| Age | Commit message (Collapse) | Author |
|---|
|
with recent change nuageinit always create a "freebsd" user, if no
users are specified, which means we do need to get the rootdir in the
testsuite containing a group file otherwise pw complains and the tests
fails.
|
|
This address the situation reported here
https://github.com/freebsd/freebsd-src/pull/1952#issuecomment-3720210259
The user-data file was missing and the `sethostname` function is never
called. This commit adjusts slightly the logic to avoid the `exit()` call
when the `user-data` file is missing.
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Differential Revision: https://github.com/freebsd/freebsd-src/pull/1953
|
|
The "default" user should only be created when:
- the `users` key is missing
- or the `default` string is present in the `users` list
Since the `public_keys` is extracted from the meta-data, this patch has
to slightly adjust the way they are loaded.
The change simplify the logic around the default user SSH key injection.
Both `ssh_authorized_keys` and `public_keys` are handled at the same time.
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1952
|
|
MFC After: 1 week
|
|
Clarify that both `sudo` and `doas` are not part of the base system and
they need to be listed in the `packages` section if the user wants to
enable them.
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1944
|
|
This change enhances `config2_network()` to honor the DNS
configuration, when it's defined through the `services` section.
The `network_data.json` file can hold DNS configuration at two different
places:
- within a network configuration entry
- or `dns` entry in the `services` section, in this case the configuration is global.
An example of such configuration:
{"links": [{"id": "interface0", "type": "phy",
"ethernet_mac_address": "52:54:00:01:59:03"}], "networks": [{"id": "private-ipv4-0", "type": "ipv4", "link": "interface0",
"ip_address": "192.168.123.5", "netmask": "255.255.255.0", "routes": [{"network": "0.0.0.0", "netmask": "0.0.0.0", "gateway":
"192.168.123.1"}], "network_id": "9e5b1ed9-f5e6-4941-a90f-2e06bab858de", "dns_nameservers": ["192.168.123.1"], "services": [{"type":
"dns", "address": "192.168.123.1"}]}], "services": [{"type": "dns", "address": "192.168.123.1"}]}
See: https://docs.openstack.org/nova/latest/user/metadata.html
MFC After: 1 week
Signed-off-by: Gonéri Le Bouder <goneri@lebouder.net>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1941
|
|
Add guards against attempting to process a user data file with an empty
first line or contents.
PR: 290395
Reviewed by: bapt (earlier), dtxdf, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53239
|
|
No functional change intended.
Reviewed by: bapt, dtxdf, kevans
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53238
|
|
- s/outout/output/
MFC after: 3 days
|
|
This updates the nuageinit man page by aligning mentions of the
cloud-config header line with the cloud-init documentation[0], removing
an unwanted "!" character.
[0] https://docs.cloud-init.io/en/latest/explanation/about-cloud-config.html#how-do-i-create-a-cloud-config-file
Signed-off-by: Jonathan Matthews <freebsd@hello.jonathanmatthews.com>
Differential Revision: https://reviews.freebsd.org/D53706
|
|
nuageinit largely already did this, but one spot was missed -- add the
necessary require() in to get the module loaded.
Fixes: b11a5709ec2b6 ("flua: kick out the remaining builtin modules")
|
|
In cloud-init, when a group specified in the 'users.{index}.groups' parameter
does not exist, it is ignored, but the user is created anyway. In the case of
nuageinit, it exits with an exception, since pw(8) expects each group to exist.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52718
|
|
Approved by: bapt@
|
|
* Set mode of etc directory to 0755.
* Use user.localbase sysctl instead of /usr/local.
* Add test case for doas.
* Set ${LOCALBASE} instead of /usr/local in nuageinit(7) man page.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52437
|
|
To better comply with the cloud-init specification, we need to
support the configuration of network-related parameters from
the network-config file, which is common in most deployments.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52419
|
|
* Set mode of sudoers to 0440.
Reviewed by: bapt@, jlduran@
Approved by: bapt@, jlduran@
Differential Revision: https://reviews.freebsd.org/D52438
|
|
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52436
|
|
|
|
|
|
- Fix 'pkg update' usage:
- The function 'nuage:run_pkg_cmd(...)' adds the flag '-y', which
does not make sense with some commands such as 'pkg update',
causing an error when updating the repository catalogs.
- Fix typo 'ssh-authorized-keys -> ssh_authorized_keys' in
'nuageinit(7)' man page.
- Document 'ssh_authorized_keys' parameter.
- Use device configuration ID when no 'match' rule is specified:
- This is the default behavior of cloud-init when no match rule is
specified, so the device is configured anyway (even if it does not
exist). This greatly simplifies things, since in many cases
'if_vtnet(4)' is used, so there is no need to perform a comparison
with the MAC address.
- Document 'network' parameter:
- Add example to 'EXAMPLES' section.
- Set 'gateway[46]' only when 'addresses' is specified:
- To comply with the cloud-init specification, 'gateway4' and 'gateway6'
must only take effect when 'addresses' (or static configuration) is
specified.
- Use a separate function to check 'match' rules:
- This way, we can easily add new logic to new types of rules.
- Implement 'network.ethernets.{id}.match.name' parameter:
- But unlike cloud-init, which works with glob expressions (although it
depends on the network backend), this implementation takes advantage
of Lua pattern-matching expressions.
