Merge pull request #1765 from rancher/use-dhcp-on-gce

Disable GCE ip address metadata - it needs work

.dockerignore

@@ -12,6 +12,6 @@ tests/integration/.tox
 */*/*/*.pyc
 */*/*/__pycache__
 .trash-cache
-.dapper
+#.dapper
 vendor/*/*/*/.git
 tmp

Dockerfile.dapper

@@ -32,7 +32,7 @@ RUN apt-get update && \
 
 ########## Dapper Configuration #####################
 
-ENV DAPPER_ENV VERSION DEV_BUILD RUNTEST
+ENV DAPPER_ENV VERSION DEV_BUILD RUNTEST DEBUG
 ENV DAPPER_DOCKER_SOCKET true
 ENV DAPPER_SOURCE /go/src/github.com/rancher/os
 ENV DAPPER_OUTPUT ./bin ./dist ./build/initrd ./build/kernel
@@ -56,7 +56,7 @@ ARG DOCKER_BUILD_VERSION=1.10.3
 ARG DOCKER_BUILD_PATCH_VERSION=v${DOCKER_BUILD_VERSION}-ros1
 ARG SELINUX_POLICY_URL=https://github.com/rancher/refpolicy/releases/download/v0.0.3/policy.29
 
-ARG KERNEL_VERSION_amd64=4.9.7-rancher
+ARG KERNEL_VERSION_amd64=4.9.21-rancher
 ARG KERNEL_URL_amd64=https://github.com/rancher/os-kernel/releases/download/v${KERNEL_VERSION_amd64}/linux-${KERNEL_VERSION_amd64}-x86.tar.gz
 ARG KERNEL_URL_arm64=https://github.com/imikushin/os-kernel/releases/download/Estuary-4.4.0-arm64.8/linux-4.4.0-rancher-arm64.tar.gz
 

Makefile

@@ -1,4 +1,4 @@
-TARGETS := $(shell ls scripts | grep -vE 'clean|run|help|docs')
+TARGETS := $(shell ls scripts | grep -vE 'clean|run|help|docs|release')
 
 .dapper:
 	@echo Downloading dapper
@@ -34,9 +34,31 @@ shell-bind: .dapper
 clean:
 	@./scripts/clean
 
+release: release-build openstack
+
+release-build:
+	./.dapper release
+
 itest:
 	./.dapper integration-test 2>&1 | tee dist/itest.log
 
+openstack:
+	cp dist/artifacts/rancheros.iso scripts/images/openstack/
+	cd scripts/images/openstack && ../../../.dapper
+	cp ./scripts/images/openstack/dist/*.img dist/
+
+openstack-run:
+	qemu-system-x86_64 -curses \
+		-net nic -net user \
+		-m 2048M \
+		--hdc scripts/images/openstack/dist/rancheros-openstack.img
+
+rpi: release
+	# scripts/images/raspberry-pi-hypriot/dist/rancheros-raspberry-pi.zip
+	cp dist/artifacts/rootfs_arm.tar.gz scripts/images/raspberry-pi-hypriot/
+	cd scripts/images/raspberry-pi-hypriot/ \
+		&& ../../../.dapper
+
 help:
 	@./scripts/help
 

README.md

@@ -14,50 +14,46 @@ it would really be bad if somebody did `docker rm -f $(docker ps -qa)` and delet
 
 ## Latest Release
 
-**v0.7.1 - Docker 1.12.3 - Linux 4.4.24**
+**v0.9.1 - Docker 1.12.6 - Linux 4.9.18**
 
 ### ISO
 
-https://releases.rancher.com/os/latest/rancheros.iso  
-https://releases.rancher.com/os/v0.7.1/rancheros.iso  
+https://releases.rancher.com/os/latest/rancheros.iso
+https://releases.rancher.com/os/v0.9.1/rancheros.iso
 
 ### Additional Downloads
 
 #### Latest Links
 
-##### v0.7.1
 * https://releases.rancher.com/os/latest/initrd
+* https://releases.rancher.com/os/latest/initrd-v0.9.1
 * https://releases.rancher.com/os/latest/iso-checksums.txt
 * https://releases.rancher.com/os/latest/rancheros-openstack.img
 * https://releases.rancher.com/os/latest/rancheros.iso
-* https://releases.rancher.com/os/latest/rancheros-v0.7.1.tar.gz
+* https://releases.rancher.com/os/latest/rancheros-v0.9.1.tar.gz
 * https://releases.rancher.com/os/latest/rootfs.tar.gz
 * https://releases.rancher.com/os/latest/vmlinuz
+* https://releases.rancher.com/os/latest/vmlinuz-4.9.18-rancher
 
-##### v0.7.0
+#### v0.9.1 Links
 
+* https://releases.rancher.com/os/v0.9.1/initrd
+* https://releases.rancher.com/os/v0.9.1/initrd-v0.9.1
+* https://releases.rancher.com/os/v0.9.1/iso-checksums.txt
+* https://releases.rancher.com/os/v0.9.1/rancheros-openstack.img
+* https://releases.rancher.com/os/v0.9.1/rancheros.iso
+* https://releases.rancher.com/os/v0.9.1/rancheros-v0.9.1.tar.gz
+* https://releases.rancher.com/os/v0.9.1/rootfs.tar.gz
+* https://releases.rancher.com/os/v0.9.1/vmlinuz
+* https://releases.rancher.com/os/v0.9.1/vmlinuz-4.9.18-rancher
 
-* https://releases.rancher.com/os/latest/rancheros-raspberry-pi.zip
-* https://releases.rancher.com/os/latest/rootfs_arm.tar.gz
-* https://releases.rancher.com/os/latest/rootfs_arm64.tar.gz
+#### v0.9.0 Links
 
-#### v0.7.1 Links
+* https://releases.rancher.com/os/v0.9.0/rootfs_arm.tar.gz
+* https://releases.rancher.com/os/v0.9.0/rootfs_arm64.tar.gz
+* https://releases.rancher.com/os/v0.9.0/rancheros-raspberry-pi.zip
 
-* https://releases.rancher.com/os/v0.7.1/initrd
-* https://releases.rancher.com/os/v0.7.1/iso-checksums.txt
-* https://releases.rancher.com/os/v0.7.1/rancheros-openstack.img
-* https://releases.rancher.com/os/v0.7.1/rancheros.iso
-* https://releases.rancher.com/os/v0.7.1/rancheros-v0.7.1.tar.gz
-* https://releases.rancher.com/os/v0.7.1/rootfs.tar.gz
-* https://releases.rancher.com/os/v0.7.1/vmlinuz
-
-#### v0.7.0 Links
-
-* https://releases.rancher.com/os/v0.7.0/rancheros-raspberry-pi.zip
-* https://releases.rancher.com/os/v0.7.0/rootfs_arm.tar.gz
-* https://releases.rancher.com/os/v0.7.0/rootfs_arm64.tar.gz
-
-**Note**: you can use `http` instead of `https` in the above URLs, e.g. for iPXE.  
+**Note**: you can use `http` instead of `https` in the above URLs, e.g. for iPXE.
 
 ### Amazon
 
@@ -67,25 +63,27 @@ SSH keys are added to the **`rancher`** user, so you must log in using the **ran
 
 Region | Type | AMI |
 -------|------|------
-ap-northeast-1 | HVM |  [ami-be5bf2df](https://console.aws.amazon.com/ec2/home?region=ap-northeast-1#launchInstanceWizard:ami=ami-be5bf2df)
-ap-northeast-2 | HVM |  [ami-247fab4a](https://console.aws.amazon.com/ec2/home?region=ap-northeast-2#launchInstanceWizard:ami=ami-247fab4a)
-ap-south-1 | HVM |  [ami-dbf682b4](https://console.aws.amazon.com/ec2/home?region=ap-south-1#launchInstanceWizard:ami=ami-dbf682b4)
-ap-southeast-1 | HVM |  [ami-c6d073a5](https://console.aws.amazon.com/ec2/home?region=ap-southeast-1#launchInstanceWizard:ami=ami-c6d073a5)
-ap-southeast-2 | HVM |  [ami-51132c32](https://console.aws.amazon.com/ec2/home?region=ap-southeast-2#launchInstanceWizard:ami=ami-51132c32)
-eu-central-1 | HVM |  [ami-2025df4f](https://console.aws.amazon.com/ec2/home?region=eu-central-1#launchInstanceWizard:ami=ami-2025df4f)
-eu-west-1 | HVM |  [ami-c62170b5](https://console.aws.amazon.com/ec2/home?region=eu-west-1#launchInstanceWizard:ami=ami-c62170b5)
-eu-west-2 | HVM |  [ami-65e8e201](https://console.aws.amazon.com/ec2/home?region=eu-west-2#launchInstanceWizard:ami=ami-65e8e201)
-sa-east-1 | HVM |  [ami-52b8273e](https://console.aws.amazon.com/ec2/home?region=sa-east-1#launchInstanceWizard:ami=ami-52b8273e)
-us-east-1 | HVM |  [ami-dfdff3c8](https://console.aws.amazon.com/ec2/home?region=us-east-1#launchInstanceWizard:ami=ami-dfdff3c8)
-us-east-2 | HVM |  [ami-674c1602](https://console.aws.amazon.com/ec2/home?region=us-east-2#launchInstanceWizard:ami=ami-674c1602)
-us-west-1 | HVM |  [ami-da2075ba](https://console.aws.amazon.com/ec2/home?region=us-west-1#launchInstanceWizard:ami=ami-da2075ba)
-us-west-2 | HVM |  [ami-ab3192cb](https://console.aws.amazon.com/ec2/home?region=us-west-2#launchInstanceWizard:ami=ami-ab3192cb)
+ap-south-1 | HVM | [ami-fd1e6d92](https://ap-south-1.console.aws.amazon.com/ec2/home?region=ap-south-1#launchInstanceWizard:ami=ami-fd1e6d92)
+eu-west-2 | HVM | [ami-51776335](https://eu-west-2.console.aws.amazon.com/ec2/home?region=eu-west-2#launchInstanceWizard:ami=ami-51776335)
+eu-west-1 | HVM | [ami-481e232e](https://eu-west-1.console.aws.amazon.com/ec2/home?region=eu-west-1#launchInstanceWizard:ami=ami-481e232e)
+ap-northeast-2 | HVM | [ami-c32efdad](https://ap-northeast-2.console.aws.amazon.com/ec2/home?region=ap-northeast-2#launchInstanceWizard:ami=ami-c32efdad)
+ap-northeast-1 | HVM | [ami-33aaf154](https://ap-northeast-1.console.aws.amazon.com/ec2/home?region=ap-northeast-1#launchInstanceWizard:ami=ami-33aaf154)
+sa-east-1 | HVM | [ami-15ed8d79](https://sa-east-1.console.aws.amazon.com/ec2/home?region=sa-east-1#launchInstanceWizard:ami=ami-15ed8d79)
+ca-central-1 | HVM | [ami-e61fa282](https://ca-central-1.console.aws.amazon.com/ec2/home?region=ca-central-1#launchInstanceWizard:ami=ami-e61fa282)
+ap-southeast-1 | HVM | [ami-63b50900](https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1#launchInstanceWizard:ami=ami-63b50900)
+ap-southeast-2 | HVM | [ami-86b7bbe5](https://ap-southeast-2.console.aws.amazon.com/ec2/home?region=ap-southeast-2#launchInstanceWizard:ami=ami-86b7bbe5)
+eu-central-1 | HVM | [ami-a71ecfc8](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#launchInstanceWizard:ami=ami-a71ecfc8)
+us-east-1 | HVM | [ami-37b00f21](https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#launchInstanceWizard:ami=ami-37b00f21)
+us-east-2 | HVM | [ami-c61632a3](https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#launchInstanceWizard:ami=ami-c61632a3)
+us-west-1 | HVM | [ami-8998c3e9](https://us-west-1.console.aws.amazon.com/ec2/home?region=us-west-1#launchInstanceWizard:ami=ami-8998c3e9)
+us-west-2 | HVM | [ami-f6910496](https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#launchInstanceWizard:ami=ami-f6910496)
+
 
 ### Google Compute Engine
 
 We are providing a disk image that users can download and import for use in Google Compute Engine. The image can be obtained from the release artifacts for RancherOS.
 
-[Download Image](https://github.com/rancher/os/releases/download/v0.7.1/rancheros-v0.7.1.tar.gz)
+[Download Image](https://github.com/rancher/os/releases/download/v0.9.1/rancheros-v0.9.1.tar.gz)
 
 Please follow the directions at our [docs to launch in GCE](http://docs.rancher.com/os/running-rancheros/cloud/gce/).
 
@@ -104,7 +102,7 @@ Please submit any **RancherOS** bugs, issues, and feature requests to [rancher/o
 Please submit any **Rancher** bugs, issues, and feature requests to [rancher/rancher](//github.com/rancher/rancher/issues).
 
 #License
-Copyright (c) 2014-2016 [Rancher Labs, Inc.](http://rancher.com)
+Copyright (c) 2014-2017 [Rancher Labs, Inc.](http://rancher.com)
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

cmd/cloudinitexecute/cloudinitexecute.go

@@ -9,8 +9,8 @@ import (
 	"path"
 	"strings"
 
-	"github.com/coreos/coreos-cloudinit/system"
 	rancherConfig "github.com/rancher/os/config"
+	"github.com/rancher/os/config/cloudinit/system"
 	"github.com/rancher/os/docker"
 	"github.com/rancher/os/log"
 	"github.com/rancher/os/util"

cmd/cloudinitsave/cloudinitsave.go

@@ -1,5 +1,5 @@
 // Copyright 2015 CoreOS, Inc.
-// Copyright 2015 Rancher Labs, Inc.
+// Copyright 2015-2017 Rancher Labs, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,30 +16,30 @@
 package cloudinitsave
 
 import (
+	"bytes"
 	"errors"
 	"os"
+	"path"
 	"strings"
 	"sync"
-	"syscall"
 	"time"
 
 	yaml "github.com/cloudfoundry-incubator/candiedyaml"
 
-	"github.com/coreos/coreos-cloudinit/config"
-	"github.com/coreos/coreos-cloudinit/datasource"
-	"github.com/coreos/coreos-cloudinit/datasource/configdrive"
-	"github.com/coreos/coreos-cloudinit/datasource/file"
-	"github.com/coreos/coreos-cloudinit/datasource/metadata/digitalocean"
-	"github.com/coreos/coreos-cloudinit/datasource/metadata/ec2"
-	"github.com/coreos/coreos-cloudinit/datasource/metadata/packet"
-	"github.com/coreos/coreos-cloudinit/datasource/proc_cmdline"
-	"github.com/coreos/coreos-cloudinit/datasource/url"
-	"github.com/coreos/coreos-cloudinit/pkg"
-	"github.com/docker/docker/pkg/mount"
-	"github.com/rancher/os/cmd/cloudinitsave/gce"
 	"github.com/rancher/os/cmd/control"
 	"github.com/rancher/os/cmd/network"
 	rancherConfig "github.com/rancher/os/config"
+	"github.com/rancher/os/config/cloudinit/config"
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/configdrive"
+	"github.com/rancher/os/config/cloudinit/datasource/file"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/digitalocean"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/ec2"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/gce"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/packet"
+	"github.com/rancher/os/config/cloudinit/datasource/proccmdline"
+	"github.com/rancher/os/config/cloudinit/datasource/url"
+	"github.com/rancher/os/config/cloudinit/pkg"
 	"github.com/rancher/os/log"
 	"github.com/rancher/os/netconf"
 	"github.com/rancher/os/util"
@@ -49,9 +49,6 @@ const (
 	datasourceInterval    = 100 * time.Millisecond
 	datasourceMaxInterval = 30 * time.Second
 	datasourceTimeout     = 5 * time.Minute
-	configDevName         = "config-2"
-	configDev             = "LABEL=" + configDevName
-	configDevMountPoint   = "/media/config-2"
 )
 
 func Main() {
@@ -63,67 +60,43 @@ func Main() {
 	}
 
 	cfg := rancherConfig.LoadConfig()
+	log.Debugf("init: SaveCloudConfig(pre ApplyNetworkConfig): %#v", cfg.Rancher.Network)
 	network.ApplyNetworkConfig(cfg)
 
-	if err := SaveCloudConfig(true); err != nil {
+	if err := SaveCloudConfig(); err != nil {
 		log.Errorf("Failed to save cloud-config: %v", err)
 	}
 }
 
-func MountConfigDrive() error {
-	if err := os.MkdirAll(configDevMountPoint, 644); err != nil {
-		return err
+func SaveCloudConfig() error {
+	log.Debugf("SaveCloudConfig")
+
+	// TODO: can't run these here, but it needs to be triggered from here :()
+	cfg := rancherConfig.LoadConfig()
+	log.Debugf("init: SaveCloudConfig(pre ApplyNetworkConfig): %#v", cfg.Rancher.Network)
+	network.ApplyNetworkConfig(cfg)
+
+	log.Debugf("datasources that will be consided: %#v", cfg.Rancher.CloudInit.Datasources)
+	dss := getDatasources(cfg)
+	if len(dss) == 0 {
+		log.Errorf("currentDatasource - none found")
+		return nil
 	}
 
-	configDev := util.ResolveDevice(configDev)
+	selectDatasource(dss)
 
-	if configDev == "" {
-		return mount.Mount(configDevName, configDevMountPoint, "9p", "trans=virtio,version=9p2000.L")
-	}
+	// TODO: can't run these here, but it needs to be triggered from here :()
+	// Apply any newly detected network config.
+	cfg = rancherConfig.LoadConfig()
+	log.Debugf("init: SaveCloudConfig(post ApplyNetworkConfig): %#v", cfg.Rancher.Network)
+	network.ApplyNetworkConfig(cfg)
 
-	return mount.Mount(configDev, configDevMountPoint, "iso9660,vfat", "")
-}
-
-func UnmountConfigDrive() error {
-	return syscall.Unmount(configDevMountPoint, 0)
-}
-
-func SaveCloudConfig(network bool) error {
-	userDataBytes, metadata, err := fetchUserData(network)
-	if err != nil {
-		return err
-	}
-
-	userData := string(userDataBytes)
-	scriptBytes := []byte{}
-
-	if config.IsScript(userData) {
-		scriptBytes = userDataBytes
-		userDataBytes = []byte{}
-	} else if isCompose(userData) {
-		if userDataBytes, err = composeToCloudConfig(userDataBytes); err != nil {
-			log.Errorf("Failed to convert compose to cloud-config syntax: %v", err)
-			return err
-		}
-	} else if config.IsCloudConfig(userData) {
-		if _, err := rancherConfig.ReadConfig(userDataBytes, false); err != nil {
-			log.WithFields(log.Fields{"cloud-config": userData, "err": err}).Warn("Failed to parse cloud-config, not saving.")
-			userDataBytes = []byte{}
-		}
-	} else {
-		log.Errorf("Unrecognized user-data\n%s", userData)
-		userDataBytes = []byte{}
-	}
-
-	if _, err := rancherConfig.ReadConfig(userDataBytes, false); err != nil {
-		log.WithFields(log.Fields{"cloud-config": userData, "err": err}).Warn("Failed to parse cloud-config")
-		return errors.New("Failed to parse cloud-config")
-	}
-
-	return saveFiles(userDataBytes, scriptBytes, metadata)
+	return nil
 }
 
 func RequiresNetwork(datasource string) bool {
+	// TODO: move into the datasources (and metadatasources)
+	// and then we can enable that platforms defaults..
 	parts := strings.SplitN(datasource, ":", 2)
 	requiresNetwork, ok := map[string]bool{
 		"ec2":          true,
@@ -153,6 +126,7 @@ func saveFiles(cloudConfigBytes, scriptBytes []byte, metadata datasource.Metadat
 		if err := util.WriteFileAtomic(rancherConfig.CloudConfigBootFile, cloudConfigBytes, 400); err != nil {
 			return err
 		}
+		// TODO: Don't put secrets into the log
 		log.Infof("Written to %s:\n%s", rancherConfig.CloudConfigBootFile, string(cloudConfigBytes))
 	}
 
@@ -164,101 +138,129 @@ func saveFiles(cloudConfigBytes, scriptBytes []byte, metadata datasource.Metadat
 	if err = util.WriteFileAtomic(rancherConfig.MetaDataFile, metaDataBytes, 400); err != nil {
 		return err
 	}
+	// TODO: Don't put secrets into the log
 	log.Infof("Written to %s:\n%s", rancherConfig.MetaDataFile, string(metaDataBytes))
 
+	// if we write the empty meta yml, the merge fails.
+	// TODO: the problem is that a partially filled one will still have merge issues, so that needs fixing - presumably by making merge more clever, and making more fields optional
+	emptyMeta, err := yaml.Marshal(datasource.Metadata{})
+	if err != nil {
+		return err
+	}
+	if bytes.Compare(metaDataBytes, emptyMeta) == 0 {
+		log.Infof("not writing %s: its all defaults.", rancherConfig.CloudConfigNetworkFile)
+		return nil
+	}
+
+	type nonRancherCfg struct {
+		Network netconf.NetworkConfig `yaml:"network,omitempty"`
+	}
+	type nonCfg struct {
+		Rancher nonRancherCfg `yaml:"rancher,omitempty"`
+	}
+	// write the network.yml file from metadata
+	cc := nonCfg{
+		Rancher: nonRancherCfg{
+			Network: metadata.NetworkConfig,
+		},
+	}
+
+	if err := os.MkdirAll(path.Dir(rancherConfig.CloudConfigNetworkFile), 0700); err != nil {
+		log.Errorf("Failed to create directory for file %s: %v", rancherConfig.CloudConfigNetworkFile, err)
+	}
+
+	if err := rancherConfig.WriteToFile(cc, rancherConfig.CloudConfigNetworkFile); err != nil {
+		log.Errorf("Failed to save config file %s: %v", rancherConfig.CloudConfigNetworkFile, err)
+	}
+	log.Infof("Written to %s:", rancherConfig.CloudConfigNetworkFile)
+
 	return nil
 }
 
-func currentDatasource(network bool) (datasource.Datasource, error) {
-	cfg := rancherConfig.LoadConfig()
-
-	dss := getDatasources(cfg, network)
-	if len(dss) == 0 {
-		return nil, nil
-	}
-
-	ds := selectDatasource(dss)
-	return ds, nil
-}
-
-func fetchUserData(network bool) ([]byte, datasource.Metadata, error) {
+func fetchAndSave(ds datasource.Datasource) error {
 	var metadata datasource.Metadata
-	ds, err := currentDatasource(network)
-	if err != nil || ds == nil {
-		log.Errorf("Failed to select datasource: %v", err)
-		return nil, metadata, err
-	}
-	log.Infof("Fetching user-data from datasource %v", ds.Type())
+
+	log.Infof("Fetching user-data from datasource %s", ds)
 	userDataBytes, err := ds.FetchUserdata()
 	if err != nil {
 		log.Errorf("Failed fetching user-data from datasource: %v", err)
-		return nil, metadata, err
+		return err
 	}
 	log.Infof("Fetching meta-data from datasource of type %v", ds.Type())
 	metadata, err = ds.FetchMetadata()
 	if err != nil {
 		log.Errorf("Failed fetching meta-data from datasource: %v", err)
-		return nil, metadata, err
+		return err
 	}
-	return userDataBytes, metadata, nil
+
+	userData := string(userDataBytes)
+	scriptBytes := []byte{}
+
+	if config.IsScript(userData) {
+		scriptBytes = userDataBytes
+		userDataBytes = []byte{}
+	} else if isCompose(userData) {
+		if userDataBytes, err = composeToCloudConfig(userDataBytes); err != nil {
+			log.Errorf("Failed to convert compose to cloud-config syntax: %v", err)
+			return err
+		}
+	} else if config.IsCloudConfig(userData) {
+		if _, err := rancherConfig.ReadConfig(userDataBytes, false); err != nil {
+			log.WithFields(log.Fields{"cloud-config": userData, "err": err}).Warn("Failed to parse cloud-config, not saving.")
+			userDataBytes = []byte{}
+		}
+	} else {
+		log.Errorf("Unrecognized user-data\n(%s)", userData)
+		userDataBytes = []byte{}
+	}
+
+	if _, err := rancherConfig.ReadConfig(userDataBytes, false); err != nil {
+		log.WithFields(log.Fields{"cloud-config": userData, "err": err}).Warn("Failed to parse cloud-config")
+		return errors.New("Failed to parse cloud-config")
+	}
+
+	return saveFiles(userDataBytes, scriptBytes, metadata)
 }
 
 // getDatasources creates a slice of possible Datasources for cloudinit based
 // on the different source command-line flags.
-func getDatasources(cfg *rancherConfig.CloudConfig, network bool) []datasource.Datasource {
+func getDatasources(cfg *rancherConfig.CloudConfig) []datasource.Datasource {
 	dss := make([]datasource.Datasource, 0, 5)
 
 	for _, ds := range cfg.Rancher.CloudInit.Datasources {
 		parts := strings.SplitN(ds, ":", 2)
 
+		root := ""
+		if len(parts) > 1 {
+			root = parts[1]
+		}
+
 		switch parts[0] {
 		case "ec2":
-			if network {
-				if len(parts) == 1 {
-					dss = append(dss, ec2.NewDatasource(ec2.DefaultAddress))
-				} else {
-					dss = append(dss, ec2.NewDatasource(parts[1]))
-				}
-			}
+			dss = append(dss, ec2.NewDatasource(root))
 		case "file":
-			if len(parts) == 2 {
-				dss = append(dss, file.NewDatasource(parts[1]))
+			if root != "" {
+				dss = append(dss, file.NewDatasource(root))
 			}
 		case "url":
-			if network {
-				if len(parts) == 2 {
-					dss = append(dss, url.NewDatasource(parts[1]))
-				}
+			if root != "" {
+				dss = append(dss, url.NewDatasource(root))
 			}
 		case "cmdline":
-			if network {
-				if len(parts) == 1 {
-					dss = append(dss, proc_cmdline.NewDatasource())
-				}
+			if len(parts) == 1 {
+				dss = append(dss, proccmdline.NewDatasource())
 			}
 		case "configdrive":
-			if len(parts) == 2 {
-				dss = append(dss, configdrive.NewDatasource(parts[1]))
+			if root != "" {
+				dss = append(dss, configdrive.NewDatasource(root))
 			}
 		case "digitalocean":
-			if network {
-				if len(parts) == 1 {
-					dss = append(dss, digitalocean.NewDatasource(digitalocean.DefaultAddress))
-				} else {
-					dss = append(dss, digitalocean.NewDatasource(parts[1]))
-				}
-			} else {
-				enableDoLinkLocal()
-			}
+			// TODO: should we enableDoLinkLocal() - to avoid the need for the other kernel/oem options?
+			dss = append(dss, digitalocean.NewDatasource(root))
 		case "gce":
-			if network {
-				dss = append(dss, gce.NewDatasource("http://metadata.google.internal/"))
-			}
+			dss = append(dss, gce.NewDatasource(root))
 		case "packet":
-			if !network {
-				enablePacketNetwork(&cfg.Rancher)
-			}
-			dss = append(dss, packet.NewDatasource("https://metadata.packet.net/"))
+			dss = append(dss, packet.NewDatasource(root))
 		}
 	}
 
