cloud-init-dev team mailing list archive

Thread
Date

Re: [Merge] ~smoser/cloud-init:bug/1712680-maas-use-token-for-check-instance-id into cloud-init:master

To: Scott Moser <ssmoser2+ubuntu@xxxxxxxxx>
From: Chad Smith <chad.smith@xxxxxxxxxxxxx>
Date: Tue, 12 Dec 2017 22:21:20 -0000
In-reply-to: <151311557804.22731.16080696302105728397.launchpad@ackee.canonical.com>
Reply-to: mp+335108@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

I know this is a completely separate direction than you are taking.

It feels a bit like we are gating all cloud-init updates/runs based on whether the instance-id changes. In a world where cloud-init becomes re-entrany (or hotplug handling) should cloud-init grow the ability for people to supplement cloud-init's written content, with more information?

I'm thinking like bookend comments like this.
# begin cloud-init ignore
# end cloud-init ignore
 

In either case, I'll try deploying a node twice with reboots in between and make sure this only changes on node re-install. It feels like we are working around a problem by relying on instance-id as our gate for rewriting content. Should cloud-init ever accept 

Diff comments:

> diff --git a/cloudinit/sources/DataSourceMAAS.py b/cloudinit/sources/DataSourceMAAS.py
> index 496bd06..dba420d 100644
> --- a/cloudinit/sources/DataSourceMAAS.py
> +++ b/cloudinit/sources/DataSourceMAAS.py
> @@ -147,6 +149,25 @@ class DataSourceMAAS(sources.DataSource):
>  
>          return bool(url)
>  
> +    def check_instance_id(self, sys_cfg):
> +        """locally check if the current system is the same instance.
> +
> +        MAAS doesn't provide a real instance-id, and if it did, it is
> +        still only available over the network.  We need to check based
> +        only on local resources.  So compute a hash based on Oauth tokens."""
> +        if self.id_hash is None:
> +            return False
> +        ncfg = util.get_cfg_by_path(sys_cfg, ("datasource", self.dsname), {})
> +        return (self.id_hash == get_id_from_ds_cfg(ncfg))
> +
> +
> +def get_id_from_ds_cfg(ds_cfg):
> +    fields = ('token_key', 'token_secret', 'consumer_key')

Might be nice to have a private method _get_oauth_creds() since we also grab these fields in _get_helper too.

> +    idstr = '\0'.join([ds_cfg.get(k, "") for k in fields])
> +    # store the encoding version as part of the hash in the event
> +    # that it ever changed we can compute older versions.
> +    return 'v1:' + hashlib.sha256(idstr.encode('utf-8')).hexdigest()
> +
>  
>  def read_maas_seed_dir(seed_d):
>      if seed_d.startswith("file://"):


-- 
https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/335108
Your team cloud-init commiters is requested to review the proposed merge of ~smoser/cloud-init:bug/1712680-maas-use-token-for-check-instance-id into cloud-init:master.

References

[Merge] ~smoser/cloud-init:bug/1712680-maas-use-token-for-check-instance-id into cloud-init:master
From: Scott Moser, 2017-12-12