Also note that previously we were only concerned with one interface
matching, however, to be cloud-init-compliant, we need to configure
the matching interfaces (one or more).
- Set default router only once.
- Implement 'network.ethernets.{id}.wakeonlan' parameter.
- Implement 'network.ethernets.{id}.set-name' parameter.
- Implement 'network.ethernets.{id}.match.driver' parameter:
- Rename 'get_ifaces(...)' function as 'get_ifaces_by_mac(...)'.
- Add get_ifaces_by_driver(...) function.
- Implement 'network.ethernets.{id}.mtu' parameter.
- Implement 'nameservers' parameter.
- Use 'resolvconf(8)' to manipulate 'resolv.conf(5)'.
- Use 'tzsetup(8)' to set time zone.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D51643
|
|
In the wrappers, check for errors and abort if one is raised. At some
point it may be useful to have a mechanism to ignore errors, but I'm not
sure yet how that should look.
For chmod, let the mode be specified as an octal number, otherwise it's
hard to understand what's happening. Note that this must be specified
as a string, otherwise tonumber() will raise an error.
Reviewed by: bapt
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51159
|
|
from the cloudinit specification sudo rules can be a string or an
array of string
|
|
|
|
|
|
write_files is a list of files that should be created at the first boot
each file content can be either plain text or encoded in base64 (note
that cloudinit specify that gzip is supported, but we do not support it
yet.)
All other specifier from cloudinit should work:
by default all files will juste overwrite exesiting files except if
"append" is set to true, permissions, ownership can be specified.
The files are create before packages are being installed and user
created.
if "defer" is set to true then the file is being created after packages
installation and package manupulation.
This feature is requested for KDE's CI.
|
|
This fixes case where vendors or cloudinit consumers are using all
features from yaml.
KDE is using reference for its CI for example.
lima-vm uses syntax for which our previous yaml.lua has bug in the
parser (https://github.com/lima-vm/lima/issues/1508)
|
|
This fixes the test case libexec.nuageinit.nuageinit.config2_userdata_packages
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Event: Kitchener-Waterloo Hackathon 202506
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1734
|
|
Reviewed by: bapt
|
|
|
|
Reviewed by: imp, ziaee (both a previous version)
Differential Revision: https://reviews.freebsd.org/D50878
|
|
|
|
refactor nuageinit to allow a 3rd execution point during boot:
1. nuageinit is invoked before NETWORKING with a minimalistic network setup
for openstrack and potentially other network config setup. it tries
to configure everything which is not requiring any network.
2. nuageinit is invoked again post NETWORKING but pre SERVERS, in the
phase it does all that requires network, like dealing with packages.
Note that creating users have been moved to this phase to allow the
installation of shells like bash or zsh prior the creation of the
users, before that the user creation was failing if a non installed
shell was requested.
3. nuageinit will execute at the rc.local time all the specified scripts
and commands.
MFC After: 1 week
|
|
|
|
|
|
Rename path into ni_path (ni stands for nuageinit) which is more
understandable and avoid a shadowing warning because we also use a
variable named path later.
Add a missing local
|
|
Execute the runcmd specified in cloudinit at the same moment as the
user_data script aka late in the boot process, to respect cloudinit
specifications
|
|
In official cloudinit, when a user_data file starts with '#!' it
should be execute late in the boot process. To respect this nuageinit
now copy the user_data script into a /var/cache/nuageinit/user_data if
found and a new "firsboot" rcscript anchored to the 'local' rc script is
responsible to execute it if found.
Note by doing this, we fix another issue we had with nuageinit, if the
cloudinit provider provides the user_data scriptout with the executable
permission, previous implementation was not working, like apparently
what Digital Ocean is doing.
PR: 287183
Reported by: olgeni@
|
|
Implement package_update and package_upgrade, which allows to launch
an update of the metadata and an upgrade of the packages.
Sponsored by: OVHCloud
|
|
Installs a list of packages
Sponsored by: OVHCloud
|
|
Sponsored by: OVHCloud
|
|
runcmd contains a list of string, each item will be executed in order.
Sponsored by: OVHCloud
|
|
To carry out the userdata unit tests, you need to set up the environment in
order to skip adding the default user (nuage.adduser(default_user)
Sponsored by: OVHCloud
|
|
Add support for chpasswd, with all possible syntaxes, including
deprecated one: chpasswd.list as a list or as a multiline string
as some providers are still only providing this deprecated form
Sponsored by: OVHCloud
MFC After: 1 week
Reviewed by: kevans, jlduran
Differential Revision: https://reviews.freebsd.org/D50021
|
|
Reported by: jlduran
|
|
ssh_pwauth sets the value in sshd_config for the password authentication
This implementation tries to avoid touching the file if cloudinit
request for what is already the default value.
MFC After: 3 days
Sponsored by: OVHCloud
Reviewed by: kevans, jlduran
Differential Revision: https://reviews.freebsd.org/D49875
|
|
|
|
MFC After: 1 week
Sponsored by: OVHCloud
|
|
While here fix fc34a2463c16fd47acbc8e5c3bbbb6b2ce1b1469 where the
adduser_passwd.lua file was not added
|
|
using echo in a sh(1) command line, requires many escaping to be done
right, using io.popen we don't need to do this escaping anymore.
|
|
|
