git: a42d6f76018e - main - nuageinit: add basic support for cloudinit.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 15 Mar 2024 08:22:58 UTC
The branch main has been updated by bapt:
URL: https://cgit.FreeBSD.org/src/commit/?id=a42d6f76018e4ed8324e319ab48aac904bda437c
commit a42d6f76018e4ed8324e319ab48aac904bda437c
Author: Baptiste Daroussin <bapt@FreeBSD.org>
AuthorDate: 2022-11-23 19:00:39 +0000
Commit: Baptiste Daroussin <bapt@FreeBSD.org>
CommitDate: 2024-03-15 08:22:16 +0000
nuageinit: add basic support for cloudinit.
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
MFC After: 3 weeks
Differential Revision: https://reviews.freebsd.org/D44141
---
libexec/Makefile | 5 +
libexec/nuageinit/Makefile | 11 +
libexec/nuageinit/nuage.lua | 214 +++++++++++
libexec/nuageinit/nuageinit | 312 ++++++++++++++++
libexec/nuageinit/tests/Makefile | 13 +
libexec/nuageinit/tests/addgroup.lua | 15 +
libexec/nuageinit/tests/addsshkey.lua | 2 +
libexec/nuageinit/tests/adduser.lua | 15 +
libexec/nuageinit/tests/dirname.lua | 8 +
libexec/nuageinit/tests/err.lua | 4 +
libexec/nuageinit/tests/nuage.sh | 52 +++
libexec/nuageinit/tests/nuageinit.sh | 338 ++++++++++++++++++
libexec/nuageinit/tests/sethostname.lua | 4 +
libexec/nuageinit/tests/utils.sh | 21 ++
libexec/nuageinit/tests/warn.lua | 4 +
libexec/nuageinit/yaml.lua | 586 +++++++++++++++++++++++++++++++
libexec/rc/rc.d/Makefile | 6 +
libexec/rc/rc.d/nuageinit | 67 ++++
share/mk/src.opts.mk | 1 +
tools/build/mk/OptionalObsoleteFiles.inc | 21 ++
tools/build/options/WITHOUT_NUAGEINIT | 1 +
21 files changed, 1700 insertions(+)
diff --git a/libexec/Makefile b/libexec/Makefile
index ee354fa60e79..8287690eeb3c 100644
--- a/libexec/Makefile
+++ b/libexec/Makefile
@@ -27,6 +27,7 @@ SUBDIR= ${_atf} \
${_rshd} \
${_rtld-elf} \
save-entropy \
+ ${_nuageinit} \
${_smrsh} \
${_tests} \
${_tftp-proxy} \
@@ -119,6 +120,10 @@ _atf= atf
_tests= tests
.endif
+.if ${MK_NUAGEINIT} != "no"
+_nuageinit= nuageinit
+.endif
+
.include <bsd.arch.inc.mk>
.include <bsd.subdir.mk>
diff --git a/libexec/nuageinit/Makefile b/libexec/nuageinit/Makefile
new file mode 100644
index 000000000000..64c5ec316f3d
--- /dev/null
+++ b/libexec/nuageinit/Makefile
@@ -0,0 +1,11 @@
+PACKAGE= nuageinit
+SCRIPTS= nuageinit
+FILES= nuage.lua yaml.lua
+FILESDIR= ${SHAREDIR}/flua
+
+.include <src.opts.mk>
+
+HAS_TESTS=
+SUBDIR.${MK_TESTS}+= tests
+
+.include <bsd.prog.mk>
diff --git a/libexec/nuageinit/nuage.lua b/libexec/nuageinit/nuage.lua
new file mode 100644
index 000000000000..55486ae2b122
--- /dev/null
+++ b/libexec/nuageinit/nuage.lua
@@ -0,0 +1,214 @@
+-- SPDX-License-Identifier: BSD-2-Clause
+--
+-- Copyright(c) 2022 Baptiste Daroussin <bapt@FreeBSD.org>
+
+local pu = require("posix.unistd")
+
+local function warnmsg(str)
+ io.stderr:write(str.."\n")
+end
+
+local function errmsg(str)
+ io.stderr:write(str.."\n")
+ os.exit(1)
+end
+
+local function dirname(oldpath)
+ if not oldpath then
+ return nil
+ end
+ local path = oldpath:gsub("[^/]+/*$", "")
+ if path == "" then
+ return nil
+ end
+ return path
+end
+
+local function mkdir_p(path)
+ if lfs.attributes(path, "mode") ~= nil then
+ return true
+ end
+ local r,err = mkdir_p(dirname(path))
+ if not r then
+ return nil,err.." (creating "..path..")"
