[FFe] add support for unique cloud-config templates based on kernel, distro series, arch, python version
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init (Ubuntu) |
Fix Released
|
Undecided
|
Chad Smith |
Bug Description
Cloud-init allows user-data to provide a "## template: jinja" header line in user-data in order to render custom cloud-config based on any instance metadata found in /run/cloud-
There are a number of use cases where it would be beneficial to provide unique cloud-config user-data based on what ubuntu release, machine architecture kernel or merged_config default_user you an image may have configured.
Allow cloud customers to write a single cloud-config jinja template which can customize configuration options based on what it's operating environment ends up being.
Add 2 top-level keys to the persisted instance-data.json file:
merged_cfg:
* The merged cloud-config from /etc/cloud/
* This merged_cfg is helpful in debug and triage of cloud-init bug
as custom images frequently override Ubuntu certified
cloud-image defaults.
sys_info:
* system platform, arch, kernel and distro info
* This data is already obtained by cloudinit.
is used at runtime to determine behavior on every Ubuntu series
and any other supported distributions.
For ease of use in templates, some of the sys_info fields are generalized as top-level 'v1' standard keys.
The following are the new generalized v1 instance data keys:
distro, distro_release, distro_version, variant
kernel_release, system_platform, machine, and python_version
This allows a single #cloud-config user-data which would allow for custom cloud-config based on distro details:
## template: jinja
#cloud-config
runcmd:
{% if distro_version == 'xenial' %}
- echo add custom networking extensions to /etc/network/
{% elif distro_version == 'bionic' %}
- echo add my custom networking extensions to /etc/netplan/
{% elif distro == 'centos' %}
- echo do something fun with /etc/sysconfig
{% endif %}
Potential risk:
The 'merged_cfg' is sourced from the filesystem in which custom images could place sensitive information such as passwords or keys. That merged_cfg will need to be considered a sensitive_
The branch proposed will need to address this sensitivity and non-root users will not be able to run `cloud-init query merged_cfg` as that data will need to be redacted.
description: | updated |
description: | updated |
description: | updated |
Status changed to 'Confirmed' because the bug affects multiple users.