| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Add guards against attempting to process a user data file with an empty
first line or contents.
PR: 290395
Reviewed by: bapt (earlier), dtxdf, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53239
|
| |
|
|
|
|
|
|
| |
No functional change intended.
Reviewed by: bapt, dtxdf, kevans
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53238
|
| |
|
|
|
|
| |
- s/outout/output/
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
This updates the nuageinit man page by aligning mentions of the
cloud-config header line with the cloud-init documentation[0], removing
an unwanted "!" character.
[0] https://docs.cloud-init.io/en/latest/explanation/about-cloud-config.html#how-do-i-create-a-cloud-config-file
Signed-off-by: Jonathan Matthews <freebsd@hello.jonathanmatthews.com>
Differential Revision: https://reviews.freebsd.org/D53706
|
| |
|
|
|
|
|
| |
nuageinit largely already did this, but one spot was missed -- add the
necessary require() in to get the module loaded.
Fixes: b11a5709ec2b6 ("flua: kick out the remaining builtin modules")
|
| |
|
|
|
|
|
|
|
|
| |
In cloud-init, when a group specified in the 'users.{index}.groups' parameter
does not exist, it is ignored, but the user is created anyway. In the case of
nuageinit, it exits with an exception, since pw(8) expects each group to exist.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52718
|
| |
|
|
| |
Approved by: bapt@
|
| |
|
|
|
|
|
|
|
|
|
| |
* Set mode of etc directory to 0755.
* Use user.localbase sysctl instead of /usr/local.
* Add test case for doas.
* Set ${LOCALBASE} instead of /usr/local in nuageinit(7) man page.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52437
|
| |
|
|
|
|
|
|
|
|
| |
To better comply with the cloud-init specification, we need to
support the configuration of network-related parameters from
the network-config file, which is common in most deployments.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52419
|
| |
|
|
|
|
|
|
| |
* Set mode of sudoers to 0440.
Reviewed by: bapt@, jlduran@
Approved by: bapt@, jlduran@
Differential Revision: https://reviews.freebsd.org/D52438
|
| |
|
|
|
|
| |
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52436
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix 'pkg update' usage:
- The function 'nuage:run_pkg_cmd(...)' adds the flag '-y', which
does not make sense with some commands such as 'pkg update',
causing an error when updating the repository catalogs.
- Fix typo 'ssh-authorized-keys -> ssh_authorized_keys' in
'nuageinit(7)' man page.
- Document 'ssh_authorized_keys' parameter.
- Use device configuration ID when no 'match' rule is specified:
- This is the default behavior of cloud-init when no match rule is
specified, so the device is configured anyway (even if it does not
exist). This greatly simplifies things, since in many cases
'if_vtnet(4)' is used, so there is no need to perform a comparison
with the MAC address.
- Document 'network' parameter:
- Add example to 'EXAMPLES' section.
- Set 'gateway[46]' only when 'addresses' is specified:
- To comply with the cloud-init specification, 'gateway4' and 'gateway6'
must only take effect when 'addresses' (or static configuration) is
specified.
- Use a separate function to check 'match' rules:
- This way, we can easily add new logic to new types of rules.
- Implement 'network.ethernets.{id}.match.name' parameter:
- But unlike cloud-init, which works with glob expressions (although it
depends on the network backend), this implementation takes advantage
of Lua pattern-matching expressions.
Also note that previously we were only concerned with one interface
matching, however, to be cloud-init-compliant, we need to configure
the matching interfaces (one or more).
- Set default router only once.
- Implement 'network.ethernets.{id}.wakeonlan' parameter.
- Implement 'network.ethernets.{id}.set-name' parameter.
- Implement 'network.ethernets.{id}.match.driver' parameter:
- Rename 'get_ifaces(...)' function as 'get_ifaces_by_mac(...)'.
- Add get_ifaces_by_driver(...) function.
- Implement 'network.ethernets.{id}.mtu' parameter.
- Implement 'nameservers' parameter.
- Use 'resolvconf(8)' to manipulate 'resolv.conf(5)'.
- Use 'tzsetup(8)' to set time zone.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D51643
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the wrappers, check for errors and abort if one is raised. At some
point it may be useful to have a mechanism to ignore errors, but I'm not
sure yet how that should look.
For chmod, let the mode be specified as an octal number, otherwise it's
hard to understand what's happening. Note that this must be specified
as a string, otherwise tonumber() will raise an error.
Reviewed by: bapt
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51159
|
| |
|
|
|
| |
from the cloudinit specification sudo rules can be a string or an
array of string
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
write_files is a list of files that should be created at the first boot
each file content can be either plain text or encoded in base64 (note
that cloudinit specify that gzip is supported, but we do not support it
yet.)
All other specifier from cloudinit should work:
by default all files will juste overwrite exesiting files except if
"append" is set to true, permissions, ownership can be specified.
The files are create before packages are being installed and user
created.
if "defer" is set to true then the file is being created after packages
installation and package manupulation.
This feature is requested for KDE's CI.
|
| |
|
|
|
|
|
|
|
| |
This fixes case where vendors or cloudinit consumers are using all
features from yaml.