+ end
+ return lfs.mkdir(path)
+end
+
+local function sethostname(hostname)
+ if hostname == nil then return end
+ local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+ if not root then
+ root = ""
+ end
+ local hostnamepath = root .. "/etc/rc.conf.d/hostname"
+
+ mkdir_p(dirname(hostnamepath))
+ local f,err = io.open(hostnamepath, "w")
+ if not f then
+ warnmsg("Impossible to open "..hostnamepath .. ":" ..err)
+ return
+ end
+ f:write("hostname=\""..hostname.."\"\n")
+ f:close()
+end
+
+local function splitlist(list)
+ local ret = {}
+ if type(list) == "string" then
+ for str in list:gmatch("([^, ]+)") do
+ ret[#ret + 1] = str
+ end
+ elseif type(list) == "table" then
+ ret = list
+ else
+ warnmsg("Invalid type ".. type(list) ..", expecting table or string")
+ end
+ return ret
+end
+
+local function adduser(pwd)
+ if (type(pwd) ~= "table") then
+ warnmsg("Argument should be a table")
+ return nil
+ end
+ local f = io.popen("getent passwd "..pwd.name)
+ local pwdstr = f:read("*a")
+ f:close()
+ if pwdstr:len() ~= 0 then
+ return pwdstr:match("%a+:.+:%d+:%d+:.*:(.*):.*")
+ end
+ if not pwd.gecos then
+ pwd.gecos = pwd.name .. " User"
+ end
+ if not pwd.home then
+ pwd.home = "/home/" .. pwd.name
+ end
+ local extraargs=""
+ if pwd.groups then
+ local list = splitlist(pwd.groups)
+ extraargs = " -G ".. table.concat(list, ',')
+ end
+ -- pw will automatically create a group named after the username
+ -- do not add a -g option in this case
+ if pwd.primary_group and pwd.primary_group ~= pwd.name then
+ extraargs = extraargs .. " -g " .. pwd.primary_group
+ end
+ if not pwd.no_create_home then
+ extraargs = extraargs .. " -m "
+ end
+ if not pwd.shell then
+ pwd.shell = "/bin/sh"
+ end
+ local precmd = ""
+ local postcmd = ""
+ if pwd.passwd then
+ precmd = "echo "..pwd.passwd .. "| "
+ postcmd = " -H 0 "
+ elseif pwd.plain_text_passwd then
+ precmd = "echo "..pwd.plain_text_passwd .. "| "
+ postcmd = " -H 0 "
+ end
+ local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+ local cmd = precmd .. "pw "
+ if root then
+ cmd = cmd .. "-R " .. root .. " "
+ end
+ cmd = cmd .. "useradd -n ".. pwd.name .. " -M 0755 -w none "
+ cmd = cmd .. extraargs .. " -c '".. pwd.gecos
+ cmd = cmd .. "' -d '" .. pwd.home .. "' -s "..pwd.shell .. postcmd
+
+ local r = os.execute(cmd)
+ if not r then
+ warnmsg("nuageinit: fail to add user "..pwd.name);
+ warnmsg(cmd)
+ return nil
+ end
+ if pwd.locked then
+ cmd = "pw "
+ if root then
+ cmd = cmd .. "-R " .. root .. " "
+ end
+ cmd = cmd .. "lock " .. pwd.name
+ os.execute(cmd)
+ end
+ return pwd.home
+end
+
+local function addgroup(grp)
+ if (type(grp) ~= "table") then
+ warnmsg("Argument should be a table")
+ return false
+ end
+ local f = io.popen("getent group "..grp.name)
+ local grpstr = f:read("*a")
+ f:close()
+ if grpstr:len() ~= 0 then
+ return true
+ end
+ local extraargs = ""
+ if grp.members then
+ local list = splitlist(grp.members)
+ extraargs = " -M " .. table.concat(list, ',')
+ end
+ local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+ local cmd = "pw "
+ if root then
+ cmd = cmd .. "-R " .. root .. " "
+ end
+ cmd = cmd .. "groupadd -n ".. grp.name .. extraargs
+ local r = os.execute(cmd)
+ if not r then
+ warnmsg("nuageinit: fail to add group ".. grp.name);
+ warnmsg(cmd)
+ return false
+ end
+ return true
+end
+
+local function addsshkey(homedir, key)
+ local chownak = false
+ local chowndotssh = false