@@ -266,8 +268,8 @@ func getDatasources(cfg *rancherConfig.CloudConfig, network bool) []datasource.D
 }
 
 func enableDoLinkLocal() {
-	err := netconf.ApplyNetworkConfigs(&rancherConfig.NetworkConfig{
-		Interfaces: map[string]rancherConfig.InterfaceConfig{
+	err := netconf.ApplyNetworkConfigs(&netconf.NetworkConfig{
+		Interfaces: map[string]netconf.InterfaceConfig{
 			"eth0": {
 				IPV4LL: true,
 			},
@@ -295,13 +297,17 @@ func selectDatasource(sources []datasource.Datasource) datasource.Datasource {
 
 			duration := datasourceInterval
 			for {
-				log.Infof("Checking availability of %q\n", s.Type())
+				log.Infof("cloud-init: Checking availability of %q\n", s.Type())
 				if s.IsAvailable() {
+					log.Infof("cloud-init: Datasource available: %s", s)
 					ds <- s
 					return
-				} else if !s.AvailabilityChanges() {
+				}
+				if !s.AvailabilityChanges() {
+					log.Infof("cloud-init: Datasource unavailable, skipping: %s", s)
 					return
 				}
+				log.Errorf("cloud-init: Datasource not ready, will retry: %s", s)
 				select {
 				case <-stop:
 					return
@@ -321,6 +327,10 @@ func selectDatasource(sources []datasource.Datasource) datasource.Datasource {
 	var s datasource.Datasource
 	select {
 	case s = <-ds:
+		err := fetchAndSave(s)
+		if err != nil {
+			log.Errorf("Error fetching cloud-init datasource(%s): %s", s, err)
+		}
 	case <-done:
 	case <-time.After(datasourceTimeout):
 	}

cmd/cloudinitsave/packet.go

@@ -1,104 +0,0 @@
-package cloudinitsave
-
-import (
-	"bytes"
-	"fmt"
-	"net/http"
-	"os"
-	"path"
-	"strings"
-
-	"github.com/rancher/os/log"
-
-	yaml "github.com/cloudfoundry-incubator/candiedyaml"
-
-	"github.com/packethost/packngo/metadata"
-	"github.com/rancher/os/config"
-	"github.com/rancher/os/netconf"
-)
-
-func enablePacketNetwork(cfg *config.RancherConfig) {
-	bootStrapped := false
-	for _, v := range cfg.Network.Interfaces {
-		if v.Address != "" {
-			if err := netconf.ApplyNetworkConfigs(&cfg.Network); err != nil {
-				log.Errorf("Failed to bootstrap network: %v", err)
-				return
-			}
-			bootStrapped = true
-			break
-		}
-	}
-
-	if !bootStrapped {
-		return
-	}
-
-	c := metadata.NewClient(http.DefaultClient)
-	m, err := c.Metadata.Get()
-	if err != nil {
-		log.Errorf("Failed to get Packet metadata: %v", err)
-		return
-	}
-
-	bondCfg := config.InterfaceConfig{
-		Addresses: []string{},
-		BondOpts: map[string]string{
-			"lacp_rate":        "1",
-			"xmit_hash_policy": "layer3+4",
-			"downdelay":        "200",
-			"updelay":          "200",
-			"miimon":           "100",
-			"mode":             "4",
-		},
-	}
-	netCfg := config.NetworkConfig{
-		Interfaces: map[string]config.InterfaceConfig{},
-	}
-	for _, iface := range m.Network.Interfaces {
-		netCfg.Interfaces["mac="+iface.Mac] = config.InterfaceConfig{
-			Bond: "bond0",
-		}
-	}
-	for _, addr := range m.Network.Addresses {
-		bondCfg.Addresses = append(bondCfg.Addresses, fmt.Sprintf("%s/%d", addr.Address, addr.Cidr))
-		if addr.Gateway != "" {
-			if addr.AddressFamily == 4 {
-				if addr.Public {
-					bondCfg.Gateway = addr.Gateway
-				}
-			} else {
-				bondCfg.GatewayIpv6 = addr.Gateway
-			}
-		}
-
-		if addr.AddressFamily == 4 && strings.HasPrefix(addr.Gateway, "10.") {
-			bondCfg.PostUp = append(bondCfg.PostUp, "ip route add 10.0.0.0/8 via "+addr.Gateway)
-		}
-	}
-
-	netCfg.Interfaces["bond0"] = bondCfg
-	b, _ := yaml.Marshal(netCfg)
-	log.Debugf("Generated network config: %s", string(b))
-
-	cc := config.CloudConfig{
-		Rancher: config.RancherConfig{
-			Network: netCfg,
-		},
-	}
-
-	// Post to phone home URL on first boot
-	if _, err = os.Stat(config.CloudConfigNetworkFile); err != nil {
-		if _, err = http.Post(m.PhoneHomeURL, "application/json", bytes.NewReader([]byte{})); err != nil {
-			log.Errorf("Failed to post to Packet phone home URL: %v", err)
-		}
-	}
-
-	if err := os.MkdirAll(path.Dir(config.CloudConfigNetworkFile), 0700); err != nil {
-		log.Errorf("Failed to create directory for file %s: %v", config.CloudConfigNetworkFile, err)
-	}
-
-	if err := config.WriteToFile(cc, config.CloudConfigNetworkFile); err != nil {
-		log.Errorf("Failed to save config file %s: %v", config.CloudConfigNetworkFile, err)
-	}
-}

cmd/control/config.go

@@ -147,6 +147,10 @@ func env2map(env []string) map[string]string {
 }
 
 func configSet(c *cli.Context) error {
+	if c.NArg() < 2 {
+		return nil
+	}
+
 	key := c.Args().Get(0)
 	value := c.Args().Get(1)
 	if key == "" {

cmd/control/console_init.go

@@ -31,8 +31,7 @@ type symlink struct {
 }
 
 func ConsoleInitMain() {
-	err := consoleInitFunc()
-	if err != nil {
+	if err := consoleInitFunc(); err != nil {
 		log.Fatal(err)
 	}
 }
@@ -41,6 +40,17 @@ func consoleInitAction(c *cli.Context) error {
 	return consoleInitFunc()
 }
 
+func createHomeDir(homedir string, uid, gid int) {
+	if _, err := os.Stat(homedir); os.IsNotExist(err) {
+		if err := os.MkdirAll(homedir, 0755); err != nil {
+			log.Error(err)
+		}
+		if err := os.Chown(homedir, uid, gid); err != nil {
+			log.Error(err)
+		}
+	}
+}
+
 func consoleInitFunc() error {
 	cfg := config.LoadConfig()
 
@@ -50,23 +60,8 @@ func consoleInitFunc() error {
 		log.Error(err)
 	}
 
-	if _, err := os.Stat(rancherHome); os.IsNotExist(err) {
-		if err := os.MkdirAll(rancherHome, 0755); err != nil {
-			log.Error(err)
-		}
-		if err := os.Chown(rancherHome, 1100, 1100); err != nil {
-			log.Error(err)
-		}
-	}
-
-	if _, err := os.Stat(dockerHome); os.IsNotExist(err) {
-		if err := os.MkdirAll(dockerHome, 0755); err != nil {
-			log.Error(err)
-		}
-		if err := os.Chown(dockerHome, 1101, 1101); err != nil {
-			log.Error(err)
-		}
-	}
+	createHomeDir(rancherHome, 1100, 1100)
+	createHomeDir(dockerHome, 1101, 1101)
 
 	password := config.GetCmdline("rancher.password")
 	if password != "" {

cmd/control/install.go

@@ -9,13 +9,14 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"runtime"
 	"strconv"
 	"strings"
 
 	"github.com/rancher/os/log"
 
 	"github.com/codegangsta/cli"
-	version "github.com/hashicorp/go-version"
+	"github.com/rancher/catalog-service/utils/version"
 	"github.com/rancher/os/cmd/control/install"
 	"github.com/rancher/os/cmd/power"
 	"github.com/rancher/os/config"
@@ -50,6 +51,10 @@ var installCommand = cli.Command{
 			Name:  "device, d",
 			Usage: "storage device",
 		},
+		cli.StringFlag{
+			Name:  "partition, p",
+			Usage: "partition to install to",
+		},
 		cli.BoolFlag{
 			Name:  "force, f",
 			Usage: "[ DANGEROUS! Data loss can happen ] partition/format without prompting",
@@ -62,17 +67,18 @@ var installCommand = cli.Command{
 			Name:  "append, a",
 			Usage: "append additional kernel parameters",
 		},
-		cli.StringFlag{ // TODO: hide..
-			Name:  "rollback, r",
-			Usage: "rollback version",
+		cli.StringFlag{
+			Name:   "rollback, r",
+			Usage:  "rollback version",
+			Hidden: true,
 		},
-		cli.BoolFlag{ // TODO: this should be hidden and internal only
+		cli.BoolFlag{
 			Name:   "isoinstallerloaded",
 			Usage:  "INTERNAL use only: mount the iso to get kernel and initrd",
 			Hidden: true,
 		},
 		cli.BoolFlag{
-			Name:  "kexec",
+			Name:  "kexec, k",
 			Usage: "reboot using kexec",
 		},
 		cli.BoolFlag{
@@ -83,11 +89,16 @@ var installCommand = cli.Command{
 }
 
 func installAction(c *cli.Context) error {
+	if runtime.GOARCH != "amd64" {
+		log.Fatalf("ros install / upgrade only supported on 'amd64', not '%s'", runtime.GOARCH)
+	}
+
 	if c.Args().Present() {
 		log.Fatalf("invalid arguments %v", c.Args())
 	}
 
-	if c.Bool("debug") {
+	debug := c.Bool("debug")
+	if debug {
 		originalLevel := log.GetLevel()
 		defer log.SetLevel(originalLevel)
 		log.SetLevel(log.DebugLevel)
@@ -112,16 +123,17 @@ func installAction(c *cli.Context) error {
 	}
 	if installType == "rancher-upgrade" ||
 		installType == "upgrade" {
-		force = true // the os.go upgrade code already asks
+		installType = "upgrade" // rancher-upgrade is redundant!
+		force = true            // the os.go upgrade code already asks
 		reboot = false
 		isoinstallerloaded = true // OMG this flag is aweful - kill it with fire
 	}
 	device := c.String("device")
+	partition := c.String("partition")
 	if installType != "noformat" &&
 		installType != "raid" &&
 		installType != "bootstrap" &&
-		installType != "upgrade" &&
-		installType != "rancher-upgrade" {
+		installType != "upgrade" {
 		// These can use RANCHER_BOOT or RANCHER_STATE labels..
 		if device == "" {
 			log.Fatal("Can not proceed without -d <dev> specified")
@@ -130,17 +142,22 @@ func installAction(c *cli.Context) error {
 
 	cloudConfig := c.String("cloud-config")
 	if cloudConfig == "" {
-		log.Warn("Cloud-config not provided: you might need to provide cloud-config on bootDir with ssh_authorized_keys")
+		if installType != "upgrade" {
+			// TODO: I wonder if its plausible to merge a new cloud-config into an existing one on upgrade - so for now, i'm only turning off the warning
+			log.Warn("Cloud-config not provided: you might need to provide cloud-config on bootDir with ssh_authorized_keys")
+		}
 	} else {
+		os.MkdirAll("/opt", 0755)
 		uc := "/opt/user_config.yml"
 		if err := util.FileCopy(cloudConfig, uc); err != nil {
-			log.WithFields(log.Fields{"cloudConfig": cloudConfig}).Fatal("Failed to copy cloud-config")
+			log.WithFields(log.Fields{"cloudConfig": cloudConfig, "error": err}).Fatal("Failed to copy cloud-config")
 		}
 		cloudConfig = uc
 	}
 
-	if err := runInstall(image, installType, cloudConfig, device, kappend, force, kexec, isoinstallerloaded); err != nil {
+	if err := runInstall(image, installType, cloudConfig, device, partition, kappend, force, kexec, isoinstallerloaded, debug); err != nil {
 		log.WithFields(log.Fields{"err": err}).Fatal("Failed to run install")
+		return err
 	}
 
 	if !kexec && reboot && (force || yes("Continue with reboot")) {
@@ -151,7 +168,7 @@ func installAction(c *cli.Context) error {
 	return nil
 }
 
-func runInstall(image, installType, cloudConfig, device, kappend string, force, kexec, isoinstallerloaded bool) error {
+func runInstall(image, installType, cloudConfig, device, partition, kappend string, force, kexec, isoinstallerloaded, debug bool) error {
 	fmt.Printf("Installing from %s\n", image)
 
 	if !force {
@@ -168,20 +185,7 @@ func runInstall(image, installType, cloudConfig, device, kappend string, force,
 
 	// Versions before 0.8.0-rc3 use the old calling convention (from the lay-down-os shell script)
 	imageVersion := strings.TrimPrefix(image, "rancher/os:")
-	installVer, err := version.NewVersion("999.999")
-	if strings.HasPrefix(imageVersion, "v") {
-		installVer, err = version.NewVersion(strings.TrimPrefix(imageVersion, "v"))
-		if err != nil {
-			log.Errorf("ERROR parsing %s: %s", imageVersion, err)
-			os.Exit(1)
-		}
-	}
-	newInstallerVersion, err := version.NewVersion("0.8.0-rc3")
-	if err != nil {
-		log.Errorf("ERROR parsing %s: %s", "0.8.0-rc3", err)
-		os.Exit(1)
-	}
-	if installVer.LessThan(newInstallerVersion) {
+	if version.GreaterThan("v0.8.0-rc3", imageVersion) {
 		log.Infof("user specified to install pre v0.8.0: %s", image)
 		imageVersion = strings.Replace(imageVersion, "-", ".", -1)
 		vArray := strings.Split(imageVersion, ".")
@@ -275,6 +279,9 @@ func runInstall(image, installType, cloudConfig, device, kappend string, force,
 			if kexec {
 				installerCmd = append(installerCmd, "--kexec")
 			}
+			if debug {
+				installerCmd = append(installerCmd, "--debug")
+			}
 
 			// TODO: mount at /mnt for shared mount?
 			if useIso {
@@ -297,25 +304,29 @@ func runInstall(image, installType, cloudConfig, device, kappend string, force,
 
 	log.Debugf("running installation")
 
-	if installType == "generic" ||
-		installType == "syslinux" ||
-		installType == "gptsyslinux" {
-		diskType := "msdos"
-		if installType == "gptsyslinux" {
-			diskType = "gpt"
+	if partition == "" {
+		if installType == "generic" ||
+			installType == "syslinux" ||
+			installType == "gptsyslinux" {
+			diskType := "msdos"
+			if installType == "gptsyslinux" {
+				diskType = "gpt"
+			}
+			log.Debugf("running setDiskpartitions")
+			err := setDiskpartitions(device, diskType)
+			if err != nil {
+				log.Errorf("error setDiskpartitions %s", err)
+				return err
+			}
+			// use the bind mounted host filesystem to get access to the /dev/vda1 device that udev on the host sets up (TODO: can we run a udevd inside the container? `mknod b 253 1 /dev/vda1` doesn't work)
+			device = "/host" + device
+			//# TODO: Change this to a number so that users can specify.
+			//# Will need to make it so that our builds and packer APIs remain consistent.
+			partition = device + "1" //${partition:=${device}1}
 		}
-		log.Debugf("running setDiskpartitions")
-		err := setDiskpartitions(device, diskType)
-		if err != nil {
-			log.Errorf("error setDiskpartitions %s", err)
-			return err
-		}
-		// use the bind mounted host filesystem to get access to the /dev/vda1 device that udev on the host sets up (TODO: can we run a udevd inside the container? `mknod b 253 1 /dev/vda1` doesn't work)
-		device = "/host" + device
 	}
 
-	if installType == "rancher-upgrade" ||
-		installType == "upgrade" {
+	if installType == "upgrade" {
 		isoinstallerloaded = false
 	}
 
@@ -324,11 +335,11 @@ func runInstall(image, installType, cloudConfig, device, kappend string, force,
 		// TODO: detect if its not mounted and then optionally mount?
 		if err := mountBootIso(); err != nil {
 			log.Errorf("error mountBootIso %s", err)
-			return err
+			//return err
 		}
 	}
 
-	err = layDownOS(image, installType, cloudConfig, device, kappend, kexec)
+	err := layDownOS(image, installType, cloudConfig, device, partition, kappend, kexec)
 	if err != nil {
 		log.Errorf("error layDownOS %s", err)
 		return err
@@ -340,48 +351,25 @@ func runInstall(image, installType, cloudConfig, device, kappend string, force,
 func mountBootIso() error {
 	deviceName := "/dev/sr0"
 	deviceType := "iso9660"
-	{ // force the defer
-		mountsFile, err := os.Open("/proc/mounts")
-		if err != nil {
-			log.Errorf("failed to read /proc/mounts %s", err)
-			return err
-		}
-		defer mountsFile.Close()
+	if d, t := util.Blkid("RancherOS"); d != "" {
+		deviceName = d
+		deviceType = t
+	}
 
-		if partitionMounted(deviceName, mountsFile) {
-			return nil
-		}
+	mountsFile, err := os.Open("/proc/mounts")
+	if err != nil {
+		log.Errorf("failed to read /proc/mounts %s", err)
+		return err
+	}
+	defer mountsFile.Close()
+
+	if partitionMounted(deviceName, mountsFile) {
+		return nil
 	}
 
 	os.MkdirAll("/bootiso", 0755)
-
-	// find the installation device
-	cmd := exec.Command("blkid", "-L", "RancherOS")
-	log.Debugf("Run(%v)", cmd)
-	cmd.Stderr = os.Stderr
-	out, err := cmd.Output()
-	if err != nil {
-		log.Errorf("Failed to get RancherOS boot device: %s", err)
-		return err
-	}
-	deviceName = strings.TrimSpace(string(out))
-	log.Debugf("blkid found -L RancherOS: %s", deviceName)
-
-	cmd = exec.Command("blkid", deviceName)
-	log.Debugf("Run(%v)", cmd)
-	cmd.Stderr = os.Stderr
-	if out, err = cmd.Output(); err != nil {
-		log.Errorf("Failed to get RancherOS boot device type: %s", err)
-		return err
-	}
-	deviceType = strings.TrimSpace(string(out))
-	s1 := strings.Split(deviceType, "TYPE=\"")
-	s2 := strings.Split(s1[1], "\"")
-	deviceType = s2[0]
-	log.Debugf("blkid type of %s: %s", deviceName, deviceType)
-
-	cmd = exec.Command("mount", "-t", deviceType, deviceName, "/bootiso")
-	log.Debugf("Run(%v)", cmd)
+	cmd := exec.Command("mount", "-t", deviceType, deviceName, "/bootiso")
+	log.Debugf("mount (%#v)", cmd)
 
 	cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
 	err = cmd.Run()
@@ -393,9 +381,9 @@ func mountBootIso() error {
 	return err
 }
 
-func layDownOS(image, installType, cloudConfig, device, kappend string, kexec bool) error {
+func layDownOS(image, installType, cloudConfig, device, partition, kappend string, kexec bool) error {
 	// ENV == installType
-	//[[ "$ARCH" == "arm" && "$ENV" != "rancher-upgrade" ]] && ENV=arm
+	//[[ "$ARCH" == "arm" && "$ENV" != "upgrade" ]] && ENV=arm
 
 	// image == rancher/os:v0.7.0_arm
 	// TODO: remove the _arm suffix (but watch out, its not always there..)
@@ -407,10 +395,7 @@ func layDownOS(image, installType, cloudConfig, device, kappend string, kexec bo
 	CONSOLE := "tty0"
 	baseName := "/mnt/new_img"
 	bootDir := "boot/"
-	//# TODO: Change this to a number so that users can specify.
-	//# Will need to make it so that our builds and packer APIs remain consistent.
-	partition := device + "1"                                                //${partition:=${device}1}
-	kernelArgs := "rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait" // console="+CONSOLE
+	kernelArgs := "printk.devkmsg=on rancher.state.dev=LABEL=RANCHER_STATE rancher.state.wait" // console="+CONSOLE
 
 	// unmount on trap
 	defer util.Unmount(baseName)
@@ -475,14 +460,14 @@ func layDownOS(image, installType, cloudConfig, device, kappend string, kexec bo
 		seedData(baseName, cloudConfig, FILES)
 	case "noformat":
 		var err error
-		device, partition, err = mountdevice(baseName, bootDir, partition, false)
+		device, partition, err = mountdevice(baseName, bootDir, device, partition, false)
 		if err != nil {
 			return err
 		}
 		installSyslinux(device, baseName, bootDir, diskType)
 	case "raid":
 		var err error
-		device, partition, err = mountdevice(baseName, bootDir, partition, false)
+		device, partition, err = mountdevice(baseName, bootDir, device, partition, false)
 		if err != nil {
 			return err
 		}
@@ -490,20 +475,21 @@ func layDownOS(image, installType, cloudConfig, device, kappend string, kexec bo
 	case "bootstrap":
 		CONSOLE = "ttyS0"
 		var err error
-		device, partition, err = mountdevice(baseName, bootDir, partition, true)
+		device, partition, err = mountdevice(baseName, bootDir, device, partition, true)
 		if err != nil {
 			return err
 		}
 		kernelArgs = kernelArgs + " rancher.cloud_init.datasources=[ec2,gce]"
-	case "upgrade":
-		fallthrough
 	case "rancher-upgrade":
+		installType = "upgrade" // rancher-upgrade is redundant
+		fallthrough
+	case "upgrade":
 		var err error
-		device, partition, err = mountdevice(baseName, bootDir, partition, false)
+		device, partition, err = mountdevice(baseName, bootDir, device, partition, false)
 		if err != nil {
 			return err
 		}
-		log.Infof("upgrading - %s, %s, %s, %s", device, baseName, bootDir, diskType)
+		log.Debugf("upgrading - %s, %s, %s, %s", device, baseName, bootDir, diskType)
 		// TODO: detect pv-grub, and don't kill it with syslinux
 		upgradeBootloader(device, baseName, bootDir, diskType)
 	default:
@@ -531,7 +517,7 @@ func layDownOS(image, installType, cloudConfig, device, kappend string, kexec bo
 		install.PvGrubConfig(menu)
 	}
 	log.Debugf("installRancher")
-	err := installRancher(baseName, bootDir, VERSION, DIST, kernelArgs+" "+kappend)
+	currentCfg, err := installRancher(baseName, bootDir, VERSION, DIST, kernelArgs+" "+kappend)
 	if err != nil {
 		log.Errorf("%s", err)
 		return err
@@ -540,12 +526,19 @@ func layDownOS(image, installType, cloudConfig, device, kappend string, kexec bo
 
 	// Used by upgrade
 	if kexec {
+		vmlinuzFile, initrdFile, err := readSyslinuxCfg(currentCfg)
+		if err != nil {
+			log.Errorf("%s", err)
+			return err
+		}
 		//    kexec -l ${DIST}/vmlinuz --initrd=${DIST}/initrd --append="${kernelArgs} ${APPEND}" -f
-		cmd := exec.Command("kexec", "-l "+DIST+"/vmlinuz",
-			"--initrd="+DIST+"/initrd",
-			"--append='"+kernelArgs+" "+kappend+"'",
+		cmd := exec.Command(
+			"kexec",
+			"-l", DIST+"/"+vmlinuzFile,
+			"--initrd", DIST+"/"+initrdFile,
+			"--append", "'"+kernelArgs+" "+kappend+"'",
 			"-f")
-		log.Debugf("Run(%v)", cmd)
+		log.Debugf("Run(%#v)", cmd)
 		cmd.Stderr = os.Stderr
 		if _, err := cmd.Output(); err != nil {
 			log.Errorf("Failed to kexec: %s", err)
@@ -557,6 +550,31 @@ func layDownOS(image, installType, cloudConfig, device, kappend string, kexec bo
 	return nil
 }
 
+func readSyslinuxCfg(currentCfg string) (string, string, error) {
+	vmlinuzFile := ""
+	initrdFile := ""
+	// Need to parse currentCfg for the lines:
+	// KERNEL ../vmlinuz-4.9.18-rancher^M
+	// INITRD ../initrd-41e02e6-dirty^M
+	buf, err := ioutil.ReadFile(currentCfg)
+	if err != nil {
+		return vmlinuzFile, initrdFile, err
+	}
+	s := bufio.NewScanner(bytes.NewReader(buf))
+	for s.Scan() {
+		line := strings.TrimSpace(s.Text())
+		if strings.HasPrefix(line, "KERNEL") {
+			vmlinuzFile = strings.TrimSpace(strings.TrimPrefix(line, "KERNEL"))
+			vmlinuzFile = filepath.Base(vmlinuzFile)
+		}
+		if strings.HasPrefix(line, "INITRD") {
+			initrdFile = strings.TrimSpace(strings.TrimPrefix(line, "INITRD"))
+			initrdFile = filepath.Base(initrdFile)
+		}
+	}
+	return vmlinuzFile, initrdFile, err
+}
+
 // files is an array of 'sourcefile:destination' - but i've not seen any examples of it being used.
 func seedData(baseName, cloudData string, files []string) error {
 	log.Debugf("seedData")
@@ -565,7 +583,7 @@ func seedData(baseName, cloudData string, files []string) error {
 		return err
 	}
 
-	if err = os.MkdirAll(filepath.Join(baseName, "/var/lib/rancher/conf/cloud-config.d"), 0755); err != nil {
+	if err = os.MkdirAll(filepath.Join(baseName, "/var/lib/rancher/conf/cloud-config.d"), 0700); err != nil {
 		return err
 	}
 
@@ -732,53 +750,55 @@ func formatdevice(device, partition string) error {
 	return nil
 }
 
-func mountdevice(baseName, bootDir, partition string, raw bool) (string, string, error) {
-	log.Infof("mountdevice %s, raw %v", partition, raw)
+func mountdevice(baseName, bootDir, device, partition string, raw bool) (string, string, error) {
+	log.Debugf("mountdevice %s, raw %v", partition, raw)
 
-	if raw {
-		log.Debugf("util.Mount (raw) %s, %s", partition, baseName)
+	if partition == "" {
+		if raw {
+			log.Debugf("util.Mount (raw) %s, %s", partition, baseName)
 
