23.2

Distributions:

- Alpine: update locale file, use os-release PRETTY_NAME
- FreeBSD:
  * user account locking
  * growpart resize root partition and grow using growfs onestart
  * better identify MBR slices
- RedHat:
  * Drop IBM refresh_rmc_and_interfaces config module only
     applicable on RHEL7
  * Fedora: Enable CA handling
- OpenSUSE:
  * Enable SUSE based distros for ca handling
  * Remove sysvinit files

clouds

- Azure:
  * retry fetching metadata up to 300 seconds
  * introduce identity module
  * add networking check for all source PPS
  * improved error reporting, for hosts and DHCP errors
  * report success to host and introduce kvp module
- GCE: activate network discovery on every boot
- OpenStack: honor the DNS servers associated with a network
- Oracle: prefer system_cfg over ds network config source
- DataSourceScaleway: upcoming IPv6 support
- NoCloud:
   * Use seedfrom protocol to determine mode
   * fix kernel commandline semi-colon delimited args
   * support `ci.ds=` kernel cmdline key for all datasources

ConfigModules:

- ntp: add 'peers' and 'allow' directives
- cc_grub_dpkg: Added UEFI support

Network:

- DHCP: Refactor dhcp client code for deprecated isc-dclient
- fix netstate getway keyerror for iproutes without gateway
- resolv_conf: Allow > 3 nameservers
- NetworkManager:
  * set higher autoconnect priority value 120 for cloud-init
  * add method for ipv6 static IP configuration
  * generate ipv6 stateful dhcp config at par with sysconfig
- sysconfig: prefer sysconfig when NM ifcfg-rh plugin installed
- macs: ignore duplicate MAC for devs with driver driver qmi_wwan

Security:

- do not create dsa and ed25519 host keys when crypto FIPS
- Make user/vendor data sensitive and remove log permissions

Schema:

- Make user/vendor data sensitive and remove log permissions
- users: schema permit empty list to indicate create no users
- validation of jinja template user-data

Docs:

- update network configuration path links
- Document use of `ip route append` to add routes
- Update kernel command line docs

23.1.2

Security release.

Make user/vendor data sensitive and remove log permissions

Because user data and vendor data may contain sensitive information,
this commit ensures that any user data or vendor data written to
instance-data.json gets redacted and is only available to root user.

Also, modify the permissions of cloud-init.log to be 640, so that
sensitive data leaked to the log isn't world readable.
Additionally, remove the logging of user data and vendor data to
cloud-init.log from the Vultr datasource.

LP: #2013967
CVE: CVE-2023-1786

23.1.1

Bugfix Release.

See the changelog here

23.1

Highlights:

Behavior changes:

• cc_ca_certs: write certificates as individual files
• cc_puppet: Update puppet service name
• cc_resize_fs: use btrfs enqueue when available
• cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
• cc_ssh: support multiple hostcertificates
• cc_write_files: set ownership for new folders
• cli/schema: also validate vendordata
• machine-id: set to uninitialized to trigger regeneration on clones
• sources/azure: fix device driver matching for net config
• network/netplan:
  • keep custom strict perms when 50-cloud-init.yaml exists
  • config root read-only as wifi config can contain creds
  • add gateways as on-link when necessary

New Features:

• distros/freebsd: add support for static IPv6 addresses
• distros/suse: support transactional-update
• networkd: add support for multiple [Route] sections
• sources/nocloud: add support for dmi variable expansion for seedfrom URL
• sources/openstack: add Support for IPv6 metadata to OpenStack
• sources/aliyun: add support for metadata security harden mode
• Add TencentOS support
• doc: deprecation generation support

22.4

Cloud-init release 22.4 is now available

The 22.4 release:

• spanned about 3 months
• had 23 contributors from 25 domains
• fixed 13 Launchpad issues

Highlights:

• Add NWCS datasource
• Add Mariner support
• Add support for Container-Optimized OS
• Passthough v2 netconfigs in netplan systems
• Allow jinja templating in /etc/cloud
• Machine-readable output --format yaml/json in "cloud-init status"
• Net: add BSD ifconfig(8) parser and state class
• Ensure "centos" settings are identical to "rhel" in cloud.cfg.tmpl
• LXD:
  • Enable hotplug for LXD datasource
  • Add support for lxd preseed config
• Ansible:
  • Add support for Ansible galaxy install
  • Add Ansible control module
  • Allow pip bootstrapping

Release 22.3.4

Bugfix release.

See the changelog here.

22.3.3

Bugfix release.

See the changelog here.

22.3.2

This release contains a couple of bug fixes and new tests for issues uncovered during release testing.

See the changelog here.

22.3.1

This minor release fixes some bugs and various tests.

LP: #1986551
LP: #1987005
LP: #1978543

See the tagged 22.3.1 release for the standard release notes.

22.3

Highlights:

Config Module Additions / Deletions:

• Ansible config module
• Wireguard config module
• Drop debug module

Behavior changes:

• schema: Resolve user-data if --system given
• mounts: fix suggested_swapsize for > 64GB hosts
• Add support for OpenMandriva

New Features:

• clean: add param to remove /etc/machine-id for golden image creation
• Return cc_set_hostname to PER_INSTANCE frequency
• clean: allow third party cleanup scripts in /etc/cloud/clean.d
• ssh_util: Handle sshd_config.d folder

Optimizations:

• meta-schema: add infra to skip inapplicable modules
• main: avoid downloading full contents cmdline urls
• Update WebHookHandler to run as background thread
• net: Implement link-local ephemeral ipv6