+ local ak_path = homedir .. "/.ssh/authorized_keys"
+ local dotssh_path = homedir .. "/.ssh"
+ local dirattrs = lfs.attributes(ak_path)
+ if dirattrs == nil then
+ chownak = true
+ dirattrs = lfs.attributes(dotssh_path)
+ if dirattrs == nil then
+ if not lfs.mkdir(dotssh_path) then
+ warnmsg("nuageinit: impossible to create ".. dotssh_path)
+ return
+ end
+ chowndotssh = true
+ dirattrs = lfs.attributes(homedir)
+ end
+ end
+
+ local f = io.open(ak_path, "a")
+ if not f then
+ warnmsg("nuageinit: impossible to open "..ak_path)
+ return
+ end
+ f:write(key .. "\n")
+ f:close()
+ if chownak then
+ pu.chown(ak_path, dirattrs.uid, dirattrs.gid)
+ end
+ if chowndotssh then
+ pu.chown(dotssh_path, dirattrs.uid, dirattrs.gid)
+ end
+end
+
+local n = {
+ warn = warnmsg,
+ err = errmsg,
+ sethostname = sethostname,
+ adduser = adduser,
+ addgroup = addgroup,
+ addsshkey = addsshkey,
+ dirname = dirname,
+ mkdir_p = mkdir_p,
+}
+
+return n
diff --git a/libexec/nuageinit/nuageinit b/libexec/nuageinit/nuageinit
new file mode 100755
index 000000000000..08224061d1b1
--- /dev/null
+++ b/libexec/nuageinit/nuageinit
@@ -0,0 +1,312 @@
+#!/usr/libexec/flua
+
+-- SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+--
+-- Copyright(c) 2022 Baptiste Daroussin <bapt@FreeBSD.org>
+
+local nuage = require("nuage")
+local yaml = require("yaml")
+
+if #arg ~= 2 then
+ nuage.err("Usage ".. arg[0] .." <cloud-init directory> [config-2|nocloud]")
+end
+local path = arg[1]
+local citype = arg[2]
+local ucl = require("ucl")
+
+local default_user = {
+ name = "freebsd",
+ homedir = "/home/freebsd",
+ groups = "wheel",
+ gecos = "FreeBSD User",
+ shell = "/bin/sh",
+ plain_text_passwd = "freebsd"
+}
+
+local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+if not root then
+ root = ""
+end
+
+local function open_config(name)
+ nuage.mkdir_p(root .. "/etc/rc.conf.d")
+ local f,err = io.open(root .. "/etc/rc.conf.d/" .. name, "w")
+ if not f then
+ nuage.err("nuageinit: unable to open "..name.." config: " .. err)
+ end
+ return f
+end
+
+local function get_ifaces()
+ local parser = ucl.parser()
+ -- grab ifaces
+ local ns = io.popen('netstat -i --libxo json')
+ local netres = ns:read("*a")
+ ns:close()
+ local res,err = parser:parse_string(netres)
+ if not res then
+ nuage.warn("Error parsing netstat -i --libxo json outout: " .. err)
+ return nil
+ end
+ local ifaces = parser:get_object()
+ local myifaces = {}
+ for _,iface in pairs(ifaces["statistics"]["interface"]) do
+ if iface["network"]:match("<Link#%d>") then
+ local s = iface["address"]
+ myifaces[s:lower()] = iface["name"]
+ end
+ end
+ return myifaces
+end
+
+local function config2_network(p)
+ local parser = ucl.parser()
+ local f = io.open(p .. "/network_data.json")
+ if not f then
+ -- silently return no network configuration is provided
+ return
+ end
+ f:close()
+ local res,err = parser:parse_file(p .. "/network_data.json")
+ if not res then
+ nuage.warn("nuageinit: error parsing network_data.json: " .. err)
+ return
+ end
+ local obj = parser:get_object()
+
+ local ifaces = get_ifaces()
+ if not ifaces then
+ nuage.warn("nuageinit: no network interfaces found")
+ return
+ end
+ local mylinks = {}
+ for _,v in pairs(obj["links"]) do
+ local s = v["ethernet_mac_address"]:lower()
+ mylinks[v["id"]] = ifaces[s]
+ end
+
+ nuage.mkdir_p(root .. "/etc/rc.conf.d")
+ local network = open_config("network")
+ local routing = open_config("routing")
+ local ipv6 = {}
+ local ipv6_routes = {}
