f%EUdZddlZddlZddlZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZdd lmZmZdd lmZd Zd gZed dgZdddedeedezededededededgedgeezdZeed<eeZej<eZ dZ!dZ"dZ#d e$fd!Z%d"e$fd#Z&d0d"efd$Z'd0d%Z(d&efd'Z)d e$d(e*fd)Z+d e$fd*Z,d e$fd+Z-d,e.d-ed&ed.ed(df d/Z/y)1z1ubuntu_pro: Configure Ubuntu Pro support servicesN)dedent)AnyList)urlparse)subputil)Cloud)Config) MetaSchema get_meta_doc) PER_INSTANCEzhttps://ubuntu.com/proubuntuzubuntu-advantageubuntu_advantage cc_ubuntu_proz Ubuntu Proz%Configure Ubuntu Pro support servicesa< Attach machine to an existing Ubuntu Pro support contract and enable or disable support services such as Livepatch, ESM, FIPS and FIPS Updates. When attaching a machine to Ubuntu Pro, one can also specify services to enable. When the 'enable' list is present, only named services will be activated. Whereas if the 'enable' list is not present, the contract's default services will be enabled. On Pro instances, when ``ubuntu_pro`` config is provided to cloud-init, Pro's auto-attach feature will be disabled and cloud-init will perform the Pro auto-attach ignoring the ``token`` key. The ``enable`` and ``enable_beta`` values will strictly determine what services will be enabled, ignoring contract defaults. Note that when enabling FIPS or FIPS updates you will need to schedule a reboot to ensure the machine is running the FIPS-compliant kernel. See `Power State Change`_ for information on how to configure cloud-init to perform this reboot. z # Attach the machine to an Ubuntu Pro support contract with a # Pro contract token obtained from %s. ubuntu_pro: token: a # Attach the machine to an Ubuntu Pro support contract enabling # only fips and esm services. Services will only be enabled if # the environment supports said service. Otherwise warnings will # be logged for incompatible services specified. ubuntu_pro: token: enable: - fips - esm a0 # Attach the machine to an Ubuntu Pro support contract and enable # the FIPS service. Perform a reboot once cloud-init has # completed. power_state: mode: reboot ubuntu_pro: token: enable: - fips ac # Set a http(s) proxy before attaching the machine to an # Ubuntu Pro support contract and enabling the FIPS service. ubuntu_pro: token: config: http_proxy: 'http://some-proxy:8088' https_proxy: 'https://some-proxy:8088' global_apt_https_proxy: 'https://some-global-apt-proxy:8088/' global_apt_http_proxy: 'http://some-global-apt-proxy:8088/' ua_apt_http_proxy: 'http://10.0.10.10:3128' ua_apt_https_proxy: 'https://10.0.10.10:3128' enable: - fips z # On Ubuntu PRO instances, auto-attach but enable no PRO services. ubuntu_pro: enable: [] enable_beta: [] z # Enable esm and beta realtime-kernel services in Ubuntu Pro instances. ubuntu_pro: enable: - esm enable_beta: - realtime-kernel z # Disable auto-attach in Ubuntu Pro instances. ubuntu_pro: features: disable_auto_attach: True ubuntu_pro)idnametitle descriptiondistrosexamples frequencyactivate_by_schema_keysmetaREDACTEDzUUnable to determine if this is an Ubuntu Pro instance. Fallback to normal Pro attach.) http_proxy https_proxyglobal_apt_http_proxyglobal_apt_https_proxyua_apt_http_proxyua_apt_https_proxy pro_sectioncLd|vry|d}t|ts8dt|j}tj |t |d|vry|d}t|ts8dt|j}tj |t |y)Nfeaturesz.'ubuntu_pro.features' should be a dict, not a disable_auto_attachzB'ubuntu_pro.features.disable_auto_attach' should be a bool, not a ) isinstancedicttype__name__LOGerror RuntimeErrorbool)r"r$msgr%s @/usr/lib/python3/dist-packages/cloudinit/config/cc_ubuntu_pro.pyvalidate_schema_featuresr0s$:&H h %X''( *  #3H,"#89 )4 0/099: <  #3 1 pro_configcg}t|jD]U\}}|tvrtj d|%|( t |}|j dvr|jd|W|r)tdjdj|y#ttf$r|jd|YwxYw)aValidate user-provided ua:config option values. This function supplements flexible jsonschema validation with specific value checks to aid in triage of invalid user-provided configuration. Note: It does not log/raise config values as they could be urls containing sensitive auth info. @param pro_config: Dictionary of config value under 'ubuntu_pro'. @raises: ValueError describing invalid values provided. z4Not validating unknown ubuntu_pro.config.%s propertyN)httphttpsz-Expected URL scheme http/https for ua:config:zExpected a URL for ua:config:z$Invalid ubuntu_pro configuration: {} ) sorteditemsKNOWN_PRO_CONFIG_PROPSr*warningrschemeappendAttributeError ValueErrorformatjoin)r2errorskeyvalue parsed_urls r/supplemental_schema_validationrEsFZ--/0A U , , KKF   ]  A!%J  (99 CC5IA& 3 : :499V;L M   + A MM9#? @ As-B  #CCcZ|yt|ts"tdt|jdt |g}t |jD]\}}d}i}|tjd|ddd|g}nd|d}tjd|tjd |r|d tj|}n|d |}ddd |g}d |dd |gzi} tj|fi||rQ|D]\} } tj'd| | tdj)dj+d|Dy#tj$rA}t|} || j!|t"} |j%|| fYd}~Id}~wwxYw)Nz+ubuntu_pro: config should be a dict, not a z%; skipping enabling config parameterszDisabling Pro config for %sproconfigunsetz =REDACTEDzEnabling Pro config %sz\s=set logstringz#Failure enabling/disabling "%s": %sz3Failure enabling/disabling Ubuntu Pro config(s): {}, c3DK|]\}}dj|yw)z"{}"N)r?).0param_s r/ z!set_pro_config..sM85!&--.Ms )r&r'r,r(r)rEr7r8r*debugresearchescaperProcessExecutionErrorstrreplacerr<r:r?r@) r2 enable_errorsrBrCredacted_key_value subp_kwargs config_cmd key_valueeerr_msgrQr+s r/set_pro_configrbs j$ 'z"++,-3 3  #:.MZ--/01 U! = II3S 97C8J$'5 !2  II.0B Cyy&"e1RYYu%5$67 "e1UG, 5)u M N A H H M}MM    )) 1!fG!-!//%:  #w 0 0  1s*EF*)6F%%F*c0|g}ndt|trtjd|g}n;t|ts+tjdt |j g}|rddd|g}ndd|g}|ddtgz}tjdd j| tj|d d h| |sygd|z} tj|dd dh\}} t!j"|} g} | j'dgD]5}|ddk(rtjd|d%| j)|7| r~g} | D]Z}|j'd} | | j)| d| d|d}nd|dd|d}tjt|\tddj| zy#tj$rO}t|j|t}d |}tjt|t||d}~wwxYw#tj$r#}tddj|z|d}~wwxYw#t j$$r}td||d}~wwxYw) z 01s&A..B,3/B''B,c|jd}|s"d}tj|t||jd}|r%tj ddj |t ||jdy)Nrtz8`ubuntu_pro.token` required in non-Pro Ubuntu instances. enable_betaz>CrcfgargscFd}ttj|}|rXt|dkDrt ddj |zt jddj |||d}d|vr |rt jd|d|d}|t jd|yt|ts8d t|j}t j|t |d |vr"d }t j|t |t|t|j!d t#|t jd t%|r t'|y|j)dhks t+|yy)NrjzLUnable to configure Ubuntu Pro. Multiple deprecated config keys provided: %srNz^Deprecated configuration key(s) provided: %s. Expected "ubuntu_pro"; will attempt to continue.rrz;Ignoring deprecated key %s and preferring ubuntu_pro configz=Skipping module named %s, no 'ubuntu_pro' configuration foundz%'ubuntu_pro' should be a dict, not a commandszPDeprecated configuration "ubuntu-advantage: commands" provided. Expected "token"rHzETo discover more log info, please check /var/log/ubuntu-advantage.logr$)roDEPRECATED_KEYS intersectionlenr,r@r*r:rTr&r'r(r)r+rrbrsr0rrkeysr)rrr}rr" deprecatedr.s r/handlersKo22378J z?Q %'+yy'<=   @ IIj ! *Q-( s  KKM1  ,'  K     T *[!**+ -  #3[    #35!;??8,-[)IIO;'[!   J< / 0r1)N)0__doc__riloggingrUtextwraprtypingrr urllib.parser cloudinitrrcloudinit.cloudr cloudinit.configr cloudinit.config.schemar r cloudinit.settingsr PRO_URLrrKrror__annotations__ getLoggerr)r*rrr9r'r0rErbr|rr-rrrrYrr1r/rs8  ! !#<+ " *)+=>?   4 ,              "         OO` ,~_0EEYmjm^ t g! & $ 6$ t$ N) s) Xa H %  %T%d%8 A A#(d#(LBB6B%BtBBr1