cloud-init

Merge ~shaner/cloud-init:ubuntu/trusty into cloud-init:ubuntu/trusty

  1. Git
  2. lp:~shaner/cloud-init
  3. ubuntu/trusty
  4. Merge into ubuntu/trusty
Proposed by Shane Peters
Status: Superseded
Proposed branch: ~shaner/cloud-init:ubuntu/trusty
Merge into: cloud-init:ubuntu/trusty
Diff against target: 744 lines (+722/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/lp-1781039-gce-datasource-update.patch (+713/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Scott Moser Needs Fixing
Review via email: mp+353997@code.launchpad.net

This proposal supersedes a proposal from 2018-08-07.

Commit message

Fix SSH key functionality for GCE Datasource

Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys
ssh keys for cloudinit and ubuntu users should both be added to the
'ubuntu' users authorized_keys file. This works in Xenial and higher,
but not in Trusty.

This patch updates the GCE Datasource to function like that of Xenial
and newer.

LP: #1781039

To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote : Posted in a previous version of this proposal

You've added use of 'six' (package python-six) but have not added a
dependency. Normally, we can't add a dependency in a SRU. I think we can
probably get away with it though because there is a direct dependency
chain already in place in trusty through cloud-init.

  cloud-init -> python-requests -> python-urllib3 -> python-six

Even so, we will have to add this to debian/control.

There are some other comments inline below.

Feel free to ping in IRC If you have any questions or follow up here.

Thanks.
sorry for the slow reply.
Scott

review: Needs Information
Revision history for this message
Scott Moser (smoser) wrote :

some necessary fixes inline.

Please make sure you test with user-data and without user-data.

Revision history for this message
Scott Moser (smoser) :
review: Needs Fixing
Revision history for this message
Scott Moser (smoser) wrote :

superseded to https://code.launchpad.net/~shaner/cloud-init/+git/cloud-init/+merge/354428