+ local ipv4 = {}
+ for _,v in pairs(obj["networks"]) do
+ local interface = mylinks[v["link"]]
+ if v["type"] == "ipv4_dhcp" then
+ network:write("ifconfig_"..interface.."=\"DHCP\"\n")
+ end
+ if v["type"] == "ipv4" then
+ network:write("ifconfig_"..interface.."=\"inet "..v["ip_address"].." netmask " .. v["netmask"] .. "\"\n")
+ if v["gateway"] then
+ routing:write("defaultrouter=\""..v["gateway"].."\"\n")
+ end
+ if v["routes"] then
+ for i,r in ipairs(v["routes"]) do
+ local rname = "cloudinit" .. i .. "_" .. interface
+ if v["gateway"] and v["gateway"] == r["gateway"] then goto next end
+ if r["network"] == "0.0.0.0" then
+ routing:write("defaultrouter=\""..r["gateway"].."\"\n")
+ goto next
+ end
+ routing:write("route_".. rname .. "=\"-net ".. r["network"] .. " ")
+ routing:write(r["gateway"] .. " " .. r["netmask"] .. "\"\n")
+ ipv4[#ipv4 + 1] = rname
+ ::next::
+ end
+ end
+ end
+ if v["type"] == "ipv6" then
+ ipv6[#ipv6+1] = interface
+ ipv6_routes[#ipv6_routes+1] = interface
+ network:write("ifconfig_"..interface.."_ipv6=\"inet6 "..v["ip_address"].."\"\n")
+ if v["gateway"] then
+ routing:write("ipv6_defaultrouter=\""..v["gateway"].."\"\n")
+ routing:write("ipv6_route_"..interface.."=\""..v["gateway"])
+ routing:write(" -prefixlen 128 -interface "..interface.."\"\n")
+ end
+ -- TODO compute the prefixlen for the routes
+ --if v["routes"] then
+ -- for i,r in ipairs(v["routes"]) do
+ -- local rname = "cloudinit" .. i .. "_" .. mylinks[v["link"]]
+ -- -- skip all the routes which are already covered by the default gateway, some provider
+ -- -- still list plenty of them.
+ -- if v["gateway"] == r["gateway"] then goto next end
+ -- routing:write("ipv6_route_" .. rname .. "\"\n")
+ -- ipv6_routes[#ipv6_routes+1] = rname
+ -- ::next::
+ -- end
+ --end
+ end
+ end
+ if #ipv4 > 0 then
+ routing:write("static_routes=\"")
+ routing:write(table.concat(ipv4, " ") .. "\"\n")
+ end
+ if #ipv6 > 0 then
+ network:write("ipv6_network_interfaces=\"")
+ network:write(table.concat(ipv6, " ") .. "\"\n")
+ network:write("ipv6_default_interface=\""..ipv6[1].."\"\n")
+ end
+ if #ipv6_routes > 0 then
+ routing:write("ipv6_static_routes=\"")
+ routing:write(table.concat(ipv6, " ") .. "\"\n")
+ end
+ network:close()
+ routing:close()
+end
+
+if citype == "config-2" then
+ local parser = ucl.parser()
+ local res,err = parser:parse_file(path..'/meta_data.json')
+
+ if not res then
+ nuage.err("nuageinit: error parsing config-2: meta_data.json: " .. err)
+ end
+ local obj = parser:get_object()
+ local sshkeys = obj["public_keys"]
+ if sshkeys then
+ local homedir = nuage.adduser(default_user)
+ for _,v in pairs(sshkeys) do
+ nuage.addsshkey(root .. homedir, v)
+ end
+ end
+ nuage.sethostname(obj["hostname"])
+
+ -- network
+ config2_network(path)
+elseif citype == "nocloud" then
+ local f,err = io.open(path.."/meta-data")
+ if err then
+ nuage.err("nuageinit: error parsing nocloud meta-data: ".. err)
+ end
+ local obj = yaml.eval(f:read("*a"))
+ f:close()
+ if not obj then
+ nuage.err("nuageinit: error parsing nocloud meta-data")
+ end
+ local hostname = obj['local-hostname']
+ if not hostname then
+ hostname = obj['hostname']
+ end
+ if hostname then
+ nuage.sethostname(hostname)
+ end
+else
+ nuage.err("Unknown cloud init type: ".. citype)
+end
+
+-- deal with user-data
+local f = io.open(path..'/user-data', "r")
+if not f then
+ os.exit(0)
+end
+local line = f:read('*l')
+f:close()
+if line == "#cloud-config" then
