- Handle a locked user
+ At present if the user exists and is already locked, either previous
user creation or user is created locked by default the lock action
exception is propagated. However, if the user is already locked we
have the condition we want to achieve and thus should move on.
Addresses lp#1793193
cli: add cloud-init query subcommand to query instance metadata
Cloud-init caches any cloud metadata crawled during boot in the file
/run/cloud-init/instance-data.json. Cloud-init also standardizes some of
that metadata across all clouds. The command 'cloud-init query' surfaces a
simple CLI to query or format any cached instance metadata so that scripts
or end-users do not have to write tools to crawl metadata themselves.
Since 'cloud-init query' is runnable by non-root users, redact any
sensitive data from instance-data.json and provide a root-readable
unredacted instance-data-sensitive.json. Datasources can now define a
sensitive_metadata_keys tuple which will redact any matching keys
which could contain passwords or credentials from instance-data.json.
Also add the following standardized 'v1' instance-data.json keys:
- user_data: The base64encoded user-data provided at instance launch
- vendor_data: Any vendor_data provided to the instance at launch
- underscore_delimited versions of existing hyphenated keys:
instance_id, local_hostname, availability_zone, cloud_name
pylint: ignore warning assignment-from-no-return for _write_network
Distro subclasses arch, freebsd and debian still have a path with an
implemented _write_network method which has a return value. Can drop
this pylint ignore when _write_network is dropped from arch, freebsd
and debian.
stages: Fix bug causing datasource to have incorrect sys_cfg.
The Init object had a bug/odd side effect where when retrieving a distro
object it would update the datasources's sys_cfg. That was probably
intended to refresh the possibly stale config stored there. Unfortunately
what it actually did limit the config there to the 'system_info' top level
key where initially it had the whole config.
Any distro that has a '_write_nework_config' method should no
longer get their _write_network called at all. So lets drop
that code and raise a RuntimeError any time we got there.
Replace the one caller of 'apply_network' (legacy openstack path)
with a call to apply_network_config after converting the ENI to
network config.
net_util: ensure static configs have netmask in translate_network result
If a DataSource provides a network configuration in version 2 and runs
on a distro which does not have a network renderer class in use, then
the conversion of V2 to eni results in static ip configurations with
subnet prefix-length (192.168.23.1/24) rather than explicit netmask
value.
When sending such a config to net_util.translate_network the resulting
dictionary is missing the 'netmask' key for static configured addresses
breaking network configurations on multiple distributions.
This patch detects static ip configurations using prefix-length and
converts the format into the previous 'address' and 'netmask' parts
to keep compatibility for these distribtuions until they move to
the v2 network configuration.
