From 38cedfaffd5bf230499baafea2565941e9f15384 Mon Sep 17 00:00:00 2001 From: Alberto Contreras Date: Mon, 16 May 2022 18:12:43 +0200 Subject: [PATCH 1/2] Improve cc_set_passwords. - If the system doesn't use systemd and the status of the ssh service is not 0, then apply the pw_auth config. As distros as Alpine could start the ssh service later in the boot sequence. - Change log level from warning to debug when ssh_pwauth is written but the ssh service is not restarted. --- cloudinit/config/cc_set_passwords.py | 11 +++- .../unittests/config/test_cc_set_passwords.py | 54 ++++++++++++------- 2 files changed, 46 insertions(+), 19 deletions(-) diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py index d8f6a1db315..78595c64c32 100644 --- a/cloudinit/config/cc_set_passwords.py +++ b/cloudinit/config/cc_set_passwords.py @@ -95,7 +95,7 @@ def handle_ssh_pwauth(pw_auth, distro: Distro): uses_systemd = distro.uses_systemd() if uses_systemd and e.exit_code == 3: # Service is not running. Write ssh config. - LOG.warning( + LOG.debug( "Writing config 'ssh_pwauth: %s'. SSH service '%s'" " will not be restarted because it is stopped.", pw_auth, @@ -111,6 +111,15 @@ def handle_ssh_pwauth(pw_auth, distro: Distro): service, ) return + elif not uses_systemd: + LOG.debug( + "Writing config 'ssh_pwauth: %s'. SSH service '%s'" + " will not be restarted because it is not running or not" + " available.", + pw_auth, + service, + ) + restart_ssh = False else: LOG.warning( "Ignoring config 'ssh_pwauth: %s'." diff --git a/tests/unittests/config/test_cc_set_passwords.py b/tests/unittests/config/test_cc_set_passwords.py index 758241f7ca4..ac7abadb46e 100644 --- a/tests/unittests/config/test_cc_set_passwords.py +++ b/tests/unittests/config/test_cc_set_passwords.py @@ -132,7 +132,7 @@ def test_valid_value_changes_updates_ssh(self, m_subp, mock_uses_systemd): "uses_systemd", "raised_error", "warning_log", - "debug_log", + "debug_logs", "update_ssh_call_count", ], ( @@ -141,9 +141,12 @@ def test_valid_value_changes_updates_ssh(self, m_subp, mock_uses_systemd): subp.ProcessExecutionError( stderr="Service is not running.", exit_code=3 ), - "Writing config 'ssh_pwauth: True'. SSH service" - " 'ssh' will not be restarted because it is stopped.", - "Not restarting SSH service: service is stopped.", + None, + [ + "Writing config 'ssh_pwauth: True'. SSH service" + " 'ssh' will not be restarted because it is stopped.", + "Not restarting SSH service: service is stopped.", + ], 1, ), ( @@ -153,7 +156,7 @@ def test_valid_value_changes_updates_ssh(self, m_subp, mock_uses_systemd): ), "Ignoring config 'ssh_pwauth: True'. SSH service 'ssh' is" " not installed.", - None, + [], 0, ), ( @@ -163,7 +166,7 @@ def test_valid_value_changes_updates_ssh(self, m_subp, mock_uses_systemd): ), "Ignoring config 'ssh_pwauth: True'. SSH service 'ssh'" " is not available. Error: ", - None, + [], 0, ), ( @@ -171,30 +174,42 @@ def test_valid_value_changes_updates_ssh(self, m_subp, mock_uses_systemd): subp.ProcessExecutionError( stderr="Service is not available.", exit_code=25 ), - "Ignoring config 'ssh_pwauth: True'. SSH service 'ssh'" - " is not available. Error: ", None, - 0, + [ + "Writing config 'ssh_pwauth: True'. SSH service" + " 'ssh' will not be restarted because it is not running" + " or not available.", + "Not restarting SSH service: service is stopped.", + ], + 1, ), ( False, subp.ProcessExecutionError( stderr="Service is not available.", exit_code=3 ), - "Ignoring config 'ssh_pwauth: True'. SSH service 'ssh'" - " is not available. Error: ", None, - 0, + [ + "Writing config 'ssh_pwauth: True'. SSH service" + " 'ssh' will not be restarted because it is not running" + " or not available.", + "Not restarting SSH service: service is stopped.", + ], + 1, ), ( False, subp.ProcessExecutionError( stderr="Service is not available.", exit_code=4 ), - "Ignoring config 'ssh_pwauth: True'. SSH service 'ssh'" - " is not available. Error: ", None, - 0, + [ + "Writing config 'ssh_pwauth: True'. SSH service" + " 'ssh' will not be restarted because it is not running" + " or not available.", + "Not restarting SSH service: service is stopped.", + ], + 1, ), ), ) @@ -207,7 +222,7 @@ def test_no_restart_when_service_is_not_running( uses_systemd, raised_error, warning_log, - debug_log, + debug_logs, update_ssh_call_count, caplog, ): @@ -220,8 +235,11 @@ def test_no_restart_when_service_is_not_running( logs_by_level = {logging.WARNING: [], logging.DEBUG: []} for _, level, msg in caplog.record_tuples: logs_by_level[level].append(msg) - assert warning_log in "\n".join(logs_by_level[logging.WARNING]) - if debug_log: + if warning_log: + assert warning_log in "\n".join( + logs_by_level[logging.WARNING] + ), logs_by_level + for debug_log in debug_logs: assert debug_log in logs_by_level[logging.DEBUG] assert [ mock.call("status", "ssh") From eb9ab3f1b859b32c24587eb508b62dde7ae43ccc Mon Sep 17 00:00:00 2001 From: Alberto Contreras Date: Tue, 17 May 2022 08:52:35 +0200 Subject: [PATCH 2/2] cc_set_passwords: Simplify restart ssh handling. --- cloudinit/config/cc_set_passwords.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py index 78595c64c32..3c8b378bf91 100644 --- a/cloudinit/config/cc_set_passwords.py +++ b/cloudinit/config/cc_set_passwords.py @@ -93,7 +93,16 @@ def handle_ssh_pwauth(pw_auth, distro: Distro): distro.manage_service("status", service) except subp.ProcessExecutionError as e: uses_systemd = distro.uses_systemd() - if uses_systemd and e.exit_code == 3: + if not uses_systemd: + LOG.debug( + "Writing config 'ssh_pwauth: %s'. SSH service '%s'" + " will not be restarted because it is not running or not" + " available.", + pw_auth, + service, + ) + restart_ssh = False + elif e.exit_code == 3: # Service is not running. Write ssh config. LOG.debug( "Writing config 'ssh_pwauth: %s'. SSH service '%s'" @@ -102,7 +111,7 @@ def handle_ssh_pwauth(pw_auth, distro: Distro): service, ) restart_ssh = False - elif uses_systemd and e.exit_code == 4: + elif e.exit_code == 4: # Service status is unknown LOG.warning( "Ignoring config 'ssh_pwauth: %s'." @@ -111,15 +120,6 @@ def handle_ssh_pwauth(pw_auth, distro: Distro): service, ) return - elif not uses_systemd: - LOG.debug( - "Writing config 'ssh_pwauth: %s'. SSH service '%s'" - " will not be restarted because it is not running or not" - " available.", - pw_auth, - service, - ) - restart_ssh = False else: LOG.warning( "Ignoring config 'ssh_pwauth: %s'."