Public bug reported:
Cloud-init allows user-data to provide a "## template: jinja" header
line in user-data in order to render custom cloud-config based on any
instance metadata found in /run/cloud-init/instance-data.json.
There are a number of use cases where it would be beneficial to provide
unique cloud-config user-data based on what ubuntu release, machine
architecture kernel or merged_config default_user you an image may have
configured.
Allow cloud customers to write a single cloud-config jinja template
which can customize configuration options based on what it's operating
environment ends up being.
Add 2 top-level keys to the persisted instance-data.json file:
merged_cfg:
* The merged cloud-config from /etc/cloud/cloud.cfg and
/etc/cloud/cloud.cfg.d/*cfg
* This merged_cfg is helpful in debug and triage of cloud-init bug
as custom images frequently override Ubuntu certified
cloud-image defaults.
sys_info:
* system platform, arch, kernel and distro info
* This data is already obtained by cloudinit.util.system_info which
is used at runtime to determine behavior on every Ubuntu series
and any other supported distributions.
For ease of use in templates, some of the sys_info fields are
generalized as top-level 'v1' standard keys.
The following are the new generalized v1 instance data keys:
distro, distro_release, distro_version, variant
kernel_release, system_platform, machine, and python_version
This allows a single #cloud-config user-data which would allow for
custom cloud-config based on distro details:
## template: jinja
#cloud-config
runcmd:
{% if distro_version == 'xenial' %}
- echo add custom networking extensions to /etc/network/interfaces.d/
{% elif distro_version == 'bionic' %}
- echo add my custom networking extensions to /etc/netplan/
{% elif distro == 'centos' %}
- echo do something fun with /etc/sysconfig
{% endif %}
Potential risk:
The 'merged_cfg' is sourced from the filesystem in which custom images
could place sensitive information such as passwords or keys. That
merged_cfg will need to be considered a sensitive_metadata_key that is
redacted from the world-readable /run/cloud-init/instance-data.json
file.
The branch proposed will need to address this sensitivity and non-root
users will not be able to run `cloud-init query merged_cfg` as that data
will need to be redacted.
** Affects: cloud-init (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Cloud-init allows user-data to provide a "## template: jinja" header
line in user-data in order to render custom cloud-config based on any
instance metadata found in /run/cloud-init/instance-data.json.
There are a number of use cases where it would be beneficial to provide
unique cloud-config user-data based on what ubuntu release, machine
architecture kernel or merged_config default_user you an image may have
configured.
Allow cloud customers to write a single cloud-config jinja template
which can customize configuration options based on what it's operating
environment ends up being.
-
Add 2 top-level keys to the persisted instance-data.json file:
- merged_cfg: the merged cloud-config from /etc/cloud/cloud.cfg and
/etc/cloud/cloud.cfg.d/*cfg
- This merged_cfg is helpful in debug and triage of cloud-init bugs as
the filesystem
- images frequently override Ubuntu certified cloud-image defaults.
-
- sys_info: system platform and distro information surfaced by uname or
python.platform.
- This data is already obtained by cloudinit.util.system_info() which is
used by
- cloud-init runtime to determine cloud-init behavior on every Ubuntu
series and all
- supported distributions.
+ merged_cfg:
+ * The merged cloud-config from /etc/cloud/cloud.cfg and
+ /etc/cloud/cloud.cfg.d/*cfg
+
+ * This merged_cfg is helpful in debug and triage of cloud-init bug
+ as custom images frequently override Ubuntu certified
+ cloud-image defaults.
+
+ sys_info: system platform, arch, kernel and distro info
+
+ * This data is already obtained by cloudinit.util.system_info which
+ is used at runtime to determine behavior on every Ubuntu series
+ and any other supported distributions.
- For ease of use in templates, some of the sys_info fields are generalized as
top-level 'v1' standard keys. The following are the new generalized v1 instance
data keys:
- distro, distro_release, distro_version, variant
- kernel_release, system_platform, machine, and python_version
+ For ease of use in templates, some of the sys_info fields are generalized as
top-level 'v1' standard keys.
+ The following are the new generalized v1 instance data keys:
+ distro, distro_release, distro_version, variant
+ kernel_release, system_platform, machine, and python_version
This allows a single #cloud-config user-data which would allow for
custom cloud-config based on distro details:
- ## template: jinja
- #cloud-config
- runcmd:
- {% if distro_version == 'xenial' %}
- - echo add custom networking extensions to /etc/network/interfaces.d/
- {% elif distro_version == 'bionic' %}
- - echo add my custom networking extensions to /etc/netplan/
- {% elif distro == 'centos' %}
- - echo do something fun with /etc/sysconfig
- {% endif %}
+ ## template: jinja
+ #cloud-config
+ runcmd:
+ {% if distro_version == 'xenial' %}
+ - echo add custom networking extensions to /etc/network/interfaces.d/
+ {% elif distro_version == 'bionic' %}
+ - echo add my custom networking extensions to /etc/netplan/
+ {% elif distro == 'centos' %}
+ - echo do something fun with /etc/sysconfig
+ {% endif %}
** Description changed:
Cloud-init allows user-data to provide a "## template: jinja" header
line in user-data in order to render custom cloud-config based on any
instance metadata found in /run/cloud-init/instance-data.json.
