oB]c@s#dZddlZddlZddlZddlmZddlmZddlmZddlm Z ej e a dZ dZd Zd Zd Zid d 6dd6Zidd 6dd6ZddgZdddddgZdddZdZdZdZddZddZddZdZd Zdd!Z d"Z!d#Z"d$Z#d%Z$dd&Z%dd'Z&d(Z'dddd)Z(d*Z)d+Z*d,Z+d-Z,d.Z-d/Z.d0Z/d1Z0d2Z1d3Z2dd4Z3d5Z4ied66Z5dS(7s Apt Configure ------------- **Summary:** configure apt This module handles both configuration of apt options and adding source lists. There are configuration options such as ``apt_get_wrapper`` and ``apt_get_command`` that control how cloud-init invokes apt-get. These configuration options are handled on a per-distro basis, so consult documentation for cloud-init's distro support for instructions on using these config options. .. note:: To ensure that apt configuration is valid yaml, any strings containing special characters, especially ``:`` should be quoted. .. note:: For more information about apt configuration, see the ``Additional apt configuration`` example. **Preserve sources.list:** By default, cloud-init will generate a new sources list in ``/etc/apt/sources.list.d`` based on any changes specified in cloud config. To disable this behavior and preserve the sources list from the pristine image, set ``preserve_sources_list`` to ``true``. .. note:: The ``preserve_sources_list`` option overrides all other config keys that would alter ``sources.list`` or ``sources.list.d``, **except** for additional sources to be added to ``sources.list.d``. **Disable source suites:** Entries in the sources list can be disabled using ``disable_suites``, which takes a list of suites to be disabled. If the string ``$RELEASE`` is present in a suite in the ``disable_suites`` list, it will be replaced with the release name. If a suite specified in ``disable_suites`` is not present in ``sources.list`` it will be ignored. For convenience, several aliases are provided for ``disable_suites``: - ``updates`` => ``$RELEASE-updates`` - ``backports`` => ``$RELEASE-backports`` - ``security`` => ``$RELEASE-security`` - ``proposed`` => ``$RELEASE-proposed`` - ``release`` => ``$RELEASE`` .. note:: When a suite is disabled using ``disable_suites``, its entry in ``sources.list`` is not deleted; it is just commented out. **Configure primary and security mirrors:** The primary and security archive mirrors can be specified using the ``primary`` and ``security`` keys, respectively. Both the ``primary`` and ``security`` keys take a list of configs, allowing mirrors to be specified on a per-architecture basis. Each config is a dictionary which must have an entry for ``arches``, specifying which architectures that config entry is for. The keyword ``default`` applies to any architecture not explicitly listed. The mirror url can be specified with the ``uri`` key, or a list of mirrors to check can be provided in order, with the first mirror that can be resolved being selected. This allows the same configuration to be used in different environment, with different hosts used for a local apt mirror. If no mirror is provided by ``uri`` or ``search``, ``search_dns`` may be used to search for dns names in the format ``-mirror`` in each of the following: - fqdn of this host per cloud metadata - localdomain - domains listed in ``/etc/resolv.conf`` If there is a dns entry for ``-mirror``, then it is assumed that there is a distro mirror at ``http://-mirror./``. If the ``primary`` key is defined, but not the ``security`` key, then then configuration for ``primary`` is also used for ``security``. If ``search_dns`` is used for the ``security`` key, the search pattern will be. ``-security-mirror``. If no mirrors are specified, or all lookups fail, then default mirrors defined in the datasource are used. If none are present in the datasource either the following defaults are used: - primary: ``http://archive.ubuntu.com/ubuntu`` - security: ``http://security.ubuntu.com/ubuntu`` **Specify sources.list template:** A custom template for rendering ``sources.list`` can be specefied with ``sources_list``. If no ``sources_list`` template is given, cloud-init will use sane default. Within this template, the following strings will be replaced with the appropriate values: - ``$MIRROR`` - ``$RELEASE`` - ``$PRIMARY`` - ``$SECURITY`` **Pass configuration to apt:** Apt configuration can be specified using ``conf``. Configuration is specified as a string. For multiline apt configuration, make sure to follow yaml syntax. **Configure apt proxy:** Proxy configuration for apt can be specified using ``conf``, but proxy config keys also exist for convenience. The proxy config keys, ``http_proxy``, ``ftp_proxy``, and ``https_proxy`` may be used to specify a proxy for http, ftp and https protocols respectively. The ``proxy`` key also exists as an alias for ``http_proxy``. Proxy url is specified in the format ``://[[user][:pass]@]host[:port]/``. **Add apt repos by regex:** All source entries in ``apt-sources`` that match regex in ``add_apt_repo_match`` will be added to the system using ``add-apt-repository``. If ``add_apt_repo_match`` is not specified, it defaults to ``^[\w-]+:\w`` **Add source list entries:** Source list entries can be specified as a dictionary under the ``sources`` config key, with key in the dict representing a different source file. The key of each source entry will be used as an id that can be referenced in other config entries, as well as the filename for the source's configuration under ``/etc/apt/sources.list.d``. If the name does not end with ``.list``, it will be appended. If there is no configuration for a key in ``sources``, no file will be written, but the key may still be referred to as an id in other ``sources`` entries. Each entry under ``sources`` is a dictionary which may contain any of the following optional keys: - ``source``: a sources.list entry (some variable replacements apply) - ``keyid``: a key to import via shortid or fingerprint - ``key``: a raw PGP key - ``keyserver``: alternate keyserver to pull ``keyid`` key from The ``source`` key supports variable replacements for the following strings: - ``$MIRROR`` - ``$PRIMARY`` - ``$SECURITY`` - ``$RELEASE`` **Internal name:** ``cc_apt_configure`` **Module frequency:** per instance **Supported distros:** ubuntu, debian **Config keys**:: apt: preserve_sources_list: disable_suites: - $RELEASE-updates - backports - $RELEASE - mysuite primary: - arches: - amd64 - i386 - default uri: "http://us.archive.ubuntu.com/ubuntu" search: - "http://cool.but-sometimes-unreachable.com/ubuntu" - "http://us.archive.ubuntu.com/ubuntu" search_dns: - arches: - s390x - arm64 uri: "http://archive-to-use-for-arm64.example.com/ubuntu" security: - arches: - default search_dns: true sources_list: | deb $MIRROR $RELEASE main restricted deb-src $MIRROR $RELEASE main restricted deb $PRIMARY $RELEASE universe restricted deb $SECURITY $RELEASE-security multiverse debconf_selections: set1: the-package the-package/some-flag boolean true conf: | APT { Get { Assume-Yes "true"; Fix-Broken "true"; } } proxy: "http://[[user][:pass]@]host[:port]/" http_proxy: "http://[[user][:pass]@]host[:port]/" ftp_proxy: "ftp://[[user][:pass]@]host[:port]/" https_proxy: "https://[[user][:pass]@]host[:port]/" sources: source1: keyid: "keyid" keyserver: "keyserverurl" source: "deb http:/// xenial main" source2: source: "ppa:" source3: source: "deb $MIRROR $RELEASE multiverse" key: | ------BEGIN PGP PUBLIC KEY BLOCK------- ------END PGP PUBLIC KEY BLOCK------- iN(tgpg(tlog(t templater(tutils ^[\w-]+:\ws/var/lib/apt/listss'/etc/apt/apt.conf.d/94cloud-init-configs)/etc/apt/apt.conf.d/90cloud-init-aptproxyskeyserver.ubuntu.coms!http://archive.ubuntu.com/ubuntu/tPRIMARYs"http://security.ubuntu.com/ubuntu/tSECURITYs$http://ports.ubuntu.com/ubuntu-portstamd64ti386ts390xtarm64tarmhftpowerpctppc64elcCs^|dkrtj|}n|tkr4tjS|tkrJtjStd|dS(sreturns the default mirrors for the target. These depend on the architecture, for more see: https://wiki.ubuntu.com/UbuntuDevelopment/PackageArchive#Portss#No default mirror known for arch %sN( tNoneRtget_architecturetPRIMARY_ARCHEStPRIMARY_ARCH_MIRRORStcopyt PORTS_ARCHESt PORTS_MIRRORSt ValueError(tarchttarget((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pytget_default_mirrorss     cCsd}|dk r|ant|}|jdi}t|tsitdjdt|nt ||t |||dS(sprocess the config for apt_config. This can be called from curthooks if a global apt config was provided or via the "apt" standalone command.tapts9Expected dictionary for 'apt' config, found {config_type}t config_typeN( R tLOGtconvert_to_v3_apt_formattgett isinstancetdictRtformatttypetapply_debconf_selectionst apply_apt(tnametocfgtcloudRt_Rtcfg((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pythandles     cCsHtjrtdfStjdp1tjds>tdfStdfS(Nssystem is snappy.sapt-getRsno apt commands.sApt is available.(Rtsystem_is_snappytFalsetwhichtTrue(((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pyt_should_configure_on_empty_apts    c Cs|s2t\}}|s2tjd|dSntjd|tjd|d}tj|}t||d|}tjd|tj|jdt rt ||||t ||nyt |t tWn$ttfk rtjdnXd |kr|}||d <|d |d rename_apt_lists - rename apt lists to preserve old cache datas%s_*s%s%ssRenaming apt list %s to %ssFailed to rename apt list:texc_infoN(RRRRvt APT_LISTSRfRRwtpathtsepRRVRuRR6trenameR@RWR,( t new_mirrorsRtdefault_mirrorstpreR#tomirrortnmirrortoprefixtnprefixtolentfilenametnewname((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pyR;s$   cCs2||kr"tjd||n|j||S(smirror_to_placeholder replace the specified mirror in a template with a placeholder string Checks for existance of the expected mirror and warns if not founds%Expected mirror '%s' not found in: %s(RRWR~(ttmplRt placeholder((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pytmirror_to_placeholders cCsUidd6dd6dd6dd6d d 6}y||}Wntk rP|}nX|S( sthere are a few default names which will be auto-extended. This comes at the inability to use those names literally as suites, but on the other hand increases readability of the cfg quite a lots$RELEASE-updatestupdatess$RELEASE-backportst backportss$RELEASE-securitytsecuritys$RELEASE-proposedtproposeds$RELEASERI(tKeyError(tsuitetmappingtretsuite((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pytmap_known_suitess    c Cs8|s |S|}x!|D]}t|}tj|i|d6}tjd||d}x|jtD]}|jdr||7}qkn|j}t |dkrd} |djdrx2|dD]#} | d7} | j drPqqWn|| |krd |}qn||7}qkW|}qW|S( sUreads the config for suites to be disabled and removes those from the templateR1sDisabling suite %s as %sR`R_iit[t]s"# suite disabled by cloud-init: %s( RRt render_stringRR6RgR,RhtsplitRVRP( tdisabledtsrcRItretsrcRt releasesuitetnewsrcRrtcolstpcoltcol((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pytdisable_suitess2       c Csd}i|d6|d6}x0|D](}||||<||||jR=RRRRRR RR(R-R"RSR]R!R{RR;RRRR:RRRRFRRRRRRRRR R R8R<RT(((sE/usr/lib/python2.7/site-packages/cloudinit/config/cc_apt_configure.pytsh          '   $    &    7   B   $