+			cmd := exec.Command("lsblk", "-no", "pkname", partition)
+			log.Debugf("Run(%v)", cmd)
+			cmd.Stderr = os.Stderr
+			device := ""
+			// TODO: out can == "" - this is used to "detect software RAID" which is terrible
+			if out, err := cmd.Output(); err == nil {
+				device = "/dev/" + strings.TrimSpace(string(out))
+			}
+
+			log.Debugf("mountdevice return -> d: %s, p: %s", device, partition)
+			return device, partition, util.Mount(partition, baseName, "", "")
+		}
+
+		//rootfs := partition
+		// Don't use ResolveDevice - it can fail, whereas `blkid -L LABEL` works more often
+
+		cfg := config.LoadConfig()
+		if d, _ := util.Blkid("RANCHER_BOOT"); d != "" {
+			partition = d
+			baseName = filepath.Join(baseName, "boot")
+		} else {
+			if dev := util.ResolveDevice(cfg.Rancher.State.Dev); dev != "" {
+				// try the rancher.state.dev setting
+				partition = dev
+			} else {
+				if d, _ := util.Blkid("RANCHER_STATE"); d != "" {
+					partition = d
+				}
+			}
+		}
 		cmd := exec.Command("lsblk", "-no", "pkname", partition)
 		log.Debugf("Run(%v)", cmd)
 		cmd.Stderr = os.Stderr
-		device := ""
+		// TODO: out can == "" - this is used to "detect software RAID" which is terrible
 		if out, err := cmd.Output(); err == nil {
 			device = "/dev/" + strings.TrimSpace(string(out))
 		}
-
-		return device, partition, util.Mount(partition, baseName, "", "")
 	}
-
-	//rootfs := partition
-	// Don't use ResolveDevice - it can fail, whereas `blkid -L LABEL` works more often
-	//if dev := util.ResolveDevice("LABEL=RANCHER_BOOT"); dev != "" {
-	cmd := exec.Command("blkid", "-L", "RANCHER_BOOT")
-	log.Debugf("Run(%v)", cmd)
-	cmd.Stderr = os.Stderr
-	if out, err := cmd.Output(); err == nil {
-		partition = strings.TrimSpace(string(out))
-		baseName = filepath.Join(baseName, "boot")
-	} else {
-		cmd := exec.Command("blkid", "-L", "RANCHER_STATE")
-		log.Debugf("Run(%v)", cmd)
-		cmd.Stderr = os.Stderr
-		if out, err := cmd.Output(); err == nil {
-			partition = strings.TrimSpace(string(out))
-		}
-	}
-	device := ""
-	cmd = exec.Command("lsblk", "-no", "pkname", partition)
-	log.Debugf("Run(%v)", cmd)
-	cmd.Stderr = os.Stderr
-	if out, err := cmd.Output(); err == nil {
-		device = "/dev/" + strings.TrimSpace(string(out))
-	}
-
-	log.Debugf("util.Mount %s, %s", partition, baseName)
 	os.MkdirAll(baseName, 0755)
-	cmd = exec.Command("mount", partition, baseName)
-	log.Debugf("Run(%v)", cmd)
+	cmd := exec.Command("mount", partition, baseName)
 	//cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
+	log.Debugf("mountdevice return2 -> d: %s, p: %s", device, partition)
 	return device, partition, cmd.Run()
 }
 
@@ -790,7 +810,7 @@ func formatAndMount(baseName, bootDir, device, partition string) (string, string
 		log.Errorf("formatdevice %s", err)
 		return device, partition, err
 	}
-	device, partition, err = mountdevice(baseName, bootDir, partition, false)
+	device, partition, err = mountdevice(baseName, bootDir, device, partition, false)
 	if err != nil {
 		log.Errorf("mountdevice %s", err)
 		return device, partition, err
@@ -843,7 +863,31 @@ func upgradeBootloader(device, baseName, bootDir, diskType string) error {
 		// TODO: in v0.9.0, need to detect what version syslinux we have
 		return nil
 	}
-	if err := os.Rename(grubDir, filepath.Join(baseName, bootDir+"grub_backup")); err != nil {
+	// deal with systems which were previously upgraded, then rolled back, and are now being re-upgraded
+	grubBackup := filepath.Join(baseName, bootDir+"grub_backup")
+	if err := os.RemoveAll(grubBackup); err != nil {
+		log.Errorf("RemoveAll (%s): %s", grubBackup, err)
+		return err
+	}
+	backupSyslinuxDir := filepath.Join(baseName, bootDir+"syslinux_backup")
+	if _, err := os.Stat(backupSyslinuxDir); !os.IsNotExist(err) {
+		backupSyslinuxLdlinuxSys := filepath.Join(backupSyslinuxDir, "ldlinux.sys")
+		if _, err := os.Stat(backupSyslinuxLdlinuxSys); !os.IsNotExist(err) {
+			//need a privileged container that can chattr -i ldlinux.sys
+			cmd := exec.Command("chattr", "-i", backupSyslinuxLdlinuxSys)
+			if err := cmd.Run(); err != nil {
+				log.Errorf("%s", err)
+				return err
+			}
+		}
+
+		if err := os.RemoveAll(backupSyslinuxDir); err != nil {
+			log.Errorf("RemoveAll (%s): %s", backupSyslinuxDir, err)
+			return err
+		}
+	}
+
+	if err := os.Rename(grubDir, grubBackup); err != nil {
 		log.Errorf("Rename(%s): %s", grubDir, err)
 		return err
 	}
@@ -851,17 +895,14 @@ func upgradeBootloader(device, baseName, bootDir, diskType string) error {
 	syslinuxDir := filepath.Join(baseName, bootDir+"syslinux")
 	// it seems that v0.5.0 didn't have a syslinux dir, while 0.7 does
 	if _, err := os.Stat(syslinuxDir); !os.IsNotExist(err) {
-		backupSyslinuxDir := filepath.Join(baseName, bootDir+"syslinux_backup")
 		if err := os.Rename(syslinuxDir, backupSyslinuxDir); err != nil {
 			log.Infof("error Rename(%s, %s): %s", syslinuxDir, backupSyslinuxDir, err)
 		} else {
-			log.Errorf("Rename(%s, %s): ok", syslinuxDir, backupSyslinuxDir)
 			//mv the old syslinux into linux-previous.cfg
 			oldSyslinux, err := ioutil.ReadFile(filepath.Join(backupSyslinuxDir, "syslinux.cfg"))
 			if err != nil {
 				log.Infof("error read(%s / syslinux.cfg): %s", backupSyslinuxDir, err)
 			} else {
-				log.Infof("read(%s / syslinux.cfg): ok", backupSyslinuxDir)
 				cfg := string(oldSyslinux)
 				//DEFAULT RancherOS-current
 				//
@@ -879,7 +920,6 @@ func upgradeBootloader(device, baseName, bootDir, diskType string) error {
 					line = strings.TrimSpace(line)
 					if strings.HasPrefix(line, "APPEND") {
 						// TODO: need to append any extra's the user specified
-						log.Infof("wrote (%s) to global.cfg", []byte(cfg))
 						ioutil.WriteFile(filepath.Join(baseName, bootDir, "global.cfg"), []byte(cfg), 0644)
 						break
 					}
@@ -892,6 +932,7 @@ func upgradeBootloader(device, baseName, bootDir, diskType string) error {
 }
 
 func installSyslinux(device, baseName, bootDir, diskType string) error {
+	log.Debugf("installSyslinux(%s)", device)
 
 	mbrFile := "mbr.bin"
 	if diskType == "gpt" {
@@ -902,7 +943,7 @@ func installSyslinux(device, baseName, bootDir, diskType string) error {
 	// ubuntu: /usr/lib/syslinux/mbr/mbr.bin
 	// alpine: /usr/share/syslinux/mbr.bin
 	if device == "/dev/" {
-		log.Infof("installSyslinuxRaid(%s)", device)
+		log.Debugf("installSyslinuxRaid(%s)", device)
 		//RAID - assume sda&sdb
 		//TODO: fix this - not sure how to detect what disks should have mbr - perhaps we need a param
 		//      perhaps just assume and use the devices that make up the raid - mdadm
@@ -931,7 +972,7 @@ func installSyslinux(device, baseName, bootDir, diskType string) error {
 			log.Errorf("setBootable(%s, %s): %s", device, diskType, err)
 			//return err
 		}
-		log.Infof("installSyslinux(%s)", device)
+		log.Debugf("installSyslinux(%s)", device)
 		cmd := exec.Command("dd", "bs=440", "count=1", "if=/usr/share/syslinux/"+mbrFile, "of="+device)
 		log.Debugf("Run(%v)", cmd)
 		if err := cmd.Run(); err != nil {
@@ -973,7 +1014,7 @@ func installSyslinux(device, baseName, bootDir, diskType string) error {
 	return nil
 }
 
-func installRancher(baseName, bootDir, VERSION, DIST, kappend string) error {
+func installRancher(baseName, bootDir, VERSION, DIST, kappend string) (string, error) {
 	log.Debugf("installRancher")
 
 	// detect if there already is a linux-current.cfg, if so, move it to linux-previous.cfg,
@@ -982,10 +1023,11 @@ func installRancher(baseName, bootDir, VERSION, DIST, kappend string) error {
 		previousCfg := filepath.Join(baseName, bootDir, "linux-previous.cfg")
 		if _, err := os.Stat(previousCfg); !os.IsNotExist(err) {
 			if err := os.Remove(previousCfg); err != nil {
-				return err
+				return currentCfg, err
 			}
 		}
 		os.Rename(currentCfg, previousCfg)
+		// TODO: now that we're parsing syslinux.cfg files, maybe we can delete old kernels and initrds
 	}
 
 	// The image/ISO have all the files in it - the syslinux cfg's and the kernel&initrd, so we can copy them all from there
@@ -998,7 +1040,6 @@ func installRancher(baseName, bootDir, VERSION, DIST, kappend string) error {
 			log.Errorf("copy %s: %s", file.Name(), err)
 			//return err
 		}
-		log.Debugf("copied %s to %s as %s", filepath.Join(DIST, file.Name()), filepath.Join(baseName, bootDir), file.Name())
 	}
 	// the general INCLUDE syslinuxcfg
 	if err := dfs.CopyFile(filepath.Join(DIST, "isolinux", "isolinux.cfg"), filepath.Join(baseName, bootDir, "syslinux"), "syslinux.cfg"); err != nil {
@@ -1012,8 +1053,8 @@ func installRancher(baseName, bootDir, VERSION, DIST, kappend string) error {
 		err := ioutil.WriteFile(globalFile, []byte("APPEND "+kappend), 0644)
 		if err != nil {
 			log.Errorf("write (%s) %s", "global.cfg", err)
-			return err
+			return currentCfg, err
 		}
 	}
-	return nil
+	return currentCfg, nil
 }

cmd/control/os.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"runtime"
 	"strings"
 
 	"golang.org/x/net/context"
@@ -52,7 +53,7 @@ func osSubcommands() []cli.Command {
 					Usage: "do not reboot after upgrade",
 				},
 				cli.BoolFlag{
-					Name:  "kexec",
+					Name:  "kexec, k",
 					Usage: "reboot using kexec",
 				},
 				cli.StringFlag{
@@ -167,6 +168,10 @@ func getLatestImage() (string, error) {
 }
 
 func osUpgrade(c *cli.Context) error {
+	if runtime.GOARCH != "amd64" {
+		log.Fatalf("ros install / upgrade only supported on 'amd64', not '%s'", runtime.GOARCH)
+	}
+
 	image := c.String("image")
 
 	if image == "" {
@@ -201,7 +206,7 @@ func startUpgradeContainer(image string, stage, force, reboot, kexec bool, upgra
 	}
 
 	if kexec {
-		command = append(command, "-k")
+		command = append(command, "--kexec")
 	}
 
 	kernelArgs = strings.TrimSpace(kernelArgs)

cmd/control/service/service.go

@@ -205,7 +205,7 @@ func isLocal(service string) bool {
 }
 
 func IsLocalOrURL(service string) bool {
-	return isLocal(service) || strings.HasPrefix(service, "http:/") || strings.HasPrefix(service, "http:/")
+	return isLocal(service) || strings.HasPrefix(service, "http:/") || strings.HasPrefix(service, "https:/")
 }
 
 func validateService(service string, cfg *config.CloudConfig) {

cmd/control/util.go

@@ -1,7 +1,9 @@
 package control
 
 import (
+	"bufio"
 	"fmt"
+	"os"
 	"strings"
 
 	"github.com/rancher/os/log"
@@ -9,8 +11,8 @@ import (
 
 func yes(question string) bool {
 	fmt.Printf("%s [y/N]: ", question)
-	var line string
-	_, err := fmt.Scan(&line)
+	in := bufio.NewReader(os.Stdin)
+	line, err := in.ReadString('\n')
 	if err != nil {
 		log.Fatal(err)
 	}

cmd/network/network.go

@@ -11,7 +11,6 @@ import (
 
 func Main() {
 	log.InitLogger()
-	log.Infof("Running network")
 
 	cfg := config.LoadConfig()
 	ApplyNetworkConfig(cfg)
@@ -20,6 +19,7 @@ func Main() {
 }
 
 func ApplyNetworkConfig(cfg *config.CloudConfig) {
+	log.Infof("Apply Network Config")
 	nameservers := cfg.Rancher.Network.DNS.Nameservers
 	search := cfg.Rancher.Network.DNS.Search
 	userSetDNS := len(nameservers) > 0 || len(search) > 0
@@ -28,6 +28,7 @@ func ApplyNetworkConfig(cfg *config.CloudConfig) {
 		search = cfg.Rancher.Defaults.Network.DNS.Search
 	}
 
+	// TODO: don't write to the file if nameservers is still empty
 	if _, err := resolvconf.Build("/etc/resolv.conf", nameservers, search, nil); err != nil {
 		log.Error(err)
 	}
@@ -40,11 +41,14 @@ func ApplyNetworkConfig(cfg *config.CloudConfig) {
 		log.Error(err)
 	}
 
+	// TODO: seems wrong to do this outside netconf
 	userSetHostname := cfg.Hostname != ""
+	log.Infof("Apply Network Config RunDhcp")
 	if err := netconf.RunDhcp(&cfg.Rancher.Network, !userSetHostname, !userSetDNS); err != nil {
 		log.Error(err)
 	}
 
+	log.Infof("Apply Network Config SyncHostname")
 	if err := hostname.SyncHostname(); err != nil {
 		log.Error(err)
 	}

config/cloudinit/Documentation/cloud-config-deprecated.md

@@ -0,0 +1,38 @@
+# Deprecated Cloud-Config Features
+
+## Retrieving SSH Authorized Keys
+
+### From a GitHub User
+
+Using the `coreos-ssh-import-github` field, we can import public SSH keys from a GitHub user to use as authorized keys to a server.
+
+```yaml
+#cloud-config
+
+users:
+  - name: elroy
+    coreos-ssh-import-github: elroy
+```
+
+### From an HTTP Endpoint
+
+We can also pull public SSH keys from any HTTP endpoint which matches [GitHub's API response format](https://developer.github.com/v3/users/keys/#list-public-keys-for-a-user).
+For example, if you have an installation of GitHub Enterprise, you can provide a complete URL with an authentication token:
+
+```yaml
+#cloud-config
+
+users:
+  - name: elroy
+    coreos-ssh-import-url: https://github-enterprise.example.com/api/v3/users/elroy/keys?access_token=<TOKEN>
+```
+
+You can also specify any URL whose response matches the JSON format for public keys:
+
+```yaml
+#cloud-config
+
+users:
+  - name: elroy
+    coreos-ssh-import-url: https://example.com/public-keys
+```

config/cloudinit/Documentation/cloud-config-locations.md

@@ -0,0 +1,26 @@
+# Cloud-Config Locations
+
+On every boot, coreos-cloudinit looks for a config file to configure your host. Here is a list of locations which are used by the Cloud-Config utility, depending on your CoreOS platform:
+
+| Location | Description |
+| --- | --- |
+| `/media/configvirtfs/openstack/latest/user_data` | `/media/configvirtfs` mount point with [config-2](/os/docs/latest/config-drive.html#contents-and-format) label. It should contain a `openstack/latest/user_data` relative path. Usually used by cloud providers or in VM installations. |
+| `/media/configdrive/openstack/latest/user_data` | FAT or ISO9660 filesystem with [config-2](/os/docs/latest/config-drive.html#qemu-virtfs) label and `/media/configdrive/` mount point. It should also contain a `openstack/latest/user_data` relative path. Usually used in installations which are configured by USB Flash sticks or CDROM media. |
+| Kernel command line: `cloud-config-url=http://example.com/user_data`. | You can find this string using this command `cat /proc/cmdline`. Usually used in [PXE](/os/docs/latest/booting-with-pxe.html) or [iPXE](/os/docs/latest/booting-with-ipxe.html) boots. |
+| `/var/lib/coreos-install/user_data` | When you install CoreOS manually using the [coreos-install](/os/docs/latest/installing-to-disk.html) tool. Usually used in bare metal installations. |
+| `/usr/share/oem/cloud-config.yml` | Path for OEM images. |
+| `/var/lib/coreos-vagrant/vagrantfile-user-data`| Vagrant OEM scripts automatically store Cloud-Config into this path. |
+| `/var/lib/waagent/CustomData`| Azure platform uses OEM path for first Cloud-Config initialization and then `/var/lib/waagent/CustomData` to apply your settings. |
+| `http://169.254.169.254/metadata/v1/user-data` `http://169.254.169.254/2009-04-04/user-data` `https://metadata.packet.net/userdata`|DigitalOcean, EC2 and Packet cloud providers correspondingly use these URLs to download Cloud-Config.|
+| `/usr/share/oem/bin/vmtoolsd --cmd "info-get guestinfo.coreos.config.data"` | Cloud-Config provided by [VMware Guestinfo][VMware Guestinfo] |
+| `/usr/share/oem/bin/vmtoolsd --cmd "info-get guestinfo.coreos.config.url"` | Cloud-Config URL provided by [VMware Guestinfo][VMware Guestinfo] |
+
+[VMware Guestinfo]: vmware-guestinfo.md
+
+You can also run the `coreos-cloudinit` tool manually and provide a path to your custom Cloud-Config file:
+
+```sh
+sudo coreos-cloudinit --from-file=/home/core/cloud-config.yaml
+```
+
+This command will apply your custom cloud-config.

config/cloudinit/Documentation/cloud-config-oem.md

@@ -0,0 +1,37 @@
+## OEM configuration
+
+The `coreos.oem.*` parameters follow the [os-release spec][os-release], but have been repurposed as a way for coreos-cloudinit to know about the OEM partition on this machine. Customizing this section is only needed when generating a new OEM of CoreOS from the SDK. The fields include:
+
+- **id**: Lowercase string identifying the OEM
+- **name**: Human-friendly string representing the OEM
+- **version-id**: Lowercase string identifying the version of the OEM
+- **home-url**: Link to the homepage of the provider or OEM
+- **bug-report-url**: Link to a place to file bug reports about this OEM
+
+coreos-cloudinit renders these fields to `/etc/oem-release`.
+If no **id** field is provided, coreos-cloudinit will ignore this section.
+
+For example, the following cloud-config document...
+
+```yaml
+#cloud-config
+coreos:
+  oem:
+    id: "rackspace"
+    name: "Rackspace Cloud Servers"
+    version-id: "168.0.0"
+    home-url: "https://www.rackspace.com/cloud/servers/"
+    bug-report-url: "https://github.com/coreos/coreos-overlay"
+```
+
+...would be rendered to the following `/etc/oem-release`:
+
+```yaml
+ID=rackspace
+NAME="Rackspace Cloud Servers"
+VERSION_ID=168.0.0
+HOME_URL="https://www.rackspace.com/cloud/servers/"
+BUG_REPORT_URL="https://github.com/coreos/coreos-overlay"
+```
+
+[os-release]: http://www.freedesktop.org/software/systemd/man/os-release.html