There are a number of use cases where it would be beneficial to provide
unique cloud-config user-data based on what ubuntu release, machine
architecture kernel or merged_config default_user you an image may have
configured.
Allow cloud customers to write a single cloud-config jinja template
which can customize configuration options based on what it's operating
environment ends up being.
Add 2 top-level keys to the persisted instance-data.json file:
- merged_cfg:
- * The merged cloud-config from /etc/cloud/cloud.cfg and
- /etc/cloud/cloud.cfg.d/*cfg
+ merged_cfg:
+ * The merged cloud-config from /etc/cloud/cloud.cfg and
+ /etc/cloud/cloud.cfg.d/*cfg
* This merged_cfg is helpful in debug and triage of cloud-init bug
- as custom images frequently override Ubuntu certified
- cloud-image defaults.
+ as custom images frequently override Ubuntu certified
+ cloud-image defaults.
- sys_info: system platform, arch, kernel and distro info
+ sys_info:
+ * system platform, arch, kernel and distro info
* This data is already obtained by cloudinit.util.system_info which
- is used at runtime to determine behavior on every Ubuntu series
- and any other supported distributions.
+ is used at runtime to determine behavior on every Ubuntu series
+ and any other supported distributions.
-
- For ease of use in templates, some of the sys_info fields are generalized as
top-level 'v1' standard keys.
+ For ease of use in templates, some of the sys_info fields are
+ generalized as top-level 'v1' standard keys.
The following are the new generalized v1 instance data keys:
distro, distro_release, distro_version, variant
kernel_release, system_platform, machine, and python_version
This allows a single #cloud-config user-data which would allow for
custom cloud-config based on distro details:
## template: jinja
#cloud-config
runcmd:
{% if distro_version == 'xenial' %}
- echo add custom networking extensions to /etc/network/interfaces.d/
{% elif distro_version == 'bionic' %}
- echo add my custom networking extensions to /etc/netplan/
{% elif distro == 'centos' %}
- echo do something fun with /etc/sysconfig
{% endif %}
** Description changed:
Cloud-init allows user-data to provide a "## template: jinja" header
line in user-data in order to render custom cloud-config based on any
instance metadata found in /run/cloud-init/instance-data.json.
There are a number of use cases where it would be beneficial to provide
unique cloud-config user-data based on what ubuntu release, machine
architecture kernel or merged_config default_user you an image may have
configured.
Allow cloud customers to write a single cloud-config jinja template
which can customize configuration options based on what it's operating
environment ends up being.
Add 2 top-level keys to the persisted instance-data.json file:
merged_cfg:
* The merged cloud-config from /etc/cloud/cloud.cfg and
/etc/cloud/cloud.cfg.d/*cfg
* This merged_cfg is helpful in debug and triage of cloud-init bug
as custom images frequently override Ubuntu certified
cloud-image defaults.
sys_info:
- * system platform, arch, kernel and distro info
+ * system platform, arch, kernel and distro info
* This data is already obtained by cloudinit.util.system_info which
is used at runtime to determine behavior on every Ubuntu series
and any other supported distributions.
For ease of use in templates, some of the sys_info fields are
generalized as top-level 'v1' standard keys.
The following are the new generalized v1 instance data keys:
distro, distro_release, distro_version, variant
kernel_release, system_platform, machine, and python_version
This allows a single #cloud-config user-data which would allow for
custom cloud-config based on distro details:
## template: jinja
#cloud-config
runcmd:
{% if distro_version == 'xenial' %}
- echo add custom networking extensions to /etc/network/interfaces.d/
{% elif distro_version == 'bionic' %}
- echo add my custom networking extensions to /etc/netplan/
{% elif distro == 'centos' %}
- echo do something fun with /etc/sysconfig
{% endif %}
+
+ Potential risk:
+
+ The 'merged_cfg' is sourced from the filesystem in which custom images
+ could place sensitive information such as passwords or keys. That
+ merged_cfg will need to be considered a sensitive_metadata_key that is
+ redacted from the world-readable /run/cloud-init/instance-data.json
+ file.
+
+ The branch proposed will need to address this sensitivity and non-root
+ users will not be able to run `cloud-init query merged_cfg` as that data
+ will need to be redacted.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1865969
Title:
[FFe] add support for unique cloud-config templates based on kernel,
distro series, arch, python version
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1865969/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