Unmerged commits

926c9c0... by Shane Peters

debian/patches/lp-1781039-gce-datasource-update.patch

e53a5cd... by Shane Peters

debian/patches/lp-1781039-gce-datasource-update.patch

e0e26ee... by Shane Peters

debian/patches/lp-1781039-gce-datasource-update.patch

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 4f2c89e..63b6698 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1cloud-init (0.7.5-0ubuntu1.23) trusty; urgency=medium
2
3 * GCE
4 - d/p/lp-1781039-gce-datasource-update.patch (LP: #1781039)
5 Backport GCE datasource functionality from Xenial
6
7 -- Shane Peters <shane.peters@canonical.com> Tue, 07 Aug 2018 11:57:23 -0400
8
1cloud-init (0.7.5-0ubuntu1.22) trusty; urgency=medium9cloud-init (0.7.5-0ubuntu1.22) trusty; urgency=medium
210
3 * debian/update-grub-legacy-ec2:11 * debian/update-grub-legacy-ec2:
diff --git a/debian/patches/lp-1781039-gce-datasource-update.patch b/debian/patches/lp-1781039-gce-datasource-update.patch
4new file mode 10064412new file mode 100644
index 0000000..34c67d3
--- /dev/null
+++ b/debian/patches/lp-1781039-gce-datasource-update.patch
@@ -0,0 +1,713 @@
1Author: Shane Peters <shane.peters@canonical.com>
2Bug: https://bugs.launchpad.net/cloud-init/+bug/1781039
3Description: Update GCE datasource
4 Per documentation at https://wiki.ubuntu.com/GoogleComputeEngineSSHKeys
5 ssh keys for cloudinit and ubuntu users should both be added to the
6 'ubuntu' users authorized_keys file. This works in Xenial and higher,
7 but not in Trusty.
8--- /dev/null
9+++ b/cloudinit/distros/ug_util.py
10@@ -0,0 +1,289 @@
11+# Copyright (C) 2012 Canonical Ltd.
12+# Copyright (C) 2012, 2013 Hewlett-Packard Development Company, L.P.
13+# Copyright (C) 2012 Yahoo! Inc.
14+#
15+# Author: Scott Moser <scott.moser@canonical.com>
16+# Author: Juerg Haefliger <juerg.haefliger@hp.com>
17+# Author: Joshua Harlow <harlowja@yahoo-inc.com>
18+# Author: Ben Howard <ben.howard@canonical.com>
19+#
20+# This file is part of cloud-init. See LICENSE file for license information.
21+
22+import six
23+
24+from cloudinit import log as logging
25+from cloudinit import type_utils
26+from cloudinit import util
27+
28+LOG = logging.getLogger(__name__)
29+
30+
31+# Normalizes a input group configuration
32+# which can be a comma seperated list of
33+# group names, or a list of group names
34+# or a python dictionary of group names
35+# to a list of members of that group.
36+#
37+# The output is a dictionary of group
38+# names => members of that group which
39+# is the standard form used in the rest
40+# of cloud-init
41+def _normalize_groups(grp_cfg):
42+ if isinstance(grp_cfg, six.string_types):
43+ grp_cfg = grp_cfg.strip().split(",")
44+ if isinstance(grp_cfg, list):
45+ c_grp_cfg = {}
46+ for i in grp_cfg:
47+ if isinstance(i, dict):
48+ for k, v in i.items():
49+ if k not in c_grp_cfg:
50+ if isinstance(v, list):
51+ c_grp_cfg[k] = list(v)
52+ elif isinstance(v, six.string_types):
53+ c_grp_cfg[k] = [v]
54+ else:
55+ raise TypeError("Bad group member type %s" %
56+ type_utils.obj_name(v))
57+ else:
58+ if isinstance(v, list):
59+ c_grp_cfg[k].extend(v)
60+ elif isinstance(v, six.string_types):
61+ c_grp_cfg[k].append(v)
62+ else:
63+ raise TypeError("Bad group member type %s" %
64+ type_utils.obj_name(v))
65+ elif isinstance(i, six.string_types):
66+ if i not in c_grp_cfg:
67+ c_grp_cfg[i] = []
68+ else:
69+ raise TypeError("Unknown group name type %s" %
70+ type_utils.obj_name(i))
71+ grp_cfg = c_grp_cfg
72+ groups = {}
73+ if isinstance(grp_cfg, dict):
74+ for (grp_name, grp_members) in grp_cfg.items():
75+ groups[grp_name] = util.uniq_merge_sorted(grp_members)
76+ else:
77+ raise TypeError(("Group config must be list, dict "
78+ " or string types only and not %s") %
79+ type_utils.obj_name(grp_cfg))
80+ return groups
81+
82+
83+# Normalizes a input group configuration
84+# which can be a comma seperated list of
85+# user names, or a list of string user names
86+# or a list of dictionaries with components
87+# that define the user config + 'name' (if
88+# a 'name' field does not exist then the
89+# default user is assumed to 'own' that
90+# configuration.
91+#
92+# The output is a dictionary of user
93+# names => user config which is the standard
94+# form used in the rest of cloud-init. Note
95+# the default user will have a special config
96+# entry 'default' which will be marked as true