config/cloudinit/Documentation/cloud-config.md

@@ -0,0 +1,485 @@
+# Using Cloud-Config
+
+CoreOS allows you to declaratively customize various OS-level items, such as network configuration, user accounts, and systemd units. This document describes the full list of items we can configure. The `coreos-cloudinit` program uses these files as it configures the OS after startup or during runtime.
+
+Your cloud-config is processed during each boot. Invalid cloud-config won't be processed but will be logged in the journal. You can validate your cloud-config with the [CoreOS online validator](https://coreos.com/validate/) or by running `coreos-cloudinit -validate`.  In addition to these two validation methods you can debug `coreos-cloudinit` system output through the `journalctl` tool:
+
+```sh
+journalctl --identifier=coreos-cloudinit
+```
+
+It will show `coreos-cloudinit` run output which was triggered by system boot.
+
+## Configuration File
+
+The file used by this system initialization program is called a "cloud-config" file. It is inspired by the [cloud-init][cloud-init] project's [cloud-config][cloud-config] file, which is "the defacto multi-distribution package that handles early initialization of a cloud instance" ([cloud-init docs][cloud-init-docs]). Because the cloud-init project includes tools which aren't used by CoreOS, only the relevant subset of its configuration items will be implemented in our cloud-config file. In addition to those, we added a few CoreOS-specific items, such as etcd configuration, OEM definition, and systemd units.
+
+We've designed our implementation to allow the same cloud-config file to work across all of our supported platforms.
+
+[cloud-init]: https://launchpad.net/cloud-init
+[cloud-init-docs]: http://cloudinit.readthedocs.org/en/latest/index.html
+[cloud-config]: http://cloudinit.readthedocs.org/en/latest/topics/format.html#cloud-config-data
+
+### File Format
+
+The cloud-config file uses the [YAML][yaml] file format, which uses whitespace and new-lines to delimit lists, associative arrays, and values.
+
+A cloud-config file must contain a header: either `#cloud-config` for processing as cloud-config (suggested) or `#!` for processing as a shell script (advanced). If cloud-config has the `#cloud-config` header, it should followed by an associative array which has zero or more of the following keys:
+
+- `coreos`
+- `ssh_authorized_keys`
+- `hostname`
+- `users`
+- `write_files`
+- `manage_etc_hosts`
+
+The expected values for these keys are defined in the rest of this document.
+
+If cloud-config header starts on `#!` then coreos-cloudinit will recognize it as shell script which is interpreted by bash and run it as transient systemd service.
+
+[yaml]: https://en.wikipedia.org/wiki/YAML
+
+### Providing Cloud-Config with Config-Drive
+
+CoreOS tries to conform to each platform's native method to provide user data. Each cloud provider tends to be unique, but this complexity has been abstracted by CoreOS. You can view each platform's instructions on their documentation pages. The most universal way to provide cloud-config is [via config-drive](https://github.com/rancher/os/config/cloudinit/blob/master/Documentation/config-drive.md), which attaches a read-only device to the machine, that contains your cloud-config file.
+
+## Configuration Parameters
+
+### coreos
+
+#### etcd (deprecated. see etcd2)
+
+The `coreos.etcd.*` parameters will be translated to a partial systemd unit acting as an etcd configuration file.
+If the platform environment supports the templating feature of coreos-cloudinit it is possible to automate etcd configuration with the `$private_ipv4` and `$public_ipv4` fields. For example, the following cloud-config document...
+
+```yaml
+#cloud-config
+
+coreos:
+  etcd:
+    name: "node001"
+    # generate a new token for each unique cluster from https://discovery.etcd.io/new
+    discovery: "https://discovery.etcd.io/<token>"
+    # multi-region and multi-cloud deployments need to use $public_ipv4
+    addr: "$public_ipv4:4001"
+    peer-addr: "$private_ipv4:7001"
+```
+
+...will generate a systemd unit drop-in for etcd.service with the following contents:
+
+```yaml
+[Service]
+Environment="ETCD_NAME=node001"
+Environment="ETCD_DISCOVERY=https://discovery.etcd.io/<token>"
+Environment="ETCD_ADDR=203.0.113.29:4001"
+Environment="ETCD_PEER_ADDR=192.0.2.13:7001"
+```
+
+For more information about the available configuration parameters, see the [etcd documentation][etcd-config].
+
+_Note: The `$private_ipv4` and `$public_ipv4` substitution variables referenced in other documents are only supported on Amazon EC2, Google Compute Engine, OpenStack, Rackspace, DigitalOcean, and Vagrant._
+
+[etcd-config]: https://github.com/coreos/etcd/blob/release-0.4/Documentation/configuration.md
+
+#### etcd2
+
+The `coreos.etcd2.*` parameters will be translated to a partial systemd unit acting as an etcd configuration file.
+If the platform environment supports the templating feature of coreos-cloudinit it is possible to automate etcd configuration with the `$private_ipv4` and `$public_ipv4` fields. When generating a [discovery token](https://discovery.etcd.io/new?size=3), set the `size` parameter, since etcd uses this to determine if all members have joined the cluster. After the cluster is bootstrapped, it can grow or shrink from this configured size.
+
+For example, the following cloud-config document...
+
+```yaml
+#cloud-config
+
+coreos:
+  etcd2:
+    # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
+    discovery: "https://discovery.etcd.io/<token>"
+    # multi-region and multi-cloud deployments need to use $public_ipv4
+    advertise-client-urls: "http://$public_ipv4:2379"
+    initial-advertise-peer-urls: "http://$private_ipv4:2380"
+    # listen on both the official ports and the legacy ports
+    # legacy ports can be omitted if your application doesn't depend on them
+    listen-client-urls: "http://0.0.0.0:2379,http://0.0.0.0:4001"
+    listen-peer-urls: "http://$private_ipv4:2380,http://$private_ipv4:7001"
+```
+
+...will generate a systemd unit drop-in for etcd2.service with the following contents:
+
+```yaml
+[Service]
+Environment="ETCD_DISCOVERY=https://discovery.etcd.io/<token>"
+Environment="ETCD_ADVERTISE_CLIENT_URLS=http://203.0.113.29:2379"
+Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=http://192.0.2.13:2380"
+Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379,http://0.0.0.0:4001"
+Environment="ETCD_LISTEN_PEER_URLS=http://192.0.2.13:2380,http://192.0.2.13:7001"
+```
+
+For more information about the available configuration parameters, see the [etcd2 documentation][etcd2-config].
+
+_Note: The `$private_ipv4` and `$public_ipv4` substitution variables referenced in other documents are only supported on Amazon EC2, Google Compute Engine, OpenStack, Rackspace, DigitalOcean, and Vagrant._
+
+[etcd2-config]: https://github.com/coreos/etcd/blob/v2.3.2/Documentation/configuration.md
+
+#### fleet
+
+The `coreos.fleet.*` parameters work very similarly to `coreos.etcd2.*`, and allow for the configuration of fleet through environment variables. For example, the following cloud-config document...
+
+```yaml
+#cloud-config
+
+coreos:
+  fleet:
+      public-ip: "$public_ipv4"
+      metadata: "region=us-west"
+```
+
+...will generate a systemd unit drop-in like this:
+
+```yaml
+[Service]
+Environment="FLEET_PUBLIC_IP=203.0.113.29"
+Environment="FLEET_METADATA=region=us-west"
+```
+
+List of fleet configuration parameters:
+
+- **agent_ttl**: An Agent will be considered dead if it exceeds this amount of time to communicate with the Registry
+- **engine_reconcile_interval**: Interval in seconds at which the engine should reconcile the cluster schedule in etcd
+- **etcd_cafile**: Path to CA file used for TLS communication with etcd
+- **etcd_certfile**: Provide TLS configuration when SSL certificate authentication is enabled in etcd endpoints
+- **etcd_keyfile**: Path to private key file used for TLS communication with etcd
+- **etcd_key_prefix**: etcd prefix path to be used for fleet keys
+- **etcd_request_timeout**: Amount of time in seconds to allow a single etcd request before considering it failed
+- **etcd_servers**: Comma separated list of etcd endpoints
+- **etcd_username**: Username for Basic Authentication to etcd endpoints
+- **etcd_password**: Password for Basic Authentication to etcd endpoints
+- **metadata**: Comma separated key/value pairs that are published with the local to the fleet registry
+- **public_ip**: IP accessible by other nodes for inter-host communication
+- **verbosity**: Enable debug logging by setting this to an integer value greater than zero
+
+For more information on fleet configuration, see the [fleet documentation][fleet-config].
+
+[fleet-config]: https://github.com/coreos/fleet/blob/master/Documentation/deployment-and-configuration.md#configuration
+
+#### flannel
+
+The `coreos.flannel.*` parameters also work very similarly to `coreos.etcd2.*`
+and `coreos.fleet.*`. They can be used to set environment variables for
+flanneld. For example, the following cloud-config...
+
+```yaml
+#cloud-config
+
+coreos:
+  flannel:
+      etcd_prefix: "/coreos.com/network2"
+```
+
+...will generate a systemd unit drop-in like so:
+
+```
+[Service]
+Environment="FLANNELD_ETCD_PREFIX=/coreos.com/network2"
+```
+
+List of flannel configuration parameters:
+
+- **etcd_endpoints**: Comma separated list of etcd endpoints
+- **etcd_cafile**: Path to CA file used for TLS communication with etcd
+- **etcd_certfile**: Path to certificate file used for TLS communication with etcd
+- **etcd_keyfile**: Path to private key file used for TLS communication with etcd
+- **etcd_prefix**: etcd prefix path to be used for flannel keys
+- **etcd_username**: Username for Basic Authentication to etcd endpoints
+- **etcd_password**: Password for Basic Authentication to etcd endpoints
+- **ip_masq**: Install IP masquerade rules for traffic outside of flannel subnet
+- **subnet_file**: Path to flannel subnet file to write out
+- **interface**: Interface (name or IP) that should be used for inter-host communication
+- **public_ip**: IP accessible by other nodes for inter-host communication
+
+For more information on flannel configuration, see the [flannel documentation][flannel-readme].
+
+[flannel-readme]: https://github.com/coreos/flannel/blob/master/README.md
+
+#### locksmith
+
+The `coreos.locksmith.*` parameters can be used to set environment variables
+for locksmith. For example, the following cloud-config...
+
+```yaml
+#cloud-config
+
+coreos:
+  locksmith:
+      endpoint: "http://example.com:2379"
+```
+
+...will generate a systemd unit drop-in like so:
+
+```
+[Service]
+Environment="LOCKSMITHD_ENDPOINT=http://example.com:2379"
+```
+
+List of locksmith configuration parameters:
+
+- **endpoint**: Comma separated list of etcd endpoints
+- **etcd_cafile**: Path to CA file used for TLS communication with etcd
+- **etcd_certfile**: Path to certificate file used for TLS communication with etcd
+- **etcd_keyfile**: Path to private key file used for TLS communication with etcd
+- **group**: Name of the reboot group in which this instance belongs
+- **window_start**: Start time of the reboot window
+- **window_length**: Duration of the reboot window
+- **etcd_username**: Username for Basic Authentication to etcd endpoints
+- **etcd_password**: Password for Basic Authentication to etcd endpoints
+
+For the complete list of locksmith configuration parameters, see the [locksmith documentation][locksmith-readme].
+
+[locksmith-readme]: https://github.com/coreos/locksmith/blob/master/README.md
+
+#### update
+
+The `coreos.update.*` parameters manipulate settings related to how CoreOS instances are updated.
+
+These fields will be written out to and replace `/etc/coreos/update.conf`. If only one of the parameters is given it will only overwrite the given field.
+The `reboot-strategy` parameter also affects the behaviour of [locksmith](https://github.com/coreos/locksmith).
+
+- **reboot-strategy**: One of "reboot", "etcd-lock", "best-effort" or "off" for controlling when reboots are issued after an update is performed.
+  - _reboot_: Reboot immediately after an update is applied.
+  - _etcd-lock_: Reboot after first taking a distributed lock in etcd, this guarantees that only one host will reboot concurrently and that the cluster will remain available during the update.
+  - _best-effort_ - If etcd is running, "etcd-lock", otherwise simply "reboot".
+  - _off_ - Disable rebooting after updates are applied (not recommended).
+- **server**: The location of the [CoreUpdate][coreupdate] server which will be queried for updates. Also known as the [omaha][omaha-docs] server endpoint.
+- **group**:  signifies the channel which should be used for automatic updates.  This value defaults to the version of the image initially downloaded. (one of "master", "alpha", "beta", "stable")
+
+[coreupdate]: https://coreos.com/products/coreupdate
+[omaha-docs]: https://coreos.com/docs/coreupdate/custom-apps/coreupdate-protocol/
+
+*Note: cloudinit will only manipulate the locksmith unit file in the systemd runtime directory (`/run/systemd/system/locksmithd.service`). If any manual modifications are made to an overriding unit configuration file (e.g. `/etc/systemd/system/locksmithd.service`), cloudinit will no longer be able to control the locksmith service unit.*
+
+##### Example
+
+```yaml
+#cloud-config
+coreos:
+  update:
+    reboot-strategy: "etcd-lock"
+```
+
+#### units
+
+The `coreos.units.*` parameters define a list of arbitrary systemd units to start after booting. This feature is intended to help you start essential services required to mount storage and configure networking in order to join the CoreOS cluster. It is not intended to be a Chef/Puppet replacement.
+
+Each item is an object with the following fields:
+
+- **name**: String representing unit's name. Required.
+- **runtime**: Boolean indicating whether or not to persist the unit across reboots. This is analogous to the `--runtime` argument to `systemctl enable`. The default value is false.
+- **enable**: Boolean indicating whether or not to handle the [Install] section of the unit file. This is similar to running `systemctl enable <name>`. The default value is false.
+- **content**: Plaintext string representing entire unit file. If no value is provided, the unit is assumed to exist already.
+- **command**: Command to execute on unit: start, stop, reload, restart, try-restart, reload-or-restart, reload-or-try-restart. The default behavior is to not execute any commands.
+- **mask**: Whether to mask the unit file by symlinking it to `/dev/null` (analogous to `systemctl mask <name>`). Note that unlike `systemctl mask`, **this will destructively remove any existing unit file** located at `/etc/systemd/system/<unit>`, to ensure that the mask succeeds. The default value is false.
+- **drop-ins**: A list of unit drop-ins with the following fields:
+  - **name**: String representing unit's name. Required.
+  - **content**: Plaintext string representing entire file. Required.
+
+
+**NOTE:** The command field is ignored for all network, netdev, and link units. The systemd-networkd.service unit will be restarted in their place.
+
+##### Examples
+
+Write a unit to disk, automatically starting it.
+
+```yaml
+#cloud-config
+
+coreos:
+  units:
+    - name: "docker-redis.service"
+      command: "start"
+      content: |
+        [Unit]
+        Description=Redis container
+        Author=Me
+        After=docker.service
+
+        [Service]
+        Restart=always
+        ExecStart=/usr/bin/docker start -a redis_server
+        ExecStop=/usr/bin/docker stop -t 2 redis_server
+```
+
+Add the DOCKER_OPTS environment variable to docker.service.
+
+```yaml
+#cloud-config
+
+coreos:
+  units:
+    - name: "docker.service"
+      drop-ins:
+        - name: "50-insecure-registry.conf"
+          content: |
+            [Service]
+            Environment=DOCKER_OPTS='--insecure-registry="10.0.1.0/24"'
+```
+
+Start the built-in `etcd2` and `fleet` services:
+
+```yaml
+#cloud-config
+
+coreos:
+  units:
+    - name: "etcd2.service"
+      command: "start"
+    - name: "fleet.service"
+      command: "start"
+```
+
+### ssh_authorized_keys
+
+The `ssh_authorized_keys` parameter adds public SSH keys which will be authorized for the `core` user.
+
+The keys will be named "coreos-cloudinit" by default.
+Override this by using the `--ssh-key-name` flag when calling `coreos-cloudinit`.
+
+```yaml
+#cloud-config
+
+ssh_authorized_keys:
+  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0g+ZTxC7weoIJLUafOgrm+h..."
+```
+
+### hostname
+
+The `hostname` parameter defines the system's hostname.
+This is the local part of a fully-qualified domain name (i.e. `foo` in `foo.example.com`).
+
+```yaml
+#cloud-config
+
+hostname: "coreos1"
+```
+
+### users
+
+The `users` parameter adds or modifies the specified list of users. Each user is an object which consists of the following fields. Each field is optional and of type string unless otherwise noted.
+All but the `passwd` and `ssh-authorized-keys` fields will be ignored if the user already exists.
+
+- **name**: Required. Login name of user
+- **gecos**: GECOS comment of user
+- **passwd**: Hash of the password to use for this user
+- **homedir**: User's home directory. Defaults to /home/\<name\>
+- **no-create-home**: Boolean. Skip home directory creation.
+- **primary-group**: Default group for the user. Defaults to a new group created named after the user.
+- **groups**: Add user to these additional groups
+- **no-user-group**: Boolean. Skip default group creation.
+- **ssh-authorized-keys**: List of public SSH keys to authorize for this user
+- **coreos-ssh-import-github** [DEPRECATED]: Authorize SSH keys from GitHub user
+- **coreos-ssh-import-github-users** [DEPRECATED]: Authorize SSH keys from a list of GitHub users
+- **coreos-ssh-import-url** [DEPRECATED]: Authorize SSH keys imported from a url endpoint.
+- **system**: Create the user as a system user. No home directory will be created.
+- **no-log-init**: Boolean. Skip initialization of lastlog and faillog databases.
+- **shell**: User's login shell.
+
+The following fields are not yet implemented:
+
+- **inactive**: Deactivate the user upon creation
+- **lock-passwd**: Boolean. Disable password login for user
+- **sudo**: Entry to add to /etc/sudoers for user. By default, no sudo access is authorized.
+- **selinux-user**: Corresponding SELinux user
+- **ssh-import-id**: Import SSH keys by ID from Launchpad.
+
+```yaml
+#cloud-config
+
+users:
+  - name: "elroy"
+    passwd: "$6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5yYv6mTlWfOoCYHZmfi3LDKVltj.E8XNKEcwWm..."
+    groups:
+      - "sudo"
+      - "docker"
+    ssh-authorized-keys:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0g+ZTxC7weoIJLUafOgrm+h..."
+```
+
+#### Generating a password hash
+
+If you choose to use a password instead of an SSH key, generating a safe hash is extremely important to the security of your system. Simplified hashes like md5crypt are trivial to crack on modern GPU hardware. Here are a few ways to generate secure hashes:
+
+```
+# On Debian/Ubuntu (via the package "whois")
+mkpasswd --method=SHA-512 --rounds=4096
+
+# OpenSSL (note: this will only make md5crypt.  While better than plantext it should not be considered fully secure)
+openssl passwd -1
+
+# Python (change password and salt values)
+python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$6\$SALT\$')"
+
+# Perl (change password and salt values)
+perl -e 'print crypt("password","\$6\$SALT\$") . "\n"'
+```
+
+Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed.  On most RPM based distributions there is a tool called mkpasswd available in the `expect` package, but this does not handle "rounds" nor advanced hashing algorithms.
+
+### write_files
+
+The `write_files` directive defines a set of files to create on the local filesystem.
+Each item in the list may have the following keys:
+
+- **path**: Absolute location on disk where contents should be written
+- **content**: Data to write at the provided `path`
+- **permissions**: Integer representing file permissions, typically in octal notation (i.e. 0644)
+- **owner**: User and group that should own the file written to disk. This is equivalent to the `<user>:<group>` argument to `chown <user>:<group> <path>`.
+- **encoding**: Optional. The encoding of the data in content. If not specified this defaults to the yaml document encoding (usually utf-8). Supported encoding types are:
+    - **b64, base64**: Base64 encoded content
+    - **gz, gzip**: gzip encoded content, for use with the !!binary tag
+    - **gz+b64, gz+base64, gzip+b64, gzip+base64**: Base64 encoded gzip content
+
+
+```yaml
+#cloud-config
+write_files:
+  - path: "/etc/resolv.conf"
+    permissions: "0644"
+    owner: "root"
+    content: |
+      nameserver 8.8.8.8
+  - path: "/etc/motd"
+    permissions: "0644"
+    owner: "root"
+    content: |
+      Good news, everyone!
+  - path: "/tmp/like_this"
+    permissions: "0644"
+    owner: "root"
+    encoding: "gzip"
+    content: !!binary |
+      H4sIAKgdh1QAAwtITM5WyK1USMqvUCjPLMlQSMssS1VIya9KzVPIySwszS9SyCpNLwYARQFQ5CcAAAA=
+  - path: "/tmp/or_like_this"
+    permissions: "0644"
+    owner: "root"
+    encoding: "gzip+base64"
+    content: |
+      H4sIAKgdh1QAAwtITM5WyK1USMqvUCjPLMlQSMssS1VIya9KzVPIySwszS9SyCpNLwYARQFQ5CcAAAA=
+  - path: "/tmp/todolist"
+    permissions: "0644"
+    owner: "root"
+    encoding: "base64"
+    content: |
+      UGFjayBteSBib3ggd2l0aCBmaXZlIGRvemVuIGxpcXVvciBqdWdz
+```
+
+### manage_etc_hosts
+
+The `manage_etc_hosts` parameter configures the contents of the `/etc/hosts` file, which is used for local name resolution.
+Currently, the only supported value is "localhost" which will cause your system's hostname
+to resolve to "127.0.0.1".  This is helpful when the host does not have DNS
+infrastructure in place to resolve its own hostname, for example, when using Vagrant.
+
+```yaml
+#cloud-config
+
+manage_etc_hosts: "localhost"
+```

config/cloudinit/Documentation/config-drive.md

@@ -0,0 +1,40 @@
+# Distribution via Config Drive
+
+CoreOS supports providing configuration data via [config drive][config-drive]
+disk images. Currently only providing a single script or cloud config file is
+supported.
+
+[config-drive]: http://docs.openstack.org/user-guide/cli_config_drive.html
+
+## Contents and Format
+
+The image should be a single FAT or ISO9660 file system with the label
+`config-2` and the configuration data should be located at
+`openstack/latest/user_data`.
+
+For example, to wrap up a config named `user_data` in a config drive image:
+
+```sh
+mkdir -p /tmp/new-drive/openstack/latest
+cp user_data /tmp/new-drive/openstack/latest/user_data
+mkisofs -R -V config-2 -o configdrive.iso /tmp/new-drive
+rm -r /tmp/new-drive
+```
+
+If on OS X, replace the `mkisofs` invocation with:
+
+```sh
+hdiutil makehybrid -iso -joliet -default-volume-name config-2 -o configdrive.iso /tmp/new-drive
+```
+
+## QEMU virtfs
+
+One exception to the above, when using QEMU it is possible to skip creating an
+image and use a plain directory containing the same contents:
+
+```sh
+qemu-system-x86_64 \
+    -fsdev local,id=conf,security_model=none,readonly,path=/tmp/new-drive \
+    -device virtio-9p-pci,fsdev=conf,mount_tag=config-2 \
+    [usual qemu options here...]
+```

config/cloudinit/Documentation/debian-interfaces.md

@@ -0,0 +1,27 @@
+#Debian Interfaces#
+**WARNING**: This option is EXPERIMENTAL and may change or be removed at any
+point.  
+There is basic support for converting from a Debian network configuration to
+networkd unit files. The -convert-netconf=debian option is used to activate
+this feature.
+
+#convert-netconf#
+Default: ""  
+Read the network config provided in cloud-drive and translate it from the
+specified format into networkd unit files (requires the -from-configdrive
+flag). Currently only supports "debian" which provides support for a small
+subset of the [Debian network configuration]
+(https://wiki.debian.org/NetworkConfiguration). These options include:
+
+- interface config methods
+	- static
+		- address/netmask
+		- gateway
+		- hwaddress
+		- dns-nameservers
+	- dhcp
+		- hwaddress
+	- manual
+	- loopback
+- vlan_raw_device
+- bond-slaves

config/cloudinit/Documentation/vmware-guestinfo.md

@@ -0,0 +1,36 @@
+# VMWare Guestinfo Interface
+
+## Cloud-Config VMWare Guestinfo Variables
+
+coreos-cloudinit accepts configuration from the VMware RPC API's *guestinfo*
+facility. This datasource can be enabled with the `--from-vmware-guestinfo`
+flag to coreos-cloudinit.
+
+The following guestinfo variables are recognized and processed by cloudinit
+when passed from the hypervisor to the virtual machine at boot time. Note that
+property names are prefixed with `guestinfo.` in the VMX, e.g., `guestinfo.hostname`.
+
+|            guestinfo variable             |              type               |
+|:--------------------------------------|:--------------------------------|
+| `hostname`                            | `hostname`                      |
+| `interface.<n>.name`                  | `string`                        |
+| `interface.<n>.mac`                   | `MAC address`                   |
+| `interface.<n>.dhcp`                  | `{"yes", "no"}`                 |
+| `interface.<n>.role`                  | `{"public", "private"}`         |
+| `interface.<n>.ip.<m>.address`        | `CIDR IP address`               |
+| `interface.<n>.route.<l>.gateway`     | `IP address`                    |
+| `interface.<n>.route.<l>.destination` | `CIDR IP address`               |
+| `dns.server.<x>`                      | `IP address`                    |
+| `dns.domain.<y>`                      | `DNS search domain`             |
+| `coreos.config.data`                  | `string`                        |
+| `coreos.config.data.encoding`         | `{"", "base64", "gzip+base64"}` |
+| `coreos.config.url`                   | `URL`                           |
+
+Note: "n", "m", "l", "x" and "y" are 0-indexed, incrementing integers. The
+identifier for an `interface` does not correspond to anything outside of this
+configuration; it serves only to distinguish between multiple `interface`s.
+
+The guide to [booting on VMWare][bootvmware] is the starting point for more
+information about configuring and running CoreOS on VMWare.
+
+[bootvmware]: https://github.com/coreos/docs/blob/master/os/booting-on-vmware.md

config/cloudinit/README.md

@@ -1,3 +1,7 @@
+**NOTE**: This project has been superseded by [Ignition][ignition] and is no longer under active development. Please direct all development efforts to Ignition.
+
+[ignition]: https://github.com/coreos/ignition
+
 # coreos-cloudinit [![Build Status](https://travis-ci.org/coreos/coreos-cloudinit.png?branch=master)](https://travis-ci.org/coreos/coreos-cloudinit)
 
 coreos-cloudinit enables a user to customize CoreOS machines by providing either a cloud-config document or an executable script through user-data.
@@ -9,8 +13,8 @@ Additionally, several [CoreOS-specific options][custom-cloud-config] have been i
 All supported cloud-config parameters are [documented here][all-cloud-config]. 
 
 [official-cloud-config]: http://cloudinit.readthedocs.org/en/latest/topics/format.html#cloud-config-data
-[custom-cloud-config]: https://github.com/coreos/coreos-cloudinit/blob/master/Documentation/cloud-config.md#coreos-parameters
-[all-cloud-config]: https://github.com/coreos/coreos-cloudinit/tree/master/Documentation/cloud-config.md
+[custom-cloud-config]: https://github.com/rancher/os/config/cloudinit/blob/master/Documentation/cloud-config.md#coreos-parameters
+[all-cloud-config]: https://github.com/rancher/os/config/cloudinit/tree/master/Documentation/cloud-config.md
 
 The following is an example cloud-config document:
 

config/cloudinit/build

@@ -4,7 +4,7 @@ NAME="coreos-cloudinit"
 ORG_PATH="github.com/coreos"
 REPO_PATH="${ORG_PATH}/${NAME}"
 VERSION=$(git describe --dirty --tags)
-GLDFLAGS="-X main.version \"${VERSION}\""
+GLDFLAGS="-X main.version=\"${VERSION}\""
 