+ f = io.open(path.."/user-data")
+ local obj = yaml.eval(f:read("*a"))
+ f:close()
+ if not obj then
+ nuage.err("nuageinit: error parsing cloud-config file: user-data")
+ end
+ if obj.groups then
+ for n,g in pairs(obj.groups) do
+ if (type(g) == "string") then
+ local r = nuage.addgroup({name = g})
+ if not r then
+ nuage.warn("nuageinit: failed to add group: ".. g)
+ end
+ elseif type(g) == "table" then
+ for k,v in pairs(g) do
+ nuage.addgroup({name = k, members = v})
+ end
+ else
+ nuage.warn("nuageinit: invalid type : "..type(g).." for users entry number "..n);
+ end
+ end
+ end
+ if obj.users then
+ for n,u in pairs(obj.users) do
+ if type(u) == "string" then
+ if u == "default" then
+ nuage.adduser(default_user)
+ else
+ nuage.adduser({name = u})
+ end
+ elseif type(u) == "table" then
+ -- ignore users without a username
+ if u.name == nil then
+ goto unext
+ end
+ local homedir = nuage.adduser(u)
+ if u.ssh_authorized_keys then
+ for _,v in ipairs(u.ssh_authorized_keys) do
+ nuage.addsshkey(homedir, v)
+ end
+ end
+ else
+ nuage.warn("nuageinit: invalid type : "..type(u).." for users entry number "..n);
+ end
+ ::unext::
+ end
+ else
+ -- default user if none are defined
+ nuage.adduser(default_user)
+ end
+ if obj.ssh_authorized_keys then
+ local homedir = nuage.adduser(default_user)
+ for _,k in ipairs(obj.ssh_authorized_keys) do
+ nuage.addsshkey(homedir, k)
+ end
+ end
+ if obj.network then
+ local ifaces = get_ifaces()
+ nuage.mkdir_p(root .. "/etc/rc.conf.d")
+ local network = open_config("network")
+ local routing = open_config("routing")
+ local ipv6={}
+ for _,v in pairs(obj.network.ethernets) do
+ if not v.match then goto next end
+ if not v.match.macaddress then goto next end
+ if not ifaces[v.match.macaddress] then
+ nuage.warn("nuageinit: not interface matching: "..v.match.macaddress)
+ goto next
+ end
+ local interface = ifaces[v.match.macaddress]
+ if v.dhcp4 then
+ network:write("ifconfig_"..interface.."=\"DHCP\"\n")
+ elseif v.addresses then
+ for _,a in pairs(v.addresses) do
+ if a:match("^(%d+)%.(%d+)%.(%d+)%.(%d+)") then
+ network:write("ifconfig_"..interface.."=\"inet "..a.."\"\n")
+ else
+ network:write("ifconfig_"..interface.."_ipv6=\"inet6 "..a.."\"\n")
+ ipv6[#ipv6 +1] = interface
+ end
+ end
+ end
+ if v.gateway4 then
+ routing:write("defaultrouter=\""..v.gateway4.."\"\n")
+ end
+ if v.gateway6 then
+ routing:write("ipv6_defaultrouter=\""..v.gateway6.."\"\n")
+ routing:write("ipv6_route_"..interface.."=\""..v.gateway6)
+ routing:write(" -prefixlen 128 -interface "..interface.."\"\n")
+ end
+ ::next::
+ end
+ if #ipv6 > 0 then
+ network:write("ipv6_network_interfaces=\"")
+ network:write(table.concat(ipv6, " ") .. "\"\n")
+ network:write("ipv6_default_interface=\""..ipv6[1].."\"\n")
+ end
+ network:close()
+ routing:close()
+ end
+else
+ local res,err = os.execute(path..'/user-data')
+ if not res then
+ nuage.err("nuageinit: error executing user-data script: ".. err)
+ end
+end
diff --git a/libexec/nuageinit/tests/Makefile b/libexec/nuageinit/tests/Makefile
new file mode 100644
index 000000000000..d5b3bd9dcc82
--- /dev/null
+++ b/libexec/nuageinit/tests/Makefile
@@ -0,0 +1,13 @@
+PACKAGE= tests
+
+ATF_TESTS_SH= nuage utils nuageinit
+
+${PACKAGE}FILES+= warn.lua
+${PACKAGE}FILES+= err.lua
+${PACKAGE}FILES+= dirname.lua
+${PACKAGE}FILES+= sethostname.lua
+${PACKAGE}FILES+= addsshkey.lua
+${PACKAGE}FILES+= adduser.lua
+${PACKAGE}FILES+= addgroup.lua
