diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl index fb4b456cc7e..80ab4f9635f 100644 --- a/config/cloud.cfg.tmpl +++ b/config/cloud.cfg.tmpl @@ -34,7 +34,11 @@ disable_root: true {% if variant in ["almalinux", "alpine", "amazon", "centos", "cloudlinux", "eurolinux", "fedora", "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %} +{% if variant == "rhel" %} +mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2'] +{% else %} mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2'] +{% endif %} {% if variant == "amazon" %} resize_rootfs: noblock {% endif %} @@ -66,6 +70,14 @@ network: config: disabled {% endif %} +{% if variant == "rhel" %} +# Default redhat settings: +ssh_deletekeys: true +ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519'] +syslog_fix_perms: ~ +disable_vmware_customization: false +{% endif %} + # The modules that run in the 'init' stage cloud_init_modules: - migrator @@ -107,10 +119,15 @@ cloud_config_modules: {% endif %} {% if variant not in ["photon"] %} - ssh-import-id +{% if variant not in ["rhel"] %} - keyboard +{% endif %} - locale {% endif %} - set-passwords +{% if variant in ["rhel"] %} + - rh_subscription +{% endif %} {% if variant in ["rhel", "fedora", "photon"] %} {% if variant not in ["photon"] %} - spacewalk @@ -239,6 +256,10 @@ system_info: name: ec2-user lock_passwd: True gecos: EC2 Default User +{% elif variant == "rhel" %} + name: cloud-user + lock_passwd: true + gecos: Cloud User {% else %} name: {{ variant }} lock_passwd: True @@ -254,6 +275,8 @@ system_info: groups: [adm, sudo] {% elif variant == "arch" %} groups: [wheel, users] +{% elif variant == "rhel" %} + groups: [adm, systemd-journal] {% else %} groups: [wheel, adm, systemd-journal] {% endif %} diff --git a/systemd/cloud-config.service.tmpl b/systemd/cloud-config.service.tmpl index 9d928ca2014..d5568a6e05d 100644 --- a/systemd/cloud-config.service.tmpl +++ b/systemd/cloud-config.service.tmpl @@ -4,6 +4,10 @@ Description=Apply the settings specified in cloud-config After=network-online.target cloud-config.target After=snapd.seeded.service Wants=network-online.target cloud-config.target +{% if variant == "rhel" %} +ConditionPathExists=!/etc/cloud/cloud-init.disabled +ConditionKernelCommandLine=!cloud-init=disabled +{% endif %} [Service] Type=oneshot diff --git a/systemd/cloud-final.service.tmpl b/systemd/cloud-final.service.tmpl index 8207b18ca6d..85f423ac345 100644 --- a/systemd/cloud-final.service.tmpl +++ b/systemd/cloud-final.service.tmpl @@ -7,6 +7,10 @@ After=multi-user.target Before=apt-daily.service {% endif %} Wants=network-online.target cloud-config.service +{% if variant == "rhel" %} +ConditionPathExists=!/etc/cloud/cloud-init.disabled +ConditionKernelCommandLine=!cloud-init=disabled +{% endif %} [Service] @@ -15,7 +19,16 @@ ExecStart=/usr/bin/cloud-init modules --mode=final RemainAfterExit=yes TimeoutSec=0 KillMode=process +{% if variant == "rhel" %} +# Restart NetworkManager if it is present and running. +ExecStartPost=/bin/sh -c 'u=NetworkManager.service; \ + out=$(systemctl show --property=SubState $u) || exit; \ + [ "$out" = "SubState=running" ] || exit 0; \ + systemctl reload-or-try-restart $u' +{% else %} TasksMax=infinity +{% endif %} + # Output needs to appear in instance console output StandardOutput=journal+console diff --git a/systemd/cloud-init-local.service.tmpl b/systemd/cloud-init-local.service.tmpl index bcbd5b947ed..6f3f9d8d09e 100644 --- a/systemd/cloud-init-local.service.tmpl +++ b/systemd/cloud-init-local.service.tmpl @@ -1,23 +1,43 @@ ## template:jinja [Unit] Description=Initial cloud-init job (pre-networking) -{% if variant in ["ubuntu", "unknown", "debian"] %} +{% if variant in ["ubuntu", "unknown", "debian", "rhel" ] %} DefaultDependencies=no {% endif %} Wants=network-pre.target After=hv_kvp_daemon.service After=systemd-remount-fs.service +{% if variant == "rhel" %} +Requires=dbus.socket +After=dbus.socket +{% endif %} Before=NetworkManager.service +{% if variant == "rhel" %} +Before=network.service +{% endif %} Before=network-pre.target Before=shutdown.target +{% if variant == "rhel" %} +Before=firewalld.target +Conflicts=shutdown.target +{% endif %} {% if variant in ["ubuntu", "unknown", "debian"] %} Before=sysinit.target Conflicts=shutdown.target {% endif %} RequiresMountsFor=/var/lib/cloud +{% if variant == "rhel" %} +ConditionPathExists=!/etc/cloud/cloud-init.disabled +ConditionKernelCommandLine=!cloud-init=disabled +{% endif %} [Service] Type=oneshot +{% if variant == "rhel" %} +ExecStartPre=/bin/mkdir -p /run/cloud-init +ExecStartPre=/sbin/restorecon /run/cloud-init +ExecStartPre=/usr/bin/touch /run/cloud-init/enabled +{% endif %} ExecStart=/usr/bin/cloud-init init --local RemainAfterExit=yes TimeoutSec=0 diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl index e71e5679065..c170aef72f7 100644 --- a/systemd/cloud-init.service.tmpl +++ b/systemd/cloud-init.service.tmpl @@ -1,7 +1,7 @@ ## template:jinja [Unit] Description=Initial cloud-init job (metadata service crawler) -{% if variant not in ["photon"] %} +{% if variant not in ["photon", "rhel"] %} DefaultDependencies=no {% endif %} Wants=cloud-init-local.service @@ -36,6 +36,10 @@ Before=shutdown.target Conflicts=shutdown.target {% endif %} Before=systemd-user-sessions.service +{% if variant == "rhel" %} +ConditionPathExists=!/etc/cloud/cloud-init.disabled +ConditionKernelCommandLine=!cloud-init=disabled +{% endif %} [Service] Type=oneshot diff --git a/tests/unittests/test_render_cloudcfg.py b/tests/unittests/test_render_cloudcfg.py index 30fbd1a4713..9f95d4488ca 100644 --- a/tests/unittests/test_render_cloudcfg.py +++ b/tests/unittests/test_render_cloudcfg.py @@ -68,6 +68,7 @@ def test_variant_sets_default_user_in_cloud_cfg(self, variant, tmpdir): default_user_exceptions = { "amazon": "ec2-user", "debian": "ubuntu", + "rhel": "cloud-user", "unknown": "ubuntu", } default_user = system_cfg["system_info"]["default_user"]["name"]