97+# all other users will be marked as false.
98+def _normalize_users(u_cfg, def_user_cfg=None):
99+ if isinstance(u_cfg, dict):
100+ ad_ucfg = []
101+ for (k, v) in u_cfg.items():
102+ if isinstance(v, (bool, int, float) + six.string_types):
103+ if util.is_true(v):
104+ ad_ucfg.append(str(k))
105+ elif isinstance(v, dict):
106+ v['name'] = k
107+ ad_ucfg.append(v)
108+ else:
109+ raise TypeError(("Unmappable user value type %s"
110+ " for key %s") % (type_utils.obj_name(v), k))
111+ u_cfg = ad_ucfg
112+ elif isinstance(u_cfg, six.string_types):
113+ u_cfg = util.uniq_merge_sorted(u_cfg)
114+
115+ users = {}
116+ for user_config in u_cfg:
117+ if isinstance(user_config, (list,) + six.string_types):
118+ for u in util.uniq_merge(user_config):
119+ if u and u not in users:
120+ users[u] = {}
121+ elif isinstance(user_config, dict):
122+ if 'name' in user_config:
123+ n = user_config.pop('name')
124+ prev_config = users.get(n) or {}
125+ users[n] = util.mergemanydict([prev_config,
126+ user_config])
127+ else:
128+ # Assume the default user then
129+ prev_config = users.get('default') or {}
130+ users['default'] = util.mergemanydict([prev_config,
131+ user_config])
132+ else:
133+ raise TypeError(("User config must be dictionary/list "
134+ " or string types only and not %s") %
135+ type_utils.obj_name(user_config))
136+
137+ # Ensure user options are in the right python friendly format
138+ if users:
139+ c_users = {}
140+ for (uname, uconfig) in users.items():
141+ c_uconfig = {}
142+ for (k, v) in uconfig.items():
143+ k = k.replace('-', '_').strip()
144+ if k:
145+ c_uconfig[k] = v
146+ c_users[uname] = c_uconfig
147+ users = c_users
148+
149+ # Fixup the default user into the real
150+ # default user name and replace it...
151+ def_user = None
152+ if users and 'default' in users:
153+ def_config = users.pop('default')
154+ if def_user_cfg:
155+ # Pickup what the default 'real name' is
156+ # and any groups that are provided by the
157+ # default config
158+ def_user_cfg = def_user_cfg.copy()
159+ def_user = def_user_cfg.pop('name')
160+ def_groups = def_user_cfg.pop('groups', [])
161+ # Pickup any config + groups for that user name
162+ # that we may have previously extracted
163+ parsed_config = users.pop(def_user, {})
164+ parsed_groups = parsed_config.get('groups', [])
165+ # Now merge our extracted groups with
166+ # anything the default config provided
167+ users_groups = util.uniq_merge_sorted(parsed_groups, def_groups)
168+ parsed_config['groups'] = ",".join(users_groups)
169+ # The real config for the default user is the
170+ # combination of the default user config provided
171+ # by the distro, the default user config provided
172+ # by the above merging for the user 'default' and
173+ # then the parsed config from the user's 'real name'
174+ # which does not have to be 'default' (but could be)
175+ users[def_user] = util.mergemanydict([def_user_cfg,
176+ def_config,
177+ parsed_config])
178+
179+ # Ensure that only the default user that we
180+ # found (if any) is actually marked as being
181+ # the default user
182+ if users:
183+ for (uname, uconfig) in users.items():
184+ if def_user and uname == def_user:
185+ uconfig['default'] = True
186+ else:
187+ uconfig['default'] = False
188+
189+ return users
190+
191+
192+# Normalizes a set of user/users and group
193+# dictionary configuration into a useable
194+# format that the rest of cloud-init can
195+# understand using the default user
196+# provided by the input distrobution (if any)
197+# to allow for mapping of the 'default' user.
198+#
199+# Output is a dictionary of group names -> [member] (list)
200+# and a dictionary of user names -> user configuration (dict)
201+#
202+# If 'user' exists it will override
203+# the 'users'[0] entry (if a list) otherwise it will
204+# just become an entry in the returned dictionary (no override)
205+def normalize_users_groups(cfg, distro):
206+ if not cfg:
207+ cfg = {}
208+
209+ users = {}
210+ groups = {}
211+ if 'groups' in cfg:
212+ groups = _normalize_groups(cfg['groups'])
213+
214+ # Handle the previous style of doing this where the first user
215+ # overrides the concept of the default user if provided in the user: XYZ
216+ # format.
217+ old_user = {}
218+ if 'user' in cfg and cfg['user']:
219+ old_user = cfg['user']
220+ # Translate it into the format that is more useful
221+ # going forward
222+ if isinstance(old_user, six.string_types):
