identity( - api_version, self.metadata_address, - headers_cb=self._get_headers, -+ headers_redact=AWS_TOKEN_REDACT, - exception_cb=self._refresh_stale_aws_token_cb).get( - 'document', {}) - return self.identity.get( -@@ -205,7 +210,8 @@ class DataSourceEc2(sources.DataSource): - LOG.debug('Fetching Ec2 IMDSv2 API Token') - url, response = uhelp.wait_for_url( - urls=urls, max_wait=1, timeout=1, status_cb=self._status_cb, -- headers_cb=self._get_headers, request_method=request_method) -+ headers_cb=self._get_headers, request_method=request_method, -+ headers_redact=AWS_TOKEN_REDACT) - - if url and response: - self._api_token = response -@@ -252,7 +258,8 @@ class DataSourceEc2(sources.DataSource): - url, _ = uhelp.wait_for_url( - urls=urls, max_wait=url_params.max_wait_seconds, - timeout=url_params.timeout_seconds, status_cb=LOG.warning, -- headers_cb=self._get_headers, request_method=request_method) -+ headers_redact=AWS_TOKEN_REDACT, headers_cb=self._get_headers, -+ request_method=request_method) - - if url: - metadata_address = url2base[url] -@@ -420,6 +427,7 @@ class DataSourceEc2(sources.DataSource): - if not self.wait_for_metadata_service(): - return {} - api_version = self.get_metadata_api_version() -+ redact = AWS_TOKEN_REDACT - crawled_metadata = {} - if self.cloud_name == CloudNames.AWS: - exc_cb = self._refresh_stale_aws_token_cb -@@ -429,14 +437,17 @@ class DataSourceEc2(sources.DataSource): - try: - crawled_metadata['user-data'] = ec2.get_instance_userdata( - api_version, self.metadata_address, -- headers_cb=self._get_headers, exception_cb=exc_cb_ud) -+ headers_cb=self._get_headers, headers_redact=redact, -+ exception_cb=exc_cb_ud) - crawled_metadata['meta-data'] = ec2.get_instance_metadata( - api_version, self.metadata_address, -- headers_cb=self._get_headers, exception_cb=exc_cb) -+ headers_cb=self._get_headers, headers_redact=redact, -+ exception_cb=exc_cb) - if self.cloud_name == CloudNames.AWS: - identity = ec2.get_instance_identity( - api_version, self.metadata_address, -- headers_cb=self._get_headers, exception_cb=exc_cb) -+ headers_cb=self._get_headers, headers_redact=redact, -+ exception_cb=exc_cb) - crawled_metadata['dynamic'] = {'instance-identity': identity} - except Exception: - util.logexc( -@@ -455,11 +466,12 @@ class DataSourceEc2(sources.DataSource): - if self.cloud_name != CloudNames.AWS: - return None - LOG.debug("Refreshing Ec2 metadata API token") -- request_header = {'X-aws-ec2-metadata-token-ttl-seconds': seconds} -+ request_header = {AWS_TOKEN_REQ_HEADER: seconds} - token_url = '{}/{}'.format(self.metadata_address, API_TOKEN_ROUTE) - try: -- response = uhelp.readurl( -- token_url, headers=request_header, request_method="PUT") -+ response = uhelp.readurl(token_url, headers=request_header, -+ headers_redact=AWS_TOKEN_REDACT, -+ request_method="PUT") - except uhelp.UrlError as e: - LOG.warning( - 'Unable to get API token: %s raised exception %s', -@@ -500,8 +512,7 @@ class DataSourceEc2(sources.DataSource): - API_TOKEN_DISABLED): - return {} - # Request a 6 hour token if URL is API_TOKEN_ROUTE -- request_token_header = { -- 'X-aws-ec2-metadata-token-ttl-seconds': AWS_TOKEN_TTL_SECONDS} -+ request_token_header = {AWS_TOKEN_REQ_HEADER: AWS_TOKEN_TTL_SECONDS} - if API_TOKEN_ROUTE in url: - return request_token_header - if not self._api_token: -@@ -511,7 +522,7 @@ class DataSourceEc2(sources.DataSource): - self._api_token = self._refresh_api_token() - if not self._api_token: - return {} -- return {'X-aws-ec2-metadata-token': self._api_token} -+ return {AWS_TOKEN_PUT_HEADER: self._api_token} - - - class DataSourceEc2Local(DataSourceEc2): -diff --git a/cloudinit/url_helper.py b/cloudinit/url_helper.py -index 1496a47..3e7de9f 100644 ---- a/cloudinit/url_helper.py -+++ b/cloudinit/url_helper.py -@@ -8,6 +8,7 @@ - # - # This file is part of cloud-init. See LICENSE file for license information. - -+import copy - import json - import os - import requests -@@ -41,6 +42,7 @@ else: - SSL_ENABLED = False - CONFIG_ENABLED = False # This was added in 0.7 (but taken out in >=1.0) - _REQ_VER = None -+REDACTED = 'REDACTED' - try: - from distutils.version import LooseVersion - import pkg_resources -@@ -199,9 +201,9 @@ def _get_ssl_args(url, ssl_details): - - - def readurl(url, data=None, timeout=None, retries=0, sec_between=1, -- headers=None, headers_cb=None, ssl_details=None, -- check_status=True, allow_redirects=True, exception_cb=None, -- session=None, infinite=False, log_req_resp=True, -+ headers=None, headers_cb=None, headers_redact=None, -+ ssl_details=None, check_status=True, allow_redirects=True, -+ exception_cb=None, session=None, infinite=False, log_req_resp=True, - request_method=None): - """Wrapper around requests.Session to read the url and retry if necessary - -@@ -217,6 +219,7 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1, - :param headers: Optional dict of headers to send during request - :param headers_cb: Optional callable returning a dict of values to send as - headers during request -+ :param headers_redact: Optional list of header names to redact from the log - :param ssl_details: Optional dict providing key_file, ca_certs, and - cert_file keys for use on in ssl connections. - :param check_status: Optional boolean set True to raise when HTTPError -@@ -243,6 +246,8 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1, - req_args['method'] = request_method - if timeout is not None: - req_args['timeout'] = max(float(timeout), 0) -+ if headers_redact is None: -+ headers_redact = [] - # It doesn't seem like config - # was added in older library versions (or newer ones either), thus we - # need to manually do the retries if it wasn't... -@@ -287,6 +292,12 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1, - if k == 'data': - continue - filtered_req_args[k] = v -+ if k == 'headers': -+ for hkey, _hval in v.items(): -+ if hkey in headers_redact: -+ filtered_req_args[k][hkey] = ( -+ copy.deepcopy(req_args[k][hkey])) -+ filtered_req_args[k][hkey] = REDACTED - try: - - if log_req_resp: -@@ -339,8 +350,8 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1, - return None # Should throw before this... - - --def wait_for_url(urls, max_wait=None, timeout=None, -- status_cb=None, headers_cb=None, sleep_time=1, -+def wait_for_url(urls, max_wait=None, timeout=None, status_cb=None, -+ headers_cb=None, headers_redact=None, sleep_time=1, - exception_cb=None, sleep_time_cb=None, request_method=None): - """ - urls: a list of urls to try -@@ -352,6 +363,7 @@ def wait_for_url(urls, max_wait=None, timeout=None, - status_cb: call method with string message when a url is not available - headers_cb: call method with single argument of url to get headers - for request. -+ headers_redact: a list of header names to redact from the log - exception_cb: call method with 2 arguments 'msg' (per status_cb) and - 'exception', the exception that occurred. - sleep_time_cb: call method with 2 arguments (response, loop_n) that -@@ -415,8 +427,9 @@ def wait_for_url(urls, max_wait=None, timeout=None, - headers = {} - - response = readurl( -- url, headers=headers, timeout=timeout, -- check_status=False, request_method=request_method) -+ url, headers=headers, headers_redact=headers_redact, -+ timeout=timeout, check_status=False, -+ request_method=request_method) - if not response.contents: - reason = "empty response [%s]" % (response.code) - url_exc = UrlError(ValueError(reason), code=response.code, -diff --git a/tests/unittests/test_datasource/test_ec2.py b/tests/unittests/test_datasource/test_ec2.py -index 34a089f..bd5bd4c 100644 ---- a/tests/unittests/test_datasource/test_ec2.py -+++ b/tests/unittests/test_datasource/test_ec2.py -@@ -429,6 +429,23 @@ class TestEc2(test_helpers.HttprettyTestCase): - self.assertTrue(ds.get_data()) - self.assertFalse(ds.is_classic_instance()) - -+ def test_aws_token_redacted(self): -+ """Verify that aws tokens are redacted when logged.""" -+ ds = self._setup_ds( -+ platform_data=self.valid_platform_data, -+ sys_cfg={'datasource': {'Ec2': {'strict_id': False}}}, -+ md={'md': DEFAULT_METADATA}) -+ self.assertTrue(ds.get_data()) -+ all_logs = self.logs.getvalue().splitlines() -+ REDACT_TTL = "'X-aws-ec2-metadata-token-ttl-seconds': 'REDACTED'" -+ REDACT_TOK = "'X-aws-ec2-metadata-token': 'REDACTED'" -+ logs_with_redacted_ttl = [log for log in all_logs if REDACT_TTL in log] -+ logs_with_redacted = [log for log in all_logs if REDACT_TOK in log] -+ logs_with_token = [log for log in all_logs if 'API-TOKEN' in log] -+ self.assertEqual(1, len(logs_with_redacted_ttl)) -+ self.assertEqual(79, len(logs_with_redacted)) -+ self.assertEqual(0, len(logs_with_token)) -+ - @mock.patch('cloudinit.net.dhcp.maybe_perform_dhcp_discovery') - def test_valid_platform_with_strict_true(self, m_dhcp): - """Valid platform data should return true with strict_id true.""" --- -1.8.3.1 - diff --git a/SOURCES/ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch b/SOURCES/ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch deleted file mode 100644 index 619d8dc..0000000 --- a/SOURCES/ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch +++ /dev/null @@ -1,128 +0,0 @@ -From dc9460f161efce6770f66bb95d60cea6d27df722 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Thu, 25 Jun 2020 08:03:59 +0200 -Subject: [PATCH] ec2: only redact token request headers in logs, avoid - altering request (#230) - -RH-Author: Eduardo Otubo -Message-id: <20200624112104.376-1-otubo@redhat.com> -Patchwork-id: 97793 -O-Subject: [RHEL-8.3.0 cloud-init PATCH] ec2: only redact token request headers in logs, avoid altering request (#230) -Bugzilla: 1822343 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Mohammed Gamal -RH-Acked-by: Cathy Avery - -From: Chad Smith - -commit fa1abfec27050a4fb71cad950a17e42f9b43b478 -Author: Chad Smith -Date: Tue Mar 3 15:23:33 2020 -0700 - - ec2: only redact token request headers in logs, avoid altering request (#230) - - Our header redact logic was redacting both logged request headers and - the actual source request. This results in DataSourceEc2 sending the - invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which - gets an HTTP status response of 400. - - Cloud-init retries this failed token request for 2 minutes before - falling back to IMDSv1. - - LP: #1865882 - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - cloudinit/tests/test_url_helper.py | 34 +++++++++++++++++++++++++++++++++- - cloudinit/url_helper.py | 15 ++++++++------- - 2 files changed, 41 insertions(+), 8 deletions(-) - -diff --git a/cloudinit/tests/test_url_helper.py b/cloudinit/tests/test_url_helper.py -index 1674120..29b3937 100644 ---- a/cloudinit/tests/test_url_helper.py -+++ b/cloudinit/tests/test_url_helper.py -@@ -1,7 +1,8 @@ - # This file is part of cloud-init. See LICENSE file for license information. - - from cloudinit.url_helper import ( -- NOT_FOUND, UrlError, oauth_headers, read_file_or_url, retry_on_url_exc) -+ NOT_FOUND, UrlError, REDACTED, oauth_headers, read_file_or_url, -+ retry_on_url_exc) - from cloudinit.tests.helpers import CiTestCase, mock, skipIf - from cloudinit import util - from cloudinit import version -@@ -50,6 +51,9 @@ class TestOAuthHeaders(CiTestCase): - - - class TestReadFileOrUrl(CiTestCase): -+ -+ with_logs = True -+ - def test_read_file_or_url_str_from_file(self): - """Test that str(result.contents) on file is text version of contents. - It should not be "b'data'", but just "'data'" """ -@@ -71,6 +75,34 @@ class TestReadFileOrUrl(CiTestCase): - self.assertEqual(result.contents, data) - self.assertEqual(str(result), data.decode('utf-8')) - -+ @httpretty.activate -+ def test_read_file_or_url_str_from_url_redacting_headers_from_logs(self): -+ """Headers are redacted from logs but unredacted in requests.""" -+ url = 'http://hostname/path' -+ headers = {'sensitive': 'sekret', 'server': 'blah'} -+ httpretty.register_uri(httpretty.GET, url) -+ -+ read_file_or_url(url, headers=headers, headers_redact=['sensitive']) -+ logs = self.logs.getvalue() -+ for k in headers.keys(): -+ self.assertEqual(headers[k], httpretty.last_request().headers[k]) -+ self.assertIn(REDACTED, logs) -+ self.assertNotIn('sekret', logs) -+ -+ @httpretty.activate -+ def test_read_file_or_url_str_from_url_redacts_noheaders(self): -+ """When no headers_redact, header values are in logs and requests.""" -+ url = 'http://hostname/path' -+ headers = {'sensitive': 'sekret', 'server': 'blah'} -+ httpretty.register_uri(httpretty.GET, url) -+ -+ read_file_or_url(url, headers=headers) -+ for k in headers.keys(): -+ self.assertEqual(headers[k], httpretty.last_request().headers[k]) -+ logs = self.logs.getvalue() -+ self.assertNotIn(REDACTED, logs) -+ self.assertIn('sekret', logs) -+ - @mock.patch(M_PATH + 'readurl') - def test_read_file_or_url_passes_params_to_readurl(self, m_readurl): - """read_file_or_url passes all params through to readurl.""" -diff --git a/cloudinit/url_helper.py b/cloudinit/url_helper.py -index 3e7de9f..e6188ea 100644 ---- a/cloudinit/url_helper.py -+++ b/cloudinit/url_helper.py -@@ -291,13 +291,14 @@ def readurl(url, data=None, timeout=None, retries=0, sec_between=1, - for (k, v) in req_args.items(): - if k == 'data': - continue -- filtered_req_args[k] = v -- if k == 'headers': -- for hkey, _hval in v.items(): -- if hkey in headers_redact: -- filtered_req_args[k][hkey] = ( -- copy.deepcopy(req_args[k][hkey])) -- filtered_req_args[k][hkey] = REDACTED -+ if k == 'headers' and headers_redact: -+ matched_headers = [k for k in headers_redact if v.get(k)] -+ if matched_headers: -+ filtered_req_args[k] = copy.deepcopy(v) -+ for key in matched_headers: -+ filtered_req_args[k][key] = REDACTED -+ else: -+ filtered_req_args[k] = v - try: - - if log_req_resp: --- -1.8.3.1 - diff --git a/SOURCES/ci-fix-a-typo-in-man-page-cloud-init.1-752.patch b/SOURCES/ci-fix-a-typo-in-man-page-cloud-init.1-752.patch new file mode 100644 index 0000000..0a08abf --- /dev/null +++ b/SOURCES/ci-fix-a-typo-in-man-page-cloud-init.1-752.patch @@ -0,0 +1,53 @@ +From c90d5c11eb99ec25e0fd90585bad9283e60bda7e Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 26 Jan 2021 10:48:55 +0100 +Subject: [PATCH] fix a typo in man page cloud-init.1 (#752) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 39: fix a typo in man page cloud-init.1 (#752) +RH-Commit: [1/1] d2f7efbc63a7928ef175ac0714053dba20aab01a (eterrell/cloud-init) +RH-Bugzilla: 1913127 + +commit 48b2c5f16bd4ef754fef137ea19894908d4bf1db +Author: Amy Chen <66719270+xiachen-rh@users.noreply.github.com> +Date: Wed Jan 6 22:37:02 2021 +0800 + + fix a typo in man page cloud-init.1 (#752) + + 1. fix a typo in cloud-init.1 + 2. add xiachen-rh as contributor + +Conflict: We don't really use tools/.github-cla-signers, but had to fix +a tiny conflict of already included names on the file. + +Signed-off-by: Eduardo Otubo +--- + doc/man/cloud-init.1 | 2 +- + tools/.github-cla-signers | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/doc/man/cloud-init.1 b/doc/man/cloud-init.1 +index 9b52dc8d..3fde4148 100644 +--- a/doc/man/cloud-init.1 ++++ b/doc/man/cloud-init.1 +@@ -10,7 +10,7 @@ cloud-init \- Cloud instance initialization + Cloud-init provides a mechanism for cloud instance initialization. + This is done by identifying the cloud platform that is in use, reading + provided cloud metadata and optional vendor and user +-data, and then intializing the instance as requested. ++data, and then initializing the instance as requested. + + Generally, this command is not normally meant to be run directly by + the user. However, some subcommands may useful for development or +diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers +index 802a35bd..e5d2b95c 100644 +--- a/tools/.github-cla-signers ++++ b/tools/.github-cla-signers +@@ -21,3 +21,4 @@ sshedi + TheRealFalcon + tomponline + tsanghan ++xiachen-rh +-- +2.18.4 + diff --git a/SOURCES/ci-net-fix-rendering-of-static6-in-network-config-77.patch b/SOURCES/ci-net-fix-rendering-of-static6-in-network-config-77.patch deleted file mode 100644 index efa65cb..0000000 --- a/SOURCES/ci-net-fix-rendering-of-static6-in-network-config-77.patch +++ /dev/null @@ -1,203 +0,0 @@ -From 3ee8f2f5dde1bb27e682c5985bffe6fb9f9e5e0b Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Thu, 5 Nov 2020 12:42:26 +0100 -Subject: [PATCH 5/5] net: fix rendering of 'static6' in network config (#77) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) -RH-MergeRequest: 17: Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634) -RH-Commit: [2/2] 30eb756aceb37761d50c70eb4f684662a11afa3f (eterrell/cloud-init) -RH-Bugzilla: 1894015 - -commit dacdd30080bd8183d1f1c1dc9dbcbc8448301529 -Author: Ryan Harper -Date: Wed Jan 8 11:30:17 2020 -0600 - - net: fix rendering of 'static6' in network config (#77) - - * net: fix rendering of 'static6' in network config - - A V1 static6 network typo was misrendered in eni, it's not valid. - It was ignored in sysconfig and netplan. This branch fixes eni, - updates sysconfig, netplan to render it correctly and adds unittests - for all cases. - - Reported-by: Raphaël Enrici - - LP: #1850988 - - * net: add comment about static6 type in subnet_is_ipv6 - - Co-authored-by: Chad Smith - Co-authored-by: Daniel Watkins - -Signed-off-by: Eduardo Otubo ---- - cloudinit/net/eni.py | 4 +- - cloudinit/net/netplan.py | 2 +- - cloudinit/net/network_state.py | 2 +- - cloudinit/net/sysconfig.py | 4 +- - tests/unittests/test_distros/test_netconfig.py | 55 +++++++++++++++++++++++++- - 5 files changed, 61 insertions(+), 6 deletions(-) - -diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py -index 7077106..2f71456 100644 ---- a/cloudinit/net/eni.py -+++ b/cloudinit/net/eni.py -@@ -429,7 +429,9 @@ class Renderer(renderer.Renderer): - iface['mode'] = 'auto' - # Use stateless DHCPv6 (0=off, 1=on) - iface['dhcp'] = '0' -- elif subnet_is_ipv6(subnet) and subnet['type'] == 'static': -+ elif subnet_is_ipv6(subnet): -+ # mode might be static6, eni uses 'static' -+ iface['mode'] = 'static' - if accept_ra is not None: - # Accept router advertisements (0=off, 1=on) - iface['accept_ra'] = '1' if accept_ra else '0' -diff --git a/cloudinit/net/netplan.py b/cloudinit/net/netplan.py -index 14d3999..8985527 100644 ---- a/cloudinit/net/netplan.py -+++ b/cloudinit/net/netplan.py -@@ -98,7 +98,7 @@ def _extract_addresses(config, entry, ifname, features=None): - entry.update({sn_type: True}) - elif sn_type in IPV6_DYNAMIC_TYPES: - entry.update({'dhcp6': True}) -- elif sn_type in ['static']: -+ elif sn_type in ['static', 'static6']: - addr = "%s" % subnet.get('address') - if 'prefix' in subnet: - addr += "/%d" % subnet.get('prefix') -diff --git a/cloudinit/net/network_state.py b/cloudinit/net/network_state.py -index 2525fc9..48e5b6e 100644 ---- a/cloudinit/net/network_state.py -+++ b/cloudinit/net/network_state.py -@@ -942,7 +942,7 @@ def subnet_is_ipv6(subnet): - # 'static6', 'dhcp6', 'ipv6_dhcpv6-stateful', 'ipv6_dhcpv6-stateless' or - # 'ipv6_slaac' - if subnet['type'].endswith('6') or subnet['type'] in IPV6_DYNAMIC_TYPES: -- # This is a request for DHCPv6. -+ # This is a request either static6 type or DHCPv6. - return True - elif subnet['type'] == 'static' and is_ipv6_addr(subnet.get('address')): - return True -diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 4210544..1989d01 100644 ---- a/cloudinit/net/sysconfig.py -+++ b/cloudinit/net/sysconfig.py -@@ -378,7 +378,7 @@ class Renderer(renderer.Renderer): - iface_cfg['IPV6_AUTOCONF'] = True - elif subnet_type in ['dhcp4', 'dhcp']: - iface_cfg['BOOTPROTO'] = 'dhcp' -- elif subnet_type == 'static': -+ elif subnet_type in ['static', 'static6']: - # grep BOOTPROTO sysconfig.txt -A2 | head -3 - # BOOTPROTO=none|bootp|dhcp - # 'bootp' or 'dhcp' cause a DHCP client -@@ -434,7 +434,7 @@ class Renderer(renderer.Renderer): - continue - elif subnet_type in IPV6_DYNAMIC_TYPES: - continue -- elif subnet_type == 'static': -+ elif subnet_type in ['static', 'static6']: - if subnet_is_ipv6(subnet): - ipv6_index = ipv6_index + 1 - ipv6_cidr = "%s/%s" % (subnet['address'], subnet['prefix']) -diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py -index b85a333..e277bca 100644 ---- a/tests/unittests/test_distros/test_netconfig.py -+++ b/tests/unittests/test_distros/test_netconfig.py -@@ -109,13 +109,31 @@ auto eth1 - iface eth1 inet dhcp - """ - -+V1_NET_CFG_IPV6_OUTPUT = """\ -+# This file is generated from information provided by the datasource. Changes -+# to it will not persist across an instance reboot. To disable cloud-init's -+# network configuration capabilities, write a file -+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: -+# network: {config: disabled} -+auto lo -+iface lo inet loopback -+ -+auto eth0 -+iface eth0 inet6 static -+ address 2607:f0d0:1002:0011::2/64 -+ gateway 2607:f0d0:1002:0011::1 -+ -+auto eth1 -+iface eth1 inet dhcp -+""" -+ - V1_NET_CFG_IPV6 = {'config': [{'name': 'eth0', - 'subnets': [{'address': - '2607:f0d0:1002:0011::2', - 'gateway': - '2607:f0d0:1002:0011::1', - 'netmask': '64', -- 'type': 'static'}], -+ 'type': 'static6'}], - 'type': 'physical'}, - {'name': 'eth1', - 'subnets': [{'control': 'auto', -@@ -141,6 +159,23 @@ network: - dhcp4: true - """ - -+V1_TO_V2_NET_CFG_IPV6_OUTPUT = """\ -+# This file is generated from information provided by the datasource. Changes -+# to it will not persist across an instance reboot. To disable cloud-init's -+# network configuration capabilities, write a file -+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: -+# network: {config: disabled} -+network: -+ version: 2 -+ ethernets: -+ eth0: -+ addresses: -+ - 2607:f0d0:1002:0011::2/64 -+ gateway6: 2607:f0d0:1002:0011::1 -+ eth1: -+ dhcp4: true -+""" -+ - V2_NET_CFG = { - 'ethernets': { - 'eth7': { -@@ -376,6 +411,14 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): - V1_NET_CFG, - expected_cfgs=expected_cfgs.copy()) - -+ def test_apply_network_config_ipv6_ub(self): -+ expected_cfgs = { -+ self.eni_path(): V1_NET_CFG_IPV6_OUTPUT -+ } -+ self._apply_and_verify_eni(self.distro.apply_network_config, -+ V1_NET_CFG_IPV6, -+ expected_cfgs=expected_cfgs.copy()) -+ - - class TestNetCfgDistroUbuntuNetplan(TestNetCfgDistroBase): - def setUp(self): -@@ -419,6 +462,16 @@ class TestNetCfgDistroUbuntuNetplan(TestNetCfgDistroBase): - V1_NET_CFG, - expected_cfgs=expected_cfgs.copy()) - -+ def test_apply_network_config_v1_ipv6_to_netplan_ub(self): -+ expected_cfgs = { -+ self.netplan_path(): V1_TO_V2_NET_CFG_IPV6_OUTPUT, -+ } -+ -+ # ub_distro.apply_network_config(V1_NET_CFG_IPV6, False) -+ self._apply_and_verify_netplan(self.distro.apply_network_config, -+ V1_NET_CFG_IPV6, -+ expected_cfgs=expected_cfgs.copy()) -+ - def test_apply_network_config_v2_passthrough_ub(self): - expected_cfgs = { - self.netplan_path(): V2_TO_V2_NET_CFG_OUTPUT, --- -1.8.3.1 - diff --git a/SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch b/SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch index be05fe3..a2ef2dc 100644 --- a/SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch +++ b/SOURCES/ci-network-Fix-type-and-respect-name-when-rendering-vla.patch @@ -1,13 +1,13 @@ -From 2f9d58439c94fe00cee951c213f14ace6da73691 Mon Sep 17 00:00:00 2001 +From 51a90ecbdf1f3900183d8ec641eeb4571decf6dc Mon Sep 17 00:00:00 2001 From: Eduardo Otubo -Date: Tue, 15 Sep 2020 18:00:00 +0200 -Subject: [PATCH 2/5] network: Fix type and respect name when rendering vlan in +Date: Wed, 4 Nov 2020 12:37:54 +0100 +Subject: [PATCH] network: Fix type and respect name when rendering vlan in sysconfig. (#541) RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) -RH-MergeRequest: 10: ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection [rhel-8.3.0.z] -RH-Commit: [1/1] fe8bd8bc184d2391b3f9ac6af80e231649d6019a (eterrell/cloud-init) -RH-Bugzilla: 1890551 +RH-MergeRequest: 19: network: Fix type and respect name when rendering vlan in sysconfig. (#541) +RH-Commit: [1/1] 75bea46017397082c5763125a5f35806c2f840e9 (eterrell/cloud-init) +RH-Bugzilla: 1881462 commit 8439b191ec2f336d544cab86dba2860f969cd5b8 Author: Eduardo Otubo @@ -29,13 +29,6 @@ Date: Tue Sep 15 18:00:00 2020 +0200 LP: #1826608 RHBZ: #1861871 -Conflicts: -* A hunk on cloudinit/net/sysconfig.py could not apply cleanly as it -depends on a verification on the distro flavor, which is not implemented -on cloud-init-19.4. -* Couple of hunks could not apply cleanly on tests/unittests/test_net.py -because the definition of unit test response moved a little bit. - Signed-off-by: Eduardo Otubo --- cloudinit/net/sysconfig.py | 32 +++++++++- @@ -44,10 +37,10 @@ Signed-off-by: Eduardo Otubo 3 files changed, 112 insertions(+), 5 deletions(-) diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 810b283..4b4ed09 100644 +index c078898..078636a 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -95,6 +95,10 @@ class ConfigMap(object): +@@ -99,6 +99,10 @@ class ConfigMap(object): def __len__(self): return len(self._conf) @@ -56,9 +49,9 @@ index 810b283..4b4ed09 100644 + return False + def to_string(self): - buf = six.StringIO() + buf = io.StringIO() buf.write(_make_header()) -@@ -102,6 +106,8 @@ class ConfigMap(object): +@@ -106,6 +110,8 @@ class ConfigMap(object): buf.write("\n") for key in sorted(self._conf.keys()): value = self._conf[key] @@ -66,8 +59,8 @@ index 810b283..4b4ed09 100644 + continue if isinstance(value, bool): value = self._bool_map[value] - if not isinstance(value, six.string_types): -@@ -207,6 +213,7 @@ class NetInterface(ConfigMap): + if not isinstance(value, str): +@@ -214,6 +220,7 @@ class NetInterface(ConfigMap): 'bond': 'Bond', 'bridge': 'Bridge', 'infiniband': 'InfiniBand', @@ -75,7 +68,7 @@ index 810b283..4b4ed09 100644 } def __init__(self, iface_name, base_sysconf_dir, templates, -@@ -260,6 +267,11 @@ class NetInterface(ConfigMap): +@@ -267,6 +274,11 @@ class NetInterface(ConfigMap): c.routes = self.routes.copy() return c @@ -87,25 +80,25 @@ index 810b283..4b4ed09 100644 class Renderer(renderer.Renderer): """Renders network