+
+.include <bsd.test.mk>
diff --git a/libexec/nuageinit/tests/addgroup.lua b/libexec/nuageinit/tests/addgroup.lua
new file mode 100644
index 000000000000..60a0d8346793
--- /dev/null
+++ b/libexec/nuageinit/tests/addgroup.lua
@@ -0,0 +1,15 @@
+#!/usr/libexec/flua
+
+local n = require("nuage")
+if n.addgroup() then
+ n.err("addgroup should not accept empty value")
+end
+if n.addgroup("plop") then
+ n.err("addgroup should not accept empty value")
+end
+local gr = {}
+gr.name = "impossible_groupname"
+local res = n.addgroup(gr)
+if not res then
+ n.err("valid addgroup should return a path")
+end
diff --git a/libexec/nuageinit/tests/addsshkey.lua b/libexec/nuageinit/tests/addsshkey.lua
new file mode 100644
index 000000000000..3aa5f7619ec2
--- /dev/null
+++ b/libexec/nuageinit/tests/addsshkey.lua
@@ -0,0 +1,2 @@
+local n = require("nuage")
+n.addsshkey(".", "mykey")
diff --git a/libexec/nuageinit/tests/adduser.lua b/libexec/nuageinit/tests/adduser.lua
new file mode 100644
index 000000000000..9366d2abd0f4
--- /dev/null
+++ b/libexec/nuageinit/tests/adduser.lua
@@ -0,0 +1,15 @@
+#!/usr/libexec/flua
+
+local n = require("nuage")
+if n.adduser() then
+ n.err("adduser should not accept empty value")
+end
+if n.adduser("plop") then
+ n.err("adduser should not accept empty value")
+end
+local pw = {}
+pw.name = "impossible_username"
+local res = n.adduser(pw)
+if not res then
+ n.err("valid adduser should return a path")
+end
diff --git a/libexec/nuageinit/tests/dirname.lua b/libexec/nuageinit/tests/dirname.lua
new file mode 100644
index 000000000000..d1268e48575c
--- /dev/null
+++ b/libexec/nuageinit/tests/dirname.lua
@@ -0,0 +1,8 @@
+local n = require("nuage")
+print(n.dirname("/my/path/path1"))
+if n.dirname("path") then
+ nuage.err("Expecting nil for n.dirname(\"path\")")
+end
+if n.dirname() then
+ nuage.err("Expecting nil for n.dirname")
+end
diff --git a/libexec/nuageinit/tests/err.lua b/libexec/nuageinit/tests/err.lua
new file mode 100644
index 000000000000..c62fa1098f09
--- /dev/null
+++ b/libexec/nuageinit/tests/err.lua
@@ -0,0 +1,4 @@
+#!/usr/libexec/flua
+
+local n = require("nuage")
+n.err("plop")
diff --git a/libexec/nuageinit/tests/nuage.sh b/libexec/nuageinit/tests/nuage.sh
new file mode 100644
index 000000000000..bbf306eae51f
--- /dev/null
+++ b/libexec/nuageinit/tests/nuage.sh
@@ -0,0 +1,52 @@
+atf_test_case sethostname
+atf_test_case addsshkey
+atf_test_case adduser
+atf_test_case addgroup
+
+sethostname_body() {
+ export NUAGE_FAKE_ROOTDIR="$(pwd)"
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/sethostname.lua
+ if [ ! -f etc/rc.conf.d/hostname ]; then
+ atf_fail "hostname not written"
+ fi
+ atf_check -o inline:"hostname=\"myhostname\"\n" cat etc/rc.conf.d/hostname
+}
+
+addsshkey_body() {
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/addsshkey.lua
+ if [ ! -f .ssh/authorized_keys ]; then
+ atf_fail "ssh key not added"
+ fi
+ atf_check -o inline:"mykey\n" cat .ssh/authorized_keys
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/addsshkey.lua
+ atf_check -o inline:"mykey\nmykey\n" cat .ssh/authorized_keys
+}
+
+adduser_body() {
+ export NUAGE_FAKE_ROOTDIR="$(pwd)"
+ if [ $(id -u) -ne 0 ]; then
+ atf_skip "root required"
+ fi
+ mkdir etc
+ printf "root:*:0:0::0:0:Charlie &:/root:/bin/csh\n" > etc/master.passwd
+ pwd_mkdb -d etc etc/master.passwd
+ printf "wheel:*:0:root\n" > etc/group
