diff --git a/subiquity/models/network.py b/subiquity/models/network.py index 032d553eb5..84b6962b92 100644 --- a/subiquity/models/network.py +++ b/subiquity/models/network.py @@ -15,6 +15,7 @@ import logging +from cloudinit import features from subiquitycore.models.network import NetworkModel as CoreNetworkModel log = logging.getLogger('subiquity.models.network') @@ -39,32 +40,49 @@ def render(self): # perfect solution because in principle there could be wired 802.1x # stuff that has secrets too but the subiquity UI does not support any # of that yet so this will do for now. - wifis = netplan['network'].pop('wifis', None) - r = { - 'write_files': { - 'etc_netplan_installer': { - 'path': 'etc/netplan/00-installer-config.yaml', - 'content': self.stringify_config(netplan), + use_cloudinit_net = getattr( + features, "NETPLAN_CONFIG_ROOT_READ_ONLY", False + ) + if use_cloudinit_net: + r = { + 'write_files': { + 'etc_netplan_installer': { + 'path': ('etc/cloud/cloud.cfg.d' + '/90-installer-network.cfg'), + 'content': self.stringify_config(netplan), + }, + } + } + else: + # Separate sensitive wifi config from world-readable config + wifis = netplan['network'].pop('wifis', None) + r = { + 'write_files': { + # Disable cloud-init networking + 'no_cloudinit_net': { + 'path': ('etc/cloud/cloud.cfg.d/' + 'subiquity-disable-cloudinit-networking.cfg'), + 'content': 'network: {config: disabled}\n', }, - 'nonet': { - 'path': ('etc/cloud/cloud.cfg.d/' - 'subiquity-disable-cloudinit-networking.cfg'), - 'content': 'network: {config: disabled}\n', + # World-readable netplan without sensitive wifi config + 'etc_netplan_installer': { + 'path': 'etc/netplan/00-installer-config.yaml', + 'content': self.stringify_config(netplan), }, }, } - if wifis is not None: - netplan_wifi = { - 'network': { - 'version': 2, - 'wifis': wifis, + if wifis is not None: + netplan_wifi = { + 'network': { + 'version': 2, + 'wifis': wifis, }, } - r['write_files']['etc_netplan_installer_wifi'] = { - 'path': 'etc/netplan/00-installer-config-wifi.yaml', - 'content': self.stringify_config(netplan_wifi), - 'permissions': '0600', - } + r['write_files']['etc_netplan_installer_wifi'] = { + 'path': 'etc/netplan/00-installer-config-wifi.yaml', + 'content': self.stringify_config(netplan_wifi), + 'permissions': '0600', + } return r async def target_packages(self): diff --git a/subiquity/models/tests/test_subiquity.py b/subiquity/models/tests/test_subiquity.py index f45beb6970..9daf1cc7a0 100644 --- a/subiquity/models/tests/test_subiquity.py +++ b/subiquity/models/tests/test_subiquity.py @@ -21,6 +21,8 @@ import yaml from cloudinit.config.schema import SchemaValidationError +from cloudinit import features + try: from cloudinit.config.schema import SchemaProblem except ImportError: @@ -192,7 +194,11 @@ def test_write_netplan(self): for fspec in config['write_files'].values(): if fspec['path'].startswith('etc/netplan'): if netplan_content is not None: - self.fail("writing two files to netplan?") + self.fail("writing two files for network config?") + netplan_content = fspec['content'] + if fspec['path'].endswith('cloud.cfg.d/90-installer-network.cfg'): + if netplan_content is not None: + self.fail("writing two files for network config?") netplan_content = fspec['content'] self.assertIsNot(netplan_content, None) netplan = yaml.safe_load(netplan_content) @@ -267,8 +273,6 @@ def test_cloud_init_files_emits_datasource_config_and_clean_script( model.identity.add_user(main_user) model.userdata = {} expected_files = { - 'etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg': - 'network: {config: disabled}\n', 'etc/cloud/cloud.cfg.d/99-installer.cfg': re.compile('datasource:\n None:\n metadata:\n instance-id: .*\n userdata_raw: "#cloud-config\\\\ngrowpart:\\\\n mode: \\\'off\\\'\\\\npreserve_hostname: true\\\\n\\\\\n'), # noqa 'etc/hostname': 'somehost\n', 'etc/cloud/ds-identify.cfg': 'policy: enabled\n', @@ -279,10 +283,23 @@ def test_cloud_init_files_emits_datasource_config_and_clean_script( cfg_files = [ "/" + key for key in expected_files.keys() if "host" not in key ] - cfg_files.append( - # Obtained from NetworkModel.render - "/etc/netplan/00-installer-config.yaml", + use_cloudinit_networking = getattr( + features, "NETPLAN_CONFIG_ROOT_READ_ONLY", False ) + if use_cloudinit_networking: + cfg_files.append( + # Obtained from NetworkModel.render + "/etc/cloud/cloud.cfg.d/90-installer-network.cfg" + ) + else: + expected_files[ + 'etc/cloud/cloud.cfg.d/' + 'subiquity-disable-cloudinit-networking.cfg' + ] = 'network: {config: disabled}\n' + cfg_files.append( + # Obtained from NetworkModel.render + "/etc/netplan/00-installer-config.yaml", + ) header = "# Autogenerated by Subiquity: 2004-03-05 ... UTC\n" with self.subTest('Stable releases Jammy do not disable cloud-init'): lsb_release.return_value = {"release": "22.04"}