223+ old_user = {
224+ 'name': old_user,
225+ }
226+ if not isinstance(old_user, dict):
227+ LOG.warning(("Format for 'user' key must be a string or dictionary"
228+ " and not %s"), type_utils.obj_name(old_user))
229+ old_user = {}
230+
231+ # If no old user format, then assume the distro
232+ # provides what the 'default' user maps to, but notice
233+ # that if this is provided, we won't automatically inject
234+ # a 'default' user into the users list, while if a old user
235+ # format is provided we will.
236+ distro_user_config = {}
237+ try:
238+ distro_user_config = distro.get_default_user()
239+ except NotImplementedError:
240+ LOG.warning(("Distro has not implemented default user "
241+ "access. No distribution provided default user"
242+ " will be normalized."))
243+
244+ # Merge the old user (which may just be an empty dict when not
245+ # present with the distro provided default user configuration so
246+ # that the old user style picks up all the distribution specific
247+ # attributes (if any)
248+ default_user_config = util.mergemanydict([old_user, distro_user_config])
249+
250+ base_users = cfg.get('users', [])
251+ if not isinstance(base_users, (list, dict) + six.string_types):
252+ LOG.warning(("Format for 'users' key must be a comma separated string"
253+ " or a dictionary or a list and not %s"),
254+ type_utils.obj_name(base_users))
255+ base_users = []
256+
257+ if old_user:
258+ # Ensure that when user: is provided that this user
259+ # always gets added (as the default user)
260+ if isinstance(base_users, list):
261+ # Just add it on at the end...
262+ base_users.append({'name': 'default'})
263+ elif isinstance(base_users, dict):
264+ base_users['default'] = dict(base_users).get('default', True)
265+ elif isinstance(base_users, six.string_types):
266+ # Just append it on to be re-parsed later
267+ base_users += ",default"
268+
269+ users = _normalize_users(base_users, default_user_config)
270+ return (users, groups)
271+
272+
273+# Given a user dictionary config it will
274+# extract the default user name and user config
275+# from that list and return that tuple or
276+# return (None, None) if no default user is
277+# found in the given input
278+def extract_default(users, default_name=None, default_config=None):
279+ if not users:
280+ users = {}
281+
282+ def safe_find(entry):
283+ config = entry[1]
284+ if not config or 'default' not in config:
285+ return False
286+ else:
287+ return config['default']
288+
289+ tmp_users = users.items()
290+ tmp_users = dict(filter(safe_find, tmp_users))
291+ if not tmp_users:
292+ return (default_name, default_config)
293+ else:
294+ name = list(tmp_users)[0]
295+ config = tmp_users[name]
296+ config.pop('default', None)
297+ return (name, config)
298+
299+# vi: ts=4 expandtab
300--- a/cloudinit/sources/DataSourceGCE.py
301+++ b/cloudinit/sources/DataSourceGCE.py
302@@ -1,142 +1,99 @@
303-# vi: ts=4 expandtab
304-#
305-# Author: Vaidas Jablonskis <jablonskis@gmail.com>
306-#
307-# This program is free software: you can redistribute it and/or modify
308-# it under the terms of the GNU General Public License version 3, as
309-# published by the Free Software Foundation.
310+# Author: Vaidas Jablonskis <jablonskis@gmail.com>
311 #
312-# This program is distributed in the hope that it will be useful,
313-# but WITHOUT ANY WARRANTY; without even the implied warranty of
314-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
315-# GNU General Public License for more details.
316-#
317-# You should have received a copy of the GNU General Public License
318-# along with this program. If not, see <http://www.gnu.org/licenses/>.
319+# This file is part of cloud-init. See LICENSE file for license information.
320
321+import datetime
322+import json
323
324 from base64 import b64decode
325
326+from cloudinit.distros import ug_util
327 from cloudinit import log as logging
328-from cloudinit import util
329 from cloudinit import sources
330 from cloudinit import url_helper
331+from cloudinit import util
332
333 LOG = logging.getLogger(__name__)
334
335-BUILTIN_DS_CONFIG = {
336- 'metadata_url': 'http://metadata.google.internal/computeMetadata/v1/'
337-}
338+MD_V1_URL = 'http://metadata.google.internal/computeMetadata/v1/'
339+BUILTIN_DS_CONFIG = {'metadata_url': MD_V1_URL}
340 REQUIRED_FIELDS = ('instance-id', 'availability-zone', 'local-hostname')
341
342
343+class GoogleMetadataFetcher(object):
344+ headers = {'Metadata-Flavor': 'Google'}
345+
346+ def __init__(self, metadata_address):
347+ self.metadata_address = metadata_address
348+
349+ def get_value(self, path, is_text, is_recursive=False):
350+ value = None
351+ try:
352+ url = self.metadata_address + path
353+ if is_recursive:
354+ url += '/?recursive=True'
355+ resp = url_helper.readurl(url=url, headers=self.headers)
356+ except url_helper.UrlError as exc:
357+ msg = "url %s raised exception %s"
358+ LOG.debug(msg, path, exc)
359+ else:
360+ if resp.code == 200:
361+ if is_text:
362+ value = util.decode_binary(resp.contents)
363+ else:
364+ value = resp.contents.decode('utf-8')
365+ else:
366+ LOG.debug("url %s returned code %s", path, resp.code)
367+ return value
368+
369+
370 class DataSourceGCE(sources.DataSource):
371+
372+ dsname = 'GCE'
373+
374 def __init__(self, sys_cfg, distro, paths):
375 sources.DataSource.__init__(self, sys_cfg, distro, paths)
376+ self.default_user = None
377+ if distro:
378+ (users, _groups) = ug_util.normalize_users_groups(sys_cfg, distro)
379+ (self.default_user, _user_config) = ug_util.extract_default(users)
380 self.metadata = dict()
381 self.ds_cfg = util.mergemanydict([
382 util.get_cfg_by_path(sys_cfg, ["datasource", "GCE"], {}),
383 BUILTIN_DS_CONFIG])
384 self.metadata_address = self.ds_cfg['metadata_url']
385
386- # GCE takes sshKeys attribute in the format of '<user>:<public_key>'
387- # so we have to trim each key to remove the username part
388- def _trim_key(self, public_key):
389- try:
390- index = public_key.index(':')
391- if index > 0:
392- return public_key[(index + 1):]
393- except:
394- return public_key
395-
396 def get_data(self):
397- # GCE metadata server requires a custom header since v1
398- headers = {'X-Google-Metadata-Request': True}
399-
400- # url_map: (our-key, path, required)
401- url_map = [
402- ('instance-id', 'instance/id', True),
403- ('availability-zone', 'instance/zone', True),
404- ('local-hostname', 'instance/hostname', True),
405- ('public-keys', 'project/attributes/sshKeys', False),
406- ('user-data', 'instance/attributes/user-data', False),
407- ('user-data-encoding', 'instance/attributes/user-data-encoding',
408- False),
409- ]
410-
411- # if we cannot resolve the metadata server, then no point in trying
412- if not util.is_resolvable_url(self.metadata_address):
413- LOG.debug("%s is not resolvable", self.metadata_address)
414- return False
415-
416- # iterate over url_map keys to get metadata items
417- found = False
418- for (mkey, path, required) in url_map:
419- try:
420- resp = url_helper.readurl(url=self.metadata_address + path,
421- headers=headers)
422- if resp.code == 200:
423- found = True
424- self.metadata[mkey] = resp.contents
425- else:
426- if required:
427- msg = "required url %s returned code %s. not GCE"
428- if not found:
429- LOG.debug(msg, path, resp.code)
430- else:
431- LOG.warn(msg, path, resp.code)
432- return False
433- else:
434- self.metadata[mkey] = None
435- except url_helper.UrlError as e:
436- if required:
437- msg = "required url %s raised exception %s. not GCE"
438- if not found:
439- LOG.debug(msg, path, e)
440- else:
441- LOG.warn(msg, path, e)
442- return False
443- msg = "Failed to get %s metadata item: %s."
444- LOG.debug(msg, path, e)
445-
446- self.metadata[mkey] = None
447-
448- if self.metadata['public-keys']:
449- lines = self.metadata['public-keys'].splitlines()
450- self.metadata['public-keys'] = [self._trim_key(k) for k in lines]
451-
452- if self.metadata['availability-zone']:
453- self.metadata['availability-zone'] = self.metadata[
454- 'availability-zone'].split('/')[-1]
455-
456- encoding = self.metadata.get('user-data-encoding')
457- if encoding:
458- if encoding == 'base64':
459- self.metadata['user-data'] = b64decode(
460- self.metadata['user-data'])
461+ ret = util.log_time(
462+ LOG.debug, 'Crawl of GCE metadata service',
463+ read_md, kwargs={'address': self.metadata_address})
464+
465+ if not ret['success']:
466+ if ret['platform_reports_gce']:
467+ LOG.warning(ret['reason'])
468 else:
469- LOG.warn('unknown user-data-encoding: %s, ignoring', encoding)
470-
471- return found
472+ LOG.debug(ret['reason'])
473+ return False
474+ self.metadata = ret['meta-data']
475+ self.userdata_raw = ret['user-data']
476+ return True
477
478 @property
479 def launch_index(self):