+ atf_check -e inline:"Argument should be a table\nArgument should be a table\n" /usr/libexec/flua $(atf_get_srcdir)/adduser.lua
+ test -d home/impossible_username || atf_fail "home not created"
+ atf_check -o inline:"impossible_username::1001:1001::0:0:impossible_username User:/home/impossible_username:/bin/sh\n" grep impossible_username etc/master.passwd
+}
+
+addgroup_body() {
+ export NUAGE_FAKE_ROOTDIR="$(pwd)"
+ mkdir etc
+ printf "wheel:*:0:root\n" > etc/group
+ atf_check -e inline:"Argument should be a table\nArgument should be a table\n" /usr/libexec/flua $(atf_get_srcdir)/addgroup.lua
+ atf_check -o inline:"impossible_groupname:*:1001:\n" grep impossible_groupname etc/group
+}
+
+atf_init_test_cases() {
+ atf_add_test_case sethostname
+ atf_add_test_case addsshkey
+ atf_add_test_case adduser
+ atf_add_test_case addgroup
+}
diff --git a/libexec/nuageinit/tests/nuageinit.sh b/libexec/nuageinit/tests/nuageinit.sh
new file mode 100644
index 000000000000..926233bcf66d
--- /dev/null
+++ b/libexec/nuageinit/tests/nuageinit.sh
@@ -0,0 +1,338 @@
+atf_test_case args
+atf_test_case nocloud
+atf_test_case nocloud_userdata_script
+atf_test_case nocloud_userdata_cloudconfig
+atf_test_case nocloud_userdata_cloudconfig_users
+atf_test_case nocloud_network
+atf_test_case config2
+atf_test_case config2_pubkeys
+atf_test_case config2_network
+atf_test_case config2_network_static_v4
+
+
+args_body()
+{
+ atf_check -s exit:1 -e inline:"Usage /usr/libexec/nuageinit <cloud-init directory> [config-2|nocloud]\n" /usr/libexec/nuageinit
+ atf_check -s exit:1 -e inline:"Usage /usr/libexec/nuageinit <cloud-init directory> [config-2|nocloud]\n" /usr/libexec/nuageinit bla
+ atf_check -s exit:1 -e inline:"Usage /usr/libexec/nuageinit <cloud-init directory> [config-2|nocloud]\n" /usr/libexec/nuageinit bla meh plop
+ atf_check -s exit:1 -e inline:"Unknown cloud init type: meh\n" /usr/libexec/nuageinit bla meh
+}
+
+nocloud_body()
+{
+ here=$(pwd)
+ mkdir -p media/nuageinit
+ atf_check -s exit:1 -e match:"nuageinit: error parsing nocloud.*" /usr/libexec/nuageinit ${here}/media/nuageinit/ nocloud
+ export NUAGE_FAKE_ROOTDIR=$(pwd)
+ printf "instance-id: iid-local01\nlocal-hostname: cloudimg\n" > ${here}/media/nuageinit/meta-data
+ atf_check -s exit:0 /usr/libexec/nuageinit ${here}/media/nuageinit nocloud
+ atf_check -o inline:"hostname=\"cloudimg\"\n" cat etc/rc.conf.d/hostname
+ cat > media/nuageinit/meta-data << EOF
+instance-id: iid-local01
+hostname: myhost
+EOF
+ atf_check -s exit:0 /usr/libexec/nuageinit ${here}/media/nuageinit nocloud
+ atf_check -o inline:"hostname=\"myhost\"\n" cat etc/rc.conf.d/hostname
+}
+
+nocloud_userdata_script_body()
+{
+ here=$(pwd)
+ mkdir -p media/nuageinit
+ printf "instance-id: iid-local01\n" > ${here}/media/nuageinit/meta-data
+ printf "#!/bin/sh\necho "yeah"\n" > ${here}/media/nuageinit/user-data
+ chmod 755 ${here}/media/nuageinit/user-data
+ atf_check -s exit:0 -o inline:"yeah\n" /usr/libexec/nuageinit ${here}/media/nuageinit nocloud
+}
+
+nocloud_userdata_cloudconfig_users_body()
+{
+ here=$(pwd)
+ export NUAGE_FAKE_ROOTDIR=$(pwd)
+ if [ $(id -u) -ne 0 ]; then
+ atf_skip "root required"
+ fi
+ mkdir -p media/nuageinit
+ printf "instance-id: iid-local01\n" > ${here}/media/nuageinit/meta-data
+ mkdir -p etc
+ cat > etc/master.passwd <<EOF
+root:*:0:0::0:0:Charlie &:/root:/bin/csh
+sys:*:1:0::0:0:Sys:/home/sys:/bin/csh
+EOF
+ pwd_mkdb -d etc ${here}/etc/master.passwd
+ cat > etc/group <<EOF
+wheel:*:0:root
+users:*:1:
+EOF