 if [ ! -h gopath/src/${REPO_PATH} ]; then
 	mkdir -p gopath/src/${ORG_PATH}

config/cloudinit/config/config_test.go

@@ -0,0 +1,547 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"reflect"
+	"regexp"
+	"strings"
+	"testing"
+)
+
+func TestNewCloudConfig(t *testing.T) {
+	tests := []struct {
+		contents string
+
+		config CloudConfig
+	}{
+		{},
+		{
+			contents: "#cloud-config\nwrite_files:\n  - path: underscore",
+			config:   CloudConfig{WriteFiles: []File{{Path: "underscore"}}},
+		},
+		{
+			contents: "#cloud-config\nwrite-files:\n  - path: hyphen",
+			config:   CloudConfig{WriteFiles: []File{{Path: "hyphen"}}},
+		},
+		{
+			contents: "#cloud-config\ncoreos:\n  update:\n    reboot-strategy: off",
+			config:   CloudConfig{CoreOS: CoreOS{Update: Update{RebootStrategy: "off"}}},
+		},
+		{
+			contents: "#cloud-config\ncoreos:\n  update:\n    reboot-strategy: false",
+			config:   CloudConfig{CoreOS: CoreOS{Update: Update{RebootStrategy: "false"}}},
+		},
+		{
+			contents: "#cloud-config\nwrite_files:\n  - permissions: 0744",
+			config:   CloudConfig{WriteFiles: []File{{RawFilePermissions: "0744"}}},
+		},
+		{
+			contents: "#cloud-config\nwrite_files:\n  - permissions: 744",
+			config:   CloudConfig{WriteFiles: []File{{RawFilePermissions: "744"}}},
+		},
+		{
+			contents: "#cloud-config\nwrite_files:\n  - permissions: '0744'",
+			config:   CloudConfig{WriteFiles: []File{{RawFilePermissions: "0744"}}},
+		},
+		{
+			contents: "#cloud-config\nwrite_files:\n  - permissions: '744'",
+			config:   CloudConfig{WriteFiles: []File{{RawFilePermissions: "744"}}},
+		},
+	}
+
+	for i, tt := range tests {
+		config, err := NewCloudConfig(tt.contents)
+		if err != nil {
+			t.Errorf("bad error (test case #%d): want %v, got %s", i, nil, err)
+		}
+		if !reflect.DeepEqual(&tt.config, config) {
+			t.Errorf("bad config (test case #%d): want %#v, got %#v", i, tt.config, config)
+		}
+	}
+}
+
+func TestNewCloudConfigDecode(t *testing.T) {
+	// //all of these decode to "bar"
+	contentTests := map[string]string{
+		"base64": "YmFy",
+		"b64":    "YmFy",
+		// theoretically gz+gzip are supported but they break yaml
+		// "gz":          "\x1f\x8b\x08\x08w\x14\x87T\x02\xffok\x00KJ,\x02\x00\xaa\x8c\xffv\x03\x00\x00\x00",
+		// "gzip":        "\x1f\x8b\x08\x08w\x14\x87T\x02\xffok\x00KJ,\x02\x00\xaa\x8c\xffv\x03\x00\x00\x00",
+		"gz+base64":   "H4sIABMVh1QAA0tKLAIAqoz/dgMAAAA=",
+		"gzip+base64": "H4sIABMVh1QAA0tKLAIAqoz/dgMAAAA=",
+		"gz+b64":      "H4sIABMVh1QAA0tKLAIAqoz/dgMAAAA=",
+		"gzip+b64":    "H4sIABMVh1QAA0tKLAIAqoz/dgMAAAA=",
+	}
+
+	type testCase struct {
+		contents string
+		config   CloudConfig
+	}
+
+	var decodingTests []testCase
+	for name, content := range contentTests {
+		decodingTests = append(decodingTests, testCase{
+			contents: fmt.Sprintf("#cloud-config\nwrite_files:\n  - encoding: %q\n    content: |\n      %s", name, content),
+			config:   CloudConfig{WriteFiles: []File{{Content: "bar"}}},
+		})
+	}
+
+	for i, tt := range decodingTests {
+		config, err := NewCloudConfig(tt.contents)
+		if err != nil {
+			t.Errorf("bad error (test case #%d): want %v, got %s", i, nil, err)
+		}
+
+		if err := config.Decode(); err != nil {
+			t.Errorf("bad error (test case #%d): want %v, got %s", i, nil, err)
+		}
+
+		if !reflect.DeepEqual(&tt.config, config) {
+			t.Errorf("bad config (test case #%d): want %#v, got %#v", i, tt.config, config)
+		}
+	}
+
+}
+
+func TestIsZero(t *testing.T) {
+	tests := []struct {
+		c interface{}
+
+		empty bool
+	}{
+		{struct{}{}, true},
+		{struct{ a, b string }{}, true},
+		{struct{ A, b string }{}, true},
+		{struct{ A, B string }{}, true},
+		{struct{ A string }{A: "hello"}, false},
+		{struct{ A int }{}, true},
+		{struct{ A int }{A: 1}, false},
+	}
+
+	for _, tt := range tests {
+		if empty := IsZero(tt.c); tt.empty != empty {
+			t.Errorf("bad result (%q): want %t, got %t", tt.c, tt.empty, empty)
+		}
+	}
+}
+
+func TestAssertStructValid(t *testing.T) {
+	tests := []struct {
+		c interface{}
+
+		err error
+	}{
+		{struct{}{}, nil},
+		{struct {
+			A, b string `valid:"^1|2$"`
+		}{}, nil},
+		{struct {
+			A, b string `valid:"^1|2$"`
+		}{A: "1", b: "2"}, nil},
+		{struct {
+			A, b string `valid:"^1|2$"`
+		}{A: "1", b: "hello"}, nil},
+		{struct {
+			A, b string `valid:"^1|2$"`
+		}{A: "hello", b: "2"}, &ErrorValid{Value: "hello", Field: "A", Valid: "^1|2$"}},
+		{struct {
+			A, b int `valid:"^1|2$"`
+		}{}, nil},
+		{struct {
+			A, b int `valid:"^1|2$"`
+		}{A: 1, b: 2}, nil},
+		{struct {
+			A, b int `valid:"^1|2$"`
+		}{A: 1, b: 9}, nil},
+		{struct {
+			A, b int `valid:"^1|2$"`
+		}{A: 9, b: 2}, &ErrorValid{Value: "9", Field: "A", Valid: "^1|2$"}},
+	}
+
+	for _, tt := range tests {
+		if err := AssertStructValid(tt.c); !reflect.DeepEqual(tt.err, err) {
+			t.Errorf("bad result (%q): want %q, got %q", tt.c, tt.err, err)
+		}
+	}
+}
+
+func TestConfigCompile(t *testing.T) {
+	tests := []interface{}{
+		Etcd{},
+		File{},
+		Flannel{},
+		Fleet{},
+		Locksmith{},
+		OEM{},
+		Unit{},
+		Update{},
+	}
+
+	for _, tt := range tests {
+		ttt := reflect.TypeOf(tt)
+		for i := 0; i < ttt.NumField(); i++ {
+			ft := ttt.Field(i)
+			if !isFieldExported(ft) {
+				continue
+			}
+
+			if _, err := regexp.Compile(ft.Tag.Get("valid")); err != nil {
+				t.Errorf("bad regexp(%s.%s): want %v, got %s", ttt.Name(), ft.Name, nil, err)
+			}
+		}
+	}
+}
+
+func TestCloudConfigUnknownKeys(t *testing.T) {
+	contents := `
+coreos: 
+  etcd:
+    discovery: "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877"
+  coreos_unknown:
+    foo: "bar"
+section_unknown:
+  dunno:
+    something
+bare_unknown:
+  bar
+write_files:
+  - content: fun
+    path: /var/party
+    file_unknown: nofun
+users:
+  - name: fry
+    passwd: somehash
+    user_unknown: philip
+hostname:
+  foo
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("error instantiating CloudConfig with unknown keys: %v", err)
+	}
+	if cfg.Hostname != "foo" {
+		t.Fatalf("hostname not correctly set when invalid keys are present")
+	}
+	if cfg.CoreOS.Etcd.Discovery != "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877" {
+		t.Fatalf("etcd section not correctly set when invalid keys are present")
+	}
+	if len(cfg.WriteFiles) < 1 || cfg.WriteFiles[0].Content != "fun" || cfg.WriteFiles[0].Path != "/var/party" {
+		t.Fatalf("write_files section not correctly set when invalid keys are present")
+	}
+	if len(cfg.Users) < 1 || cfg.Users[0].Name != "fry" || cfg.Users[0].PasswordHash != "somehash" {
+		t.Fatalf("users section not correctly set when invalid keys are present")
+	}
+}
+
+// Assert that the parsing of a cloud config file "generally works"
+func TestCloudConfigEmpty(t *testing.T) {
+	cfg, err := NewCloudConfig("")
+	if err != nil {
+		t.Fatalf("Encountered unexpected error :%v", err)
+	}
+
+	keys := cfg.SSHAuthorizedKeys
+	if len(keys) != 0 {
+		t.Error("Parsed incorrect number of SSH keys")
+	}
+
+	if len(cfg.WriteFiles) != 0 {
+		t.Error("Expected zero WriteFiles")
+	}
+
+	if cfg.Hostname != "" {
+		t.Errorf("Expected hostname to be empty, got '%s'", cfg.Hostname)
+	}
+}
+
+// Assert that the parsing of a cloud config file "generally works"
+func TestCloudConfig(t *testing.T) {
+	contents := `
+coreos: 
+  etcd:
+    discovery: "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877"
+  update:
+    reboot_strategy: reboot
+  units:
+    - name: 50-eth0.network
+      runtime: yes
+      content: '[Match]
+ 
+    Name=eth47
+ 
+ 
+    [Network]
+ 
+    Address=10.209.171.177/19
+ 
+'
+  oem:
+    id: rackspace
+    name: Rackspace Cloud Servers
+    version_id: 168.0.0
+    home_url: https://www.rackspace.com/cloud/servers/
+    bug_report_url: https://github.com/coreos/coreos-overlay
+ssh_authorized_keys:
+  - foobar
+  - foobaz
+write_files:
+  - content: |
+      penny
+      elroy
+    path: /etc/dogepack.conf
+    permissions: '0644'
+    owner: root:dogepack
+hostname: trontastic
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error :%v", err)
+	}
+
+	keys := cfg.SSHAuthorizedKeys
+	if len(keys) != 2 {
+		t.Error("Parsed incorrect number of SSH keys")
+	} else if keys[0] != "foobar" {
+		t.Error("Expected first SSH key to be 'foobar'")
+	} else if keys[1] != "foobaz" {
+		t.Error("Expected first SSH key to be 'foobaz'")
+	}
+
+	if len(cfg.WriteFiles) != 1 {
+		t.Error("Failed to parse correct number of write_files")
+	} else {
+		wf := cfg.WriteFiles[0]
+		if wf.Content != "penny\nelroy\n" {
+			t.Errorf("WriteFile has incorrect contents '%s'", wf.Content)
+		}
+		if wf.Encoding != "" {
+			t.Errorf("WriteFile has incorrect encoding %s", wf.Encoding)
+		}
+		if wf.RawFilePermissions != "0644" {
+			t.Errorf("WriteFile has incorrect permissions %s", wf.RawFilePermissions)
+		}
+		if wf.Path != "/etc/dogepack.conf" {
+			t.Errorf("WriteFile has incorrect path %s", wf.Path)
+		}
+		if wf.Owner != "root:dogepack" {
+			t.Errorf("WriteFile has incorrect owner %s", wf.Owner)
+		}
+	}
+
+	if len(cfg.CoreOS.Units) != 1 {
+		t.Error("Failed to parse correct number of units")
+	} else {
+		u := cfg.CoreOS.Units[0]
+		expect := `[Match]
+Name=eth47
+
+[Network]
+Address=10.209.171.177/19
+`
+		if u.Content != expect {
+			t.Errorf("Unit has incorrect contents '%s'.\nExpected '%s'.", u.Content, expect)
+		}
+		if u.Runtime != true {
+			t.Errorf("Unit has incorrect runtime value")
+		}
+		if u.Name != "50-eth0.network" {
+			t.Errorf("Unit has incorrect name %s", u.Name)
+		}
+	}
+
+	if cfg.CoreOS.OEM.ID != "rackspace" {
+		t.Errorf("Failed parsing coreos.oem. Expected ID 'rackspace', got %q.", cfg.CoreOS.OEM.ID)
+	}
+
+	if cfg.Hostname != "trontastic" {
+		t.Errorf("Failed to parse hostname")
+	}
+	if cfg.CoreOS.Update.RebootStrategy != "reboot" {
+		t.Errorf("Failed to parse locksmith strategy")
+	}
+}
+
+// Assert that our interface conversion doesn't panic
+func TestCloudConfigKeysNotList(t *testing.T) {
+	contents := `
+ssh_authorized_keys:
+  - foo: bar
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	keys := cfg.SSHAuthorizedKeys
+	if len(keys) != 0 {
+		t.Error("Parsed incorrect number of SSH keys")
+	}
+}
+
+func TestCloudConfigSerializationHeader(t *testing.T) {
+	cfg, _ := NewCloudConfig("")
+	contents := cfg.String()
+	header := strings.SplitN(contents, "\n", 2)[0]
+	if header != "#cloud-config" {
+		t.Fatalf("Serialized config did not have expected header")
+	}
+}
+
+func TestCloudConfigUsers(t *testing.T) {
+	contents := `
+users:
+  - name: elroy
+    passwd: somehash
+    ssh_authorized_keys:
+      - somekey
+    gecos: arbitrary comment
+    homedir: /home/place
+    no_create_home: yes
+    primary_group: things
+    groups:
+      - ping
+      - pong
+    no_user_group: true
+    system: y
+    no_log_init: True
+    shell: /bin/sh
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	if len(cfg.Users) != 1 {
+		t.Fatalf("Parsed %d users, expected 1", len(cfg.Users))
+	}
+
+	user := cfg.Users[0]
+
+	if user.Name != "elroy" {
+		t.Errorf("User name is %q, expected 'elroy'", user.Name)
+	}
+
+	if user.PasswordHash != "somehash" {
+		t.Errorf("User passwd is %q, expected 'somehash'", user.PasswordHash)
+	}
+
+	if keys := user.SSHAuthorizedKeys; len(keys) != 1 {
+		t.Errorf("Parsed %d ssh keys, expected 1", len(keys))
+	} else {
+		key := user.SSHAuthorizedKeys[0]
+		if key != "somekey" {
+			t.Errorf("User SSH key is %q, expected 'somekey'", key)
+		}
+	}
+
+	if user.GECOS != "arbitrary comment" {
+		t.Errorf("Failed to parse gecos field, got %q", user.GECOS)
+	}
+
+	if user.Homedir != "/home/place" {
+		t.Errorf("Failed to parse homedir field, got %q", user.Homedir)
+	}
+
+	if !user.NoCreateHome {
+		t.Errorf("Failed to parse no_create_home field")
+	}
+
+	if user.PrimaryGroup != "things" {
+		t.Errorf("Failed to parse primary_group field, got %q", user.PrimaryGroup)
+	}
+
+	if len(user.Groups) != 2 {
+		t.Errorf("Failed to parse 2 goups, got %d", len(user.Groups))
+	} else {
+		if user.Groups[0] != "ping" {
+			t.Errorf("First group was %q, not expected value 'ping'", user.Groups[0])
+		}
+		if user.Groups[1] != "pong" {
+			t.Errorf("First group was %q, not expected value 'pong'", user.Groups[1])
+		}
+	}
+
+	if !user.NoUserGroup {
+		t.Errorf("Failed to parse no_user_group field")
+	}
+
+	if !user.System {
+		t.Errorf("Failed to parse system field")
+	}
+
+	if !user.NoLogInit {
+		t.Errorf("Failed to parse no_log_init field")
+	}
+
+	if user.Shell != "/bin/sh" {
+		t.Errorf("Failed to parse shell field, got %q", user.Shell)
+	}
+}
+
+func TestCloudConfigUsersGithubUser(t *testing.T) {
+
+	contents := `
+users:
+  - name: elroy
+    coreos_ssh_import_github: bcwaldon
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	if len(cfg.Users) != 1 {
+		t.Fatalf("Parsed %d users, expected 1", len(cfg.Users))
+	}
+
+	user := cfg.Users[0]
+
+	if user.Name != "elroy" {
+		t.Errorf("User name is %q, expected 'elroy'", user.Name)
+	}
+
+	if user.SSHImportGithubUser != "bcwaldon" {
+		t.Errorf("github user is %q, expected 'bcwaldon'", user.SSHImportGithubUser)
+	}
+}
+
+func TestCloudConfigUsersSSHImportURL(t *testing.T) {
+	contents := `
+users:
+  - name: elroy
+    coreos_ssh_import_url: https://token:x-auth-token@github.enterprise.com/api/v3/polvi/keys
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	if len(cfg.Users) != 1 {
+		t.Fatalf("Parsed %d users, expected 1", len(cfg.Users))
+	}
+
+	user := cfg.Users[0]
+
+	if user.Name != "elroy" {
+		t.Errorf("User name is %q, expected 'elroy'", user.Name)
+	}
+
+	if user.SSHImportURL != "https://token:x-auth-token@github.enterprise.com/api/v3/polvi/keys" {
+		t.Errorf("ssh import url is %q, expected 'https://token:x-auth-token@github.enterprise.com/api/v3/polvi/keys'", user.SSHImportURL)
+	}
+}

config/cloudinit/config/file_test.go

@@ -0,0 +1,69 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"testing"
+)
+
+func TestEncodingValid(t *testing.T) {
+	tests := []struct {
+		value string
+
+		isValid bool
+	}{
+		{value: "base64", isValid: true},
+		{value: "b64", isValid: true},
+		{value: "gz", isValid: true},
+		{value: "gzip", isValid: true},
+		{value: "gz+base64", isValid: true},
+		{value: "gzip+base64", isValid: true},
+		{value: "gz+b64", isValid: true},
+		{value: "gzip+b64", isValid: true},
+		{value: "gzzzzbase64", isValid: false},
+		{value: "gzipppbase64", isValid: false},
+		{value: "unknown", isValid: false},
+	}
+
+	for _, tt := range tests {
+		isValid := (nil == AssertStructValid(File{Encoding: tt.value}))
+		if tt.isValid != isValid {
+			t.Errorf("bad assert (%s): want %t, got %t", tt.value, tt.isValid, isValid)
+		}
+	}
+}
+
+func TestRawFilePermissionsValid(t *testing.T) {
+	tests := []struct {
+		value string
+
+		isValid bool
+	}{
+		{value: "744", isValid: true},
+		{value: "0744", isValid: true},
+		{value: "1744", isValid: true},
+		{value: "01744", isValid: true},
+		{value: "11744", isValid: false},
+		{value: "rwxr--r--", isValid: false},
+		{value: "800", isValid: false},
+	}
+
+	for _, tt := range tests {
+		isValid := (nil == AssertStructValid(File{RawFilePermissions: tt.value}))
+		if tt.isValid != isValid {
+			t.Errorf("bad assert (%s): want %t, got %t", tt.value, tt.isValid, isValid)
+		}
+	}
+}

config/cloudinit/config/flannel.go

@@ -20,6 +20,8 @@ type Flannel struct {
 	EtcdCertFile  string `yaml:"etcd_certfile"  env:"FLANNELD_ETCD_CERTFILE"`
 	EtcdKeyFile   string `yaml:"etcd_keyfile"   env:"FLANNELD_ETCD_KEYFILE"`
 	EtcdPrefix    string `yaml:"etcd_prefix"    env:"FLANNELD_ETCD_PREFIX"`
+	EtcdUsername  string `yaml:"etcd_username"  env:"FLANNELD_ETCD_USERNAME"`
+	EtcdPassword  string `yaml:"etcd_password"  env:"FLANNELD_ETCD_PASSWORD"`
 	IPMasq        string `yaml:"ip_masq"        env:"FLANNELD_IP_MASQ"`
 	SubnetFile    string `yaml:"subnet_file"    env:"FLANNELD_SUBNET_FILE"`
 	Iface         string `yaml:"interface"      env:"FLANNELD_IFACE"`

config/cloudinit/config/fleet.go

@@ -25,6 +25,8 @@ type Fleet struct {
 	EtcdKeyPrefix           string  `yaml:"etcd_key_prefix"           env:"FLEET_ETCD_KEY_PREFIX"`
 	EtcdRequestTimeout      float64 `yaml:"etcd_request_timeout"      env:"FLEET_ETCD_REQUEST_TIMEOUT"`
 	EtcdServers             string  `yaml:"etcd_servers"              env:"FLEET_ETCD_SERVERS"`
+	EtcdUsername            string  `yaml:"etcd_username"             env:"FLEET_ETCD_USERNAME"`
+	EtcdPassword            string  `yaml:"etcd_password"             env:"FLEET_ETCD_PASSWORD"`
 	Metadata                string  `yaml:"metadata"                  env:"FLEET_METADATA"`
 	PublicIP                string  `yaml:"public_ip"                 env:"FLEET_PUBLIC_IP"`
 	TokenLimit              int     `yaml:"token_limit"               env:"FLEET_TOKEN_LIMIT"`

config/cloudinit/config/locksmith.go

@@ -19,6 +19,8 @@ type Locksmith struct {
 	EtcdCAFile         string `yaml:"etcd_cafile"   env:"LOCKSMITHD_ETCD_CAFILE"`
 	EtcdCertFile       string `yaml:"etcd_certfile" env:"LOCKSMITHD_ETCD_CERTFILE"`
 	EtcdKeyFile        string `yaml:"etcd_keyfile"  env:"LOCKSMITHD_ETCD_KEYFILE"`
+	EtcdUsername       string `yaml:"etcd_username" env:"LOCKSMITHD_ETCD_USERNAME"`
+	EtcdPassword       string `yaml:"etcd_password" env:"LOCKSMITHD_ETCD_PASSWORD"`
 	Group              string `yaml:"group"         env:"LOCKSMITHD_GROUP"`
 	RebootWindowStart  string `yaml:"window_start"  env:"REBOOT_WINDOW_START"  valid:"^((?i:sun|mon|tue|wed|thu|fri|sat|sun) )?0*([0-9]|1[0-9]|2[0-3]):0*([0-9]|[1-5][0-9])$"`
 	RebootWindowLength string `yaml:"window_length" env:"REBOOT_WINDOW_LENGTH" valid:"^[-+]?([0-9]*(\\.[0-9]*)?[a-z]+)+$"`

config/cloudinit/config/locksmith_test.go

@@ -0,0 +1,76 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"testing"
+)
+
+func TestRebootWindowStart(t *testing.T) {
+	tests := []struct {
+		value string
+
+		isValid bool
+	}{
+		{value: "Sun 0:0", isValid: true},
+		{value: "Sun 00:00", isValid: true},
+		{value: "sUn 23:59", isValid: true},
+		{value: "mon 0:0", isValid: true},
+		{value: "tue 0:0", isValid: true},
+		{value: "tues 0:0", isValid: false},
+		{value: "wed 0:0", isValid: true},
+		{value: "thu 0:0", isValid: true},
+		{value: "thur 0:0", isValid: false},
+		{value: "fri 0:0", isValid: true},
+		{value: "sat 0:0", isValid: true},
+		{value: "sat00:00", isValid: false},
+		{value: "00:00", isValid: true},
+		{value: "10:10", isValid: true},
+		{value: "20:20", isValid: true},
+		{value: "20:30", isValid: true},
+		{value: "20:40", isValid: true},
+		{value: "20:50", isValid: true},
+		{value: "20:60", isValid: false},
+		{value: "24:00", isValid: false},
+	}
+
+	for _, tt := range tests {
+		isValid := (nil == AssertStructValid(Locksmith{RebootWindowStart: tt.value}))
+		if tt.isValid != isValid {
+			t.Errorf("bad assert (%s): want %t, got %t", tt.value, tt.isValid, isValid)
+		}
+	}
+}
+
+func TestRebootWindowLength(t *testing.T) {
+	tests := []struct {
+		value string
+
+		isValid bool
+	}{
+		{value: "1h", isValid: true},
+		{value: "1d", isValid: true},
+		{value: "0d", isValid: true},
+		{value: "0.5h", isValid: true},
+		{value: "0.5.0h", isValid: false},
+	}
+
+	for _, tt := range tests {
+		isValid := (nil == AssertStructValid(Locksmith{RebootWindowLength: tt.value}))
+		if tt.isValid != isValid {
+			t.Errorf("bad assert (%s): want %t, got %t", tt.value, tt.isValid, isValid)
+		}
+	}
+}

config/cloudinit/config/unit_test.go

@@ -0,0 +1,46 @@
+/*
+   Copyright 2014 CoreOS, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+import (
+	"testing"
+)
+
+func TestCommandValid(t *testing.T) {
+	tests := []struct {
+		value string
+
+		isValid bool
+	}{
+		{value: "start", isValid: true},
+		{value: "stop", isValid: true},
+		{value: "restart", isValid: true},
+		{value: "reload", isValid: true},
+		{value: "try-restart", isValid: true},
+		{value: "reload-or-restart", isValid: true},
+		{value: "reload-or-try-restart", isValid: true},
+		{value: "tryrestart", isValid: false},
+		{value: "unknown", isValid: false},
+	}
+
+	for _, tt := range tests {
+		isValid := (nil == AssertStructValid(Unit{Command: tt.value}))
+		if tt.isValid != isValid {
+			t.Errorf("bad assert (%s): want %t, got %t", tt.value, tt.isValid, isValid)
+		}
+	}
+}

config/cloudinit/config/update_test.go

@@ -0,0 +1,43 @@
+/*
+   Copyright 2014 CoreOS, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+import (
+	"testing"
+)
+
+func TestRebootStrategyValid(t *testing.T) {
+	tests := []struct {
+		value string
+
+		isValid bool
+	}{
+		{value: "best-effort", isValid: true},
+		{value: "etcd-lock", isValid: true},
+		{value: "reboot", isValid: true},
+		{value: "off", isValid: true},
+		{value: "besteffort", isValid: false},
+		{value: "unknown", isValid: false},
+	}
+
+	for _, tt := range tests {
+		isValid := (nil == AssertStructValid(Update{RebootStrategy: tt.value}))
+		if tt.isValid != isValid {
+			t.Errorf("bad assert (%s): want %t, got %t", tt.value, tt.isValid, isValid)
+		}
+	}
+}

config/cloudinit/config/validate/context.go

@@ -0,0 +1,52 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"strings"
+)
+
+// Context represents the current position within a newline-delimited string.
+// Each line is loaded, one by one, into currentLine (newline omitted) and
+// lineNumber keeps track of its position within the original string.
+type Context struct {
+	currentLine    string
+	remainingLines string
+	lineNumber     int
+}
+
+// Increment moves the Context to the next line (if available).
+func (c *Context) Increment() {
+	if c.currentLine == "" && c.remainingLines == "" {
+		return
+	}
+
+	lines := strings.SplitN(c.remainingLines, "\n", 2)
+	c.currentLine = lines[0]
+	if len(lines) == 2 {
+		c.remainingLines = lines[1]
+	} else {
+		c.remainingLines = ""
+	}
+	c.lineNumber++
+}
+
+// NewContext creates a Context from the provided data. It strips out all
+// carriage returns and moves to the first line (if available).
+func NewContext(content []byte) Context {
+	c := Context{remainingLines: strings.Replace(string(content), "\r", "", -1)}
+	c.Increment()
+	return c
+}

config/cloudinit/config/validate/context_test.go

@@ -0,0 +1,131 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestNewContext(t *testing.T) {
+	tests := []struct {
+		in string
+
+		out Context
+	}{
+		{
+			out: Context{
+				currentLine:    "",
+				remainingLines: "",
+				lineNumber:     0,
+			},
+		},
+		{
+			in: "this\r\nis\r\na\r\ntest",
+			out: Context{
+				currentLine:    "this",
+				remainingLines: "is\na\ntest",
+				lineNumber:     1,
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		if out := NewContext([]byte(tt.in)); !reflect.DeepEqual(tt.out, out) {
+			t.Errorf("bad context (%q): want %#v, got %#v", tt.in, tt.out, out)
+		}
+	}
+}
+
+func TestIncrement(t *testing.T) {
+	tests := []struct {
+		init Context
+		op   func(c *Context)
+
+		res Context
+	}{
+		{
+			init: Context{
+				currentLine:    "",
+				remainingLines: "",
+				lineNumber:     0,
+			},
+			res: Context{
+				currentLine:    "",
+				remainingLines: "",
+				lineNumber:     0,
+			},
+			op: func(c *Context) {
+				c.Increment()
+			},
+		},
+		{
+			init: Context{
+				currentLine:    "test",
+				remainingLines: "",
+				lineNumber:     1,
+			},
+			res: Context{
+				currentLine:    "",
+				remainingLines: "",
+				lineNumber:     2,
+			},
+			op: func(c *Context) {
+				c.Increment()
+				c.Increment()
+				c.Increment()
+			},
+		},
+		{
+			init: Context{
+				currentLine:    "this",
+				remainingLines: "is\na\ntest",
+				lineNumber:     1,
+			},
+			res: Context{
+				currentLine:    "is",
+				remainingLines: "a\ntest",
+				lineNumber:     2,
+			},
+			op: func(c *Context) {
+				c.Increment()
+			},
+		},
+		{
+			init: Context{
+				currentLine:    "this",
+				remainingLines: "is\na\ntest",
+				lineNumber:     1,
+			},
+			res: Context{
+				currentLine:    "test",
+				remainingLines: "",
+				lineNumber:     4,
+			},
+			op: func(c *Context) {
+				c.Increment()
+				c.Increment()
+				c.Increment()
+			},
+		},
+	}
+
+	for i, tt := range tests {
+		res := tt.init
+		if tt.op(&res); !reflect.DeepEqual(tt.res, res) {
+			t.Errorf("bad context (%d, %#v): want %#v, got %#v", i, tt.init, tt.res, res)
+		}
+	}
+}

config/cloudinit/config/validate/node.go

@@ -0,0 +1,157 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"fmt"
+	"reflect"
+	"regexp"
+)
+
+var (
+	yamlKey  = regexp.MustCompile(`^ *-? ?(?P<key>.*?):`)
+	yamlElem = regexp.MustCompile(`^ *-`)
+)
+
+type Node struct {
+	name     string
+	line     int
+	children []Node
+	field    reflect.StructField
+	reflect.Value
+}
+
+// Child attempts to find the child with the given name in the Node's list of
+// children. If no such child is found, an invalid Node is returned.
+func (n Node) Child(name string) Node {
+	for _, c := range n.children {
+		if c.name == name {
+			return c
+		}
+	}
+	return Node{}
+}
+
+// HumanType returns the human-consumable string representation of the type of
+// the Node.
+func (n Node) HumanType() string {
+	switch k := n.Kind(); k {
+	case reflect.Slice:
+		c := n.Type().Elem()
+		return "[]" + Node{Value: reflect.New(c).Elem()}.HumanType()
+	default:
+		return k.String()
+	}
+}
+
+// NewNode returns the Node representation of the given value. The context
+// will be used in an attempt to determine line numbers for the given value.
+func NewNode(value interface{}, context Context) Node {
+	var n Node
+	toNode(value, context, &n)
+	return n
+}
+
+// toNode converts the given value into a Node and then recursively processes
+// each of the Nodes components (e.g. fields, array elements, keys).
+func toNode(v interface{}, c Context, n *Node) {
+	vv := reflect.ValueOf(v)
+	if !vv.IsValid() {
+		return
+	}
+
+	n.Value = vv
+	switch vv.Kind() {
+	case reflect.Struct:
+		// Walk over each field in the structure, skipping unexported fields,
+		// and create a Node for it.
+		for i := 0; i < vv.Type().NumField(); i++ {
+			ft := vv.Type().Field(i)
+			k := ft.Tag.Get("yaml")
+			if k == "-" || k == "" {
+				continue
+			}
+
+			cn := Node{name: k, field: ft}
+			c, ok := findKey(cn.name, c)
+			if ok {
+				cn.line = c.lineNumber
+			}
+			toNode(vv.Field(i).Interface(), c, &cn)
+			n.children = append(n.children, cn)
+		}
+	case reflect.Map:
+		// Walk over each key in the map and create a Node for it.
+		v := v.(map[interface{}]interface{})
+		for k, cv := range v {
+			cn := Node{name: fmt.Sprintf("%s", k)}
+			c, ok := findKey(cn.name, c)
+			if ok {
+				cn.line = c.lineNumber
+			}
+			toNode(cv, c, &cn)
+			n.children = append(n.children, cn)
+		}
+	case reflect.Slice:
+		// Walk over each element in the slice and create a Node for it.
+		// While iterating over the slice, preserve the context after it
+		// is modified. This allows the line numbers to reflect the current
+		// element instead of the first.
+		for i := 0; i < vv.Len(); i++ {
+			cn := Node{
+				name:  fmt.Sprintf("%s[%d]", n.name, i),
+				field: n.field,
+			}
+			var ok bool
+			c, ok = findElem(c)
+			if ok {
+				cn.line = c.lineNumber
+			}
+			toNode(vv.Index(i).Interface(), c, &cn)
+			n.children = append(n.children, cn)
+			c.Increment()
+		}
+	case reflect.String, reflect.Int, reflect.Bool, reflect.Float64:
+	default:
+		panic(fmt.Sprintf("toNode(): unhandled kind %s", vv.Kind()))
+	}
+}
+
+// findKey attempts to find the requested key within the provided context.
+// A modified copy of the context is returned with every line up to the key
+// incremented past. A boolean, true if the key was found, is also returned.
+func findKey(key string, context Context) (Context, bool) {
+	return find(yamlKey, key, context)
+}
+
+// findElem attempts to find an array element within the provided context.
+// A modified copy of the context is returned with every line up to the array
+// element incremented past. A boolean, true if the key was found, is also
+// returned.
+func findElem(context Context) (Context, bool) {
+	return find(yamlElem, "", context)
+}
+
+func find(exp *regexp.Regexp, key string, context Context) (Context, bool) {
+	for len(context.currentLine) > 0 || len(context.remainingLines) > 0 {
+		matches := exp.FindStringSubmatch(context.currentLine)
+		if len(matches) > 0 && (key == "" || matches[1] == key) {
+			return context, true
+		}
+
+		context.Increment()
+	}
+	return context, false
+}