KDE is using reference for its CI for example.
lima-vm uses syntax for which our previous yaml.lua has bug in the
parser (https://github.com/lima-vm/lima/issues/1508)
|
| |
|
|
|
|
|
|
|
|
| |
This fixes the test case libexec.nuageinit.nuageinit.config2_userdata_packages
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Event: Kitchener-Waterloo Hackathon 202506
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1734
|
| |
|
|
| |
Reviewed by: bapt
|
| | |
|
| |
|
|
|
| |
Reviewed by: imp, ziaee (both a previous version)
Differential Revision: https://reviews.freebsd.org/D50878
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refactor nuageinit to allow a 3rd execution point during boot:
1. nuageinit is invoked before NETWORKING with a minimalistic network setup
for openstrack and potentially other network config setup. it tries
to configure everything which is not requiring any network.
2. nuageinit is invoked again post NETWORKING but pre SERVERS, in the
phase it does all that requires network, like dealing with packages.
Note that creating users have been moved to this phase to allow the
installation of shells like bash or zsh prior the creation of the
users, before that the user creation was failing if a non installed
shell was requested.
3. nuageinit will execute at the rc.local time all the specified scripts
and commands.
MFC After: 1 week
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Rename path into ni_path (ni stands for nuageinit) which is more
understandable and avoid a shadowing warning because we also use a
variable named path later.
Add a missing local
|
| |
|
|
|
|
| |
Execute the runcmd specified in cloudinit at the same moment as the
user_data script aka late in the boot process, to respect cloudinit
specifications
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In official cloudinit, when a user_data file starts with '#!' it
should be execute late in the boot process. To respect this nuageinit
now copy the user_data script into a /var/cache/nuageinit/user_data if
found and a new "firsboot" rcscript anchored to the 'local' rc script is
responsible to execute it if found.
Note by doing this, we fix another issue we had with nuageinit, if the
cloudinit provider provides the user_data scriptout with the executable
permission, previous implementation was not working, like apparently
what Digital Ocean is doing.
PR: 287183
Reported by: olgeni@
|
| |
|
|
|
|
|
| |
Implement package_update and package_upgrade, which allows to launch
an update of the metadata and an upgrade of the packages.
Sponsored by: OVHCloud
|
| |
|
|
|
|
| |
Installs a list of packages
Sponsored by: OVHCloud
|
| |
|
|
| |
Sponsored by: OVHCloud
|
| |
|
|
|
|
| |
runcmd contains a list of string, each item will be executed in order.
Sponsored by: OVHCloud
|
| |
|
|
|
|
|
| |
To carry out the userdata unit tests, you need to set up the environment in
order to skip adding the default user (nuage.adduser(default_user)
Sponsored by: OVHCloud
|
| |
|
|
|
|
|
|
|
|
|
| |
Add support for chpasswd, with all possible syntaxes, including
deprecated one: chpasswd.list as a list or as a multiline string
as some providers are still only providing this deprecated form
Sponsored by: OVHCloud
MFC After: 1 week
Reviewed by: kevans, jlduran
Differential Revision: https://reviews.freebsd.org/D50021
|
| |
|
|
| |
Reported by: jlduran
|
| |
|
|
|
|
|
|
|
|
|
| |
ssh_pwauth sets the value in sshd_config for the password authentication
This implementation tries to avoid touching the file if cloudinit
request for what is already the default value.
MFC After: 3 days
Sponsored by: OVHCloud
Reviewed by: kevans, jlduran
Differential Revision: https://reviews.freebsd.org/D49875
|
| | |
|
| |
|
|
|
| |
MFC After: 1 week
Sponsored by: OVHCloud
|
| |
|
|
|
| |
While here fix fc34a2463c16fd47acbc8e5c3bbbb6b2ce1b1469 where the
adduser_passwd.lua file was not added
|
| |
|
|
|
| |
using echo in a sh(1) command line, requires many escaping to be done
right, using io.popen we don't need to do this escaping anymore.
|
| | |
|
| |
|
|
|
|
|
| |
After building packages we have a number of new
and updated Makefile.depend files
Reviewed by: stevek
|
| |
|
|
|
|
|
|
|
|
| |
- Export NUAGE_FAKE_ROOTDIR only once
- Use the header section of the test to require the root user
- Use the PWD environment variable
- Set the root/sys shell as /bin/sh
- Use RFC 5737 reserved IP addresses
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hashed password usually contains a "$" sign, which, when used on a
shell, must be escaped. Also, the plain text password may contain
special characters that require escaping.
Add a quick fix by enclosing it in single quotes. Note that if the
plain text password contains a "'", it will still fail. This will be
properly fixed in later commits.
Some here documents require the document to be a string literal,
especially when passing invalid characters. Enclose it in single
quotes.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Standardize the utilities from nuage.lua, to return nil on failure, plus
an error message as a second result, and some value different from nil
on success.
Make warnmsg() and errmsg() append "nuageinit: " by default. Pass an
optional second parameter as false to avoid printing this tag.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
|
| |
|
|
|
|
|
| |
Prefer posix.sys.stat's chmod() to os.execute(). While here, change the
name of the locals to be more descriptive.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
|