+ cat > media/nuageinit/user-data <<EOF
+#cloud-config
+groups:
+ - admingroup: [root,sys]
+ - cloud-users
+users:
+ - default
+ - name: foobar
+ gecos: Foo B. Bar
+ primary_group: foobar
+ groups: users
+ passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
+EOF
+ atf_check /usr/libexec/nuageinit ${here}/media/nuageinit nocloud
+ cat > expectedgroup << EOF
+wheel:*:0:root,freebsd
+users:*:1:foobar
+admingroup:*:1001:root,sys
+cloud-users:*:1002:
+freebsd:*:1003:
+foobar:*:1004:
+EOF
+ cat > expectedpasswd << EOF
+root:*:0:0::0:0:Charlie &:/root:/bin/csh
+sys:*:1:0::0:0:Sys:/home/sys:/bin/csh
+freebsd:freebsd:1001:1003::0:0:FreeBSD User:/home/freebsd:/bin/sh
+foobar:H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/:1002:1004::0:0:Foo B. Bar:/home/foobar:/bin/sh
+EOF
+ atf_check -o file:expectedpasswd cat ${here}/etc/master.passwd
+ atf_check -o file:expectedgroup cat ${here}/etc/group
+}
+
+nocloud_network_body()
+{
+ here=$(pwd)
+ mkdir -p media/nuageinit
+ mkdir -p etc
+ cat > etc/master.passwd <<EOF
+root:*:0:0::0:0:Charlie &:/root:/bin/csh
+sys:*:1:0::0:0:Sys:/home/sys:/bin/csh
+EOF
+ pwd_mkdb -d etc ${here}/etc/master.passwd
+ cat > etc/group <<EOF
+wheel:*:0:root
+users:*:1:
+EOF
+ if [ $(id -u) -ne 0 ]; then
+ atf_skip "root required"
+ fi
+ mynetworks=$(ifconfig -l ether)
+ if [ -z "$mynetworks" ]; then
+ atf_skip "a network interface is needed"
+ fi
+ set -- $mynetworks
+ myiface=$1
+ myaddr=$(ifconfig $myiface ether | awk '/ether/ { print $2 }')
+ printf "instance-id: iid-local01\n" > ${here}/media/nuageinit/meta-data
+ cat > media/nuageinit/user-data <<EOF
+#cloud-config
+#
+network:
+ version: 2
+ ethernets:
+ # opaque ID for physical interfaces, only referred to by other stanzas
+ id0:
+ match:
+ macaddress: '${myaddr}'
+ addresses:
+ - 192.168.14.2/24
+ - 2001:1::1/64
+ gateway4: 192.168.14.1
+ gateway6: 2001:1::2
+EOF
+ export NUAGE_FAKE_ROOTDIR=$(pwd)
+ atf_check /usr/libexec/nuageinit ${here}/media/nuageinit nocloud
+ cat > network <<EOF
+ifconfig_${myiface}="inet 192.168.14.2/24"
+ifconfig_${myiface}_ipv6="inet6 2001:1::1/64"
+ipv6_network_interfaces="${myiface}"
+ipv6_default_interface="${myiface}"
+EOF
+ cat > routing <<EOF
+defaultrouter="192.168.14.1"
+ipv6_defaultrouter="2001:1::2"
+ipv6_route_${myiface}="2001:1::2 -prefixlen 128 -interface ${myiface}"
+EOF
+ atf_check -o file:network cat ${here}/etc/rc.conf.d/network
+ atf_check -o file:routing cat ${here}/etc/rc.conf.d/routing
+}
+config2_body()
+{
+ here=$(pwd)
+ mkdir -p media/nuageinit
+ atf_check -s exit:1 -e match:"nuageinit: error parsing config-2: meta_data.json.*" /usr/libexec/nuageinit ${here}/media/nuageinit config-2
+ printf "{}" > media/nuageinit/meta_data.json
+ atf_check /usr/libexec/nuageinit ${here}/media/nuageinit config-2
+ cat > media/nuageinit/meta_data.json << EOF
+{
+ "hostname": "cloudimg",
+}
+EOF
+ export NUAGE_FAKE_ROOTDIR=$(pwd)
+ atf_check /usr/libexec/nuageinit ${here}/media/nuageinit config-2
+ atf_check -o inline:"hostname=\"cloudimg\"\n" cat etc/rc.conf.d/hostname
+}
+
+config2_pubkeys_body()
+{
+ here=$(pwd)
+ if [ $(id -u) -ne 0 ]; then
+ atf_skip "root required"
+ fi
+ mkdir -p media/nuageinit
+ cat > media/nuageinit/meta_data.json << EOF
+{
+ "public_keys": {
+ "mykey": "ssh-rsa AAAAB3NzaC1y...== Generated by Nova"
+ },
+}
+EOF
+ mkdir -p etc
+ cat > etc/master.passwd <<EOF
+root:*:0:0::0:0:Charlie &:/root:/bin/csh
+sys:*:1:0::0:0:Sys:/home/sys:/bin/csh
*** 928 LINES SKIPPED ***