Documentation
¶
Index ¶
- Variables
- func ApplyFilesystemOnlyDefaults(model *asserts.Model, rootDir string, defaults map[string]interface{}) error
- func ConfigureTargetSystem(model *asserts.Model, opts *Options) error
- func DisableCloudInit(rootDir string) error
- func HasGadgetCloudConf(gadgetDir string) bool
- func WritableDefaultsDir(rootdir string, subdir ...string) string
- type CloudInitRestrictOptions
- type CloudInitRestrictionResult
- type CloudInitState
- type Device
- type Options
Constants ¶
This section is empty.
Variables ¶
var ApplyFilesystemOnlyDefaultsImpl = func(dev Device, rootDir string, defaults map[string]interface{}) error { panic("ApplyFilesystemOnlyDefaultsImpl is unset, import overlord/configstate/configcore") }
ApplyFilesystemOnlyDefaultsImpl is initialized by init() of configcore.
Functions ¶
func ApplyFilesystemOnlyDefaults ¶
func ApplyFilesystemOnlyDefaults(model *asserts.Model, rootDir string, defaults map[string]interface{}) error
ApplyFilesystemOnlyDefaults applies (via configcore.filesystemOnlyApply()) filesystem modifications under rootDir, according to the defaults. This is a subset of core config options that is important early during boot, before all the configuration is applied as part of normal execution of configure hook.
func ConfigureTargetSystem ¶
ConfigureTargetSystem configures the ubuntu-data partition with any configuration needed from e.g. the gadget or for cloud-init (and also for cloud-init from the gadget). It is okay to use both from install mode for run mode, as well as from the initramfs for recover mode. It is only meant to be used with models that have a grade (i.e. UC20+).
func DisableCloudInit ¶
DisableCloudInit will disable cloud-init permanently by writing a cloud-init.disabled config file in etc/cloud under the target dir, which instructs cloud-init-generator to not trigger new cloud-init invocations. Note that even with this disabled file, a root user could still manually run cloud-init, but this capability is not provided to any strictly confined snap.
func HasGadgetCloudConf ¶
HasGadgetCloudConf takes a gadget directory and returns whether there is cloud-init config in the form of a cloud.conf file in the gadget.
func WritableDefaultsDir ¶
WritableDefaultsDir returns the full path of the joined subdir under the subtree for default content for system data living at rootdir, i.e. rootdir/_writable_defaults/subdir...
Types ¶
type CloudInitRestrictOptions ¶
type CloudInitRestrictOptions struct {
// ForceDisable will force disabling cloud-init even if it is
// in an active/running or errored state.
ForceDisable bool
// DisableAfterLocalDatasourcesRun modifies RestrictCloudInit to disable
// cloud-init after it has run on first-boot if the datasource detected is
// a local source such as NoCloud or None. If the datasource detected is not
// a local source, such as GCE or AWS EC2 it is merely restricted as
// described in the doc-comment on RestrictCloudInit.
DisableAfterLocalDatasourcesRun bool
}
CloudInitRestrictOptions are options for how to restrict cloud-init with RestrictCloudInit.
type CloudInitRestrictionResult ¶
CloudInitRestrictionResult is the result of calling RestrictCloudInit. The values for Action are "disable" or "restrict", and the Datasource will be set to the restricted datasource if Action is "restrict".
func RestrictCloudInit ¶
func RestrictCloudInit(state CloudInitState, opts *CloudInitRestrictOptions) (CloudInitRestrictionResult, error)
RestrictCloudInit will limit the operations of cloud-init on subsequent boots by either disabling cloud-init in the untriggered state, or restrict cloud-init to only use a specific datasource (additionally if the currently detected datasource for this boot was NoCloud, it will disable the automatic import of filesystems with labels such as CIDATA (or cidata) as datasources). This is expected to be run when cloud-init is in a "steady" state such as done or disabled (untriggered). If called in other states such as errored, it will return an error, but it can be forced to disable cloud-init anyways in these states with the opts parameter and the ForceDisable field. This function is meant to protect against CVE-2020-11933.
type CloudInitState ¶
type CloudInitState int
CloudInitState represents the various cloud-init states
const ( // CloudInitDisabledPermanently is when cloud-init is disabled as per the // cloud-init.disabled file. CloudInitDisabledPermanently CloudInitState = iota // CloudInitRestrictedBySnapd is when cloud-init has been restricted by // snapd with a specific config file. CloudInitRestrictedBySnapd // CloudInitUntriggered is when cloud-init is disabled because nothing has // triggered it to run, but it could still be run. CloudInitUntriggered // CloudInitDone is when cloud-init has been run on this boot. CloudInitDone // CloudInitEnabled is when cloud-init is active, but not necessarily // finished. This matches the "running" and "not run" states from cloud-init // as well as any other state that does not match any of the other defined // states, as we are conservative in assuming that cloud-init is doing // something. CloudInitEnabled // CloudInitNotFound is when there is no cloud-init executable on the // device. CloudInitNotFound // CloudInitErrored is when cloud-init tried to run, but failed or had invalid // configuration. CloudInitErrored )
func CloudInitStatus ¶
func CloudInitStatus() (CloudInitState, error)
CloudInitStatus returns the current status of cloud-init. Note that it will first check for static file-based statuses first through the snapd restriction file and the disabled file before consulting cloud-init directly through the status command. Also note that in unknown situations we are conservative in assuming that cloud-init may be doing something and will return CloudInitEnabled when we do not recognize the state returned by the cloud-init status command.
type Device ¶
Device carries information about the device model and mode that is relevant to sysconfig.
type Options ¶
type Options struct {
// CloudInitSrcDir is where to find the cloud-init data when installing it,
// i.e. in early boot install mode it could be something like
// filepath.Join(boot.InitramfsUbuntuSeedDir,"data")
CloudInitSrcDir string
// TargetRootDir is the root directory where to install configure
// data, i.e. for cloud-init during the initramfs it will be something like
// boot.InstallHostWritableDir
TargetRootDir string
// AllowCloudInit is whether to allow cloud-init to run or not in the
// TargetRootDir.
AllowCloudInit bool
// GadgetDir is the path of the mounted gadget snap.
GadgetDir string
// GadgetSnap is a snap.Container of the gadget snap. This is used in
// priority over GadgetDir if set.
GadgetSnap snap.Container
}
Options is the set of options used to configure the run system
Source Files