information in a /etc/sysconfig format.""" -@@ -599,7 +611,16 @@ class Renderer(renderer.Renderer): - iface_name = iface['name'] - iface_cfg = iface_contents[iface_name] - iface_cfg['VLAN'] = True -- iface_cfg['PHYSDEV'] = iface_name[:iface_name.rfind('.')] -+ iface_cfg.kind = 'vlan' +@@ -701,7 +713,16 @@ class Renderer(renderer.Renderer): + iface_cfg['ETHERDEVICE'] = iface_name[:iface_name.rfind('.')] + else: + iface_cfg['VLAN'] = True +- iface_cfg['PHYSDEV'] = iface_name[:iface_name.rfind('.')] ++ iface_cfg.kind = 'vlan' + -+ rdev = iface['vlan-raw-device'] -+ supported = _supported_vlan_names(rdev, iface['vlan_id']) -+ if iface_name not in supported: -+ LOG.info( -+ "Name '%s' for vlan '%s' is not officially supported" -+ "by RHEL. Supported: %s", -+ iface_name, rdev, ' '.join(supported)) -+ iface_cfg['PHYSDEV'] = rdev ++ rdev = iface['vlan-raw-device'] ++ supported = _supported_vlan_names(rdev, iface['vlan_id']) ++ if iface_name not in supported: ++ LOG.info( ++ "Name '%s' for vlan '%s' is not officially supported" ++ "by RHEL. Supported: %s", ++ iface_name, rdev, ' '.join(supported)) ++ iface_cfg['PHYSDEV'] = rdev iface_subnets = iface.get("subnets", []) route_cfg = iface_cfg.routes -@@ -771,6 +792,15 @@ class Renderer(renderer.Renderer): +@@ -909,6 +930,15 @@ class Renderer(renderer.Renderer): "\n".join(netcfg) + "\n", file_mode) @@ -122,10 +115,10 @@ index 810b283..4b4ed09 100644 sysconfig = available_sysconfig(target=target) nm = available_nm(target=target) diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py -index 6720995..4ea4203 100644 +index f9fc3a1..a1df066 100644 --- a/tests/unittests/test_distros/test_netconfig.py +++ b/tests/unittests/test_distros/test_netconfig.py -@@ -526,6 +526,87 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): +@@ -541,6 +541,87 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): V1_NET_CFG_IPV6, expected_cfgs=expected_cfgs.copy()) @@ -214,37 +207,37 @@ index 6720995..4ea4203 100644 class TestNetCfgDistroOpensuse(TestNetCfgDistroBase): diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index a931a3e..2eedb12 100644 +index d7a7a65..c033745 100644 --- a/tests/unittests/test_net.py +++ b/tests/unittests/test_net.py -@@ -1496,7 +1496,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -1656,7 +1656,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + DHCLIENT_SET_DEFAULT_ROUTE=no ONBOOT=yes PHYSDEV=bond0 - STARTMODE=auto - TYPE=Ethernet USERCTL=no VLAN=yes"""), 'ifcfg-br0': textwrap.dedent("""\ -@@ -1541,7 +1540,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true +@@ -1699,7 +1698,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true + NETMASK1=255.255.255.0 ONBOOT=yes PHYSDEV=eth0 - STARTMODE=auto - TYPE=Ethernet USERCTL=no VLAN=yes"""), 'ifcfg-eth1': textwrap.dedent("""\ -@@ -2163,7 +2161,6 @@ iface bond0 inet6 static +@@ -2302,7 +2300,6 @@ iface bond0 inet6 static + NETMASK1=255.255.255.0 ONBOOT=yes PHYSDEV=en0 - STARTMODE=auto - TYPE=Ethernet USERCTL=no VLAN=yes"""), }, -@@ -3180,7 +3177,6 @@ USERCTL=no +@@ -3409,7 +3406,6 @@ USERCTL=no + NM_CONTROLLED=no ONBOOT=yes PHYSDEV=eno1 - STARTMODE=auto - TYPE=Ethernet USERCTL=no VLAN=yes diff --git a/SOURCES/ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch b/SOURCES/ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch deleted file mode 100644 index cb3a8a0..0000000 --- a/SOURCES/ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 44b6004ee17cd2ae5930c7d8fd3ecafd7485a4d6 Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 17 Aug 2020 11:14:47 +0200 -Subject: [PATCH 2/2] ssh exit with non-zero status on disabled user (#472) - -RH-Author: Eduardo Otubo -Message-id: <20200729074459.16096-1-otubo@redhat.com> -Patchwork-id: 98071 -O-Subject: [RHEL-8.3.0 cloud-init PATCH] ssh exit with non-zero status on disabled user (#472) -Bugzilla: 1833874 -RH-Acked-by: Mohammed Gamal -RH-Acked-by: Vitaly Kuznetsov - -commit e161059a18173e2b61c54dba9eab774401fb5f1f -Author: Eduardo Otubo -Date: Wed Jul 15 20:21:02 2020 +0200 - - ssh exit with non-zero status on disabled user (#472) - - It is confusing for scripts, where a disabled user has been specified, - that ssh exits with a zero status by default without indication anything - failed. - - I think exitting with a non-zero status would make more clear in scripts - and automated setups where things failed, thus making noticing the issue - and debugging easier. - - Signed-off-by: Eduardo Otubo - Signed-off-by: Aleksandar Kostadinov - - LP: #1170059 - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - cloudinit/ssh_util.py | 4 +++- - doc/examples/cloud-config.txt | 2 +- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py -index bcb23a5..8ff61a2 100644 ---- a/cloudinit/ssh_util.py -+++ b/cloudinit/ssh_util.py -@@ -40,11 +40,13 @@ VALID_KEY_TYPES = ( - "ssh-rsa-cert-v01@openssh.com", - ) - -+_DISABLE_USER_SSH_EXIT = 142 - - DISABLE_USER_OPTS = ( - "no-port-forwarding,no-agent-forwarding," - "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\"" -- " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10\"") -+ " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10;" -+ "exit " + str(_DISABLE_USER_SSH_EXIT) + "\"") - - - class AuthKeyLine(object): -diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt -index 0e82b83..f00db68 100644 ---- a/doc/examples/cloud-config.txt -+++ b/doc/examples/cloud-config.txt -@@ -235,7 +235,7 @@ disable_root: false - # The string '$USER' will be replaced with the username of the default user. - # The string '$DISABLE_USER' will be replaced with the username to disable. - # --# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10" -+# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"$DISABLE_USER\".';echo;sleep 10;exit 142" - - # disable ssh access for non-root-users - # To disable ssh access for non-root users, ssh_redirect_user: true can be --- -1.8.3.1 - diff --git a/SOURCES/ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch b/SOURCES/ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch new file mode 100644 index 0000000..5fbcb0c --- /dev/null +++ b/SOURCES/ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch @@ -0,0 +1,98 @@ +From b84a1e6d246bbb758f0530038612bd18eff71767 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 8 Dec 2020 13:27:22 +0100 +Subject: [PATCH 4/4] ssh_util: handle non-default AuthorizedKeysFile config + (#586) + +RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) +RH-MergeRequest: 28: ssh_util: handle non-default AuthorizedKeysFile config (#586) +RH-Commit: [1/1] f7ce396e3002c53a3504e653b58810efb956aa26 (eterrell/cloud-init) +RH-Bugzilla: 1862967 + +commit b0e73814db4027dba0b7dc0282e295b7f653325c +Author: Eduardo Otubo +Date: Tue Oct 20 18:04:59 2020 +0200 + + ssh_util: handle non-default AuthorizedKeysFile config (#586) + + The following commit merged all ssh keys into a default user file + `~/.ssh/authorized_keys` in sshd_config had multiple files configured for + AuthorizedKeysFile: + + commit f1094b1a539044c0193165a41501480de0f8df14 + Author: Eduardo Otubo + Date: Thu Dec 5 17:37:35 2019 +0100 + + Multiple file fix for AuthorizedKeysFile config (#60) + + This commit ignored the case when sshd_config would have a single file for + AuthorizedKeysFile, but a non default configuration, for example + `~/.ssh/authorized_keys_foobar`. In this case cloud-init would grab all keys + from this file and write a new one, the default `~/.ssh/authorized_keys` + causing the bug. + + rhbz: #1862967 + + Signed-off-by: Eduardo Otubo + +Signed-off-by: Eduardo Otubo +--- + cloudinit/ssh_util.py | 6 +++--- + tests/unittests/test_sshutil.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py +index c08042d6..d5113996 100644 +--- a/cloudinit/ssh_util.py ++++ b/cloudinit/ssh_util.py +@@ -262,13 +262,13 @@ def extract_authorized_keys(username, sshd_cfg_file=DEF_SSHD_CFG): + + except (IOError, OSError): + # Give up and use a default key filename +- auth_key_fns[0] = default_authorizedkeys_file ++ auth_key_fns.append(default_authorizedkeys_file) + util.logexc(LOG, "Failed extracting 'AuthorizedKeysFile' in SSH " + "config from %r, using 'AuthorizedKeysFile' file " + "%r instead", DEF_SSHD_CFG, auth_key_fns[0]) + +- # always store all the keys in the user's private file +- return (default_authorizedkeys_file, parse_authorized_keys(auth_key_fns)) ++ # always store all the keys in the first file configured on sshd_config ++ return (auth_key_fns[0], parse_authorized_keys(auth_key_fns)) + + + def setup_user_keys(keys, username, options=None): +diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py +index fd1d1bac..88a111e3 100644 +--- a/tests/unittests/test_sshutil.py ++++ b/tests/unittests/test_sshutil.py +@@ -593,7 +593,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + fpw.pw_name, sshd_config) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) ++ self.assertEqual(authorized_keys, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +@@ -610,7 +610,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + sshd_config = self.tmp_path('sshd_config') + util.write_file( + sshd_config, +- "AuthorizedKeysFile %s %s" % (authorized_keys, user_keys) ++ "AuthorizedKeysFile %s %s" % (user_keys, authorized_keys) + ) + + (auth_key_fn, auth_key_entries) = ssh_util.extract_authorized_keys( +@@ -618,7 +618,7 @@ class TestMultipleSshAuthorizedKeysFile(test_helpers.CiTestCase): + ) + content = ssh_util.update_authorized_keys(auth_key_entries, []) + +- self.assertEqual("%s/.ssh/authorized_keys" % fpw.pw_dir, auth_key_fn) ++ self.assertEqual(user_keys, auth_key_fn) + self.assertTrue(VALID_CONTENT['rsa'] in content) + self.assertTrue(VALID_CONTENT['dsa'] in content) + +-- +2.18.4 + diff --git a/SOURCES/ci-swap-file-size-being-used-before-checked-if-str-315.patch b/SOURCES/ci-swap-file-size-being-used-before-checked-if-str-315.patch deleted file mode 100644 index bf1cc08..0000000 --- a/SOURCES/ci-swap-file-size-being-used-before-checked-if-str-315.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 4f177d3363a0efb2ee67b8a46efaca7707c2437f Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Mon, 24 Aug 2020 15:25:36 +0200 -Subject: [PATCH 2/3] swap file "size" being used before checked if str (#315) - -RH-Author: Eduardo Otubo -Message-id: <20200820092042.5418-3-otubo@redhat.com> -Patchwork-id: 98192 -O-Subject: [RHEL-8.3.0 cloud-init PATCH 2/3] swap file "size" being used before checked if str (#315) -Bugzilla: 1794664 -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Mohammed Gamal - -commit 46cf23c28812d3e3ba0c570defd9a05628af5556 -Author: Eduardo Otubo -Date: Tue Apr 14 17:45:14 2020 +0200 - - swap file "size" being used before checked if str - - Swap file size variable was being used before checked if it's set to str - "auto". If set to "auto", it will break with: - - failed to setup swap: unsupported operand type(s) for /: 'str' and 'int' - - Signed-off-by: Eduardo Otubo - -Signed-off-by: Eduardo Otubo -Signed-off-by: Miroslav Rezanina ---- - cloudinit/config/cc_mounts.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cloudinit/config/cc_mounts.py b/cloudinit/config/cc_mounts.py -index 4293844..0573026 100644 ---- a/cloudinit/config/cc_mounts.py -+++ b/cloudinit/config/cc_mounts.py -@@ -274,7 +274,6 @@ def setup_swapfile(fname, size=None, maxsize=None): - maxsize: the maximum size - """ - swap_dir = os.path.dirname(fname) -- mibsize = str(int(size / (2 ** 20))) - if str(size).lower() == "auto": - try: - memsize = util.read_meminfo()['total'] -@@ -286,6 +285,7 @@ def setup_swapfile(fname, size=None, maxsize=None): - size = suggested_swapsize(fsys=swap_dir, maxsize=maxsize, - memsize=memsize) - -+ mibsize = str(int(size / (2 ** 20))) - if not size: - LOG.debug("Not creating swap: suggested size was 0") - return --- -1.8.3.1 - diff --git a/SOURCES/ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch b/SOURCES/ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch deleted file mode 100644 index 6526b19..0000000 --- a/SOURCES/ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch +++ /dev/null @@ -1,1900 +0,0 @@ -From dc7315345b42b6f913191d1b52ed459d3ec5068b Mon Sep 17 00:00:00 2001 -From: Eduardo Otubo -Date: Tue, 23 Feb 2021 12:16:27 +0100 -Subject: [PATCH] sysconfig: distro-specific config rendering for BOOTPROTO - option (#162) - -RH-Author: Eduardo Terrell Ferrari Otubo (eterrell) -RH-MergeRequest: 1: sysconfig: distro-specific config rendering for BOOTPROTO option (#162) -RH-Commit: [1/1] d88e3e93e2d23c8b90191cf6c5d0e8b7733fcce2 (eterrell/cloud-init) -RH-Bugzilla: 1931835 - -commit 06e324ff8edb3126e5a8060757a48ceab2b1a121 -Author: Robert Schweikert -Date: Mon Feb 3 14:56:51 2020 -0500 - - sysconfig: distro-specific config rendering for BOOTPROTO option (#162) - - - Introduce the "flavor" configuration option for the sysconfig renderer - this is necessary to account for differences in the handling of the - BOOTPROTO setting between distributions (lp#1858808) - + Thanks to Petr Pavlu for the idea - - Network