azure: support matching dhcp route-metrics for dual-stack ipv4 ipv6
When an Azure vm has multiple nics set to dhcp, cloud-init uses
increasing route-metric values for each nic to ensure the default route
chosen is the primary nic (eth0). For netplan configuration, when
providing dhcp4-overrides: route-metric, the same route-metric value also
needs to be provided as a dhcp6-override otherwise the network config is
rejected wholesale and a the system is left without network.
When reading Azure IMDS, cloud-init will enable dhcp4 or dhcp6 on a nic
if there are any ipv4 or ipv6 ipAddresses listed as configured.
For ipv4:
- The first ip allocated to the primary NIC with a dhcp[46]-overrrides
route-metric of 100. For every additional NIC attached to the vm, the
route-metric override is increased by 100. When emitting an
dhcp4-overrides route-metric a matching dhcp6-overrides route-metric
will also be provided.
For ipv6:
If no there are no ipv6 addresses listed in the IMDS under the key
network.ipv6.ipAddress, then cloud-init's network config will emit
dhcp6: False and remove any dhcp6-overrides for that NIC.
For security concern, we disable the custom script
by default.If a custom script is provided, stop
customization unless the custom script is explicitly
enabled by tools config.
d3e71b5...
by
Matthias Baur <email address hidden>
cc_puppet: Implement csr_attributes.yaml support
This change adds two new parameters:
* csr_attributes
* csr_attributes_path
Those parameters allow to configure the content of the
csr_attributes.yaml file.
cloud-init.service: on centos/fedora/redhat wait on NetworkManager.service
In Centos/RHEL 8, NetworkManager is installed as the networking service.
cloud-init.service needs to run After this service to allow the OS to
bring networking up first.
After initial boot ovf-env.xml is copied to agent dir
(/var/lib/waagent/) with REDACTED password.
On subsequent boots DataSourceAzure loads with a configuration where the
user specified in /var/lib/waagent/ovf-env.xml is locked.
If instance id changes, cc_users_groups action will lock the user.
Fix this behavior by not locking the user if its password is REDACTED.
net/netplan: use ipv6-mtu key for specifying ipv6 mtu values
netplan introduced an 'info' subcommand which emits yaml describing
implemented features that indicate new or changed fields and values
in the yaml that it accepts. Previously, cloud-init emitted the key
'mtu6' for ipv6 MTU values. This is not correct and netplan will
fail to parse these values. Netplan as of 0.98 supports both the
info subcommand and the ipv6-mtu key.
This branch modifies the netplan renderer to collect the netplan
info output into a 'features' property which is a list of available
feature flags which the renderer can use to modify its output. If
the command is not available, no feature flags are set and
cloud-init will render IPv6 MTU values just as MTU for the subnet.
Fix usages of yaml, and move yaml_dump to safeyaml.dumps.
Here we replace uses of the pyyaml module directly with functions
provided by cloudinit.safeyaml. Also, change/move
cloudinit.util.yaml_dumps
to
cloudinit.safeyaml.dumps
The exoscale datasource defines a shorter timeout than the default (10)
but did not override url_max_wait, resulting in a single attempt being
made to wait for the metadata service.
In some rare cases, a race condition means the route to the metadata
service is not set within 10 seconds, and more attempts should be made.
This sets the url_max_wait for the datasource to 120.
net/sysconfig: fix available check on SUSE distros
In addition to ifup/ifdown the sysconfig renderer looks for
evidence that the sysconfig directory is properly populated.
This secondary check only considered RedHat specific location.
Fix this by adding a SUSE specific file and returning True if
either RedHat or SUSE file is present.