config/cloudinit/config/validate/node_test.go

@@ -0,0 +1,284 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestChild(t *testing.T) {
+	tests := []struct {
+		parent Node
+		name   string
+
+		child Node
+	}{
+		{},
+		{
+			name: "c1",
+		},
+		{
+			parent: Node{
+				children: []Node{
+					{name: "c1"},
+					{name: "c2"},
+					{name: "c3"},
+				},
+			},
+		},
+		{
+			parent: Node{
+				children: []Node{
+					{name: "c1"},
+					{name: "c2"},
+					{name: "c3"},
+				},
+			},
+			name:  "c2",
+			child: Node{name: "c2"},
+		},
+	}
+
+	for _, tt := range tests {
+		if child := tt.parent.Child(tt.name); !reflect.DeepEqual(tt.child, child) {
+			t.Errorf("bad child (%q): want %#v, got %#v", tt.name, tt.child, child)
+		}
+	}
+}
+
+func TestHumanType(t *testing.T) {
+	tests := []struct {
+		node Node
+
+		humanType string
+	}{
+		{
+			humanType: "invalid",
+		},
+		{
+			node:      Node{Value: reflect.ValueOf("hello")},
+			humanType: "string",
+		},
+		{
+			node: Node{
+				Value: reflect.ValueOf([]int{1, 2}),
+				children: []Node{
+					{Value: reflect.ValueOf(1)},
+					{Value: reflect.ValueOf(2)},
+				}},
+			humanType: "[]int",
+		},
+	}
+
+	for _, tt := range tests {
+		if humanType := tt.node.HumanType(); tt.humanType != humanType {
+			t.Errorf("bad type (%q): want %q, got %q", tt.node, tt.humanType, humanType)
+		}
+	}
+}
+
+func TestToNode(t *testing.T) {
+	tests := []struct {
+		value   interface{}
+		context Context
+
+		node Node
+	}{
+		{},
+		{
+			value: struct{}{},
+			node:  Node{Value: reflect.ValueOf(struct{}{})},
+		},
+		{
+			value: struct {
+				A int `yaml:"a"`
+			}{},
+			node: Node{
+				children: []Node{
+					{
+						name: "a",
+						field: reflect.TypeOf(struct {
+							A int `yaml:"a"`
+						}{}).Field(0),
+					},
+				},
+			},
+		},
+		{
+			value: struct {
+				A []int `yaml:"a"`
+			}{},
+			node: Node{
+				children: []Node{
+					{
+						name: "a",
+						field: reflect.TypeOf(struct {
+							A []int `yaml:"a"`
+						}{}).Field(0),
+					},
+				},
+			},
+		},
+		{
+			value: map[interface{}]interface{}{
+				"a": map[interface{}]interface{}{
+					"b": 2,
+				},
+			},
+			context: NewContext([]byte("a:\n  b: 2")),
+			node: Node{
+				children: []Node{
+					{
+						line: 1,
+						name: "a",
+						children: []Node{
+							{name: "b", line: 2},
+						},
+					},
+				},
+			},
+		},
+		{
+			value: struct {
+				A struct {
+					Jon bool `yaml:"b"`
+				} `yaml:"a"`
+			}{},
+			node: Node{
+				children: []Node{
+					{
+						name: "a",
+						children: []Node{
+							{
+								name: "b",
+								field: reflect.TypeOf(struct {
+									Jon bool `yaml:"b"`
+								}{}).Field(0),
+								Value: reflect.ValueOf(false),
+							},
+						},
+						field: reflect.TypeOf(struct {
+							A struct {
+								Jon bool `yaml:"b"`
+							} `yaml:"a"`
+						}{}).Field(0),
+						Value: reflect.ValueOf(struct {
+							Jon bool `yaml:"b"`
+						}{}),
+					},
+				},
+				Value: reflect.ValueOf(struct {
+					A struct {
+						Jon bool `yaml:"b"`
+					} `yaml:"a"`
+				}{}),
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		var node Node
+		toNode(tt.value, tt.context, &node)
+		if !nodesEqual(tt.node, node) {
+			t.Errorf("bad node (%#v): want %#v, got %#v", tt.value, tt.node, node)
+		}
+	}
+}
+
+func TestFindKey(t *testing.T) {
+	tests := []struct {
+		key     string
+		context Context
+
+		found bool
+	}{
+		{},
+		{
+			key:     "key1",
+			context: NewContext([]byte("key1: hi")),
+			found:   true,
+		},
+		{
+			key:     "key2",
+			context: NewContext([]byte("key1: hi")),
+			found:   false,
+		},
+		{
+			key:     "key3",
+			context: NewContext([]byte("key1:\n  key2:\n    key3: hi")),
+			found:   true,
+		},
+		{
+			key:     "key4",
+			context: NewContext([]byte("key1:\n  - key4: hi")),
+			found:   true,
+		},
+		{
+			key:     "key5",
+			context: NewContext([]byte("#key5")),
+			found:   false,
+		},
+	}
+
+	for _, tt := range tests {
+		if _, found := findKey(tt.key, tt.context); tt.found != found {
+			t.Errorf("bad find (%q): want %t, got %t", tt.key, tt.found, found)
+		}
+	}
+}
+
+func TestFindElem(t *testing.T) {
+	tests := []struct {
+		context Context
+
+		found bool
+	}{
+		{},
+		{
+			context: NewContext([]byte("test: hi")),
+			found:   false,
+		},
+		{
+			context: NewContext([]byte("test:\n  - a\n  -b")),
+			found:   true,
+		},
+		{
+			context: NewContext([]byte("test:\n  -\n    a")),
+			found:   true,
+		},
+	}
+
+	for _, tt := range tests {
+		if _, found := findElem(tt.context); tt.found != found {
+			t.Errorf("bad find (%q): want %t, got %t", tt.context, tt.found, found)
+		}
+	}
+}
+
+func nodesEqual(a, b Node) bool {
+	if a.name != b.name ||
+		a.line != b.line ||
+		!reflect.DeepEqual(a.field, b.field) ||
+		len(a.children) != len(b.children) {
+		return false
+	}
+	for i := 0; i < len(a.children); i++ {
+		if !nodesEqual(a.children[i], b.children[i]) {
+			return false
+		}
+	}
+	return true
+}

config/cloudinit/config/validate/report.go

@@ -0,0 +1,88 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// Report represents the list of entries resulting from validation.
+type Report struct {
+	entries []Entry
+}
+
+// Error adds an error entry to the report.
+func (r *Report) Error(line int, message string) {
+	r.entries = append(r.entries, Entry{entryError, message, line})
+}
+
+// Warning adds a warning entry to the report.
+func (r *Report) Warning(line int, message string) {
+	r.entries = append(r.entries, Entry{entryWarning, message, line})
+}
+
+// Info adds an info entry to the report.
+func (r *Report) Info(line int, message string) {
+	r.entries = append(r.entries, Entry{entryInfo, message, line})
+}
+
+// Entries returns the list of entries in the report.
+func (r *Report) Entries() []Entry {
+	return r.entries
+}
+
+// Entry represents a single generic item in the report.
+type Entry struct {
+	kind    entryKind
+	message string
+	line    int
+}
+
+// String returns a human-readable representation of the entry.
+func (e Entry) String() string {
+	return fmt.Sprintf("line %d: %s: %s", e.line, e.kind, e.message)
+}
+
+// MarshalJSON satisfies the json.Marshaler interface, returning the entry
+// encoded as a JSON object.
+func (e Entry) MarshalJSON() ([]byte, error) {
+	return json.Marshal(map[string]interface{}{
+		"kind":    e.kind.String(),
+		"message": e.message,
+		"line":    e.line,
+	})
+}
+
+type entryKind int
+
+const (
+	entryError entryKind = iota
+	entryWarning
+	entryInfo
+)
+
+func (k entryKind) String() string {
+	switch k {
+	case entryError:
+		return "error"
+	case entryWarning:
+		return "warning"
+	case entryInfo:
+		return "info"
+	default:
+		panic(fmt.Sprintf("invalid kind %d", k))
+	}
+}

config/cloudinit/config/validate/report_test.go

@@ -0,0 +1,96 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"bytes"
+	"reflect"
+	"testing"
+)
+
+func TestEntry(t *testing.T) {
+	tests := []struct {
+		entry Entry
+
+		str  string
+		json []byte
+	}{
+		{
+			Entry{entryInfo, "test info", 1},
+			"line 1: info: test info",
+			[]byte(`{"kind":"info","line":1,"message":"test info"}`),
+		},
+		{
+			Entry{entryWarning, "test warning", 1},
+			"line 1: warning: test warning",
+			[]byte(`{"kind":"warning","line":1,"message":"test warning"}`),
+		},
+		{
+			Entry{entryError, "test error", 2},
+			"line 2: error: test error",
+			[]byte(`{"kind":"error","line":2,"message":"test error"}`),
+		},
+	}
+
+	for _, tt := range tests {
+		if str := tt.entry.String(); tt.str != str {
+			t.Errorf("bad string (%q): want %q, got %q", tt.entry, tt.str, str)
+		}
+		json, err := tt.entry.MarshalJSON()
+		if err != nil {
+			t.Errorf("bad error (%q): want %v, got %q", tt.entry, nil, err)
+		}
+		if !bytes.Equal(tt.json, json) {
+			t.Errorf("bad JSON (%q): want %q, got %q", tt.entry, tt.json, json)
+		}
+	}
+}
+
+func TestReport(t *testing.T) {
+	type reportFunc struct {
+		fn      func(*Report, int, string)
+		line    int
+		message string
+	}
+
+	tests := []struct {
+		fs []reportFunc
+
+		es []Entry
+	}{
+		{
+			[]reportFunc{
+				{(*Report).Warning, 1, "test warning 1"},
+				{(*Report).Error, 2, "test error 2"},
+				{(*Report).Info, 10, "test info 10"},
+			},
+			[]Entry{
+				{entryWarning, "test warning 1", 1},
+				{entryError, "test error 2", 2},
+				{entryInfo, "test info 10", 10},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		r := Report{}
+		for _, f := range tt.fs {
+			f.fn(&r, f.line, f.message)
+		}
+		if es := r.Entries(); !reflect.DeepEqual(tt.es, es) {
+			t.Errorf("bad entries (%v): want %#v, got %#v", tt.fs, tt.es, es)
+		}
+	}
+}

config/cloudinit/config/validate/rules.go

@@ -0,0 +1,180 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"fmt"
+	"net/url"
+	"path"
+	"reflect"
+	"strings"
+
+	"github.com/rancher/os/config/cloudinit/config"
+)
+
+type rule func(config Node, report *Report)
+
+// Rules contains all of the validation rules.
+var Rules = []rule{
+	checkDiscoveryURL,
+	checkEncoding,
+	checkStructure,
+	checkValidity,
+	checkWriteFiles,
+	checkWriteFilesUnderCoreos,
+}
+
+// checkDiscoveryURL verifies that the string is a valid url.
+func checkDiscoveryURL(cfg Node, report *Report) {
+	c := cfg.Child("coreos").Child("etcd").Child("discovery")
+	if !c.IsValid() {
+		return
+	}
+
+	if _, err := url.ParseRequestURI(c.String()); err != nil {
+		report.Warning(c.line, "discovery URL is not valid")
+	}
+}
+
+// checkEncoding validates that, for each file under 'write_files', the
+// content can be decoded given the specified encoding.
+func checkEncoding(cfg Node, report *Report) {
+	for _, f := range cfg.Child("write_files").children {
+		e := f.Child("encoding")
+		if !e.IsValid() {
+			continue
+		}
+
+		c := f.Child("content")
+		if _, err := config.DecodeContent(c.String(), e.String()); err != nil {
+			report.Error(c.line, fmt.Sprintf("content cannot be decoded as %q", e.String()))
+		}
+	}
+}
+
+// checkStructure compares the provided config to the empty config.CloudConfig
+// structure. Each node is checked to make sure that it exists in the known
+// structure and that its type is compatible.
+func checkStructure(cfg Node, report *Report) {
+	g := NewNode(config.CloudConfig{}, NewContext([]byte{}))
+	checkNodeStructure(cfg, g, report)
+}
+
+func checkNodeStructure(n, g Node, r *Report) {
+	if !isCompatible(n.Kind(), g.Kind()) {
+		r.Warning(n.line, fmt.Sprintf("incorrect type for %q (want %s)", n.name, g.HumanType()))
+		return
+	}
+
+	switch g.Kind() {
+	case reflect.Struct:
+		for _, cn := range n.children {
+			if cg := g.Child(cn.name); cg.IsValid() {
+				if msg := cg.field.Tag.Get("deprecated"); msg != "" {
+					r.Warning(cn.line, fmt.Sprintf("deprecated key %q (%s)", cn.name, msg))
+				}
+				checkNodeStructure(cn, cg, r)
+			} else {
+				r.Warning(cn.line, fmt.Sprintf("unrecognized key %q", cn.name))
+			}
+		}
+	case reflect.Slice:
+		for _, cn := range n.children {
+			var cg Node
+			c := g.Type().Elem()
+			toNode(reflect.New(c).Elem().Interface(), Context{}, &cg)
+			checkNodeStructure(cn, cg, r)
+		}
+	case reflect.String, reflect.Int, reflect.Float64, reflect.Bool:
+	default:
+		panic(fmt.Sprintf("checkNodeStructure(): unhandled kind %s", g.Kind()))
+	}
+}
+
+// isCompatible determines if the type of kind n can be converted to the type
+// of kind g in the context of YAML. This is not an exhaustive list, but its
+// enough for the purposes of cloud-config validation.
+func isCompatible(n, g reflect.Kind) bool {
+	switch g {
+	case reflect.String:
+		return n == reflect.String || n == reflect.Int || n == reflect.Float64 || n == reflect.Bool
+	case reflect.Struct:
+		return n == reflect.Struct || n == reflect.Map
+	case reflect.Float64:
+		return n == reflect.Float64 || n == reflect.Int
+	case reflect.Bool, reflect.Slice, reflect.Int:
+		return n == g
+	default:
+		panic(fmt.Sprintf("isCompatible(): unhandled kind %s", g))
+	}
+}
+
+// checkValidity checks the value of every node in the provided config by
+// running config.AssertValid() on it.
+func checkValidity(cfg Node, report *Report) {
+	g := NewNode(config.CloudConfig{}, NewContext([]byte{}))
+	checkNodeValidity(cfg, g, report)
+}
+
+func checkNodeValidity(n, g Node, r *Report) {
+	if err := config.AssertValid(n.Value, g.field.Tag.Get("valid")); err != nil {
+		r.Error(n.line, fmt.Sprintf("invalid value %v", n.Value.Interface()))
+	}
+	switch g.Kind() {
+	case reflect.Struct:
+		for _, cn := range n.children {
+			if cg := g.Child(cn.name); cg.IsValid() {
+				checkNodeValidity(cn, cg, r)
+			}
+		}
+	case reflect.Slice:
+		for _, cn := range n.children {
+			var cg Node
+			c := g.Type().Elem()
+			toNode(reflect.New(c).Elem().Interface(), Context{}, &cg)
+			checkNodeValidity(cn, cg, r)
+		}
+	case reflect.String, reflect.Int, reflect.Float64, reflect.Bool:
+	default:
+		panic(fmt.Sprintf("checkNodeValidity(): unhandled kind %s", g.Kind()))
+	}
+}
+
+// checkWriteFiles checks to make sure that the target file can actually be
+// written. Note that this check is approximate (it only checks to see if the file
+// is under /usr).
+func checkWriteFiles(cfg Node, report *Report) {
+	for _, f := range cfg.Child("write_files").children {
+		c := f.Child("path")
+		if !c.IsValid() {
+			continue
+		}
+
+		d := path.Dir(c.String())
+		switch {
+		case strings.HasPrefix(d, "/usr"):
+			report.Error(c.line, "file cannot be written to a read-only filesystem")
+		}
+	}
+}
+
+// checkWriteFilesUnderCoreos checks to see if the 'write_files' node is a
+// child of 'coreos' (it shouldn't be).
+func checkWriteFilesUnderCoreos(cfg Node, report *Report) {
+	c := cfg.Child("coreos").Child("write_files")
+	if c.IsValid() {
+		report.Info(c.line, "write_files doesn't belong under coreos")
+	}
+}

config/cloudinit/config/validate/rules_test.go

@@ -0,0 +1,408 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestCheckDiscoveryURL(t *testing.T) {
+	tests := []struct {
+		config string
+
+		entries []Entry
+	}{
+		{},
+		{
+			config: "coreos:\n  etcd:\n    discovery: https://discovery.etcd.io/00000000000000000000000000000000",
+		},
+		{
+			config: "coreos:\n  etcd:\n    discovery: http://custom.domain/mytoken",
+		},
+		{
+			config:  "coreos:\n  etcd:\n    discovery: disco",
+			entries: []Entry{{entryWarning, "discovery URL is not valid", 3}},
+		},
+	}
+
+	for i, tt := range tests {
+		r := Report{}
+		n, err := parseCloudConfig([]byte(tt.config), &r)
+		if err != nil {
+			panic(err)
+		}
+		checkDiscoveryURL(n, &r)
+
+		if e := r.Entries(); !reflect.DeepEqual(tt.entries, e) {
+			t.Errorf("bad report (%d, %q): want %#v, got %#v", i, tt.config, tt.entries, e)
+		}
+	}
+}
+
+func TestCheckEncoding(t *testing.T) {
+	tests := []struct {
+		config string
+
+		entries []Entry
+	}{
+		{},
+		{
+			config: "write_files:\n  - encoding: base64\n    content: aGVsbG8K",
+		},
+		{
+			config: "write_files:\n  - content: !!binary aGVsbG8K",
+		},
+		{
+			config:  "write_files:\n  - encoding: base64\n    content: !!binary aGVsbG8K",
+			entries: []Entry{{entryError, `content cannot be decoded as "base64"`, 3}},
+		},
+		{
+			config: "write_files:\n  - encoding: base64\n    content: !!binary YUdWc2JHOEsK",
+		},
+		{
+			config: "write_files:\n  - encoding: gzip\n    content: !!binary H4sIAOC3tVQAA8tIzcnJ5wIAIDA6NgYAAAA=",
+		},
+		{
+			config: "write_files:\n  - encoding: gzip+base64\n    content: H4sIAOC3tVQAA8tIzcnJ5wIAIDA6NgYAAAA=",
+		},
+		{
+			config:  "write_files:\n  - encoding: custom\n    content: hello",
+			entries: []Entry{{entryError, `content cannot be decoded as "custom"`, 3}},
+		},
+	}
+
+	for i, tt := range tests {
+		r := Report{}
+		n, err := parseCloudConfig([]byte(tt.config), &r)
+		if err != nil {
+			panic(err)
+		}
+		checkEncoding(n, &r)
+
+		if e := r.Entries(); !reflect.DeepEqual(tt.entries, e) {
+			t.Errorf("bad report (%d, %q): want %#v, got %#v", i, tt.config, tt.entries, e)
+		}
+	}
+}
+
+func TestCheckStructure(t *testing.T) {
+	tests := []struct {
+		config string
+
+		entries []Entry
+	}{
+		{},
+
+		// Test for unrecognized keys
+		{
+			config:  "test:",
+			entries: []Entry{{entryWarning, "unrecognized key \"test\"", 1}},
+		},
+		{
+			config:  "coreos:\n  etcd:\n    bad:",
+			entries: []Entry{{entryWarning, "unrecognized key \"bad\"", 3}},
+		},
+		{
+			config: "coreos:\n  etcd:\n    discovery: good",
+		},
+
+		// Test for deprecated keys
+		{
+			config: "coreos:\n  etcd:\n    addr: hi",
+		},
+		{
+			config:  "coreos:\n  etcd:\n    proxy: hi",
+			entries: []Entry{{entryWarning, "deprecated key \"proxy\" (etcd2 options no longer work for etcd)", 3}},
+		},
+
+		// Test for error on list of nodes
+		{
+			config: "coreos:\n  units:\n    - hello\n    - goodbye",
+			entries: []Entry{
+				{entryWarning, "incorrect type for \"units[0]\" (want struct)", 3},
+				{entryWarning, "incorrect type for \"units[1]\" (want struct)", 4},
+			},
+		},
+
+		// Test for incorrect types
+		// Want boolean
+		{
+			config: "coreos:\n  units:\n    - enable: true",
+		},
+		{
+			config:  "coreos:\n  units:\n    - enable: 4",
+			entries: []Entry{{entryWarning, "incorrect type for \"enable\" (want bool)", 3}},
+		},
+		{
+			config:  "coreos:\n  units:\n    - enable: bad",
+			entries: []Entry{{entryWarning, "incorrect type for \"enable\" (want bool)", 3}},
+		},
+		{
+			config:  "coreos:\n  units:\n    - enable:\n        bad:",
+			entries: []Entry{{entryWarning, "incorrect type for \"enable\" (want bool)", 3}},
+		},
+		{
+			config:  "coreos:\n  units:\n    - enable:\n      - bad",
+			entries: []Entry{{entryWarning, "incorrect type for \"enable\" (want bool)", 3}},
+		},
+		// Want string
+		{
+			config: "hostname: true",
+		},
+		{
+			config: "hostname: 4",
+		},
+		{
+			config: "hostname: host",
+		},
+		{
+			config:  "hostname:\n  name:",
+			entries: []Entry{{entryWarning, "incorrect type for \"hostname\" (want string)", 1}},
+		},
+		{
+			config:  "hostname:\n  - name",
+			entries: []Entry{{entryWarning, "incorrect type for \"hostname\" (want string)", 1}},
+		},
+		// Want struct
+		{
+			config:  "coreos: true",
+			entries: []Entry{{entryWarning, "incorrect type for \"coreos\" (want struct)", 1}},
+		},
+		{
+			config:  "coreos: 4",
+			entries: []Entry{{entryWarning, "incorrect type for \"coreos\" (want struct)", 1}},
+		},
+		{
+			config:  "coreos: hello",
+			entries: []Entry{{entryWarning, "incorrect type for \"coreos\" (want struct)", 1}},
+		},
+		{
+			config: "coreos:\n  etcd:\n    discovery: fire in the disco",
+		},
+		{
+			config:  "coreos:\n  - hello",
+			entries: []Entry{{entryWarning, "incorrect type for \"coreos\" (want struct)", 1}},
+		},
+		// Want []string
+		{
+			config:  "ssh_authorized_keys: true",
+			entries: []Entry{{entryWarning, "incorrect type for \"ssh_authorized_keys\" (want []string)", 1}},
+		},
+		{
+			config:  "ssh_authorized_keys: 4",
+			entries: []Entry{{entryWarning, "incorrect type for \"ssh_authorized_keys\" (want []string)", 1}},
+		},
+		{
+			config:  "ssh_authorized_keys: key",
+			entries: []Entry{{entryWarning, "incorrect type for \"ssh_authorized_keys\" (want []string)", 1}},
+		},
+		{
+			config:  "ssh_authorized_keys:\n  key: value",
+			entries: []Entry{{entryWarning, "incorrect type for \"ssh_authorized_keys\" (want []string)", 1}},
+		},
+		{
+			config: "ssh_authorized_keys:\n  - key",
+		},
+		{
+			config:  "ssh_authorized_keys:\n  - key: value",
+			entries: []Entry{{entryWarning, "incorrect type for \"ssh_authorized_keys[0]\" (want string)", 2}},
+		},
+		// Want []struct
+		{
+			config:  "users:\n  true",
+			entries: []Entry{{entryWarning, "incorrect type for \"users\" (want []struct)", 1}},
+		},
+		{
+			config:  "users:\n  4",
+			entries: []Entry{{entryWarning, "incorrect type for \"users\" (want []struct)", 1}},
+		},
+		{
+			config:  "users:\n  bad",
+			entries: []Entry{{entryWarning, "incorrect type for \"users\" (want []struct)", 1}},
+		},
+		{
+			config:  "users:\n  bad:",
+			entries: []Entry{{entryWarning, "incorrect type for \"users\" (want []struct)", 1}},
+		},
+		{
+			config: "users:\n  - name: good",
+		},
+		// Want struct within array
+		{
+			config:  "users:\n  - true",
+			entries: []Entry{{entryWarning, "incorrect type for \"users[0]\" (want struct)", 2}},
+		},
+		{
+			config:  "users:\n  - name: hi\n  - true",
+			entries: []Entry{{entryWarning, "incorrect type for \"users[1]\" (want struct)", 3}},
+		},
+		{
+			config:  "users:\n  - 4",
+			entries: []Entry{{entryWarning, "incorrect type for \"users[0]\" (want struct)", 2}},
+		},
+		{
+			config:  "users:\n  - bad",
+			entries: []Entry{{entryWarning, "incorrect type for \"users[0]\" (want struct)", 2}},
+		},
+		{
+			config:  "users:\n  - - bad",
+			entries: []Entry{{entryWarning, "incorrect type for \"users[0]\" (want struct)", 2}},
+		},
+	}
+
+	for i, tt := range tests {
+		r := Report{}
+		n, err := parseCloudConfig([]byte(tt.config), &r)
+		if err != nil {
+			panic(err)
+		}
+		checkStructure(n, &r)
+
+		if e := r.Entries(); !reflect.DeepEqual(tt.entries, e) {
+			t.Errorf("bad report (%d, %q): want %#v, got %#v", i, tt.config, tt.entries, e)
+		}
+	}
+}
+
+func TestCheckValidity(t *testing.T) {
+	tests := []struct {
+		config string
+
+		entries []Entry
+	}{
+		// string
+		{
+			config: "hostname: test",
+		},
+
+		// int
+		{
+			config: "coreos:\n  fleet:\n    verbosity: 2",
+		},
+
+		// bool
+		{
+			config: "coreos:\n  units:\n    - enable: true",
+		},
+
+		// slice
+		{
+			config: "coreos:\n  units:\n    - command: start\n    - name: stop",
+		},
+		{
+			config:  "coreos:\n  units:\n    - command: lol",
+			entries: []Entry{{entryError, "invalid value lol", 3}},
+		},
+
+		// struct
+		{
+			config: "coreos:\n  update:\n    reboot_strategy: off",
+		},
+		{
+			config:  "coreos:\n  update:\n    reboot_strategy: always",
+			entries: []Entry{{entryError, "invalid value always", 3}},
+		},
+
+		// unknown
+		{
+			config: "unknown: hi",
+		},
+	}
+
+	for i, tt := range tests {
+		r := Report{}
+		n, err := parseCloudConfig([]byte(tt.config), &r)
+		if err != nil {
+			panic(err)
+		}
+		checkValidity(n, &r)
+
+		if e := r.Entries(); !reflect.DeepEqual(tt.entries, e) {
+			t.Errorf("bad report (%d, %q): want %#v, got %#v", i, tt.config, tt.entries, e)
+		}
+	}
+}
+
+func TestCheckWriteFiles(t *testing.T) {
+	tests := []struct {
+		config string
+
+		entries []Entry
+	}{
+		{},
+		{
+			config: "write_files:\n  - path: /valid",
+		},
+		{
+			config: "write_files:\n  - path: /tmp/usr/valid",
+		},
+		{
+			config:  "write_files:\n  - path: /usr/invalid",
+			entries: []Entry{{entryError, "file cannot be written to a read-only filesystem", 2}},
+		},
+		{
+			config:  "write-files:\n  - path: /tmp/../usr/invalid",
+			entries: []Entry{{entryError, "file cannot be written to a read-only filesystem", 2}},
+		},
+	}
+
+	for i, tt := range tests {
+		r := Report{}
+		n, err := parseCloudConfig([]byte(tt.config), &r)
+		if err != nil {
+			panic(err)
+		}
+		checkWriteFiles(n, &r)
+
+		if e := r.Entries(); !reflect.DeepEqual(tt.entries, e) {
+			t.Errorf("bad report (%d, %q): want %#v, got %#v", i, tt.config, tt.entries, e)
+		}
+	}
+}
+
+func TestCheckWriteFilesUnderCoreos(t *testing.T) {
+	tests := []struct {
+		config string
+
+		entries []Entry
+	}{
+		{},
+		{
+			config: "write_files:\n  - path: /hi",
+		},
+		{
+			config:  "coreos:\n  write_files:\n    - path: /hi",
+			entries: []Entry{{entryInfo, "write_files doesn't belong under coreos", 2}},
+		},
+		{
+			config:  "coreos:\n  write-files:\n    - path: /hyphen",
+			entries: []Entry{{entryInfo, "write_files doesn't belong under coreos", 2}},
+		},
+	}
+
+	for i, tt := range tests {
+		r := Report{}
+		n, err := parseCloudConfig([]byte(tt.config), &r)
+		if err != nil {
+			panic(err)
+		}
+		checkWriteFilesUnderCoreos(n, &r)
+
+		if e := r.Entries(); !reflect.DeepEqual(tt.entries, e) {
+			t.Errorf("bad report (%d, %q): want %#v, got %#v", i, tt.config, tt.entries, e)
+		}
+	}
+}

