When the the instance_user value from heat.conf is set to empty string/None and
the user doesn't specify Server's admin_user property, Heat will not create a
custom cloud-init user.
The instance_user config option and admin_user property are deprecated and will
be removed in Juno where this behaviour becomes the default.
AWS::EC2::Instance will still create a cloud-init user for CloudFormation
compatibility. In the absence of the instance_user config option, 'ec2-user'
will be used.
This is a first step towards fixing #1257410 as outlined in the bug
Disabling SELinux is not necessary, but the fact that we're using both
the `user` directive in cloudinit/config and `useradd` in boothook.sh
is a bit confusing so this documents the reasons for both.
Some images/distros do not install/use selinux. This small change will
verify that `setenforce` is executable and in the path before attempting
to run the command. This prevents the script from erroring and causing a
failed `cloud-init` run.
Images which have heat-cfntools installed from rpm or deb
will not have cfn tool links in /opt/aws/bin.
This change runs cfn-create-aws-symlinks during cloud-init
boothook.sh. It should do the following:
* if no cfn tools exist in /opt/aws/bin, symlinks from /usr/bin
will be created
* if cfn tools exist in /opt/aws/bin, no symlinks are created
* if cfn-create-aws-symlinks doesn't exist, there will be no effect
This is required to use a vanilla Fedora 20 cloud image with heat,
which has heat-cfntools pre-installed.
Ubuntu has 0.6 of cloudinit, and write-files doesn't work on that
distro. Ubuntu does not intend to update cloudinit in their LTS release
This reverts commit 621f5bfdba.
Fixes: Bug #1207088
part-handler.py was acting as a write-files mechanism. Instead just
use the write-files mechanism directly to avoid the complexities of
Previously user ids of new instances were limited to ec2-user.
This patch adds a new configuration option to be placed in
/etc/heat/heat-engine.conf called "default_instance_user" which
allows the default of ec2-user to be overriden.
Note for reviewers that runcmd does not work properly. It was
actually running after the loguserdata.py script finished execution.
Fixes: Bug #1101347