This commit is just me exploring some ideas for how the 'cloud-init
query' command might operate. This implementation includes support
for jsonpointer queries against the cloud metadata, as in:
cloud-init query /local-hostname
By default the query command access the cloud metadata, but you can
specify something else to query using the '-w <thing>' option, where
'<thing>' is one of:
Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
cloud-init adds ssh_authorized_keys to the default user and to
root but for root it disables the keys with a prefix command.
However, if the public_key key is of type ecdsa-sha2-nistp521,
it is not parsed correctly, and the prefix command is not prepended.
this ensures that we call httpretty.reset() before calling
httppretty.register_uri(...), which ensures that we get a fresh
callback with the expected version of the metadata.
On EC2, instance metadata can include credentials that remain valid for as
much as 6 hours. Reading these and allowing them to be pickled represents
a potential vulnerability if a snapshot of the disk is taken and shared as
part of an AMI.
This skips security-credentials when walking the meta-data tree.
LP: #1638312
Reviewed-by: Ian Weller <email address hidden>
Reviewed-by: Ben Cressey <email address hidden>
Reported-by: Kyle Barnes <email address hidden>
145410f...
by
"Erik M. Bray" <email address hidden>
doc: Fix typos and clarify some aspects of the part-handler
The existing documentation referred to a handle_type method when it
really should be handle_part. It also referred to 'methods' when it
really should say 'functions' to be clear (while it's true the built-in
handlers are classes with methods of these names, in this context we
mean module-level functions).
Also clarified that a part-handler should come before the parts that
it handles, and can override built-in handlers.
OpenStack: Use timeout and retries from config in get_data.
This modifies get_data in DataSourceOpenStack.py to get the timeout
and retries values from the data source configuration, rather than
from keyword arguments. This permits get_data to use the same timeout
as other methods, and allows an operator to increase the timeout in
environments where the metadata service takes longer than five seconds
to respond.
Fixed Misc issues related to VMware customization.
- staticIPV4 property can be either None or a valid Array. Need to
check for None before accessing the ip address.
- Modified few misc. log messages.
- Added a new log message while waiting for the customization config file.
- Added support to configure the maximum amount of time to wait for the
customization config file.
- VMware Customization Support is provided only for DataSourceOVF class and
not for any other child classes. Implemented a new variable
vmware_customization_supported to check whether the 'VMware Customization'
support is available for a specific datasource or not.
- Changed the function get_vmware_cust_settings to get_max_wait_from_cfg.
- Removed the code that does 'ifdown and iup' in NIC configurator.