480- # GCE does not provide lauch_index property
481+ # GCE does not provide lauch_index property.
482 return None
483
484 def get_instance_id(self):
485 return self.metadata['instance-id']
486
487 def get_public_ssh_keys(self):
488- return self.metadata['public-keys']
489+ public_keys_data = self.metadata['public-keys-data']
490+ return _parse_public_keys(public_keys_data, self.default_user)
491
492- def get_hostname(self, fqdn=False, _resolve_ip=False):
493- # GCE has long FDQN's and has asked for short hostnames
494+ def get_hostname(self, fqdn=False, resolve_ip=False, metadata_only=False):
495+ # GCE has long FDQN's and has asked for short hostnames.
496 return self.metadata['local-hostname'].split('.')[0]
497
498- def get_userdata_raw(self):
499- return self.metadata['user-data']
500-
501 @property
502 def availability_zone(self):
503 return self.metadata['availability-zone']
504@@ -145,12 +102,187 @@
505 def region(self):
506 return self.availability_zone.rsplit('-', 1)[0]
507
508-# Used to match classes to dependencies
509+
510+def _has_expired(public_key):
511+ # Check whether an SSH key is expired. Public key input is a single SSH
512+ # public key in the GCE specific key format documented here:
513+ # https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#sshkeyformat
514+ try:
515+ # Check for the Google-specific schema identifier.
516+ schema, json_str = public_key.split(None, 3)[2:]
517+ except (ValueError, AttributeError):
518+ return False
519+
520+ # Do not expire keys if they do not have the expected schema identifier.
521+ if schema != 'google-ssh':
522+ return False
523+
524+ try:
525+ json_obj = json.loads(json_str)
526+ except ValueError:
527+ return False
528+
529+ # Do not expire keys if there is no expriation timestamp.
530+ if 'expireOn' not in json_obj:
531+ return False
532+
533+ expire_str = json_obj['expireOn']
534+ format_str = '%Y-%m-%dT%H:%M:%S+0000'
535+ try:
536+ expire_time = datetime.datetime.strptime(expire_str, format_str)
537+ except ValueError:
538+ return False
539+
540+ # Expire the key if and only if we have exceeded the expiration timestamp.
541+ return datetime.datetime.utcnow() > expire_time
542+
543+
544+def _parse_public_keys(public_keys_data, default_user=None):
545+ # Parse the SSH key data for the default user account. Public keys input is
546+ # a list containing SSH public keys in the GCE specific key format
547+ # documented here:
548+ # https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#sshkeyformat
549+ public_keys = []
550+ if not public_keys_data:
551+ return public_keys
552+ for public_key in public_keys_data:
553+ if not public_key or not all(ord(c) < 128 for c in public_key):
554+ continue
555+ split_public_key = public_key.split(':', 1)
556+ if len(split_public_key) != 2:
557+ continue
558+ user, key = split_public_key
559+ if user in ('cloudinit', default_user) and not _has_expired(key):
560+ public_keys.append(key)
561+ return public_keys
562+
563+
564+def read_md(address=None, platform_check=True):
565+
566+ if address is None:
567+ address = MD_V1_URL
568+
569+ ret = {'meta-data': None, 'user-data': None,
570+ 'success': False, 'reason': None}
571+ ret['platform_reports_gce'] = platform_reports_gce()
572+
573+ if platform_check and not ret['platform_reports_gce']:
574+ ret['reason'] = "Not running on GCE."
575+ return ret
576+
577+ # If we cannot resolve the metadata server, then no point in trying.
578+ if not util.is_resolvable_url(address):
579+ LOG.debug("%s is not resolvable", address)
580+ ret['reason'] = 'address "%s" is not resolvable' % address
581+ return ret
582+
583+ # url_map: (our-key, path, required, is_text, is_recursive)
584+ url_map = [
585+ ('instance-id', ('instance/id',), True, True, False),
586+ ('availability-zone', ('instance/zone',), True, True, False),
587+ ('local-hostname', ('instance/hostname',), True, True, False),
588+ ('instance-data', ('instance/attributes',), False, False, True),
589+ ('project-data', ('project/attributes',), False, False, True),
590+ ]
591+
592+ metadata_fetcher = GoogleMetadataFetcher(address)
593+ md = {}
594+ # Iterate over url_map keys to get metadata items.
595+ for (mkey, paths, required, is_text, is_recursive) in url_map:
596+ value = None
597+ for path in paths:
598+ new_value = metadata_fetcher.get_value(path, is_text, is_recursive)
599+ if new_value is not None:
600+ value = new_value
