-
Notifications
You must be signed in to change notification settings - Fork 155
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
subiquity.network: cloud-init networking when netplan root-readonly
When cloudinit.features.NETPLAN_CONFIG_ROOT_READ_ONLY is True, cloud-init will write /etc/netplan/50-cloud-init.yaml as read-only root. This added security allows for subiquity to use cloud-init's network renderer directly allowing both datasource and network configuration passed in one place. Read cloud-init features from /run/cloud-init/combined-cloud-config.json when present. Any netplan wifi configuration can be specified in a single root-read-only network config file /etc/cloud/cloud.cfg.d/90-installer-network.cfg instead of having a separate config file for wifi, which could contain credentials. This simplifies golden image creation from images installed using subiquity because image builders will not need to track down and purge separate /etc/netplan/00-installer-config.yaml and /etc/netplan/subiquity-disable-cloudinit-networking.cfg when preparing a golden image. Eventually, netplan config validation and cloudinit will support separation of sensitive configuration by cloud-init without needing to pre-categorize sensitive information. This will allow cloud-init to grow to ability to write separate world-readable configuration from config which is security sensitive with no change needed in subiquity.
- Loading branch information
1 parent
00c65f7
commit 0ffded7
Showing
2 changed files
with
223 additions
and
154 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.