config/cloudinit/config/validate/validate.go

@@ -0,0 +1,164 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"errors"
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/rancher/os/config/cloudinit/config"
+
+	"github.com/coreos/yaml"
+)
+
+var (
+	yamlLineError = regexp.MustCompile(`^YAML error: line (?P<line>[[:digit:]]+): (?P<msg>.*)$`)
+	yamlError     = regexp.MustCompile(`^YAML error: (?P<msg>.*)$`)
+)
+
+// Validate runs a series of validation tests against the given userdata and
+// returns a report detailing all of the issues. Presently, only cloud-configs
+// can be validated.
+func Validate(userdataBytes []byte) (Report, error) {
+	switch {
+	case len(userdataBytes) == 0:
+		return Report{}, nil
+	case config.IsScript(string(userdataBytes)):
+		return Report{}, nil
+	case config.IsIgnitionConfig(string(userdataBytes)):
+		return Report{}, nil
+	case config.IsCloudConfig(string(userdataBytes)):
+		return validateCloudConfig(userdataBytes, Rules)
+	default:
+		return Report{entries: []Entry{
+			{kind: entryError, message: `must be "#cloud-config" or begin with "#!"`, line: 1},
+		}}, nil
+	}
+}
+
+// validateCloudConfig runs all of the validation rules in Rules and returns
+// the resulting report and any errors encountered.
+func validateCloudConfig(config []byte, rules []rule) (report Report, err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			err = fmt.Errorf("%v", r)
+		}
+	}()
+
+	c, err := parseCloudConfig(config, &report)
+	if err != nil {
+		return report, err
+	}
+
+	for _, r := range rules {
+		r(c, &report)
+	}
+	return report, nil
+}
+
+// parseCloudConfig parses the provided config into a node structure and logs
+// any parsing issues into the provided report. Unrecoverable errors are
+// returned as an error.
+func parseCloudConfig(cfg []byte, report *Report) (Node, error) {
+	yaml.UnmarshalMappingKeyTransform = func(nameIn string) (nameOut string) {
+		return nameIn
+	}
+	// unmarshal the config into an implicitly-typed form. The yaml library
+	// will implicitly convert types into their normalized form
+	// (e.g. 0744 -> 484, off -> false).
+	var weak map[interface{}]interface{}
+	if err := yaml.Unmarshal(cfg, &weak); err != nil {
+		matches := yamlLineError.FindStringSubmatch(err.Error())
+		if len(matches) == 3 {
+			line, err := strconv.Atoi(matches[1])
+			if err != nil {
+				return Node{}, err
+			}
+			msg := matches[2]
+			report.Error(line, msg)
+			return Node{}, nil
+		}
+
+		matches = yamlError.FindStringSubmatch(err.Error())
+		if len(matches) == 2 {
+			report.Error(1, matches[1])
+			return Node{}, nil
+		}
+
+		return Node{}, errors.New("couldn't parse yaml error")
+	}
+	w := NewNode(weak, NewContext(cfg))
+	w = normalizeNodeNames(w, report)
+
+	// unmarshal the config into the explicitly-typed form.
+	yaml.UnmarshalMappingKeyTransform = func(nameIn string) (nameOut string) {
+		return strings.Replace(nameIn, "-", "_", -1)
+	}
+	var strong config.CloudConfig
+	if err := yaml.Unmarshal([]byte(cfg), &strong); err != nil {
+		return Node{}, err
+	}
+	s := NewNode(strong, NewContext(cfg))
+
+	// coerceNodes weak nodes and strong nodes. strong nodes replace weak nodes
+	// if they are compatible types (this happens when the yaml library
+	// converts the input).
+	// (e.g. weak 484 is replaced by strong 0744, weak 4 is not replaced by
+	// strong false)
+	return coerceNodes(w, s), nil
+}
+
+// coerceNodes recursively evaluates two nodes, returning a new node containing
+// either the weak or strong node's value and its recursively processed
+// children. The strong node's value is used if the two nodes are leafs, are
+// both valid, and are compatible types (defined by isCompatible()). The weak
+// node is returned in all other cases. coerceNodes is used to counteract the
+// effects of yaml's automatic type conversion. The weak node is the one
+// resulting from unmarshalling into an empty interface{} (the type is
+// inferred). The strong node is the one resulting from unmarshalling into a
+// struct. If the two nodes are of compatible types, the yaml library correctly
+// parsed the value into the strongly typed unmarshalling. In this case, we
+// prefer the strong node because its actually the type we are expecting.
+func coerceNodes(w, s Node) Node {
+	n := w
+	n.children = nil
+	if len(w.children) == 0 && len(s.children) == 0 &&
+		w.IsValid() && s.IsValid() &&
+		isCompatible(w.Kind(), s.Kind()) {
+		n.Value = s.Value
+	}
+
+	for _, cw := range w.children {
+		n.children = append(n.children, coerceNodes(cw, s.Child(cw.name)))
+	}
+	return n
+}
+
+// normalizeNodeNames replaces all occurences of '-' with '_' within key names
+// and makes a note of each replacement in the report.
+func normalizeNodeNames(node Node, report *Report) Node {
+	if strings.Contains(node.name, "-") {
+		// TODO(crawford): Enable this message once the new validator hits stable.
+		//report.Info(node.line, fmt.Sprintf("%q uses '-' instead of '_'", node.name))
+		node.name = strings.Replace(node.name, "-", "_", -1)
+	}
+	for i := range node.children {
+		node.children[i] = normalizeNodeNames(node.children[i], report)
+	}
+	return node
+}

config/cloudinit/config/validate/validate_test.go

@@ -0,0 +1,177 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package validate
+
+import (
+	"errors"
+	"reflect"
+	"testing"
+)
+
+func TestParseCloudConfig(t *testing.T) {
+	tests := []struct {
+		config string
+
+		entries []Entry
+	}{
+		{},
+		{
+			config: "	",
+			entries: []Entry{{entryError, "found character that cannot start any token", 1}},
+		},
+		{
+			config:  "a:\na",
+			entries: []Entry{{entryError, "could not find expected ':'", 2}},
+		},
+		{
+			config:  "#hello\na:\na",
+			entries: []Entry{{entryError, "could not find expected ':'", 3}},
+		},
+	}
+
+	for _, tt := range tests {
+		r := Report{}
+		parseCloudConfig([]byte(tt.config), &r)
+
+		if e := r.Entries(); !reflect.DeepEqual(tt.entries, e) {
+			t.Errorf("bad report (%s): want %#v, got %#v", tt.config, tt.entries, e)
+		}
+	}
+}
+
+func TestValidateCloudConfig(t *testing.T) {
+	tests := []struct {
+		config string
+		rules  []rule
+
+		report Report
+		err    error
+	}{
+		{
+			rules: []rule{func(_ Node, _ *Report) { panic("something happened") }},
+			err:   errors.New("something happened"),
+		},
+		{
+			config: "write_files:\n  - permissions: 0744",
+			rules:  Rules,
+		},
+		{
+			config: "write_files:\n  - permissions: '0744'",
+			rules:  Rules,
+		},
+		{
+			config: "write_files:\n  - permissions: 744",
+			rules:  Rules,
+		},
+		{
+			config: "write_files:\n  - permissions: '744'",
+			rules:  Rules,
+		},
+		{
+			config: "coreos:\n  update:\n    reboot-strategy: off",
+			rules:  Rules,
+		},
+		{
+			config: "coreos:\n  update:\n    reboot-strategy: false",
+			rules:  Rules,
+			report: Report{entries: []Entry{{entryError, "invalid value false", 3}}},
+		},
+	}
+
+	for _, tt := range tests {
+		r, err := validateCloudConfig([]byte(tt.config), tt.rules)
+		if !reflect.DeepEqual(tt.err, err) {
+			t.Errorf("bad error (%s): want %v, got %v", tt.config, tt.err, err)
+		}
+		if !reflect.DeepEqual(tt.report, r) {
+			t.Errorf("bad report (%s): want %+v, got %+v", tt.config, tt.report, r)
+		}
+	}
+}
+
+func TestValidate(t *testing.T) {
+	tests := []struct {
+		config string
+
+		report Report
+	}{
+		{},
+		{
+			config: "#!/bin/bash\necho hey",
+		},
+		{
+			config: "{}",
+			report: Report{entries: []Entry{{entryError, `must be "#cloud-config" or begin with "#!"`, 1}}},
+		},
+		{
+			config: `{"ignitionVersion":0}`,
+		},
+		{
+			config: `{"ignitionVersion":1}`,
+		},
+	}
+
+	for i, tt := range tests {
+		r, err := Validate([]byte(tt.config))
+		if err != nil {
+			t.Errorf("bad error (case #%d): want %v, got %v", i, nil, err)
+		}
+		if !reflect.DeepEqual(tt.report, r) {
+			t.Errorf("bad report (case #%d): want %+v, got %+v", i, tt.report, r)
+		}
+	}
+}
+
+func BenchmarkValidate(b *testing.B) {
+	config := `#cloud-config
+hostname: test
+
+coreos:
+  etcd:
+    name:      node001
+    discovery: https://discovery.etcd.io/disco
+    addr:      $public_ipv4:4001
+    peer-addr: $private_ipv4:7001
+  fleet:
+    verbosity: 2
+    metadata:  "hi"
+  update:
+    reboot-strategy: off
+  units:
+    - name:    hi.service
+      command: start
+      enable:  true
+    - name:    bye.service
+      command: stop
+
+ssh_authorized_keys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0g+ZTxC7weoIJLUafOgrm+h...
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0g+ZTxC7weoIJLUafOgrm+h...
+
+users:
+  - name: me
+
+write_files:
+  - path: /etc/yes
+    content: "Hi"
+
+manage_etc_hosts: localhost`
+
+	for i := 0; i < b.N; i++ {
+		if _, err := Validate([]byte(config)); err != nil {
+			panic(err)
+		}
+	}
+}

config/cloudinit/datasource/configdrive/configdrive.go

@@ -0,0 +1,169 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package configdrive
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"syscall"
+
+	"github.com/rancher/os/log"
+
+	"github.com/docker/docker/pkg/mount"
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/util"
+)
+
+const (
+	configDevName       = "config-2"
+	configDev           = "LABEL=" + configDevName
+	configDevMountPoint = "/media/config-2"
+	openstackAPIVersion = "latest"
+)
+
+type ConfigDrive struct {
+	root                string
+	readFile            func(filename string) ([]byte, error)
+	lastError           error
+	availabilityChanges bool
+}
+
+func NewDatasource(root string) *ConfigDrive {
+	return &ConfigDrive{root, ioutil.ReadFile, nil, true}
+}
+
+func (cd *ConfigDrive) IsAvailable() bool {
+	if cd.root == configDevMountPoint {
+		cd.lastError = MountConfigDrive()
+		if cd.lastError != nil {
+			log.Error(cd.lastError)
+			// Don't keep retrying if we can't mount
+			cd.availabilityChanges = false
+			return false
+		}
+		defer cd.Finish()
+	}
+
+	_, cd.lastError = os.Stat(cd.root)
+	return !os.IsNotExist(cd.lastError)
+	// TODO: consider changing IsNotExists to not-available _and_ does not change
+}
+
+func (cd *ConfigDrive) Finish() error {
+	return UnmountConfigDrive()
+}
+
+func (cd *ConfigDrive) String() string {
+	if cd.lastError != nil {
+		return fmt.Sprintf("%s: %s (lastError: %s)", cd.Type(), cd.root, cd.lastError)
+	}
+	return fmt.Sprintf("%s: %s", cd.Type(), cd.root)
+}
+
+func (cd *ConfigDrive) AvailabilityChanges() bool {
+	return cd.availabilityChanges
+}
+
+func (cd *ConfigDrive) ConfigRoot() string {
+	return cd.openstackRoot()
+}
+
+func (cd *ConfigDrive) FetchMetadata() (metadata datasource.Metadata, err error) {
+	var data []byte
+	var m struct {
+		SSHAuthorizedKeyMap map[string]string `json:"public_keys"`
+		Hostname            string            `json:"hostname"`
+		NetworkConfig       struct {
+			ContentPath string `json:"content_path"`
+		} `json:"network_config"`
+	}
+
+	if data, err = cd.tryReadFile(path.Join(cd.openstackVersionRoot(), "meta_data.json")); err != nil || len(data) == 0 {
+		return
+	}
+	if err = json.Unmarshal([]byte(data), &m); err != nil {
+		return
+	}
+
+	metadata.SSHPublicKeys = m.SSHAuthorizedKeyMap
+	metadata.Hostname = m.Hostname
+	// TODO: I don't think we've used this for anything
+	/*	if m.NetworkConfig.ContentPath != "" {
+			metadata.NetworkConfig, err = cd.tryReadFile(path.Join(cd.openstackRoot(), m.NetworkConfig.ContentPath))
+		}
+	*/
+	return
+}
+
+func (cd *ConfigDrive) FetchUserdata() ([]byte, error) {
+	return cd.tryReadFile(path.Join(cd.openstackVersionRoot(), "user_data"))
+}
+
+func (cd *ConfigDrive) Type() string {
+	return "cloud-drive"
+}
+
+func (cd *ConfigDrive) openstackRoot() string {
+	return path.Join(cd.root, "openstack")
+}
+
+func (cd *ConfigDrive) openstackVersionRoot() string {
+	return path.Join(cd.openstackRoot(), openstackAPIVersion)
+}
+
+func (cd *ConfigDrive) tryReadFile(filename string) ([]byte, error) {
+	if cd.root == configDevMountPoint {
+		cd.lastError = MountConfigDrive()
+		if cd.lastError != nil {
+			log.Error(cd.lastError)
+			return nil, cd.lastError
+		}
+		defer cd.Finish()
+	}
+	log.Debugf("Attempting to read from %q\n", filename)
+	data, err := cd.readFile(filename)
+	if os.IsNotExist(err) {
+		err = nil
+	}
+	if err != nil {
+		log.Errorf("ERROR read cloud-config file(%s) - err: %q", filename, err)
+	}
+	return data, err
+}
+
+func MountConfigDrive() error {
+	if err := os.MkdirAll(configDevMountPoint, 700); err != nil {
+		return err
+	}
+
+	configDev := util.ResolveDevice(configDev)
+
+	if configDev == "" {
+		return mount.Mount(configDevName, configDevMountPoint, "9p", "trans=virtio,version=9p2000.L")
+	}
+
+	fsType, err := util.GetFsType(configDev)
+	if err != nil {
+		return err
+	}
+	return mount.Mount(configDev, configDevMountPoint, fsType, "ro")
+}
+
+func UnmountConfigDrive() error {
+	return syscall.Unmount(configDevMountPoint, 0)
+}

config/cloudinit/datasource/configdrive/configdrive_test.go

@@ -0,0 +1,144 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package configdrive
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/test"
+)
+
+func TestFetchMetadata(t *testing.T) {
+	for _, tt := range []struct {
+		root  string
+		files test.MockFilesystem
+
+		metadata datasource.Metadata
+	}{
+		{
+			root:  "/",
+			files: test.NewMockFilesystem(test.File{Path: "/openstack/latest/meta_data.json", Contents: ""}),
+		},
+		{
+			root:  "/",
+			files: test.NewMockFilesystem(test.File{Path: "/openstack/latest/meta_data.json", Contents: `{"ignore": "me"}`}),
+		},
+		{
+			root:     "/",
+			files:    test.NewMockFilesystem(test.File{Path: "/openstack/latest/meta_data.json", Contents: `{"hostname": "host"}`}),
+			metadata: datasource.Metadata{Hostname: "host"},
+		},
+		{
+			root: "/media/configdrive",
+			files: test.NewMockFilesystem(test.File{Path: "/media/configdrive/openstack/latest/meta_data.json", Contents: `{"hostname": "host", "network_config": {"content_path": "config_file.json"}, "public_keys":{"1": "key1", "2": "key2"}}`},
+				test.File{Path: "/media/configdrive/openstack/config_file.json", Contents: "make it work"},
+			),
+			metadata: datasource.Metadata{
+				Hostname: "host",
+				SSHPublicKeys: map[string]string{
+					"1": "key1",
+					"2": "key2",
+				},
+			},
+		},
+	} {
+		cd := ConfigDrive{tt.root, tt.files.ReadFile, nil, true}
+		metadata, err := cd.FetchMetadata()
+		if err != nil {
+			t.Fatalf("bad error for %+v: want %v, got %q", tt, nil, err)
+		}
+		if !reflect.DeepEqual(tt.metadata, metadata) {
+			t.Fatalf("bad metadata for %+v: want %#v, got %#v", tt, tt.metadata, metadata)
+		}
+	}
+}
+
+func TestFetchUserdata(t *testing.T) {
+	for _, tt := range []struct {
+		root  string
+		files test.MockFilesystem
+
+		userdata string
+	}{
+		{
+			"/",
+			test.NewMockFilesystem(),
+			"",
+		},
+		{
+			"/",
+			test.NewMockFilesystem(test.File{Path: "/openstack/latest/user_data", Contents: "userdata"}),
+			"userdata",
+		},
+		{
+			"/media/configdrive",
+			test.NewMockFilesystem(test.File{Path: "/media/configdrive/openstack/latest/user_data", Contents: "userdata"}),
+			"userdata",
+		},
+	} {
+		cd := ConfigDrive{tt.root, tt.files.ReadFile, nil, true}
+		userdata, err := cd.FetchUserdata()
+		if err != nil {
+			t.Fatalf("bad error for %+v: want %v, got %q", tt, nil, err)
+		}
+		if string(userdata) != tt.userdata {
+			t.Fatalf("bad userdata for %+v: want %q, got %q", tt, tt.userdata, userdata)
+		}
+	}
+}
+
+func TestConfigRoot(t *testing.T) {
+	for _, tt := range []struct {
+		root       string
+		configRoot string
+	}{
+		{
+			"/",
+			"/openstack",
+		},
+		{
+			"/media/configdrive",
+			"/media/configdrive/openstack",
+		},
+	} {
+		cd := ConfigDrive{tt.root, nil, nil, true}
+		if configRoot := cd.ConfigRoot(); configRoot != tt.configRoot {
+			t.Fatalf("bad config root for %q: want %q, got %q", tt, tt.configRoot, configRoot)
+		}
+	}
+}
+
+func TestNewDatasource(t *testing.T) {
+	for _, tt := range []struct {
+		root       string
+		expectRoot string
+	}{
+		{
+			root:       "",
+			expectRoot: "",
+		},
+		{
+			root:       "/media/configdrive",
+			expectRoot: "/media/configdrive",
+		},
+	} {
+		service := NewDatasource(tt.root)
+		if service.root != tt.expectRoot {
+			t.Fatalf("bad root (%q): want %q, got %q", tt.root, tt.expectRoot, service.root)
+		}
+	}
+}

config/cloudinit/datasource/datasource.go

@@ -16,6 +16,8 @@ package datasource
 
 import (
 	"net"
+
+	"github.com/rancher/os/netconf"
 )
 
 type Datasource interface {
@@ -25,14 +27,20 @@ type Datasource interface {
 	FetchMetadata() (Metadata, error)
 	FetchUserdata() ([]byte, error)
 	Type() string
+	String() string
+	// Finish gives the datasource the oportunity to clean up, unmount or release any open / cache resources
+	Finish() error
 }
 
 type Metadata struct {
-	PublicIPv4    net.IP
-	PublicIPv6    net.IP
-	PrivateIPv4   net.IP
-	PrivateIPv6   net.IP
+	// TODO: move to netconf/types.go ?
+	// see https://ahmetalpbalkan.com/blog/comparison-of-instance-metadata-services/
 	Hostname      string
 	SSHPublicKeys map[string]string
-	NetworkConfig interface{}
+	NetworkConfig netconf.NetworkConfig
+
+	PublicIPv4  net.IP
+	PublicIPv6  net.IP
+	PrivateIPv4 net.IP
+	PrivateIPv6 net.IP
 }

config/cloudinit/datasource/file/file.go

@@ -15,41 +15,51 @@
 package file
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 
-	"github.com/coreos/coreos-cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource"
 )
 
-type localFile struct {
-	path string
+type LocalFile struct {
+	path      string
+	lastError error
 }
 
-func NewDatasource(path string) *localFile {
-	return &localFile{path}
+func NewDatasource(path string) *LocalFile {
+	return &LocalFile{path, nil}
 }
 
-func (f *localFile) IsAvailable() bool {
-	_, err := os.Stat(f.path)
-	return !os.IsNotExist(err)
+func (f *LocalFile) IsAvailable() bool {
+	_, f.lastError = os.Stat(f.path)
+	return !os.IsNotExist(f.lastError)
 }
 
-func (f *localFile) AvailabilityChanges() bool {
+func (f *LocalFile) Finish() error {
+	return nil
+}
+
+func (f *LocalFile) String() string {
+	return fmt.Sprintf("%s: %s (lastError: %s)", f.Type(), f.path, f.lastError)
+}
+
+func (f *LocalFile) AvailabilityChanges() bool {
 	return true
 }
 
-func (f *localFile) ConfigRoot() string {
+func (f *LocalFile) ConfigRoot() string {
 	return ""
 }
 
-func (f *localFile) FetchMetadata() (datasource.Metadata, error) {
+func (f *LocalFile) FetchMetadata() (datasource.Metadata, error) {
 	return datasource.Metadata{}, nil
 }
 
-func (f *localFile) FetchUserdata() ([]byte, error) {
+func (f *LocalFile) FetchUserdata() ([]byte, error) {
 	return ioutil.ReadFile(f.path)
 }
 
