-
Notifications
You must be signed in to change notification settings - Fork 155
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
subiquity.models.network: use cloud-init networking on root read-only
When cloudinit.features.NETPLAN_CONFIG_ROOT_READ_ONLY is True, cloud-init will write /etc/netplan/50-cloud-init.yaml as read-only root. This added security allows for subiquity to use cloud-init's network renderer directly allowing both datasource and network configuration passed in one place. Any netplan wifis configuration can be specified in a single network config file /etc/cloud/cloud.cfg.d/90-installer-network.cfg instead of having a separate config file for wifi, which could contain credentials. This simplifies golden image creation from images installed using subiquity because image builders will not need to track down and purge separate /etc/netplan/00-installer-config.yaml and /etc/netplan/subiquity-disable-cloudinit-networking.cfg when preparing a golden image. Eventually, netplan config validation and cloudinit will both support separation of sensitive configuration without needing to pre-categorize. This will allow cloud-init to grow to ability to write separate world-readable configuration from config which is security sensitive with no change needed in subiquity.
- Loading branch information
1 parent
9563b54
commit ee21ba2
Showing
2 changed files
with
61 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters