cloud-init-dev team mailing list archive

Thread
Date

[Merge] ~xiaofengw/cloud-init:xiaofengw-user-defined-script into cloud-init:master

To: mp+366632@xxxxxxxxxxxxxxxxxx
From: Xiaofeng Wang <xiaofengw@xxxxxxxxxx>
Date: Mon, 29 Apr 2019 04:42:21 -0000
Reply-to: mp+366632@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Xiaofeng Wang has proposed merging ~xiaofengw/cloud-init:xiaofengw-user-defined-script into cloud-init:master.

Commit message:
VMWware: add option into VMTools configuration to enable/disable custom script.

VMWware customization has already support to run a custom script during the VM customization. We add this option so that VM administrator could prevent custom script to run, then the customization will fail and customization status is set to GUESTCUST_ERROR_SCRIPT_DISABLED.

Requested reviews:
  cloud-init commiters (cloud-init-dev)

For more details, see:
https://code.launchpad.net/~xiaofengw/cloud-init/+git/cloud-init/+merge/366632
-- 
Your team cloud-init commiters is requested to review the proposed merge of ~xiaofengw/cloud-init:xiaofengw-user-defined-script into cloud-init:master.

diff --git a/cloudinit/sources/DataSourceOVF.py b/cloudinit/sources/DataSourceOVF.py
index 70e7a5c..c12da32 100644
--- a/cloudinit/sources/DataSourceOVF.py
+++ b/cloudinit/sources/DataSourceOVF.py
@@ -40,11 +40,17 @@ from cloudinit.sources.helpers.vmware.imc.guestcust_state \
 from cloudinit.sources.helpers.vmware.imc.guestcust_util import (
     enable_nics,
     get_nics_to_enable,
-    set_customization_status
+    set_customization_status,
+    get_tools_config
 )
 
 LOG = logging.getLogger(__name__)
 
+CONFGROUPNAME_GUESTCUSTOMIZATION = "deployPkg"
+GUESTCUSTOMIZATION_ENABLE_CUST_SCRIPTS = "enable-custom-scripts"
+
+FALSE_MATCHER = re.compile(r"false", re.I)
+
 
 class DataSourceOVF(sources.DataSource):
 
@@ -148,6 +154,21 @@ class DataSourceOVF(sources.DataSource):
                     product_marker, os.path.join(self.paths.cloud_dir, 'data'))
                 special_customization = product_marker and not hasmarkerfile
                 customscript = self._vmware_cust_conf.custom_script_name
+
+                custScriptConfig = get_tools_config(
+                    CONFGROUPNAME_GUESTCUSTOMIZATION,
+                    GUESTCUSTOMIZATION_ENABLE_CUST_SCRIPTS,
+                    "true")
+                if FALSE_MATCHER.match(custScriptConfig):
+                    # Update the customization status if there is a
+                    # custom script is disabled
+                    if special_customization and customscript:
+                        LOG.debug("Custom script is disabled by user")
+                        set_customization_status(
+                            GuestCustStateEnum.GUESTCUST_STATE_RUNNING,
+                            GuestCustErrorEnum.GUESTCUST_ERROR_SCRIPT_DISABLED)
+                        raise Exception("Custom script is disabled by user")
+
             except Exception as e:
                 _raise_error_status(
                     "Error parsing the customization Config File",
diff --git a/cloudinit/sources/helpers/vmware/imc/guestcust_error.py b/cloudinit/sources/helpers/vmware/imc/guestcust_error.py
index db5a00d..65ae739 100644
--- a/cloudinit/sources/helpers/vmware/imc/guestcust_error.py
+++ b/cloudinit/sources/helpers/vmware/imc/guestcust_error.py
@@ -10,5 +10,6 @@ class GuestCustErrorEnum(object):
     """Specifies different errors of Guest Customization engine"""
 
     GUESTCUST_ERROR_SUCCESS = 0
+    GUESTCUST_ERROR_SCRIPT_DISABLED = 6
 
 # vi: ts=4 expandtab
diff --git a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
index a590f32..bbf93d2 100644
--- a/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
+++ b/cloudinit/sources/helpers/vmware/imc/guestcust_util.py
@@ -7,6 +7,7 @@
 
 import logging
 import os
+import re
 import time
 
 from cloudinit import util
@@ -117,4 +118,28 @@ def enable_nics(nics):
     logger.warning("Can't connect network interfaces after %d attempts",
                    enableNicsWaitRetries)
 
+
+# This will read the value of [section] key from VMTools configuration,
+# return defalutVal if vmware-toolbox-cmd is not installed or
+# [section] key is not defined.
+def get_tools_config(section, key, defaultVal):
+    retValue = defaultVal
+    cmd = ['vmware-toolbox-cmd', 'config', 'get', section, key]
+
+    try:
+        (outText, _) = util.subp(cmd)
+        m = re.match(r'(.+)=(.*)', outText)
+        if m:
+            value = m.group(2).strip()
+            if value:
+                retValue = value
+                logger.debug("Get tools config: [%s] %s = %s",
+                             section, key, value)
+    except Exception as e:
+        logger.debug("Failed to get tools config: [%s] %s", section, key)
+        logger.exception(e)
+
+    return retValue
+
+
 # vi: ts=4 expandtab