cloud-init:renovate/configure

Last commit made on 2020-03-06
Get this branch:
git clone -b renovate/configure https://git.launchpad.net/cloud-init
Members of cloud-init Commiters can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
renovate/configure
Repository:
lp:cloud-init

Recent commits

419e6e8... by Renovate Bot <email address hidden> on 2020-03-06

chore(deps): add renovate.json

1f860e5... by Chad Smith on 2020-03-06

ec2: Do not fallback to IMDSv1 on EC2 (#216)

The EC2 Data Source needs to handle 3 states of the Instance
Metadata Service configured for a given instance:

1. HttpTokens : optional & HttpEndpoint : enabled
   Either IMDSv2 or IMDSv1 can be used.
2. HttpTokens : required & HttpEndpoint : enabled
   Calls to IMDS without a valid token (IMDSv1 or IMDSv2 with expired token)
   will return a 401 error.
3. HttpEndpoint : disabled
   The IMDS http endpoint will return a 403 error.

Previous work to support IMDSv2 in cloud-init handled case 1 and case 2.

This commit handles case 3 by bypassing the retry block when IMDS returns HTTP
status code >= 400 on official AWS cloud platform.

It shaves 2 minutes when rebooting an instance that has its IMDS http token endpoint
disabled but creates some inconsistencies. An instance that doesn't set
"manual_cache_clean" to "True" will have its /var/lib/cloud/instance symlink
removed altogether after it has failed to find a datasource.

fa63970... by Chad Smith on 2020-03-04

instance-data: write redacted cfg to instance-data.json (#233)

When cloud-init persisted instance metadata to instance-data.json
if failed to redact the sensitive value. Currently, the only sensitive
key 'security-credentials' is omitted as cloud-init does not fetch
this value from IMDS.

Fix this by properly redacting the content from the public
instance-metadata.json file while retaining the value in the root-only
instance-data-sensitive.json file.

LP: #1865947

1d2dfc5... by Chad Smith on 2020-03-04

net: support network-config:disabled on the kernel commandline (#232)

Allow disabling cloud-init's network configuration via a plain-text kernel cmdline

Cloud-init docs indicate that users can disable cloud-init networking via kernel
command line parameter 'network-config=<YAML>'. This does not work unless
the <YAML> payload base64 encoded. Document the base64 encoding
requirement and add a plain-text value for disabling cloud-init network config:

    network-config=disabled

Also:
 - Log an error and ignore any plain-text network-config payloads that are
   not specifically 'network-config=disabled'.
 - Log a warning if network-config kernel param is invalid yaml but do not
   raise an exception, allowing boot to continue and use fallback networking.

LP: #1862702

fa1abfe... by Chad Smith on 2020-03-03

ec2: only redact token request headers in logs, avoid altering request (#230)

Our header redact logic was redacting both logged request headers and
the actual source request. This results in DataSourceEc2 sending the
invalid header "X-aws-ec2-metadata-token-ttl-seconds: REDACTED" which
gets an HTTP status response of 400.

Cloud-init retries this failed token request for 2 minutes before
falling back to IMDSv1.

LP: #1865882

67c8e53... by Alexey Vazhnov on 2020-02-27

docs: typo fixed: dta → data

0140f74... by Nick Wales <email address hidden> on 2020-02-27

Fixes typo on Amazon Web Services (#217)

one line doc fix

4f940bd... by "Mark T. Voelker" <email address hidden> on 2020-02-27

Fix docs for OpenStack DMI Asset Tag (#228)

In cloud-init 19.2, we added the ability for cloud-init to detect
OpenStack platforms by checking for "OpenStack Compute" or "OpenStack
Nova" in the chassis asset tag. However, this was never reflected
in the documentation. This patch updates the datasources documentation
for OpenStack to reflect the possibility of using the chassis asset tag.

LP: #1669875

bedda2e... by Sabrina on 2020-02-25

Add physical network type: cascading to openstack helpers (#200)

* Add physical network type: cascading to openstack helpers
* add new helpers test for checking all openstack KNOWN_PHYSICAL_TYPES get type 'physical'.

36f7ba0... by Chad Smith on 2020-02-25

tests: add focal integration tests for ubuntu (#225)