cloud-init: don't use /tmp for config files

Leaving files in /tmp was mostly useful for debugging purposes initially. Also /tmp is a rather insecure option for this for a final version, so use /run/pve/cloudinit/$vmid, and move the file writing into commit_cloudinit_disk() which now takes a hash mapping file paths to contents, to not duplicate the temp-file logic for the different citypes. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2025-05-01 08:05:24 +00:00 · 2018-03-07 09:04:12 +01:00 · 2018-03-07 09:04:12 +01:00 · f62c36cffa
commit f62c36cffa
parent e8ac21381e
1 changed files with 34 additions and 29 deletions
--- a/PVE/QemuServer/Cloudinit.pm
+++ b/PVE/QemuServer/Cloudinit.pm
@ -12,7 +12,20 @@ use PVE::Storage;
 use PVE::QemuServer;
 sub commit_cloudinit_disk {
-    my ($conf, $drive, $volname, $storeid, $file_path, $label) = @_;
+    my ($vmid, $conf, $drive, $volname, $storeid, $files, $label) = @_;
    my $path = "/run/pve/cloudinit/$vmid/";
    mkpath $path;
    foreach my $filepath (keys %$files) {
 	if ($filepath !~ m@^(.*)\/[^/]+$@) {
 	    die "internal error: bad file name in cloud-init image: $filepath\n";
 	}
 	my $dirname = $1;
 	mkpath "$path/$dirname";
 	my $contents = $files->{$filepath};
 	file_set_contents("$path/$filepath", $contents);
    }
    my $storecfg = PVE::Storage::config();
    my $iso_path = PVE::Storage::path($storecfg, $drive->{file});
@ -21,9 +34,14 @@ sub commit_cloudinit_disk {
    my $size = PVE::Storage::file_size_info($iso_path);
-    run_command([['genisoimage', '-R', '-V', $label, $file_path],
+    eval {
-		 ['qemu-img', 'dd', '-f', 'raw', '-O', $format,
+	run_command([['genisoimage', '-R', '-V', $label, $path],
-		  'isize=0', "osize=$size", "of=$iso_path"]]);
+		     ['qemu-img', 'dd', '-f', 'raw', '-O', $format,
 		      'isize=0', "osize=$size", "of=$iso_path"]]);
    };
    my $err = $@;
    rmtree($path);
    die $err if $err;
 }
 sub get_cloudinit_format {
@ -162,20 +180,12 @@ sub generate_configdrive2 {
    my $meta_data = configdrive2_metadata($uuid_str);
-    mkdir "/tmp/cloudinit";
+    my $files = {
-    my $path = "/tmp/cloudinit/$vmid";
+	'/openstack/latest/user_data' => $user_data,
-    mkdir $path;
+	'/openstack/content/0000' => $network_data,
-    mkdir "$path/drive";
+	'/openstack/latest/meta_data.json' => $meta_data
-    mkdir "$path/drive/openstack";
+    };
-    mkdir "$path/drive/openstack/latest";
+    commit_cloudinit_disk($vmid, $conf, $drive, $volname, $storeid, $files, 'config-2');
    mkdir "$path/drive/openstack/content";
    file_set_contents("$path/drive/openstack/latest/user_data", $user_data);
    file_set_contents("$path/drive/openstack/content/0000", $network_data);
    file_set_contents("$path/drive/openstack/latest/meta_data.json", $meta_data);
    commit_cloudinit_disk($conf, $drive, $volname, $storeid, "$path/drive", 'config-2');
    rmtree("$path/drive");
 }
 sub nocloud_network_v2 {
@ -343,17 +353,12 @@ sub generate_nocloud {
    my $meta_data = nocloud_metadata($uuid_str);
-    mkdir "/tmp/cloudinit";
+    my $files = {
-    my $path = "/tmp/cloudinit/$vmid";
+	'/user-data' => $user_data,
-    mkdir $path;
+	'/network-config' => $network_data,
-    rmtree("$path/drive");
+	'/meta-data' => $meta_data
-    mkdir "$path/drive";
+    };
-    file_set_contents("$path/drive/user-data", $user_data);
+    commit_cloudinit_disk($vmid, $conf, $drive, $volname, $storeid, $files, 'cidata');
    file_set_contents("$path/drive/network-config", $network_data);
    file_set_contents("$path/drive/meta-data", $meta_data);
    commit_cloudinit_disk($conf, $drive, $volname, $storeid, "$path/drive", 'cidata');
 }
 my $cloudinit_methods = {