config clean up for sysconfig renderer - + The introduction of the "flavor" renderer configuration allows us - to only write values that are pertinent for the given distro - - Set the DHCPv6 client mode on SUSE (lp#1800854) - - Co-authored-by: Chad Smith - - LP: #1800854 - -Signed-off-by: Eduardo Otubo ---- - cloudinit/distros/opensuse.py | 1 + - cloudinit/net/sysconfig.py | 329 +++++++--- - .../unittests/test_distros/test_netconfig.py | 34 +- - tests/unittests/test_net.py | 596 +++++++++++------- - 4 files changed, 592 insertions(+), 368 deletions(-) - -diff --git a/cloudinit/distros/opensuse.py b/cloudinit/distros/opensuse.py -index e41e2f7b..dd56a3f4 100644 ---- a/cloudinit/distros/opensuse.py -+++ b/cloudinit/distros/opensuse.py -@@ -37,6 +37,7 @@ class Distro(distros.Distro): - renderer_configs = { - 'sysconfig': { - 'control': 'etc/sysconfig/network/config', -+ 'flavor': 'suse', - 'iface_templates': '%(base)s/network/ifcfg-%(name)s', - 'netrules_path': ( - 'etc/udev/rules.d/85-persistent-net-cloud-init.rules'), -diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 1989d014..1e8a547e 100644 ---- a/cloudinit/net/sysconfig.py -+++ b/cloudinit/net/sysconfig.py -@@ -1,5 +1,6 @@ - # This file is part of cloud-init. See LICENSE file for license information. - -+import copy - import os - import re - -@@ -86,6 +87,9 @@ class ConfigMap(object): - def __getitem__(self, key): - return self._conf[key] - -+ def get(self, key): -+ return self._conf.get(key) -+ - def __contains__(self, key): - return key in self._conf - -@@ -115,6 +119,9 @@ class ConfigMap(object): - buf.write("%s=%s\n" % (key, _quote_value(value))) - return buf.getvalue() - -+ def update(self, updates): -+ self._conf.update(updates) -+ - - class Route(ConfigMap): - """Represents a route configuration.""" -@@ -281,12 +288,28 @@ class Renderer(renderer.Renderer): - # s1-networkscripts-interfaces.html (or other docs for - # details about this) - -- iface_defaults = tuple([ -- ('ONBOOT', True), -- ('USERCTL', False), -- ('BOOTPROTO', 'none'), -- ('STARTMODE', 'auto'), -- ]) -+ iface_defaults = { -+ 'rhel': {'ONBOOT': True, 'USERCTL': False, 'BOOTPROTO': 'none'}, -+ 'suse': {'BOOTPROTO': 'static', 'STARTMODE': 'auto'}, -+ } -+ -+ cfg_key_maps = { -+ 'rhel': { -+ 'accept-ra': 'IPV6_FORCE_ACCEPT_RA', -+ 'bridge_stp': 'STP', -+ 'bridge_ageing': 'AGEING', -+ 'bridge_bridgeprio': 'PRIO', -+ 'mac_address': 'HWADDR', -+ 'mtu': 'MTU', -+ }, -+ 'suse': { -+ 'bridge_stp': 'BRIDGE_STP', -+ 'bridge_ageing': 'BRIDGE_AGEINGTIME', -+ 'bridge_bridgeprio': 'BRIDGE_PRIORITY', -+ 'mac_address': 'LLADDR', -+ 'mtu': 'MTU', -+ }, -+ } - - # If these keys exist, then their values will be used to form - # a BONDING_OPTS grouping; otherwise no grouping will be set. -@@ -308,12 +331,6 @@ class Renderer(renderer.Renderer): - ('bond_primary_reselect', "primary_reselect=%s"), - ]) - -- bridge_opts_keys = tuple([ -- ('bridge_stp', 'STP'), -- ('bridge_ageing', 'AGEING'), -- ('bridge_bridgeprio', 'PRIO'), -- ]) -- - templates = {} - - def __init__(self, config=None): -@@ -331,65 +348,101 @@ class Renderer(renderer.Renderer): - 'iface_templates': config.get('iface_templates'), - 'route_templates': config.get('route_templates'), - } -+ self.flavor = config.get('flavor', 'rhel') - - @classmethod -- def _render_iface_shared(cls, iface, iface_cfg): -- for k, v in cls.iface_defaults: -- iface_cfg[k] = v -+ def _render_iface_shared(cls, iface, iface_cfg, flavor): -+ flavor_defaults = copy.deepcopy(cls.iface_defaults.get(flavor, {})) -+ iface_cfg.update(flavor_defaults) - -- for (old_key, new_key) in [('mac_address', 'HWADDR'), ('mtu', 'MTU')]: -+ for old_key in ('mac_address', 'mtu', 'accept-ra'): - old_value = iface.get(old_key) - if old_value is not None: - # only set HWADDR on physical interfaces - if (old_key == 'mac_address' and - iface['type'] not in ['physical', 'infiniband']): - continue -- iface_cfg[new_key] = old_value -- -- if iface['accept-ra'] is not None: -- iface_cfg['IPV6_FORCE_ACCEPT_RA'] = iface['accept-ra'] -+ new_key = cls.cfg_key_maps[flavor].get(old_key) -+ if new_key: -+ iface_cfg[new_key] = old_value - - @classmethod -- def _render_subnets(cls, iface_cfg, subnets, has_default_route): -+ def _render_subnets(cls, iface_cfg, subnets, has_default_route, flavor): - # setting base values -- iface_cfg['BOOTPROTO'] = 'none' -+ if flavor == 'suse': -+ iface_cfg['BOOTPROTO'] = 'static' -+ if 'BRIDGE' in iface_cfg: -+ iface_cfg['BOOTPROTO'] = 'dhcp' -+ iface_cfg.drop('BRIDGE') -+ else: -+ iface_cfg['BOOTPROTO'] = 'none' - - # modifying base values according to subnets - for i, subnet in enumerate(subnets, start=len(iface_cfg.children)): - mtu_key = 'MTU' - subnet_type = subnet.get('type') - if subnet_type == 'dhcp6' or subnet_type == 'ipv6_dhcpv6-stateful': -- # TODO need to set BOOTPROTO to dhcp6 on SUSE -- iface_cfg['IPV6INIT'] = True -- # Configure network settings using DHCPv6 -- iface_cfg['DHCPV6C'] = True -+ if flavor == 'suse': -+ # User wants dhcp for both protocols -+ if iface_cfg['BOOTPROTO'] == 'dhcp4': -+ iface_cfg['BOOTPROTO'] = 'dhcp' -+ else: -+ # Only IPv6 is DHCP, IPv4 may be static -+ iface_cfg['BOOTPROTO'] = 'dhcp6' -+ iface_cfg['DHCLIENT6_MODE'] = 'managed' -+ else: -+ iface_cfg['IPV6INIT'] = True -+ # Configure network settings using DHCPv6 -+ iface_cfg['DHCPV6C'] = True - elif subnet_type == 'ipv6_dhcpv6-stateless': -- iface_cfg['IPV6INIT'] = True -- # Configure network settings using SLAAC from RAs and optional -- # info from dhcp server using DHCPv6 -- iface_cfg['IPV6_AUTOCONF'] = True -- iface_cfg['DHCPV6C'] = True -- # Use Information-request to get only stateless configuration -- # parameters (i.e., without address). -- iface_cfg['DHCPV6C_OPTIONS'] = '-S' -+ if flavor == 'suse': -+ # User wants dhcp for both protocols -+ if iface_cfg['BOOTPROTO'] == 'dhcp4': -+ iface_cfg['BOOTPROTO'] = 'dhcp' -+ else: -+ # Only IPv6 is DHCP, IPv4 may be static -+ iface_cfg['BOOTPROTO'] = 'dhcp6' -+ iface_cfg['DHCLIENT6_MODE'] = 'info' -+ else: -+ iface_cfg['IPV6INIT'] = True -+ # Configure network settings using SLAAC from RAs and -+ # optional info from dhcp server using DHCPv6 -+ iface_cfg['IPV6_AUTOCONF'] = True -+ iface_cfg['DHCPV6C'] = True -+ # Use Information-request to get only stateless -+ # configuration parameters (i.e., without address). -+ iface_cfg['DHCPV6C_OPTIONS'] = '-S' - elif subnet_type == 'ipv6_slaac': -- iface_cfg['IPV6INIT'] = True -- # Configure network settings using SLAAC from RAs -- iface_cfg['IPV6_AUTOCONF'] = True -+ if flavor == 'suse': -+ # User wants dhcp for both protocols -+ if iface_cfg['BOOTPROTO'] == 'dhcp4': -+ iface_cfg['BOOTPROTO'] = 'dhcp' -+ else: -+ # Only IPv6 is DHCP, IPv4 may be static -+ iface_cfg['BOOTPROTO'] = 'dhcp6' -+ iface_cfg['DHCLIENT6_MODE'] = 'info' -+ else: -+ iface_cfg['IPV6INIT'] = True -+ # Configure network settings using SLAAC from RAs -+ iface_cfg['IPV6_AUTOCONF'] = True - elif subnet_type in ['dhcp4', 'dhcp']: -+ bootproto_in = iface_cfg['BOOTPROTO'] - iface_cfg['BOOTPROTO'] = 'dhcp' -+ if flavor == 'suse' and subnet_type == 'dhcp4': -+ # If dhcp6 is already specified the user wants dhcp -+ # for both protocols -+ if bootproto_in != 'dhcp6': -+ # Only IPv4 is DHCP, IPv6 may be static -+ iface_cfg['BOOTPROTO'] = 'dhcp4' - elif subnet_type in ['static', 'static6']: -+ # RH info - # grep BOOTPROTO sysconfig.txt -A2 | head -3 - # BOOTPROTO=none|bootp|dhcp - # 'bootp' or 'dhcp' cause a DHCP client - # to run on the device. Any other - # value causes any static configuration - # in the file to be applied. -- # ==> the following should not be set to 'static' -- # but should remain 'none' -- # if iface_cfg['BOOTPROTO'] == 'none': -- # iface_cfg['BOOTPROTO'] = 'static' -- if subnet_is_ipv6(subnet): -+ if subnet_is_ipv6(subnet) and flavor != 'suse': - mtu_key = 'IPV6_MTU' - iface_cfg['IPV6INIT'] = True - if 'mtu' in subnet: -@@ -406,16 +459,21 @@ class Renderer(renderer.Renderer): - iface_cfg['IPV6_FORCE_ACCEPT_RA'] = False - iface_cfg['IPV6_AUTOCONF'] = False - elif subnet_type == 'manual': -- # If the subnet has an MTU setting, then ONBOOT=True -- # to apply the setting -- iface_cfg['ONBOOT'] = mtu_key in iface_cfg -+ if flavor == 'suse': -+ LOG.debug('Unknown subnet type setting "%s"', subnet_type) -+ else: -+ # If the subnet has an MTU setting, then ONBOOT=True -+ # to apply the setting -+ iface_cfg['ONBOOT'] = mtu_key in iface_cfg - else: - raise ValueError("Unknown subnet type '%s' found" - " for interface '%s'" % (subnet_type, - iface_cfg.name)) - if subnet.get('control') == 'manual': -- iface_cfg['ONBOOT'] = False -- iface_cfg['STARTMODE'] = 'manual' -+ if flavor == 'suse': -+ iface_cfg['STARTMODE'] = 'manual' -+ else: -+ iface_cfg['ONBOOT'] = False - - # set IPv4 and IPv6 static addresses - ipv4_index = -1 -@@ -424,13 +482,14 @@ class Renderer(renderer.Renderer): - subnet_type = subnet.get('type') - # metric may apply to both dhcp and static config - if 'metric' in subnet: -- iface_cfg['METRIC'] = subnet['metric'] -- # TODO(hjensas): Including dhcp6 here is likely incorrect. DHCPv6 -- # does not ever provide a default gateway, the default gateway -- # come from RA's. (https://github.com/openSUSE/wicked/issues/570) -- if subnet_type in ['dhcp', 'dhcp4', 'dhcp6']: -- if has_default_route and iface_cfg['BOOTPROTO'] != 'none': -- iface_cfg['DHCLIENT_SET_DEFAULT_ROUTE'] = False -+ if flavor != 'suse': -+ iface_cfg['METRIC'] = subnet['metric'] -+ if subnet_type in ['dhcp', 'dhcp4']: -+ # On SUSE distros 'DHCLIENT_SET_DEFAULT_ROUTE' is a global -+ # setting in /etc/sysconfig/network/dhcp -+ if flavor != 'suse': -+ if has_default_route and iface_cfg['BOOTPROTO'] != 'none': -+ iface_cfg['DHCLIENT_SET_DEFAULT_ROUTE'] = False - continue - elif subnet_type in IPV6_DYNAMIC_TYPES: - continue -@@ -439,14 +498,21 @@ class Renderer(renderer.Renderer): - ipv6_index = ipv6_index + 1 - ipv6_cidr = "%s/%s" % (subnet['address'], subnet['prefix']) - if ipv6_index == 0: -- iface_cfg['IPV6ADDR'] = ipv6_cidr -- iface_cfg['IPADDR6'] = ipv6_cidr -+ if flavor == 'suse': -+ iface_cfg['IPADDR6'] = ipv6_cidr -+ else: -+ iface_cfg['IPV6ADDR'] = ipv6_cidr - elif ipv6_index == 1: -- iface_cfg['IPV6ADDR_SECONDARIES'] = ipv6_cidr -- iface_cfg['IPADDR6_0'] = ipv6_cidr -+ if flavor == 'suse': -+ iface_cfg['IPADDR6_1'] = ipv6_cidr -+ else: -+ iface_cfg['IPV6ADDR_SECONDARIES'] = ipv6_cidr - else: -- iface_cfg['IPV6ADDR_SECONDARIES'] += " " + ipv6_cidr -- iface_cfg['IPADDR6_%d' % ipv6_index] = ipv6_cidr -+ if flavor == 'suse': -+ iface_cfg['IPADDR6_%d' % ipv6_index] = ipv6_cidr -+ else: -+ iface_cfg['IPV6ADDR_SECONDARIES'] += \ -+ " " + ipv6_cidr - else: - ipv4_index = ipv4_index + 1 - suff = "" if ipv4_index == 0 else str(ipv4_index) -@@ -454,17 +520,17 @@ class Renderer(renderer.Renderer): - iface_cfg['NETMASK' + suff] = \ - net_prefix_to_ipv4_mask(subnet['prefix']) - -- if 'gateway' in subnet: -+ if 'gateway' in subnet and flavor != 'suse': - iface_cfg['DEFROUTE'] = True - if is_ipv6_addr(subnet['gateway']): - iface_cfg['IPV6_DEFAULTGW'] = subnet['gateway'] - else: - iface_cfg['GATEWAY'] = subnet['gateway'] - -- if 'dns_search' in subnet: -+ if 'dns_search' in subnet and flavor != 'suse': - iface_cfg['DOMAIN'] = ' '.join(subnet['dns_search']) - -- if 'dns_nameservers' in subnet: -+ if 'dns_nameservers' in subnet and flavor != 'suse': - if len(subnet['dns_nameservers']) > 3: - # per resolv.conf(5) MAXNS sets this to 3. - LOG.debug("%s has %d entries in dns_nameservers. " -@@ -474,7 +540,12 @@ class Renderer(renderer.Renderer): - iface_cfg['DNS' + str(i)] = k - - @classmethod -- def _render_subnet_routes(cls, iface_cfg, route_cfg, subnets): -+ def _render_subnet_routes(cls, iface_cfg, route_cfg, subnets, flavor): -+ # TODO(rjschwei): route configuration on SUSE distro happens via -+ # ifroute-* files, see lp#1812117. SUSE currently carries a local -+ # patch in their package. -+ if flavor == 'suse': -+ return - for _, subnet in enumerate(subnets, start=len(iface_cfg.children)): - subnet_type = subnet.get('type') - for route in subnet.get('routes', []): -@@ -502,14 +573,7 @@ class Renderer(renderer.Renderer): - # TODO(harlowja): add validation that no other iface has - # also provided the default route? - iface_cfg['DEFROUTE'] = True -- # TODO(hjensas): Including dhcp6 here is likely incorrect. -- # DHCPv6 does not ever provide a default gateway, the -- # default gateway come from RA's. -- # (https://github.com/openSUSE/wicked/issues/570) -- if iface_cfg['BOOTPROTO'] in ('dhcp', 'dhcp4', 'dhcp6'): -- # NOTE(hjensas): DHCLIENT_SET_DEFAULT_ROUTE is SuSE -- # only. RHEL, CentOS, Fedora does not implement this -- # option. -+ if iface_cfg['BOOTPROTO'] in ('dhcp', 'dhcp4'): - iface_cfg['DHCLIENT_SET_DEFAULT_ROUTE'] = True - if 'gateway' in route: - if is_ipv6: -@@ -553,7 +617,9 @@ class Renderer(renderer.Renderer): - iface_cfg['BONDING_OPTS'] = " ".join(bond_opts) - - @classmethod -- def _render_physical_interfaces(cls, network_state, iface_contents): -+ def _render_physical_interfaces( -+ cls, network_state, iface_contents, flavor -+ ): - physical_filter = renderer.filter_by_physical - for iface in network_state.iter_interfaces(physical_filter): - iface_name = iface['name'] -@@ -562,12 +628,15 @@ class Renderer(renderer.Renderer): - route_cfg = iface_cfg.routes - - cls._render_subnets( -- iface_cfg, iface_subnets, network_state.has_default_route -+ iface_cfg, iface_subnets, network_state.has_default_route, -+ flavor -+ ) -+ cls._render_subnet_routes( -+ iface_cfg, route_cfg, iface_subnets, flavor - ) -- cls._render_subnet_routes(iface_cfg, route_cfg, iface_subnets) - - @classmethod -- def _render_bond_interfaces(cls, network_state, iface_contents): -+ def _render_bond_interfaces(cls, network_state, iface_contents, flavor): - bond_filter = renderer.filter_by_type('bond') - slave_filter = renderer.filter_by_attr('bond-master') - for iface in network_state.iter_interfaces(bond_filter): -@@ -581,17 +650,24 @@ class Renderer(renderer.Renderer): - master_cfgs.extend(iface_cfg.children) - for master_cfg in master_cfgs: - master_cfg['BONDING_MASTER'] = True -- master_cfg.kind = 'bond' -+ if flavor != 'suse': -+ master_cfg.kind = 'bond' - - if iface.get('mac_address'): -- iface_cfg['MACADDR'] = iface.get('mac_address') -+ if flavor == 'suse': -+ iface_cfg['LLADDR'] = iface.get('mac_address') -+ else: -+ iface_cfg['MACADDR'] = iface.get('mac_address') - - iface_subnets = iface.get("subnets", []) - route_cfg = iface_cfg.routes - cls._render_subnets( -- iface_cfg, iface_subnets, network_state.has_default_route -+ iface_cfg, iface_subnets, network_state.has_default_route, -+ flavor -+ ) -+ cls._render_subnet_routes( -+ iface_cfg, route_cfg, iface_subnets, flavor - ) -- cls._render_subnet_routes(iface_cfg, route_cfg, iface_subnets) - - # iter_interfaces on network-state is not sorted to produce - # consistent numbers we need to sort. -@@ -601,15 +677,22 @@ class Renderer(renderer.Renderer): - if slave_iface['bond-master'] == iface_name]) - - for index, bond_slave in enumerate(bond_slaves): -- slavestr = 'BONDING_SLAVE%s' % index -+ if flavor == 'suse': -+ slavestr = 'BONDING_SLAVE_%s' % index -+ else: -+ slavestr = 'BONDING_SLAVE%s' % index - iface_cfg[slavestr] = bond_slave - - slave_cfg = iface_contents[bond_slave] -- slave_cfg['MASTER'] = iface_name -- slave_cfg['SLAVE'] = True -+ if flavor == 'suse': -+ slave_cfg['BOOTPROTO'] = 'none' -+ slave_cfg['STARTMODE'] = 'hotplug' -+ else: -+ slave_cfg['MASTER'] = iface_name -+ slave_cfg['SLAVE'] = True - - @classmethod -- def _render_vlan_interfaces(cls, network_state, iface_contents): -+ def _render_vlan_interfaces(cls, network_state, iface_contents, flavor): - vlan_filter = renderer.filter_by_type('vlan') - for iface in network_state.iter_interfaces(vlan_filter): - iface_name = iface['name'] -@@ -629,9 +712,12 @@ class Renderer(renderer.Renderer): - iface_subnets = iface.get("subnets", []) - route_cfg = iface_cfg.routes - cls._render_subnets( -- iface_cfg, iface_subnets, network_state.has_default_route -+ iface_cfg, iface_subnets, network_state.has_default_route, -+ flavor -+ ) -+ cls._render_subnet_routes( -+ iface_cfg, route_cfg, iface_subnets, flavor - ) -- cls._render_subnet_routes(iface_cfg, route_cfg, iface_subnets) - - @staticmethod - def _render_dns(network_state, existing_dns_path=None): -@@ -668,19 +754,39 @@ class Renderer(renderer.Renderer): - return out - - @classmethod -- def _render_bridge_interfaces(cls, network_state, iface_contents): -+ def _render_bridge_interfaces(cls, network_state, iface_contents, flavor): -+ bridge_key_map = { -+ old_k: new_k for old_k, new_k in cls.cfg_key_maps[flavor].items() -+ if old_k.startswith('bridge')} - bridge_filter = renderer.filter_by_type('bridge') -+ - for iface in network_state.iter_interfaces(bridge_filter): - iface_name = iface['name'] - iface_cfg = iface_contents[iface_name] -- iface_cfg.kind = 'bridge' -- for old_key, new_key in cls.bridge_opts_keys: -+ if flavor != 'suse': -+ iface_cfg.kind = 'bridge' -+ for old_key, new_key in bridge_key_map.items(): - if old_key in iface: - iface_cfg[new_key] = iface[old_key] - -- if iface.get('mac_address'): -- iface_cfg['MACADDR'] = iface.get('mac_address') -+ if flavor == 'suse': -+ if 'BRIDGE_STP' in iface_cfg: -+ if iface_cfg.get('BRIDGE_STP'): -+ iface_cfg['BRIDGE_STP'] = 'on' -+ else: -+ iface_cfg['BRIDGE_STP'] = 'off' - -+ if iface.get('mac_address'): -+ key = 'MACADDR' -+ if flavor == 'suse': -+ key = 'LLADDRESS' -+ iface_cfg[key] = iface.get('mac_address') -+ -+ if flavor == 'suse': -+ if iface.get('bridge_ports', []): -+ iface_cfg['BRIDGE_PORTS'] = '%s' % " ".join( -+ iface.get('bridge_ports') -+ ) - # Is this the right key to get all the connected interfaces? - for bridged_iface_name in iface.get('bridge_ports', []): - # Ensure all bridged interfaces are correctly tagged -@@ -689,17 +795,23 @@ class Renderer(renderer.Renderer): - bridged_cfgs = [bridged_cfg] - bridged_cfgs.extend(bridged_cfg.children) - for bridge_cfg in bridged_cfgs: -- bridge_cfg['BRIDGE'] = iface_name -+ bridge_value = iface_name -+ if flavor == 'suse': -+ bridge_value = 'yes' -+ bridge_cfg['BRIDGE'] = bridge_value - - iface_subnets = iface.get("subnets", []) - route_cfg = iface_cfg.routes - cls._render_subnets( -- iface_cfg, iface_subnets, network_state.has_default_route -+ iface_cfg, iface_subnets, network_state.has_default_route, -+ flavor -+ ) -+ cls._render_subnet_routes( -+ iface_cfg, route_cfg, iface_subnets, flavor - ) -- cls._render_subnet_routes(iface_cfg, route_cfg, iface_subnets) - - @classmethod -- def _render_ib_interfaces(cls, network_state, iface_contents): -+ def _render_ib_interfaces(cls, network_state, iface_contents, flavor): - ib_filter = renderer.filter_by_type('infiniband') - for iface in network_state.iter_interfaces(ib_filter): - iface_name = iface['name'] -@@ -708,12 +820,15 @@ class Renderer(renderer.Renderer): - iface_subnets = iface.get("subnets", []) - route_cfg = iface_cfg.routes - cls._render_subnets( -- iface_cfg, iface_subnets, network_state.has_default_route -+ iface_cfg, iface_subnets, network_state.has_default_route, -+ flavor -+ ) -+ cls._render_subnet_routes( -+ iface_cfg, route_cfg, iface_subnets, flavor - ) -- cls._render_subnet_routes(iface_cfg, route_cfg, iface_subnets) - - @classmethod -- def _render_sysconfig(cls, base_sysconf_dir, network_state, -+ def _render_sysconfig(cls, base_sysconf_dir, network_state, flavor, - templates=None): - '''Given state, return /etc/sysconfig files + contents''' - if not templates: -@@ -724,13 +839,17 @@ class Renderer(renderer.Renderer): - continue - iface_name = iface['name'] - iface_cfg = NetInterface(iface_name, base_sysconf_dir, templates) -- cls._render_iface_shared(iface, iface_cfg) -+ if flavor == 'suse': -+ iface_cfg.drop('DEVICE') -+ # If type detection fails it is considered a bug in SUSE -+ iface_cfg.drop('TYPE') -+ cls._render_iface_shared(iface, iface_cfg, flavor) - iface_contents[iface_name] = iface_cfg -- cls._render_physical_interfaces(network_state, iface_contents) -- cls._render_bond_interfaces(network_state, iface_contents) -- cls._render_vlan_interfaces(network_state, iface_contents) -- cls._render_bridge_interfaces(network_state, iface_contents) -- cls._render_ib_interfaces(network_state, iface_contents) -+ cls._render_physical_interfaces(network_state, iface_contents, flavor) -+ cls._render_bond_interfaces(network_state, iface_contents, flavor) -+ cls._render_vlan_interfaces(network_state, iface_contents, flavor) -+ cls._render_bridge_interfaces(network_state, iface_contents, flavor) -+ cls._render_ib_interfaces(network_state, iface_contents, flavor) - contents = {} - for iface_name, iface_cfg in iface_contents.items(): - if iface_cfg or iface_cfg.children: -@@ -752,7 +871,7 @@ class Renderer(renderer.Renderer): - file_mode = 0o644 - base_sysconf_dir = util.target_path(target, self.sysconf_dir) - for path, data in self._render_sysconfig(base_sysconf_dir, -- network_state, -+ network_state, self.flavor, - templates=templates).items(): - util.write_file(path, data, file_mode) - if self.dns_path: -diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py -index e277bca2..905e8281 100644 ---- a/tests/unittests/test_distros/test_netconfig.py -+++ b/tests/unittests/test_distros/test_netconfig.py -@@ -521,7 +521,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): - NETMASK=255.255.255.0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -530,7 +529,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): - DEVICE=eth1 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -549,13 +547,11 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): - BOOTPROTO=none - DEFROUTE=yes - DEVICE=eth0 -- IPADDR6=2607:f0d0:1002:0011::2/64 - IPV6ADDR=2607:f0d0:1002:0011::2/64 - IPV6INIT=yes - IPV6_DEFAULTGW=2607:f0d0:1002:0011::1 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -564,7 +560,6 @@ class TestNetCfgDistroRedhat(TestNetCfgDistroBase): - DEVICE=eth1 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -690,26 +685,14 @@ class TestNetCfgDistroOpensuse(TestNetCfgDistroBase): - """Opensuse uses apply_network_config and renders sysconfig""" - expected_cfgs = { - self.ifcfg_path('eth0'): dedent("""\ -- BOOTPROTO=none -- DEFROUTE=yes -- DEVICE=eth0 -- GATEWAY=192.168.1.254 -+ BOOTPROTO=static - IPADDR=192.168.1.5 - NETMASK=255.255.255.0 -- NM_CONTROLLED=no -- ONBOOT=yes - STARTMODE=auto -- TYPE=Ethernet -- USERCTL=no - """), - self.ifcfg_path('eth1'): dedent("""\ -- BOOTPROTO=dhcp -- DEVICE=eth1 -- NM_CONTROLLED=no -- ONBOOT=yes -+ BOOTPROTO=dhcp4 - STARTMODE=auto -- TYPE=Ethernet -- USERCTL=no - """), - } - self._apply_and_verify(self.distro.apply_network_config, -@@ -720,9 +703,7 @@ class TestNetCfgDistroOpensuse(TestNetCfgDistroBase): - """Opensuse uses apply_network_config and renders sysconfig w/ipv6""" - expected_cfgs = { - self.ifcfg_path('eth0'): dedent("""\ -- BOOTPROTO=none -- DEFROUTE=yes -- DEVICE=eth0 -+ BOOTPROTO=static - IPADDR6=2607:f0d0:1002:0011::2/64 - IPV6ADDR=2607:f0d0:1002:0011::2/64 - IPV6INIT=yes -@@ -732,17 +713,10 @@ class TestNetCfgDistroOpensuse(TestNetCfgDistroBase): - NM_CONTROLLED=no - ONBOOT=yes - STARTMODE=auto -- TYPE=Ethernet -- USERCTL=no - """), - self.ifcfg_path('eth1'): dedent("""\ -- BOOTPROTO=dhcp -- DEVICE=eth1 -- NM_CONTROLLED=no -- ONBOOT=yes -+ BOOTPROTO=dhcp4 - STARTMODE=auto -- TYPE=Ethernet -- USERCTL=no - """), - } - self._apply_and_verify(self.distro.apply_network_config, -diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py -index b2b7c4b2..7e598411 100644 ---- a/tests/unittests/test_net.py -+++ b/tests/unittests/test_net.py -@@ -489,18 +489,11 @@ OS_SAMPLES = [ - """ - # Created by cloud-init on instance boot automatically, do not edit. - # --BOOTPROTO=none --DEFROUTE=yes --DEVICE=eth0 --GATEWAY=172.19.3.254 --HWADDR=fa:16:3e:ed:9a:59 -+BOOTPROTO=static - IPADDR=172.19.1.34 -+LLADDR=fa:16:3e:ed:9a:59 - NETMASK=255.255.252.0 --NM_CONTROLLED=no --ONBOOT=yes - STARTMODE=auto --TYPE=Ethernet --USERCTL=no - """.lstrip()), - ('etc/resolv.conf', - """ -@@ -531,7 +524,6 @@ HWADDR=fa:16:3e:ed:9a:59 - IPADDR=172.19.1.34 - NETMASK=255.255.252.0 - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """.lstrip()), -@@ -590,20 +582,13 @@ dns = none - """ - # Created by cloud-init on instance boot automatically, do not edit. - # --BOOTPROTO=none --DEFROUTE=yes --DEVICE=eth0 --GATEWAY=172.19.3.254 --HWADDR=fa:16:3e:ed:9a:59 -+BOOTPROTO=static - IPADDR=172.19.1.34 - IPADDR1=10.0.0.10 -+LLADDR=fa:16:3e:ed:9a:59 - NETMASK=255.255.252.0 - NETMASK1=255.255.255.0 --NM_CONTROLLED=no --ONBOOT=yes - STARTMODE=auto --TYPE=Ethernet --USERCTL=no - """.lstrip()), - ('etc/resolv.conf', - """ -@@ -636,7 +621,6 @@ IPADDR1=10.0.0.10 - NETMASK=255.255.252.0 - NETMASK1=255.255.255.0 - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """.lstrip()), -@@ -715,25 +699,14 @@ dns = none - """ - # Created by cloud-init on instance boot automatically, do not edit. - # --BOOTPROTO=none --DEFROUTE=yes --DEVICE=eth0 --GATEWAY=172.19.3.254 --HWADDR=fa:16:3e:ed:9a:59 -+BOOTPROTO=static - IPADDR=172.19.1.34 - IPADDR6=2001:DB8::10/64 --IPADDR6_0=2001:DB9::10/64 -+IPADDR6_1=2001:DB9::10/64 - IPADDR6_2=2001:DB10::10/64 --IPV6ADDR=2001:DB8::10/64 --IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64" --IPV6INIT=yes --IPV6_DEFAULTGW=2001:DB8::1 -+LLADDR=fa:16:3e:ed:9a:59 - NETMASK=255.255.252.0 --NM_CONTROLLED=no --ONBOOT=yes - STARTMODE=auto --TYPE=Ethernet --USERCTL=no - """.lstrip()), - ('etc/resolv.conf', - """ -@@ -762,9 +735,6 @@ DEVICE=eth0 - GATEWAY=172.19.3.254 - HWADDR=fa:16:3e:ed:9a:59 - IPADDR=172.19.1.34 --IPADDR6=2001:DB8::10/64 --IPADDR6_0=2001:DB9::10/64 --IPADDR6_2=2001:DB10::10/64 - IPV6ADDR=2001:DB8::10/64 - IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64" - IPV6INIT=yes -@@ -773,7 +743,6 @@ IPV6_DEFAULTGW=2001:DB8::1 - IPV6_FORCE_ACCEPT_RA=no - NETMASK=255.255.252.0 - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """.lstrip()), -@@ -883,13 +852,24 @@ NETWORK_CONFIGS = { - via: 65.61.151.37 - set-name: eth99 - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-eth1': textwrap.dedent("""\ -+ BOOTPROTO=static -+ LLADDR=cf:d6:af:48:e8:80 -+ STARTMODE=auto"""), -+ 'ifcfg-eth99': textwrap.dedent("""\ -+ BOOTPROTO=dhcp4 -+ LLADDR=c0:d6:9f:2c:e8:80 -+ IPADDR=192.168.21.3 -+ NETMASK=255.255.255.0 -+ STARTMODE=auto"""), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-eth1': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=eth1 - HWADDR=cf:d6:af:48:e8:80 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no"""), - 'ifcfg-eth99': textwrap.dedent("""\ -@@ -906,7 +886,6 @@ NETWORK_CONFIGS = { - NETMASK=255.255.255.0 - METRIC=10000 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no"""), - }, -@@ -960,6 +939,12 @@ NETWORK_CONFIGS = { - dhcp4: true - dhcp6: true - """).rstrip(' '), -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp -+ DHCLIENT6_MODE=managed -+ STARTMODE=auto""") -+ }, - 'yaml': textwrap.dedent("""\ - version: 1 - config: -@@ -1010,19 +995,27 @@ NETWORK_CONFIGS = { - address: 2001:1::1/64 - mtu: 1500 - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=static -+ IPADDR=192.168.14.2 -+ IPADDR6=2001:1::1/64 -+ NETMASK=255.255.255.0 -+ STARTMODE=auto -+ MTU=9000 -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-iface0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=iface0 - IPADDR=192.168.14.2 -- IPADDR6=2001:1::1/64 - IPV6ADDR=2001:1::1/64 - IPV6INIT=yes - IPV6_AUTOCONF=no - IPV6_FORCE_ACCEPT_RA=no - NETMASK=255.255.255.0 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - MTU=9000 -@@ -1030,6 +1023,23 @@ NETWORK_CONFIGS = { - """), - }, - }, -+ 'v6_and_v4': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp -+ DHCLIENT6_MODE=managed -+ STARTMODE=auto""") -+ }, -+ 'yaml': textwrap.dedent("""\ -+ version: 1 -+ config: -+ - type: 'physical' -+ name: 'iface0' -+ subnets: -+ - type: dhcp6 -+ - type: dhcp4 -+ """).rstrip(' '), -+ }, - 'dhcpv6_only': { - 'expected_eni': textwrap.dedent("""\ - auto lo -@@ -1053,7 +1063,14 @@ NETWORK_CONFIGS = { - subnets: - - {'type': 'dhcp6'} - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp6 -+ DHCLIENT6_MODE=managed -+ STARTMODE=auto -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-iface0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=iface0 -@@ -1062,7 +1079,6 @@ NETWORK_CONFIGS = { - DEVICE=iface0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -1101,7 +1117,14 @@ NETWORK_CONFIGS = { - dhcp6: true - accept-ra: true - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp6 -+ DHCLIENT6_MODE=managed -+ STARTMODE=auto -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-iface0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=iface0 -@@ -1111,7 +1134,6 @@ NETWORK_CONFIGS = { - DEVICE=iface0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -1150,7 +1172,14 @@ NETWORK_CONFIGS = { - dhcp6: true - accept-ra: false - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp6 -+ DHCLIENT6_MODE=managed -+ STARTMODE=auto -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-iface0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=iface0 -@@ -1160,7 +1189,6 @@ NETWORK_CONFIGS = { - DEVICE=iface0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -1190,7 +1218,14 @@ NETWORK_CONFIGS = { - subnets: - - {'type': 'ipv6_slaac'} - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp6 -+ DHCLIENT6_MODE=info -+ STARTMODE=auto -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-iface0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=iface0 -@@ -1199,7 +1234,6 @@ NETWORK_CONFIGS = { - DEVICE=iface0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -1256,7 +1290,14 @@ NETWORK_CONFIGS = { - subnets: - - {'type': 'ipv6_dhcpv6-stateless'} - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp6 -+ DHCLIENT6_MODE=info -+ STARTMODE=auto -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-iface0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=iface0 -@@ -1267,7 +1308,6 @@ NETWORK_CONFIGS = { - DEVICE=iface0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -1298,7 +1338,14 @@ NETWORK_CONFIGS = { - - {'type': 'ipv6_dhcpv6-stateful'} - accept-ra: true - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-iface0': textwrap.dedent("""\ -+ BOOTPROTO=dhcp6 -+ DHCLIENT6_MODE=managed -+ STARTMODE=auto -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-iface0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=iface0 -@@ -1308,7 +1355,6 @@ NETWORK_CONFIGS = { - DEVICE=iface0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -1503,7 +1549,80 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - - sacchromyces.maas - - brettanomyces.maas - """).rstrip(' '), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-bond0': textwrap.dedent("""\ -+ BONDING_MASTER=yes -+ BONDING_OPTS="mode=active-backup """ -+ """xmit_hash_policy=layer3+4 """ -+ """miimon=100" -+ BONDING_SLAVE_0=eth1 -+ BONDING_SLAVE_1=eth2 -+ BOOTPROTO=dhcp6 -+ DHCLIENT6_MODE=managed -+ LLADDR=aa:bb:cc:dd:ee:ff -+ STARTMODE=auto"""), -+ 'ifcfg-bond0.200': textwrap.dedent("""\ -+ BOOTPROTO=dhcp4 -+ ETHERDEVICE=bond0 -+ STARTMODE=auto -+ VLAN_ID=200"""), -+ 'ifcfg-br0': textwrap.dedent("""\ -+ BRIDGE_AGEINGTIME=250 -+ BOOTPROTO=static -+ IPADDR=192.168.14.2 -+ IPADDR6=2001:1::1/64 -+ LLADDRESS=bb:bb:bb:bb:bb:aa -+ NETMASK=255.255.255.0 -+ BRIDGE_PRIORITY=22 -+ BRIDGE_PORTS='eth3 eth4' -+ STARTMODE=auto -+ BRIDGE_STP=off"""), -+ 'ifcfg-eth0': textwrap.dedent("""\ -+ BOOTPROTO=static -+ LLADDR=c0:d6:9f:2c:e8:80 -+ STARTMODE=auto"""), -+ 'ifcfg-eth0.101': textwrap.dedent("""\ -+ BOOTPROTO=static -+ IPADDR=192.168.0.2 -+ IPADDR1=192.168.2.10 -+ MTU=1500 -+ NETMASK=255.255.255.0 -+ NETMASK1=255.255.255.0 -+ ETHERDEVICE=eth0 -+ STARTMODE=auto -+ VLAN_ID=101"""), -+ 'ifcfg-eth1': textwrap.dedent("""\ -+ BOOTPROTO=none -+ LLADDR=aa:d6:9f:2c:e8:80 -+ STARTMODE=hotplug"""), -+ 'ifcfg-eth2': textwrap.dedent("""\ -+ BOOTPROTO=none -+ LLADDR=c0:bb:9f:2c:e8:80 -+ STARTMODE=hotplug"""), -+ 'ifcfg-eth3': textwrap.dedent("""\ -+ BOOTPROTO=static -+ BRIDGE=yes -+ LLADDR=66:bb:9f:2c:e8:80 -+ STARTMODE=auto"""), -+ 'ifcfg-eth4': textwrap.dedent("""\ -+ BOOTPROTO=static -+ BRIDGE=yes -+ LLADDR=98:bb:9f:2c:e8:80 -+ STARTMODE=auto"""), -+ 'ifcfg-eth5': textwrap.dedent("""\ -+ BOOTPROTO=dhcp -+ LLADDR=98:bb:9f:2c:e8:8a -+ STARTMODE=manual"""), -+ 'ifcfg-ib0': textwrap.dedent("""\ -+ BOOTPROTO=static -+ LLADDR=a0:00:02:20:fe:80:00:00:00:00:00:00:ec:0d:9a:03:00:15:e2:c1 -+ IPADDR=192.168.200.7 -+ MTU=9000 -+ NETMASK=255.255.255.0 -+ STARTMODE=auto -+ TYPE=InfiniBand"""), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-bond0': textwrap.dedent("""\ - BONDING_MASTER=yes - BONDING_OPTS="mode=active-backup """ -@@ -1517,7 +1636,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - IPV6INIT=yes - MACADDR=aa:bb:cc:dd:ee:ff - ONBOOT=yes -- STARTMODE=auto - TYPE=Bond - USERCTL=no"""), - 'ifcfg-bond0.200': textwrap.dedent("""\ -@@ -1527,6 +1645,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - ONBOOT=yes - PHYSDEV=bond0 - STARTMODE=auto -+ TYPE=Ethernet - USERCTL=no - VLAN=yes"""), - 'ifcfg-br0': textwrap.dedent("""\ -@@ -1535,7 +1654,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - DEFROUTE=yes - DEVICE=br0 - IPADDR=192.168.14.2 -- IPADDR6=2001:1::1/64 - IPV6ADDR=2001:1::1/64 - IPV6INIT=yes - IPV6_AUTOCONF=no -@@ -1545,7 +1663,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - NETMASK=255.255.255.0 - ONBOOT=yes - PRIO=22 -- STARTMODE=auto - STP=no - TYPE=Bridge - USERCTL=no"""), -@@ -1554,7 +1671,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - DEVICE=eth0 - HWADDR=c0:d6:9f:2c:e8:80 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no"""), - 'ifcfg-eth0.101': textwrap.dedent("""\ -@@ -1573,6 +1689,7 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - ONBOOT=yes - PHYSDEV=eth0 - STARTMODE=auto -+ TYPE=Ethernet - USERCTL=no - VLAN=yes"""), - 'ifcfg-eth1': textwrap.dedent("""\ -@@ -1581,7 +1698,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - HWADDR=aa:d6:9f:2c:e8:80 - MASTER=bond0 - ONBOOT=yes -- STARTMODE=auto - SLAVE=yes - TYPE=Ethernet - USERCTL=no"""), -@@ -1591,7 +1707,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - HWADDR=c0:bb:9f:2c:e8:80 - MASTER=bond0 - ONBOOT=yes -- STARTMODE=auto - SLAVE=yes - TYPE=Ethernet - USERCTL=no"""), -@@ -1601,7 +1716,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - DEVICE=eth3 - HWADDR=66:bb:9f:2c:e8:80 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no"""), - 'ifcfg-eth4': textwrap.dedent("""\ -@@ -1610,7 +1724,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - DEVICE=eth4 - HWADDR=98:bb:9f:2c:e8:80 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no"""), - 'ifcfg-eth5': textwrap.dedent("""\ -@@ -1619,7 +1732,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - DHCLIENT_SET_DEFAULT_ROUTE=no - HWADDR=98:bb:9f:2c:e8:8a - ONBOOT=no -- STARTMODE=manual - TYPE=Ethernet - USERCTL=no"""), - 'ifcfg-ib0': textwrap.dedent("""\ -@@ -1631,7 +1743,6 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true - NETMASK=255.255.255.0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=InfiniBand - USERCTL=no"""), - }, -@@ -2027,58 +2138,29 @@ iface bond0 inet6 static - """fail_over_mac=active """ - """primary=bond0s0 """ - """primary_reselect=always" -- BONDING_SLAVE0=bond0s0 -- BONDING_SLAVE1=bond0s1 -- BOOTPROTO=none -- DEFROUTE=yes -- DEVICE=bond0 -- GATEWAY=192.168.0.1 -- MACADDR=aa:bb:cc:dd:e8:ff -+ BONDING_SLAVE_0=bond0s0 -+ BONDING_SLAVE_1=bond0s1 -+ BOOTPROTO=static -+ LLADDR=aa:bb:cc:dd:e8:ff - IPADDR=192.168.0.2 - IPADDR1=192.168.1.2 - IPADDR6=2001:1::1/92 -- IPV6ADDR=2001:1::1/92 -- IPV6INIT=yes - MTU=9000 - NETMASK=255.255.255.0 - NETMASK1=255.255.255.0 -- NM_CONTROLLED=no -- ONBOOT=yes - STARTMODE=auto -- TYPE=Bond -- USERCTL=no - """), - 'ifcfg-bond0s0': textwrap.dedent("""\ - BOOTPROTO=none -- DEVICE=bond0s0 -- HWADDR=aa:bb:cc:dd:e8:00 -- MASTER=bond0 -- NM_CONTROLLED=no -- ONBOOT=yes -- SLAVE=yes -- STARTMODE=auto -- TYPE=Ethernet -- USERCTL=no -- """), -- 'ifroute-bond0': textwrap.dedent("""\ -- ADDRESS0=10.1.3.0 -- GATEWAY0=192.168.0.3 -- NETMASK0=255.255.255.0 -+ LLADDR=aa:bb:cc:dd:e8:00 -+ STARTMODE=hotplug - """), - 'ifcfg-bond0s1': textwrap.dedent("""\ - BOOTPROTO=none -- DEVICE=bond0s1 -- HWADDR=aa:bb:cc:dd:e8:01 -- MASTER=bond0 -- NM_CONTROLLED=no -- ONBOOT=yes -- SLAVE=yes -- STARTMODE=auto -- TYPE=Ethernet -- USERCTL=no -+ LLADDR=aa:bb:cc:dd:e8:01 -+ STARTMODE=hotplug - """), - }, -- - 'expected_sysconfig_rhel': { - 'ifcfg-bond0': textwrap.dedent("""\ - BONDING_MASTER=yes -@@ -2097,7 +2179,6 @@ iface bond0 inet6 static - MACADDR=aa:bb:cc:dd:e8:ff - IPADDR=192.168.0.2 - IPADDR1=192.168.1.2 -- IPADDR6=2001:1::1/92 - IPV6ADDR=2001:1::1/92 - IPV6INIT=yes - IPV6_AUTOCONF=no -@@ -2106,7 +2187,6 @@ iface bond0 inet6 static - NETMASK=255.255.255.0 - NETMASK1=255.255.255.0 - ONBOOT=yes -- STARTMODE=auto - TYPE=Bond - USERCTL=no - """), -@@ -2117,7 +2197,6 @@ iface bond0 inet6 static - MASTER=bond0 - ONBOOT=yes - SLAVE=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -2139,7 +2218,6 @@ iface bond0 inet6 static - MASTER=bond0 - ONBOOT=yes - SLAVE=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -2170,13 +2248,31 @@ iface bond0 inet6 static - netmask: '::' - network: '::' - """), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ # TODO RJS: unknown proper BOOTPROTO setting ask Marius -+ 'ifcfg-en0': textwrap.dedent("""\ -+ BOOTPROTO=static -+ LLADDR=aa:bb:cc:dd:e8:00 -+ STARTMODE=auto"""), -+ 'ifcfg-en0.99': textwrap.dedent("""\ -+ BOOTPROTO=static -+ IPADDR=192.168.2.2 -+ IPADDR1=192.168.1.2 -+ IPADDR6=2001:1::bbbb/96 -+ MTU=2222 -+ NETMASK=255.255.255.0 -+ NETMASK1=255.255.255.0 -+ STARTMODE=auto -+ ETHERDEVICE=en0 -+ VLAN_ID=99 -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-en0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=en0 - HWADDR=aa:bb:cc:dd:e8:00 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no"""), - 'ifcfg-en0.99': textwrap.dedent("""\ -@@ -2186,7 +2282,6 @@ iface bond0 inet6 static - GATEWAY=192.168.1.1 - IPADDR=192.168.2.2 - IPADDR1=192.168.1.2 -- IPADDR6=2001:1::bbbb/96 - IPV6ADDR=2001:1::bbbb/96 - IPV6INIT=yes - IPV6_AUTOCONF=no -@@ -2198,6 +2293,7 @@ iface bond0 inet6 static - ONBOOT=yes - PHYSDEV=en0 - STARTMODE=auto -+ TYPE=Ethernet - USERCTL=no - VLAN=yes"""), - }, -@@ -2229,7 +2325,32 @@ iface bond0 inet6 static - subnets: - - type: static - address: 192.168.2.2/24"""), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-br0': textwrap.dedent("""\ -+ BOOTPROTO=static -+ IPADDR=192.168.2.2 -+ NETMASK=255.255.255.0 -+ STARTMODE=auto -+ BRIDGE_STP=off -+ BRIDGE_PRIORITY=22 -+ BRIDGE_PORTS='eth0 eth1' -+ """), -+ 'ifcfg-eth0': textwrap.dedent("""\ -+ BOOTPROTO=static -+ BRIDGE=yes -+ LLADDR=52:54:00:12:34:00 -+ IPADDR6=2001:1::100/96 -+ STARTMODE=auto -+ """), -+ 'ifcfg-eth1': textwrap.dedent("""\ -+ BOOTPROTO=static -+ BRIDGE=yes -+ LLADDR=52:54:00:12:34:01 -+ IPADDR6=2001:1::101/96 -+ STARTMODE=auto -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-br0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=br0 -@@ -2237,7 +2358,6 @@ iface bond0 inet6 static - NETMASK=255.255.255.0 - ONBOOT=yes - PRIO=22 -- STARTMODE=auto - STP=no - TYPE=Bridge - USERCTL=no -@@ -2247,14 +2367,12 @@ iface bond0 inet6 static - BRIDGE=br0 - DEVICE=eth0 - HWADDR=52:54:00:12:34:00 -- IPADDR6=2001:1::100/96 - IPV6ADDR=2001:1::100/96 - IPV6INIT=yes - IPV6_AUTOCONF=no - IPV6_FORCE_ACCEPT_RA=no - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -2263,14 +2381,12 @@ iface bond0 inet6 static - BRIDGE=br0 - DEVICE=eth1 - HWADDR=52:54:00:12:34:01 -- IPADDR6=2001:1::101/96 - IPV6ADDR=2001:1::101/96 - IPV6INIT=yes - IPV6_AUTOCONF=no - IPV6_FORCE_ACCEPT_RA=no - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -2336,7 +2452,27 @@ iface bond0 inet6 static - macaddress: 52:54:00:12:34:ff - set-name: eth2 - """), -- 'expected_sysconfig': { -+ 'expected_sysconfig_opensuse': { -+ 'ifcfg-eth0': textwrap.dedent("""\ -+ BOOTPROTO=static -+ LLADDR=52:54:00:12:34:00 -+ IPADDR=192.168.1.2 -+ NETMASK=255.255.255.0 -+ STARTMODE=manual -+ """), -+ 'ifcfg-eth1': textwrap.dedent("""\ -+ BOOTPROTO=static -+ LLADDR=52:54:00:12:34:aa -+ MTU=1480 -+ STARTMODE=auto -+ """), -+ 'ifcfg-eth2': textwrap.dedent("""\ -+ BOOTPROTO=static -+ LLADDR=52:54:00:12:34:ff -+ STARTMODE=manual -+ """), -+ }, -+ 'expected_sysconfig_rhel': { - 'ifcfg-eth0': textwrap.dedent("""\ - BOOTPROTO=none - DEVICE=eth0 -@@ -2344,7 +2480,6 @@ iface bond0 inet6 static - IPADDR=192.168.1.2 - NETMASK=255.255.255.0 - ONBOOT=no -- STARTMODE=manual - TYPE=Ethernet - USERCTL=no - """), -@@ -2354,7 +2489,6 @@ iface bond0 inet6 static - HWADDR=52:54:00:12:34:aa - MTU=1480 - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -2363,7 +2497,6 @@ iface bond0 inet6 static - DEVICE=eth2 - HWADDR=52:54:00:12:34:ff - ONBOOT=no -- STARTMODE=manual - TYPE=Ethernet - USERCTL=no - """), -@@ -2694,7 +2827,7 @@ class TestRhelSysConfigRendering(CiTestCase): - header = ('# Created by cloud-init on instance boot automatically, ' - 'do not edit.\n#\n') - -- expected_name = 'expected_sysconfig' -+ expected_name = 'expected_sysconfig_rhel' - - def _get_renderer(self): - distro_cls = distros.fetch('rhel') -@@ -2780,7 +2913,6 @@ BOOTPROTO=dhcp - DEVICE=eth1000 - HWADDR=07-1c-c6-75-a4-be - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """.lstrip() -@@ -2901,7 +3033,6 @@ HWADDR=52:54:00:12:34:00 - IPADDR=10.0.2.15 - NETMASK=255.255.255.0 - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """ -@@ -2933,7 +3064,6 @@ MTU=1500 - NETMASK=255.255.240.0 - NM_CONTROLLED=no - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """ -@@ -2948,7 +3078,6 @@ HWADDR=fa:16:3e:b1:ca:29 - MTU=9000 - NM_CONTROLLED=no - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """ -@@ -2973,7 +3102,6 @@ USERCTL=no - BOOTPROTO=dhcp - DEVICE=eth0 - ONBOOT=yes --STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """ -@@ -2982,10 +3110,9 @@ USERCTL=no - self.assertEqual(resolvconf_content, found['/etc/resolv.conf']) - - def test_bond_config(self): -- expected_name = 'expected_sysconfig_rhel' - entry = NETWORK_CONFIGS['bond'] - found = self._render_and_read(network_config=yaml.load(entry['yaml'])) -- self._compare_files_to_expected(entry[expected_name], found) -+ self._compare_files_to_expected(entry[self.expected_name], found) - self._assert_headers(found) - - def test_vlan_config(self): -@@ -3228,7 +3355,6 @@ USERCTL=no - GATEWAY=192.168.42.1 - HWADDR=52:54:00:ab:cd:ef - IPADDR=192.168.42.100 -- IPADDR6=2001:db8::100/32 - IPV6ADDR=2001:db8::100/32 - IPV6INIT=yes - IPV6_AUTOCONF=no -@@ -3237,7 +3363,6 @@ USERCTL=no - NETMASK=255.255.255.0 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -3263,7 +3388,6 @@ USERCTL=no - DEVICE=eno1 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -3277,6 +3401,7 @@ USERCTL=no - ONBOOT=yes - PHYSDEV=eno1 - STARTMODE=auto -+ TYPE=Ethernet - USERCTL=no - VLAN=yes - """) -@@ -3306,7 +3431,6 @@ USERCTL=no - NETMASK=255.255.255.192 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Bond - USERCTL=no - """), -@@ -3318,7 +3442,6 @@ USERCTL=no - NM_CONTROLLED=no - ONBOOT=yes - SLAVE=yes -- STARTMODE=auto - TYPE=Bond - USERCTL=no - """), -@@ -3330,7 +3453,6 @@ USERCTL=no - NM_CONTROLLED=no - ONBOOT=yes - SLAVE=yes -- STARTMODE=auto - TYPE=Bond - USERCTL=no - """) -@@ -3354,7 +3476,6 @@ USERCTL=no - METRIC=100 - NM_CONTROLLED=no - ONBOOT=yes -- STARTMODE=auto - TYPE=Ethernet - USERCTL=no - """), -@@ -3377,7 +3498,7 @@ class TestOpenSuseSysConfigRendering(CiTestCase): - header = ('# Created by cloud-init on instance boot automatically, ' - 'do not edit.\n#\n') - -- expected_name = 'expected_sysconfig' -+ expected_name = 'expected_sysconfig_opensuse' - - def _get_renderer(self): - distro_cls = distros.fetch('opensuse') -@@ -3449,92 +3570,89 @@ class TestOpenSuseSysConfigRendering(CiTestCase): - expected_content = """ - # Created by cloud-init on instance boot automatically, do not edit. - # --BOOTPROTO=dhcp --DEVICE=eth1000 --HWADDR=07-1c-c6-75-a4-be --NM_CONTROLLED=no --ONBOOT=yes -+BOOTPROTO=dhcp4 -+LLADDR=07-1c-c6-75-a4-be - STARTMODE=auto --TYPE=Ethernet --USERCTL=no - """.lstrip() - self.assertEqual(expected_content, content) - -- def test_multiple_ipv4_default_gateways(self): -- """ValueError is raised when duplicate ipv4 gateways exist.""" -- net_json = { -- "services": [{"type": "dns", "address": "172.19.0.12"}], -- "networks": [{ -- "network_id": "dacd568d-5be6-4786-91fe-750c374b78b4", -- "type": "ipv4", "netmask": "255.255.252.0", -- "link": "tap1a81968a-79", -- "routes": [{ -- "netmask": "0.0.0.0", -- "network": "0.0.0.0", -- "gateway": "172.19.3.254", -- }, { -- "netmask": "0.0.0.0", # A second default gateway -- "network": "0.0.0.0", -- "gateway": "172.20.3.254", -- }], -- "ip_address": "172.19.1.34", "id": "network0" -- }], -- "links": [ -- { -- "ethernet_mac_address": "fa:16:3e:ed:9a:59", -- "mtu": None, "type": "bridge", "id": -- "tap1a81968a-79", -- "vif_id": "1a81968a-797a-400f-8a80-567f997eb93f" -- }, -- ], -- } -- macs = {'fa:16:3e:ed:9a:59': 'eth0'} -- render_dir = self.tmp_dir() -- network_cfg = openstack.convert_net_json(net_json, known_macs=macs) -- ns = network_state.parse_net_config_data(network_cfg, -- skip_broken=False) -- renderer = self._get_renderer() -- with self.assertRaises(ValueError): -- renderer.render_network_state(ns, target=render_dir) -- self.assertEqual([], os.listdir(render_dir)) -- -- def test_multiple_ipv6_default_gateways(self): -- """ValueError is raised when duplicate ipv6 gateways exist.""" -- net_json = { -- "services": [{"type": "dns", "address": "172.19.0.12"}], -- "networks": [{ -- "network_id": "public-ipv6", -- "type": "ipv6", "netmask": "", -- "link": "tap1a81968a-79", -- "routes": [{ -- "gateway": "2001:DB8::1", -- "netmask": "::", -- "network": "::" -- }, { -- "gateway": "2001:DB9::1", -- "netmask": "::", -- "network": "::" -- }], -- "ip_address": "2001:DB8::10", "id": "network1" -- }], -- "links": [ -- { -- "ethernet_mac_address": "fa:16:3e:ed:9a:59", -- "mtu": None, "type": "bridge", "id": -- "tap1a81968a-79", -- "vif_id": "1a81968a-797a-400f-8a80-567f997eb93f" -- }, -- ], -- } -- macs = {'fa:16:3e:ed:9a:59': 'eth0'} -- render_dir = self.tmp_dir() -- network_cfg = openstack.convert_net_json(net_json, known_macs=macs) -- ns = network_state.parse_net_config_data(network_cfg, -- skip_broken=False) -- renderer = self._get_renderer() -- with self.assertRaises(ValueError): -- renderer.render_network_state(ns, target=render_dir) -- self.assertEqual([], os.listdir(render_dir)) -+ # TODO(rjschwei): re-enable test once route writing is implemented -+ # for SUSE distros -+# def test_multiple_ipv4_default_gateways(self): -+# """ValueError is raised when duplicate ipv4 gateways exist.""" -+# net_json = { -+# "services": [{"type": "dns", "address": "172.19.0.12"}], -+# "networks": [{ -+# "network_id": "dacd568d-5be6-4786-91fe-750c374b78b4", -+# "type": "ipv4", "netmask": "255.255.252.0", -+# "link": "tap1a81968a-79", -+# "routes": [{ -+# "netmask": "0.0.0.0", -+# "network": "0.0.0.0", -+# "gateway": "172.19.3.254", -+# }, { -+# "netmask": "0.0.0.0", # A second default gateway -+# "network": "0.0.0.0", -+# "gateway": "172.20.3.254", -+# }], -+# "ip_address": "172.19.1.34", "id": "network0" -+# }], -+# "links": [ -+# { -+# "ethernet_mac_address": "fa:16:3e:ed:9a:59", -+# "mtu": None, "type": "bridge", "id": -+# "tap1a81968a-79", -+# "vif_id": "1a81968a-797a-400f-8a80-567f997eb93f" -+# }, -+# ], -+# } -+# macs = {'fa:16:3e:ed:9a:59': 'eth0'} -+# render_dir = self.tmp_dir() -+# network_cfg = openstack.convert_net_json(net_json, known_macs=macs) -+# ns = network_state.parse_net_config_data(network_cfg, -+# skip_broken=False) -+# renderer = self._get_renderer() -+# with self.assertRaises(ValueError): -+# renderer.render_network_state(ns, target=render_dir) -+# self.assertEqual([], os.listdir(render_dir)) -+# -+# def test_multiple_ipv6_default_gateways(self): -+# """ValueError is raised when duplicate ipv6 gateways exist.""" -+# net_json = { -+# "services": [{"type": "dns", "address": "172.19.0.12"}], -+# "networks": [{ -+# "network_id": "public-ipv6", -+# "type": "ipv6", "netmask": "", -+# "link": "tap1a81968a-79", -+# "routes": [{ -+# "gateway": "2001:DB8::1", -+# "netmask": "::", -+# "network": "::" -+# }, { -+# "gateway": "2001:DB9::1", -+# "netmask": "::", -+# "network": "::" -+# }], -+# "ip_address": "2001:DB8::10", "id": "network1" -+# }], -+# "links": [ -+# { -+# "ethernet_mac_address": "fa:16:3e:ed:9a:59", -+# "mtu": None, "type": "bridge", "id": -+# "tap1a81968a-79", -+# "vif_id": "1a81968a-797a-400f-8a80-567f997eb93f" -+# }, -+# ], -+# } -+# macs = {'fa:16:3e:ed:9a:59': 'eth0'} -+# render_dir = self.tmp_dir() -+# network_cfg = openstack.convert_net_json(net_json, known_macs=macs) -+# ns = network_state.parse_net_config_data(network_cfg, -+# skip_broken=False) -+# renderer = self._get_renderer() -+# with self.assertRaises(ValueError): -+# renderer.render_network_state(ns, target=render_dir) -+# self.assertEqual([], os.listdir(render_dir)) - - def test_openstack_rendering_samples(self): - for os_sample in OS_SAMPLES: -@@ -3567,18 +3685,11 @@ USERCTL=no - expected = """\ - # Created by cloud-init on instance boot automatically, do not edit. - # --BOOTPROTO=none --DEFROUTE=yes --DEVICE=interface0 --GATEWAY=10.0.2.2 --HWADDR=52:54:00:12:34:00 -+BOOTPROTO=static - IPADDR=10.0.2.15 -+LLADDR=52:54:00:12:34:00 - NETMASK=255.255.255.0 --NM_CONTROLLED=no --ONBOOT=yes - STARTMODE=auto --TYPE=Ethernet --USERCTL=no - """ - self.assertEqual(expected, found[nspath + 'ifcfg-interface0']) - # The configuration has no nameserver information make sure we -@@ -3603,12 +3714,7 @@ USERCTL=no - # Created by cloud-init on instance boot automatically, do not edit. - # - BOOTPROTO=dhcp --DEVICE=eth0 --NM_CONTROLLED=no --ONBOOT=yes - STARTMODE=auto --TYPE=Ethernet --USERCTL=no - """ - self.assertEqual(expected, found[nspath + 'ifcfg-eth0']) - # a dhcp only config should not modify resolv.conf -@@ -3679,6 +3785,30 @@ USERCTL=no - self._compare_files_to_expected(entry[self.expected_name], found) - self._assert_headers(found) - -+ def test_simple_render_ipv6_slaac(self): -+ entry = NETWORK_CONFIGS['ipv6_slaac'] -+ found = self._render_and_read(network_config=yaml.load(entry['yaml'])) -+ self._compare_files_to_expected(entry[self.expected_name], found) -+ self._assert_headers(found) -+ -+ def test_dhcpv6_stateless_config(self): -+ entry = NETWORK_CONFIGS['dhcpv6_stateless'] -+ found = self._render_and_read(network_config=yaml.load(entry['yaml'])) -+ self._compare_files_to_expected(entry[self.expected_name], found) -+ self._assert_headers(found) -+ -+ def test_render_v4_and_v6(self): -+ entry = NETWORK_CONFIGS['v4_and_v6'] -+ found = self._render_and_read(network_config=yaml.load(entry['yaml'])) -+ self._compare_files_to_expected(entry[self.expected_name], found) -+ self._assert_headers(found) -+ -+ def test_render_v6_and_v4(self): -+ entry = NETWORK_CONFIGS['v6_and_v4'] -+ found = self._render_and_read(network_config=yaml.load(entry['yaml'])) -+ self._compare_files_to_expected(entry[self.expected_name], found) -+ self._assert_headers(found) -+ - - class TestEniNetRendering(CiTestCase): - --- -2.27.0 - diff --git a/SOURCES/ci-utils-use-SystemRandom-when-generating-random-passwo.patch b/SOURCES/ci-utils-use-SystemRandom-when-generating-random-passwo.patch deleted file mode 100644 index 6f75385..0000000 --- a/SOURCES/ci-utils-use-SystemRandom-when-generating-random-passwo.patch +++ /dev/null @@ -1,46 +0,0 @@ -From ebbc83c1ca52620179d94dc1d92c44883273e4ef Mon Sep 17 00:00:00 2001 -From: jmaloy -Date: Thu, 28 May 2020 08:44:02 +0200 -Subject: [PATCH 2/4] utils: use SystemRandom when generating random password. - (#204) - -RH-Author: jmaloy -Message-id: <20200313184329.16696-2-jmaloy@redhat.com> -Patchwork-id: 94294 -O-Subject: [RHEL-8.2 cloud-init PATCH 1/1] utils: use SystemRandom when generating random password. (#204) -Bugzilla: 1812174 -RH-Acked-by: Eduardo Otubo -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Mohammed Gamal - -From: Dimitri John Ledkov - -As noticed by Seth Arnold, non-deterministic SystemRandom should be -used when creating security sensitive random strings. - -(cherry picked from commit 3e2f7356effc9e9cccc5ae945846279804eedc46) -Signed-off-by: Jon Maloy -Signed-off-by: Miroslav Rezanina ---- - cloudinit/util.