The cloud-init filtering writes a bunch of files into /tmp that
are not removed. So avoid cluttering /tmp on the hosts when
unit tests are run this commit sets TMPDIR to the unit test
tmpdir so that it's properly cleaned up.
With grade dangerous we don't want to install the datasource restriction file,
so only install it if we installed files and if we are filtering those files.
In the case where we are filtering files but there are no files to install, we
will already not create the file, but if we are filtering and we try to install
some files but they all get filtered out, then we will not install a datasource
restriction file because nothing untrusted from ubuntu-seed was installed, only
files from the gadget which are never filtered but are trusted.
Also remove a redundant test case now that it is reflected in the bigger test
case table.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Cloud-init itself only considers .cfg files in the cloud-init.cfg.d directory,
so we should only consider files with .cfg file extension in the ubuntu-seed
directory.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This actually works in Go to return an unexported type and be able to use it's
exported fields, but wasn't the intention at all since we do actually export a
type alias for testing of the unexported type.
Thanks to Samuele for spotting this.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This function is the directory analogue of cloudDatasourcesInUse, and takes
into account the fact that a collection of config files coming from the same
dir will be processed by cloud-init "together" with lexically later files
overwriting settings of lexically earlier files.
This is necessary for full MAAS support with cloud-init on grade signed
systems.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
For the error case we should only concern ourselves with checking if the output
is "status: error", anything else should not be handled with the switch case,
as that could obscure the non-zero exit status with returning an otherwise
valid status. In other words, if cloud-init status returns "status: enabled"
but exits with non-zero exit code, we still want to return CloudInitErrored.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
When cloud-init is actually in error condition, it will exit with a non-zero
status code. We previously had been assuming that this condition would have a
zero exit code, so the code would end up returning a non-nil err which in
devicestate would lead to devicestate never attempting to restrict cloud-init
and never disabling it either, thus effectively leaving the entire machinery
around force disabling cloud-init after 3 minutes if it was in error never to
be executed.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This will filter out the config we allow on ubuntu-seed to a subset of
cloud-init configuration.
Currently, this just allows configuration as required by MAAS to setup a device
with cloud-init, but this could be expanded in the future.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
We previously would just create a list with the duplicated names in it, which
didn't break anything but may be confusing for some other bits of code later
on. Instead trim out duplicates using a map instead of appending directly into
the resultant list.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
In a future commit, we will use the result of measuring the datasource settings
for the cloud-init config from the gadget, but for now just introduce the
machinery to read it.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Thanks to Samuele for pointing this out, the function has always only been used
with UC20 devices/systems so make that explicit via checking the model we now
have as the argument to the function.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Move more responsibility of handling cloud-init config permission handling to
sysconfig instead of devicestate since we now have access to the model in
ConfigureTargetSystem which we can use to get the model grade.
This also means we can refactor the functions which install cloud-init config
to be more straight forward and readable.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
introduce sysconfig.Device (similar to boot.Device)
have sysconfig.ApplyFilesystemOnlyDefaults and
sysconfig.ConfigureTargetSystem take the model and pass down a
sysconfig.Device
for these two we assume that mode is not run
had to make the comment in wrappers/services_test.go a one-liner
otherwise half of it is lost
last set of files needing changing (as per current master)
Also fix an out-dated comment in installCloudInitCfgDir which referenced a
non-existent function.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