601+ if required and value is None:
602+ msg = "required key %s returned nothing. not GCE"
603+ ret['reason'] = msg % mkey
604+ return ret
605+ md[mkey] = value
606+
607+ instance_data = json.loads(md['instance-data'] or '{}')
608+ project_data = json.loads(md['project-data'] or '{}')
609+ valid_keys = [instance_data.get('sshKeys'), instance_data.get('ssh-keys')]
610+ block_project = instance_data.get('block-project-ssh-keys', '').lower()
611+ if block_project != 'true' and not instance_data.get('sshKeys'):
612+ valid_keys.append(project_data.get('ssh-keys'))
613+ valid_keys.append(project_data.get('sshKeys'))
614+ public_keys_data = '\n'.join([key for key in valid_keys if key])
615+ md['public-keys-data'] = public_keys_data.splitlines()
616+
617+ if md['availability-zone']:
618+ md['availability-zone'] = md['availability-zone'].split('/')[-1]
619+
620+ if 'user-data' in instance_data:
621+ # instance_data was json, so values are all utf-8 strings.
622+ ud = instance_data['user-data'].encode("utf-8")
623+ encoding = instance_data.get('user-data-encoding')
624+ if encoding == 'base64':
625+ ud = b64decode(ud)
626+ elif encoding:
627+ LOG.warning('unknown user-data-encoding: %s, ignoring', encoding)
628+ ret['user-data'] = ud
629+
630+ ret['meta-data'] = md
631+ ret['success'] = True
632+
633+ return ret
634+
635+
636+def platform_reports_gce():
637+ pname = util.read_dmi_data('system-product-name') or "N/A"
638+ if pname == "Google Compute Engine":
639+ return True
640+
641+ # system-product-name is not always guaranteed (LP: #1674861)
642+ serial = util.read_dmi_data('system-serial-number') or "N/A"
643+ if serial.startswith("GoogleCloud-"):
644+ return True
645+
646+ LOG.debug("Not running on google cloud. product-name=%s serial=%s",
647+ pname, serial)
648+ return False
649+
650+
651+# Used to match classes to dependencies.
652 datasources = [
653 (DataSourceGCE, (sources.DEP_FILESYSTEM, sources.DEP_NETWORK)),
654 ]
655
656
657-# Return a list of data sources that match this set of dependencies
658+# Return a list of data sources that match this set of dependencies.
659 def get_datasource_list(depends):
660 return sources.list_from_depends(depends, datasources)
661+
662+
663+if __name__ == "__main__":
664+ import argparse
665+ import sys
666+
667+ from base64 import b64encode
668+
669+ parser = argparse.ArgumentParser(description='Query GCE Metadata Service')
670+ parser.add_argument("--endpoint", metavar="URL",
671+ help="The url of the metadata service.",
672+ default=MD_V1_URL)
673+ parser.add_argument("--no-platform-check", dest="platform_check",
674+ help="Ignore smbios platform check",
675+ action='store_false', default=True)
676+ args = parser.parse_args()
677+ data = read_md(address=args.endpoint, platform_check=args.platform_check)
678+ if 'user-data' in data:
679+ # user-data is bytes not string like other things. Handle it specially.
680+ # If it can be represented as utf-8 then do so. Otherwise print base64
681+ # encoded value in the key user-data-b64.
682+ try:
683+ data['user-data'] = data['user-data'].decode()
684+ except UnicodeDecodeError:
685+ sys.stderr.write("User-data cannot be decoded. "
686+ "Writing as base64\n")
687+ del data['user-data']
688+ # b64encode returns a bytes value. Decode to get the string.
689+ data['user-data-b64'] = b64encode(data['user-data']).decode()
690+
691+ print(json.dumps(data, indent=1, sort_keys=True, separators=(',', ': ')))
692+
693+# vi: ts=4 expandtab
694--- a/cloudinit/util.py
695+++ b/cloudinit/util.py
696@@ -49,6 +49,7 @@
697 import time
698 import urlparse
699
700+import six
701 import yaml
702
703 from cloudinit import importer
704--- a/debian/control
705+++ b/debian/control
706@@ -17,6 +17,7 @@
707 python-oauth,
708 python-prettytable,
709 python-setuptools,
710+ python-six,
711 python-requests,
712 python-yaml
713 XS-Python-Version: all
diff --git a/debian/patches/series b/debian/patches/series
index d20f78b..21d6b4f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,3 +24,4 @@ lp-1551419-azure-handle-flipped-uuid-endianness.patch
24lp-1553158-bigstep.patch24lp-1553158-bigstep.patch
25lp-1581200-gce-metadatafqdn.patch25lp-1581200-gce-metadatafqdn.patch
26lp-1603222-fix-ephemeral-disk-fstab.patch26lp-1603222-fix-ephemeral-disk-fstab.patch
27lp-1781039-gce-datasource-update.patch

Subscribers

People subscribed via source and target branches