Commits on Jul 21, 2023

1. subiquity.network: cloud-init networking when netplan root-readonly …

   When cloudinit.features.NETPLAN_CONFIG_ROOT_READ_ONLY is True,
   cloud-init will write /etc/netplan/50-cloud-init.yaml as read-only
   root.
   
   This added security allows for subiquity to use cloud-init's
   network renderer directly allowing both datasource and network
   configuration passed in one place.
   
   Read cloud-init features from
   /run/cloud-init/combined-cloud-config.json when present.
   
   Any netplan wifi configuration can be specified in a single
   root-read-only network config file
   /etc/cloud/cloud.cfg.d/90-installer-network.cfg instead of
   having a separate config file for wifi, which could contain
   credentials.
   
   This simplifies golden image creation from images installed using
   subiquity because image builders will not need to track down and
   purge separate /etc/netplan/00-installer-config.yaml and
   /etc/netplan/subiquity-disable-cloudinit-networking.cfg when preparing
   a golden image.
   
   Eventually, netplan config validation and cloudinit will support
   separation of sensitive configuration by cloud-init without needing
   to pre-categorize sensitive information.
   
   This will allow cloud-init to grow to ability to write separate
   world-readable configuration from config which is security sensitive
   with no change needed in subiquity.

   

   blackboxsw committed Jul 21, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 2af5829
   • Browse repository at this point

   Copy the full SHA

   2af5829 View commit details

   Browse the repository at this point in the history