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/cloudinit/util.py b/cloudinit/util.py -index 9d9d5c7..5d51ba8 100644 ---- a/cloudinit/util.py -+++ b/cloudinit/util.py -@@ -401,9 +401,10 @@ def translate_bool(val, addons=None): - - - def rand_str(strlen=32, select_from=None): -+ r = random.SystemRandom() - if not select_from: - select_from = string.ascii_letters + string.digits -- return "".join([random.choice(select_from) for _x in range(0, strlen)]) -+ return "".join([r.choice(select_from) for _x in range(0, strlen)]) - - - def rand_dict_key(dictionary, postfix=None): --- -1.8.3.1 - diff --git a/SPECS/cloud-init.spec b/SPECS/cloud-init.spec index c42e1fc..cedad04 100644 --- a/SPECS/cloud-init.spec +++ b/SPECS/cloud-init.spec @@ -5,8 +5,8 @@ %global debug_package %{nil} Name: cloud-init -Version: 19.4 -Release: 11%{?dist}.3 +Version: 20.3 +Release: 10%{?dist} Summary: Cloud instance init scripts Group: System Environment/Base @@ -22,52 +22,24 @@ Patch0004: 0004-sysconfig-Don-t-write-BOOTPROTO-dhcp-for-ipv6-dhcp.patch Patch0005: 0005-DataSourceAzure.py-use-hostnamectl-to-set-hostname.patch Patch0006: 0006-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch Patch0007: 0007-Remove-race-condition-between-cloud-init-and-Network.patch -# For bz#1812171 - CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-8] -Patch8: ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch -# For bz#1812174 - CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-8] -Patch9: ci-utils-use-SystemRandom-when-generating-random-passwo.patch -# For bz#1814152 - CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-8] -Patch10: ci-Enable-ssh_deletekeys-by-default.patch -# For bz#1840648 - [cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok) -Patch11: ci-Remove-race-condition-between-cloud-init-and-Network.patch -# For bz#1803928 - [RHEL8.3] Race condition of starting cloud-init and NetworkManager -Patch12: ci-Make-cloud-init.service-execute-after-network-is-up.patch -# For bz#1822343 - [RHEL8.3] Do not log IMDSv2 token values into cloud-init.log -Patch13: ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch -# For bz#1834173 - [rhel-8.3]Incorrect ds-identify check in cloud-init-generator -Patch14: ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch -# For bz#1834173 - [rhel-8.3]Incorrect ds-identify check in cloud-init-generator -Patch15: ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch -# For bz#1822343 - [RHEL8.3] Do not log IMDSv2 token values into cloud-init.log -Patch16: ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch -# For bz#1839662 - [ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform -Patch17: ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch -# For bz#1833874 - [rhel-8.3]using root user error should cause a non-zero exit code -Patch18: ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch -# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init -Patch19: ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch -# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init -Patch20: ci-swap-file-size-being-used-before-checked-if-str-315.patch -# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init -Patch21: ci-Detect-kernel-version-before-swap-file-creation-428.patch -# For bz#1839662 - [ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform -Patch22: ci-Changing-notation-of-subp-call.patch -# For bz#1794664 - [RHEL8] swapon fails with "swapfile has holes" when created on a xfs filesystem by cloud-init -Patch23: ci-cc_mounts-fix-incorrect-format-specifiers-316.patch -# For bz#1879989 - [Azure][RHEL 8] cloud-init Permission denied with the use of mount option noexec [rhel-8.3.0.z] -Patch24: ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch -# For bz#1890551 - [rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection [rhel-8.3.0.z] -Patch25: ci-network-Fix-type-and-respect-name-when-rendering-vla.patch -# For bz#1894014 - Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init [rhel-8.3.0.z] -Patch26: ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch -# For bz#1894015 - Add support for ipv6_autoconf[rhel-8.3.0.z] -Patch27: ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch -# For bz#1894015 - Add support for ipv6_autoconf[rhel-8.3.0.z] -Patch28: ci-net-fix-rendering-of-static6-in-network-config-77.patch -# For bz#1916839 - [Azure] Update existing user password RHEL8x [rhel-8.3.0.z] -Patch29: ci-DataSourceAzure-update-password-for-defuser-if-exist.patch -# For bz#1931835 - SUSE specific option, STARTMODE, should not exist in ifcfg-XXX file. [rhel-8.3.0.z] -Patch30: ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch +Patch8: ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch +Patch9: ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch +# For bz#1881462 - [rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection +Patch10: ci-network-Fix-type-and-respect-name-when-rendering-vla.patch +# For bz#1859695 - [Cloud-init] DHCPv6 assigned address is not added to VM's interface +Patch11: ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch +# For bz#1898943 - [rhel-8]cloud-final.service fails if NetworkManager not installed. +Patch12: ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch +# For bz#1862967 - [cloud-init]Customize ssh AuthorizedKeysFile causes login failure +Patch13: ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch +# For bz#1859695 - [Cloud-init] DHCPv6 assigned address is not added to VM's interface +Patch14: ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch +# For bz#1900892 - [Azure] Update existing user password RHEL8x +Patch15: ci-DataSourceAzure-update-password-for-defuser-if-exist.patch +# For bz#1919972 - [RHEL-8.4] ssh keys can be shared across users giving potential root access +Patch16: ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch +# For bz#1913127 - A typo in cloud-init man page +Patch17: ci-fix-a-typo-in-man-page-cloud-init.1-752.patch BuildArch: noarch @@ -100,7 +72,6 @@ BuildRequires: /usr/bin/dnf Requires: e2fsprogs Requires: iproute Requires: libselinux-python3 -Requires: net-tools Requires: policycoreutils-python3 Requires: procps Requires: python3-configobj @@ -141,6 +112,8 @@ sed -i -e 's|#!/usr/bin/env python|#!/usr/bin/env python3|' \ python3 tools/render-cloudcfg --variant fedora > $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg +sed -i "s,@@PACKAGED_VERSION@@,%{version}-%{release}," $RPM_BUILD_ROOT/%{python3_sitelib}/cloudinit/version.py + mkdir -p $RPM_BUILD_ROOT/var/lib/cloud # /run/cloud-init needs a tmpfiles.d entry @@ -169,6 +142,12 @@ chmod 755 $RPM_BUILD_ROOT/usr/lib/systemd/system-generators/cloud-init-generator [ ! -d $RPM_BUILD_ROOT/usr/lib/%{name} ] && mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name} cp -p tools/ds-identify $RPM_BUILD_ROOT%{_libexecdir}/%{name}/ds-identify +# installing man pages +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1/ +for man in cloud-id.1 cloud-init.1 cloud-init-per.1; do + install -c -m 0644 doc/man/${man} ${RPM_BUILD_ROOT}%{_mandir}/man1/${man} + chmod -x ${RPM_BUILD_ROOT}%{_mandir}/man1/* +done %clean rm -rf $RPM_BUILD_ROOT @@ -237,6 +216,7 @@ fi %{_libexecdir}/%{name} %{_bindir}/cloud-init* %doc %{_datadir}/doc/%{name} +%{_mandir}/man1/* %dir %verify(not mode) /run/cloud-init %dir /var/lib/cloud /etc/NetworkManager/dispatcher.d/cloud-init-azure-hook @@ -251,30 +231,73 @@ fi %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %changelog -* Wed Mar 10 2021 Miroslav Rezanina - 19.4-11.el8_3.3 -- ci-sysconfig-distro-specific-config-rendering-for-BOOTP.patch [bz#1931835] -- Resolves: bz#1931835 - (SUSE specific option, STARTMODE, should not exist in ifcfg-XXX file. [rhel-8.3.0.z]) - -* Tue Jan 26 2021 Miroslav Rezanina - 19.4-11.el8_3.2 -- ci-DataSourceAzure-update-password-for-defuser-if-exist.patch [bz#1916839] -- Resolves: bz#1916839 - ([Azure] Update existing user password RHEL8x [rhel-8.3.0.z]) - -* Mon Nov 09 2020 Miroslav Rezanina - 19.4-11.el8_3.1 -- ci-DHCP-sandboxing-failing-on-noexec-mounted-var-tmp-52.patch [bz#1879989] -- ci-network-Fix-type-and-respect-name-when-rendering-vla.patch [bz#1890551] -- ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch [bz#1894014] -- ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch [bz#1894015] -- ci-net-fix-rendering-of-static6-in-network-config-77.patch [bz#1894015] -- Resolves: bz#1879989 - ([Azure][RHEL 8] cloud-init Permission denied with the use of mount option noexec [rhel-8.3.0.z]) -- Resolves: bz#1890551 - ([rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection [rhel-8.3.0.z]) -- Resolves: bz#1894014 - (Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init [rhel-8.3.0.z]) -- Resolves: bz#1894015 - (Add support for ipv6_autoconf[rhel-8.3.0.z]) +* Tue Feb 02 2021 Miroslav Rezanina - 20.3-10.el8 +- ci-fix-a-typo-in-man-page-cloud-init.1-752.patch [bz#1913127] +- Resolves: bz#1913127 + (A typo in cloud-init man page) + +* Tue Jan 26 2021 Miroslav Rezanina - 20.3-9.el8 +- ci-DataSourceAzure-update-password-for-defuser-if-exist.patch [bz#1900892] +- ci-Revert-ssh_util-handle-non-default-AuthorizedKeysFil.patch [bz#1919972] +- Resolves: bz#1900892 + ([Azure] Update existing user password RHEL8x) +- Resolves: bz#1919972 + ([RHEL-8.4] ssh keys can be shared across users giving potential root access) + +* Thu Jan 21 2021 Miroslav Rezanina - 20.3-8.el8 +- ci-Missing-IPV6_AUTOCONF-no-to-render-sysconfig-dhcp6-s.patch [bz#1859695] +- Resolves: bz#1859695 + ([Cloud-init] DHCPv6 assigned address is not added to VM's interface) + +* Tue Jan 05 2021 Miroslav Rezanina - 20.3-7.el8 +- ci-Report-full-specific-version-with-cloud-init-version.patch [bz#1898949] +- Resolves: bz#1898949 + (cloud-init should report full specific full version with "cloud-init --version") + +* Mon Dec 14 2020 Miroslav Rezanina - 20.3-6.el8 +- ci-Installing-man-pages-in-the-correct-place-with-corre.patch [bz#1612573] +- ci-Adding-BOOTPROTO-dhcp-to-render-sysconfig-dhcp6-stat.patch [bz#1859695] +- ci-Fix-unit-failure-of-cloud-final.service-if-NetworkMa.patch [bz#1898943] +- ci-ssh_util-handle-non-default-AuthorizedKeysFile-confi.patch [bz#1862967] +- Resolves: bz#1612573 + (Man page scan results for cloud-init) +- Resolves: bz#1859695 + ([Cloud-init] DHCPv6 assigned address is not added to VM's interface) +- Resolves: bz#1898943 + ([rhel-8]cloud-final.service fails if NetworkManager not installed.) +- Resolves: bz#1862967 + ([cloud-init]Customize ssh AuthorizedKeysFile causes login failure) + +* Fri Nov 27 2020 Miroslav Rezanina - 20.3-5.el8 +- ci-network-Fix-type-and-respect-name-when-rendering-vla.patch [bz#1881462] +- Resolves: bz#1881462 + ([rhel8][cloud-init] ifup bond0.504 Error: Connection activation failed: No suitable device found for this connection) + +* Tue Nov 24 2020 Miroslav Rezanina - 20.3-4.el8 +- ci-Changing-permission-of-cloud-init-generator-to-755.patch [bz#1897528] +- Resolves: bz#1897528 + (Change permission on ./systemd/cloud-init-generator.tmpl to 755 instead of 771) + +* Fri Nov 13 2020 Miroslav Rezanina - 20.3-3.el8 +- ci--Removing-net-tools-dependency.patch [bz#1881871] +- ci--Adding-man-pages-to-Red-Hat-spec-file.patch [bz#1612573] +- Resolves: bz#1881871 + (Remove net-tools legacy dependency from spec file) +- Resolves: bz#1612573 + (Man page scan results for cloud-init) + +* Tue Nov 03 2020 Miroslav Rezanina - 20.3-2.el8 +- ci-Explicit-set-IPV6_AUTOCONF-and-IPV6_FORCE_ACCEPT_RA-.patch [bz#1889635] +- ci-Add-config-modules-for-controlling-IBM-PowerVM-RMC.-.patch [bz#1886430] +- Resolves: bz#1886430 + (Support for cloud-init config modules for PowerVM Hypervisor in Red Hat cloud-init) +- Resolves: bz#1889635 + (Add support for ipv6_autoconf on cloud-init-20.3) + +* Fri Oct 23 2020 Eduardo Otubo - 20.3-1.el8 +- Rebase to cloud-init 20.3 [bz#1885185] +- Resolves: bz#1885185 + ([RHEL-8.4.0] cloud-init rebase to 20.3) * Wed Sep 02 2020 Miroslav Rezanina - 19.4-11.el8 - ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1794664] @@ -345,10 +368,10 @@ fi - Resolves: bz#1840648 ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok)) -* Mon Apr 20 2020 Miroslav Rezanina - 19.4-1.el8 -- Rebase to cloud-init 19.4 [bz#1803095] -- Resolves: bz#1803095 - ([RHEL-8.3.0] cloud-init rebase to 19.4) +* Mon Apr 20 2020 Miroslav Rezanina - 19.4-1.el8.1 +- Rebase to cloud-init 19.4 [bz#1811912] +- Resolves: bz#1811912 + ([RHEL-8.2.1] cloud-init rebase to 19.4) * Tue Mar 10 2020 Miroslav Rezanina - 18.5-12.el8 - ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1807797]