-func (f *localFile) Type() string {
+func (f *LocalFile) Type() string {
 	return "local-file"
 }

config/cloudinit/datasource/metadata/digitalocean/metadata.go

@@ -0,0 +1,195 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package digitalocean
+
+import (
+	"encoding/json"
+	"fmt"
+	"strconv"
+
+	"github.com/rancher/os/netconf"
+
+	"net"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata"
+)
+
+const (
+	DefaultAddress = "http://169.254.169.254/"
+	apiVersion     = "metadata/v1"
+	userdataURL    = apiVersion + "/user-data"
+	metadataPath   = apiVersion + ".json"
+)
+
+type Address struct {
+	IPAddress string `json:"ip_address"`
+	Netmask   string `json:"netmask"`
+	Cidr      int    `json:"cidr"`
+	Gateway   string `json:"gateway"`
+}
+
+type Interface struct {
+	IPv4       *Address `json:"ipv4"`
+	IPv6       *Address `json:"ipv6"`
+	AnchorIPv4 *Address `json:"anchor_ipv4"`
+	MAC        string   `json:"mac"`
+	Type       string   `json:"type"`
+}
+
+type Interfaces struct {
+	Public  []Interface `json:"public"`
+	Private []Interface `json:"private"`
+}
+
+type DNS struct {
+	Nameservers []string `json:"nameservers"`
+}
+
+type Metadata struct {
+	Hostname   string     `json:"hostname"`
+	Interfaces Interfaces `json:"interfaces"`
+	PublicKeys []string   `json:"public_keys"`
+	DNS        DNS        `json:"dns"`
+}
+
+type MetadataService struct {
+	metadata.Service
+}
+
+func NewDatasource(root string) *MetadataService {
+	if root == "" {
+		root = DefaultAddress
+	}
+	return &MetadataService{Service: metadata.NewDatasource(root, apiVersion, userdataURL, metadataPath, nil)}
+}
+
+func (ms MetadataService) AvailabilityChanges() bool {
+	// TODO: if it can't find the network, maybe we can start it?
+	return false
+}
+
+// Parse IPv4 netmask written in IP form (e.g. "255.255.255.0").
+func ipmask(addr *Address) string {
+	ip := net.ParseIP(addr.IPAddress)
+	var mask net.IPMask
+	if addr.Netmask != "" {
+		mask = net.IPMask(net.ParseIP(addr.Netmask))
+	} else {
+		mask = net.CIDRMask(addr.Cidr, 32)
+	}
+	ipnet := net.IPNet{
+		IP:   ip,
+		Mask: mask,
+	}
+	return ipnet.String()
+}
+
+func (ms *MetadataService) FetchMetadata() (metadata datasource.Metadata, err error) {
+	var data []byte
+	var m Metadata
+
+	if data, err = ms.FetchData(ms.MetadataURL()); err != nil || len(data) == 0 {
+		return
+	}
+	if err = json.Unmarshal(data, &m); err != nil {
+		return
+	}
+
+	if len(m.Interfaces.Public) > 0 {
+		if m.Interfaces.Public[0].IPv4 != nil {
+			metadata.PublicIPv4 = net.ParseIP(m.Interfaces.Public[0].IPv4.IPAddress)
+		}
+		if m.Interfaces.Public[0].IPv6 != nil {
+			metadata.PublicIPv6 = net.ParseIP(m.Interfaces.Public[0].IPv6.IPAddress)
+		}
+	}
+	if len(m.Interfaces.Private) > 0 {
+		if m.Interfaces.Private[0].IPv4 != nil {
+			metadata.PrivateIPv4 = net.ParseIP(m.Interfaces.Private[0].IPv4.IPAddress)
+		}
+		if m.Interfaces.Private[0].IPv6 != nil {
+			metadata.PrivateIPv6 = net.ParseIP(m.Interfaces.Private[0].IPv6.IPAddress)
+		}
+	}
+
+	metadata.NetworkConfig.Interfaces = make(map[string]netconf.InterfaceConfig)
+
+	ethNumber := 0
+
+	for _, eth := range m.Interfaces.Public {
+		network := netconf.InterfaceConfig{}
+
+		if eth.IPv4 != nil {
+			network.Gateway = eth.IPv4.Gateway
+
+			network.Addresses = append(network.Addresses, ipmask(eth.IPv4))
+			if metadata.PublicIPv4 == nil {
+				metadata.PublicIPv4 = net.ParseIP(eth.IPv4.IPAddress)
+			}
+		}
+		if eth.AnchorIPv4 != nil {
+			network.Addresses = append(network.Addresses, ipmask(eth.AnchorIPv4))
+		}
+		if eth.IPv6 != nil {
+			network.Addresses = append(network.Addresses, fmt.Sprintf("%s/%d", eth.IPv6.IPAddress, eth.IPv6.Cidr))
+			network.GatewayIpv6 = eth.IPv6.Gateway
+			if metadata.PublicIPv6 == nil {
+				metadata.PublicIPv6 = net.ParseIP(eth.IPv6.IPAddress)
+			}
+		}
+		metadata.NetworkConfig.Interfaces[fmt.Sprintf("eth%d", ethNumber)] = network
+		ethNumber = ethNumber + 1
+	}
+
+	for _, eth := range m.Interfaces.Private {
+		network := netconf.InterfaceConfig{}
+		if eth.IPv4 != nil {
+			network.Gateway = eth.IPv4.Gateway
+
+			network.Addresses = append(network.Addresses, ipmask(eth.IPv4))
+
+			if metadata.PrivateIPv4 == nil {
+				metadata.PrivateIPv4 = net.ParseIP(eth.IPv6.IPAddress)
+			}
+		}
+		if eth.AnchorIPv4 != nil {
+			network.Addresses = append(network.Addresses, ipmask(eth.AnchorIPv4))
+		}
+		if eth.IPv6 != nil {
+			network.Addresses = append(network.Addresses, fmt.Sprintf("%s/%d", eth.IPv6.IPAddress, eth.IPv6.Cidr))
+			network.GatewayIpv6 = eth.IPv6.Gateway
+			if metadata.PrivateIPv6 == nil {
+				metadata.PrivateIPv6 = net.ParseIP(eth.IPv6.IPAddress)
+			}
+		}
+		metadata.NetworkConfig.Interfaces[fmt.Sprintf("eth%d", ethNumber)] = network
+		ethNumber = ethNumber + 1
+	}
+
+	metadata.NetworkConfig.DNS.Nameservers = m.DNS.Nameservers
+
+	metadata.Hostname = m.Hostname
+	metadata.SSHPublicKeys = map[string]string{}
+	for i, key := range m.PublicKeys {
+		metadata.SSHPublicKeys[strconv.Itoa(i)] = key
+	}
+
+	return
+}
+
+func (ms MetadataService) Type() string {
+	return "digitalocean-metadata-service"
+}

config/cloudinit/datasource/metadata/digitalocean/metadata_test.go

@@ -0,0 +1,142 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package digitalocean
+
+import (
+	"fmt"
+	"net"
+	"reflect"
+	"testing"
+
+	"github.com/rancher/os/netconf"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/test"
+	"github.com/rancher/os/config/cloudinit/pkg"
+)
+
+func TestType(t *testing.T) {
+	want := "digitalocean-metadata-service"
+	if kind := (MetadataService{}).Type(); kind != want {
+		t.Fatalf("bad type: want %q, got %q", want, kind)
+	}
+}
+
+func TestFetchMetadata(t *testing.T) {
+	for _, tt := range []struct {
+		root         string
+		metadataPath string
+		resources    map[string]string
+		expect       datasource.Metadata
+		clientErr    error
+		expectErr    error
+	}{
+		{
+			root:         "/",
+			metadataPath: "v1.json",
+			resources: map[string]string{
+				"/v1.json": "bad",
+			},
+			expectErr: fmt.Errorf("invalid character 'b' looking for beginning of value"),
+		},
+		{
+			root:         "/",
+			metadataPath: "v1.json",
+			resources: map[string]string{
+				"/v1.json": `{
+  "droplet_id": 1,
+  "user_data": "hello",
+  "vendor_data": "hello",
+  "public_keys": [
+    "publickey1",
+    "publickey2"
+  ],
+  "region": "nyc2",
+  "interfaces": {
+    "public": [
+      {
+        "ipv4": {
+          "ip_address": "192.168.1.2",
+          "netmask": "255.255.255.0",
+          "gateway": "192.168.1.1"
+        },
+        "ipv6": {
+          "ip_address": "fe00::",
+          "cidr": 126,
+          "gateway": "fe00::"
+        },
+        "mac": "ab:cd:ef:gh:ij",
+        "type": "public"
+      }
+    ]
+  }
+}`,
+			},
+			expect: datasource.Metadata{
+				PublicIPv4: net.ParseIP("192.168.1.2"),
+				PublicIPv6: net.ParseIP("fe00::"),
+				SSHPublicKeys: map[string]string{
+					"0": "publickey1",
+					"1": "publickey2",
+				},
+				NetworkConfig: netconf.NetworkConfig{
+					Interfaces: map[string]netconf.InterfaceConfig{
+						"eth0": netconf.InterfaceConfig{
+							Addresses: []string{
+								"192.168.1.2/24",
+								"fe00::/126",
+							},
+							//Netmask:  "255.255.255.0",
+							Gateway: "192.168.1.1",
+
+							//Cidr:      126,
+							GatewayIpv6: "fe00::",
+							//MAC:         "ab:cd:ef:gh:ij",
+							//Type:        "public",
+						},
+					},
+					//PublicKeys: []string{"publickey1", "publickey2"},
+				},
+			},
+		},
+		{
+			clientErr: pkg.ErrTimeout{Err: fmt.Errorf("test error")},
+			expectErr: pkg.ErrTimeout{Err: fmt.Errorf("test error")},
+		},
+	} {
+		service := &MetadataService{
+			Service: metadata.Service{
+				Root:         tt.root,
+				Client:       &test.HTTPClient{Resources: tt.resources, Err: tt.clientErr},
+				MetadataPath: tt.metadataPath,
+			},
+		}
+		metadata, err := service.FetchMetadata()
+		if Error(err) != Error(tt.expectErr) {
+			t.Fatalf("bad error (%q): \nwant %#v,\n got %#v", tt.resources, tt.expectErr, err)
+		}
+		if !reflect.DeepEqual(tt.expect, metadata) {
+			t.Fatalf("bad fetch (%q): \nwant %#v,\n got %#v", tt.resources, tt.expect, metadata)
+		}
+	}
+}
+
+func Error(err error) string {
+	if err != nil {
+		return err.Error()
+	}
+	return ""
+}

config/cloudinit/datasource/metadata/ec2/metadata.go

@@ -0,0 +1,169 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ec2
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"log"
+	"net"
+	"strings"
+
+	"github.com/rancher/os/netconf"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata"
+	"github.com/rancher/os/config/cloudinit/pkg"
+)
+
+const (
+	DefaultAddress = "http://169.254.169.254/"
+	apiVersion     = "latest/"
+	userdataPath   = apiVersion + "user-data/"
+	metadataPath   = apiVersion + "meta-data/"
+)
+
+type MetadataService struct {
+	metadata.Service
+}
+
+func NewDatasource(root string) *MetadataService {
+	if root == "" {
+		root = DefaultAddress
+	}
+	return &MetadataService{metadata.NewDatasource(root, apiVersion, userdataPath, metadataPath, nil)}
+}
+
+func (ms MetadataService) AvailabilityChanges() bool {
+	// TODO: if it can't find the network, maybe we can start it?
+	return false
+}
+
+func (ms MetadataService) FetchMetadata() (datasource.Metadata, error) {
+	// see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+	metadata := datasource.Metadata{}
+	metadata.NetworkConfig = netconf.NetworkConfig{}
+
+	if keynames, err := ms.fetchAttributes("public-keys"); err == nil {
+		keyIDs := make(map[string]string)
+		for _, keyname := range keynames {
+			tokens := strings.SplitN(keyname, "=", 2)
+			if len(tokens) != 2 {
+				return metadata, fmt.Errorf("malformed public key: %q", keyname)
+			}
+			keyIDs[tokens[1]] = tokens[0]
+		}
+
+		metadata.SSHPublicKeys = map[string]string{}
+		for name, id := range keyIDs {
+			sshkey, err := ms.fetchAttribute(fmt.Sprintf("public-keys/%s/openssh-key", id))
+			if err != nil {
+				return metadata, err
+			}
+			metadata.SSHPublicKeys[name] = sshkey
+			log.Printf("Found SSH key for %q\n", name)
+		}
+	} else if _, ok := err.(pkg.ErrNotFound); !ok {
+		return metadata, err
+	}
+
+	if hostname, err := ms.fetchAttribute("hostname"); err == nil {
+		metadata.Hostname = strings.Split(hostname, " ")[0]
+	} else if _, ok := err.(pkg.ErrNotFound); !ok {
+		return metadata, err
+	}
+
+	// TODO: these are only on the first interface - it looks like you can have as many as you need...
+	if localAddr, err := ms.fetchAttribute("local-ipv4"); err == nil {
+		metadata.PrivateIPv4 = net.ParseIP(localAddr)
+	} else if _, ok := err.(pkg.ErrNotFound); !ok {
+		return metadata, err
+	}
+	if publicAddr, err := ms.fetchAttribute("public-ipv4"); err == nil {
+		metadata.PublicIPv4 = net.ParseIP(publicAddr)
+	} else if _, ok := err.(pkg.ErrNotFound); !ok {
+		return metadata, err
+	}
+
+	metadata.NetworkConfig.Interfaces = make(map[string]netconf.InterfaceConfig)
+	if macs, err := ms.fetchAttributes("network/interfaces/macs"); err != nil {
+		for _, mac := range macs {
+			if deviceNumber, err := ms.fetchAttribute(fmt.Sprintf("network/interfaces/macs/%s/device-number", mac)); err != nil {
+				network := netconf.InterfaceConfig{
+					DHCP: true,
+				}
+				/* Looks like we must use DHCP for aws
+				// private ipv4
+				if subnetCidrBlock, err := ms.fetchAttribute(fmt.Sprintf("network/interfaces/macs/%s/subnet-ipv4-cidr-block", mac)); err != nil {
+					cidr := strings.Split(subnetCidrBlock, "/")
+					if localAddr, err := ms.fetchAttributes(fmt.Sprintf("network/interfaces/macs/%s/local-ipv4s", mac)); err != nil {
+						for _, addr := range localAddr {
+							network.Addresses = append(network.Addresses, addr+"/"+cidr[1])
+						}
+					}
+				}
+				// ipv6
+				if localAddr, err := ms.fetchAttributes(fmt.Sprintf("network/interfaces/macs/%s/ipv6s", mac)); err != nil {
+					if subnetCidrBlock, err := ms.fetchAttributes(fmt.Sprintf("network/interfaces/macs/%s/subnet-ipv6-cidr-block", mac)); err != nil {
+						for i, addr := range localAddr {
+							cidr := strings.Split(subnetCidrBlock[i], "/")
+							network.Addresses = append(network.Addresses, addr+"/"+cidr[1])
+						}
+					}
+				}
+				*/
+				// disabled - it looks to me like you don't actually put the public IP on the eth device
+				/*				if publicAddr, err := ms.fetchAttributes(fmt.Sprintf("network/interfaces/macs/%s/public-ipv4s", mac)); err != nil {
+									if vpcCidrBlock, err := ms.fetchAttribute(fmt.Sprintf("network/interfaces/macs/%s/vpc-ipv4-cidr-block", mac)); err != nil {
+										cidr := strings.Split(vpcCidrBlock, "/")
+										network.Addresses = append(network.Addresses, publicAddr+"/"+cidr[1])
+									}
+								}
+				*/
+
+				metadata.NetworkConfig.Interfaces["eth"+deviceNumber] = network
+			}
+		}
+	}
+
+	return metadata, nil
+}
+
+func (ms MetadataService) Type() string {
+	return "ec2-metadata-service"
+}
+
+func (ms MetadataService) fetchAttributes(key string) ([]string, error) {
+	url := ms.MetadataURL() + key
+	resp, err := ms.FetchData(url)
+	if err != nil {
+		return nil, err
+	}
+	scanner := bufio.NewScanner(bytes.NewBuffer(resp))
+	data := make([]string, 0)
+	for scanner.Scan() {
+		data = append(data, scanner.Text())
+	}
+	return data, scanner.Err()
+}
+
+func (ms MetadataService) fetchAttribute(key string) (string, error) {
+	attrs, err := ms.fetchAttributes(key)
+	if err == nil && len(attrs) > 0 {
+		return attrs[0], nil
+	}
+	return "", err
+}

config/cloudinit/datasource/metadata/ec2/metadata_test.go

@@ -0,0 +1,243 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ec2
+
+import (
+	"fmt"
+	"net"
+	"reflect"
+	"testing"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/test"
+	"github.com/rancher/os/config/cloudinit/pkg"
+	"github.com/rancher/os/netconf"
+)
+
+func TestType(t *testing.T) {
+	want := "ec2-metadata-service"
+	if kind := (MetadataService{}).Type(); kind != want {
+		t.Fatalf("bad type: want %q, got %q", want, kind)
+	}
+}
+
+func TestFetchAttributes(t *testing.T) {
+	for _, s := range []struct {
+		resources map[string]string
+		err       error
+		tests     []struct {
+			path string
+			val  []string
+		}
+	}{
+		{
+			resources: map[string]string{
+				"/":      "a\nb\nc/",
+				"/c/":    "d\ne/",
+				"/c/e/":  "f",
+				"/a":     "1",
+				"/b":     "2",
+				"/c/d":   "3",
+				"/c/e/f": "4",
+			},
+			tests: []struct {
+				path string
+				val  []string
+			}{
+				{"/", []string{"a", "b", "c/"}},
+				{"/b", []string{"2"}},
+				{"/c/d", []string{"3"}},
+				{"/c/e/", []string{"f"}},
+			},
+		},
+		{
+			err: fmt.Errorf("test error"),
+			tests: []struct {
+				path string
+				val  []string
+			}{
+				{"", nil},
+			},
+		},
+	} {
+		service := MetadataService{metadata.Service{
+			Client: &test.HTTPClient{Resources: s.resources, Err: s.err},
+		}}
+		for _, tt := range s.tests {
+			attrs, err := service.fetchAttributes(tt.path)
+			if err != s.err {
+				t.Fatalf("bad error for %q (%q): want %q, got %q", tt.path, s.resources, s.err, err)
+			}
+			if !reflect.DeepEqual(attrs, tt.val) {
+				t.Fatalf("bad fetch for %q (%q): want %q, got %q", tt.path, s.resources, tt.val, attrs)
+			}
+		}
+	}
+}
+
+func TestFetchAttribute(t *testing.T) {
+	for _, s := range []struct {
+		resources map[string]string
+		err       error
+		tests     []struct {
+			path string
+			val  string
+		}
+	}{
+		{
+			resources: map[string]string{
+				"/":      "a\nb\nc/",
+				"/c/":    "d\ne/",
+				"/c/e/":  "f",
+				"/a":     "1",
+				"/b":     "2",
+				"/c/d":   "3",
+				"/c/e/f": "4",
+			},
+			tests: []struct {
+				path string
+				val  string
+			}{
+				{"/a", "1"},
+				{"/b", "2"},
+				{"/c/d", "3"},
+				{"/c/e/f", "4"},
+			},
+		},
+		{
+			err: fmt.Errorf("test error"),
+			tests: []struct {
+				path string
+				val  string
+			}{
+				{"", ""},
+			},
+		},
+	} {
+		service := MetadataService{metadata.Service{
+			Client: &test.HTTPClient{Resources: s.resources, Err: s.err},
+		}}
+		for _, tt := range s.tests {
+			attr, err := service.fetchAttribute(tt.path)
+			if err != s.err {
+				t.Fatalf("bad error for %q (%q): want %q, got %q", tt.path, s.resources, s.err, err)
+			}
+			if attr != tt.val {
+				t.Fatalf("bad fetch for %q (%q): want %q, got %q", tt.path, s.resources, tt.val, attr)
+			}
+		}
+	}
+}
+
+func TestFetchMetadata(t *testing.T) {
+	for _, tt := range []struct {
+		root         string
+		metadataPath string
+		resources    map[string]string
+		expect       datasource.Metadata
+		clientErr    error
+		expectErr    error
+	}{
+		{
+			root:         "/",
+			metadataPath: "2009-04-04/meta-data/",
+			resources: map[string]string{
+				"/2009-04-04/meta-data/public-keys": "bad\n",
+			},
+			expectErr: fmt.Errorf("malformed public key: \"bad\""),
+		},
+		{
+			root:         "/",
+			metadataPath: "2009-04-04/meta-data/",
+			resources: map[string]string{
+				"/2009-04-04/meta-data/hostname":                  "host",
+				"/2009-04-04/meta-data/local-ipv4":                "1.2.3.4",
+				"/2009-04-04/meta-data/public-ipv4":               "5.6.7.8",
+				"/2009-04-04/meta-data/public-keys":               "0=test1\n",
+				"/2009-04-04/meta-data/public-keys/0":             "openssh-key",
+				"/2009-04-04/meta-data/public-keys/0/openssh-key": "key",
+			},
+			expect: datasource.Metadata{
+				Hostname:      "host",
+				PrivateIPv4:   net.ParseIP("1.2.3.4"),
+				PublicIPv4:    net.ParseIP("5.6.7.8"),
+				SSHPublicKeys: map[string]string{"test1": "key"},
+				NetworkConfig: netconf.NetworkConfig{
+					Interfaces: map[string]netconf.InterfaceConfig{
+					/*			"eth0": netconf.InterfaceConfig{
+									Addresses: []string{
+										"1.2.3.4",
+										"5.6.7.8",
+									},
+								},
+					*/},
+				},
+			},
+		},
+		{
+			root:         "/",
+			metadataPath: "2009-04-04/meta-data/",
+			resources: map[string]string{
+				"/2009-04-04/meta-data/hostname":                  "host domain another_domain",
+				"/2009-04-04/meta-data/local-ipv4":                "21.2.3.4",
+				"/2009-04-04/meta-data/public-ipv4":               "25.6.7.8",
+				"/2009-04-04/meta-data/public-keys":               "0=test1\n",
+				"/2009-04-04/meta-data/public-keys/0":             "openssh-key",
+				"/2009-04-04/meta-data/public-keys/0/openssh-key": "key",
+			},
+			expect: datasource.Metadata{
+				Hostname:      "host",
+				PrivateIPv4:   net.ParseIP("21.2.3.4"),
+				PublicIPv4:    net.ParseIP("25.6.7.8"),
+				SSHPublicKeys: map[string]string{"test1": "key"},
+				NetworkConfig: netconf.NetworkConfig{
+					Interfaces: map[string]netconf.InterfaceConfig{
+					/*						"eth0": netconf.InterfaceConfig{
+												Addresses: []string{
+													"1.2.3.4",
+													"5.6.7.8",
+												},
+											},
+					*/},
+				},
+			},
+		},
+		{
+			clientErr: pkg.ErrTimeout{Err: fmt.Errorf("test error")},
+			expectErr: pkg.ErrTimeout{Err: fmt.Errorf("test error")},
+		},
+	} {
+		service := &MetadataService{metadata.Service{
+			Root:         tt.root,
+			Client:       &test.HTTPClient{Resources: tt.resources, Err: tt.clientErr},
+			MetadataPath: tt.metadataPath,
+		}}
+		metadata, err := service.FetchMetadata()
+		if Error(err) != Error(tt.expectErr) {
+			t.Fatalf("bad error (%q): \nwant %q, \ngot %q\n", tt.resources, tt.expectErr, err)
+		}
+		if !reflect.DeepEqual(tt.expect, metadata) {
+			t.Fatalf("bad fetch (%q): \nwant %#v, \ngot %#v\n", tt.resources, tt.expect, metadata)
+		}
+	}
+}
+
+func Error(err error) string {
+	if err != nil {
+		return err.Error()
+	}
+	return ""
+}

config/cloudinit/datasource/metadata/gce/metadata.go

@@ -21,21 +21,27 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/coreos/coreos-cloudinit/datasource"
-	"github.com/coreos/coreos-cloudinit/datasource/metadata"
+	//"github.com/rancher/os/netconf"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata"
 )
 
 const (
-	apiVersion   = "computeMetadata/v1/"
-	metadataPath = apiVersion
-	userdataPath = apiVersion + "instance/attributes/user-data"
+	DefaultAddress = "http://metadata.google.internal/"
+	apiVersion     = "computeMetadata/v1/"
+	metadataPath   = apiVersion
+	userdataPath   = apiVersion + "instance/attributes/user-data"
 )
 
 type MetadataService struct {
-	metadata.MetadataService
+	metadata.Service
 }
 
 func NewDatasource(root string) *MetadataService {
+	if root == "" {
+		root = DefaultAddress
+	}
 	return &MetadataService{metadata.NewDatasource(root, apiVersion, userdataPath, metadataPath, http.Header{"Metadata-Flavor": {"Google"}})}
 }
 
@@ -61,28 +67,49 @@ func (ms MetadataService) FetchMetadata() (datasource.Metadata, error) {
 	if err != nil {
 		return datasource.Metadata{}, err
 	}
+	md := datasource.Metadata{
+		PublicIPv4:    public,
+		PrivateIPv4:   local,
+		Hostname:      hostname,
+		SSHPublicKeys: nil,
+	}
+
+	/* Disabled, using DHCP like in pre-0.9.1 - missing gateway and netmask, and testing time
+	addresses := []string{}
+	if public != nil {
+		addresses = append(addresses, public.String())
+	}
+	if local != nil {
+		addresses = append(addresses, local.String())
+	}
+	if len(addresses) > 0 {
+		network := netconf.InterfaceConfig{
+			Addresses: addresses,
+		}
+
+		md.NetworkConfig.Interfaces = make(map[string]netconf.InterfaceConfig)
+		md.NetworkConfig.Interfaces["eth0"] = network
+	}
+	*/
 
 	keyStrings := strings.Split(projectSSHKeys+"\n"+instanceSSHKeys, "\n")
 
-	sshPublicKeys := map[string]string{}
 	i := 0
 	for _, keyString := range keyStrings {
 		keySlice := strings.SplitN(keyString, ":", 2)
 		if len(keySlice) == 2 {
 			key := strings.TrimSpace(keySlice[1])
 			if key != "" {
-				sshPublicKeys[strconv.Itoa(i)] = strings.TrimSpace(keySlice[1])
+				if md.SSHPublicKeys == nil {
+					md.SSHPublicKeys = map[string]string{}
+				}
+				md.SSHPublicKeys[strconv.Itoa(i)] = strings.TrimSpace(keySlice[1])
 				i++
 			}
 		}
 	}
 
-	return datasource.Metadata{
-		PublicIPv4:    public,
-		PrivateIPv4:   local,
-		Hostname:      hostname,
-		SSHPublicKeys: sshPublicKeys,
-	}, nil
+	return md, nil
 }
 
 func (ms MetadataService) Type() string {
@@ -90,7 +117,7 @@ func (ms MetadataService) Type() string {
 }
 
 func (ms MetadataService) fetchString(key string) (string, error) {
-	data, err := ms.FetchData(ms.MetadataUrl() + key)
+	data, err := ms.FetchData(ms.MetadataURL() + key)
 	if err != nil {
 		return "", err
 	}
@@ -115,12 +142,12 @@ func (ms MetadataService) fetchIP(key string) (net.IP, error) {
 }
 
 func (ms MetadataService) FetchUserdata() ([]byte, error) {
-	data, err := ms.FetchData(ms.UserdataUrl())
+	data, err := ms.FetchData(ms.MetadataURL())
 	if err != nil {
 		return nil, err
 	}
 	if len(data) == 0 {
-		data, err = ms.FetchData(ms.MetadataUrl() + "instance/attributes/startup-script")
+		data, err = ms.FetchData(ms.MetadataURL() + "instance/attributes/startup-script")
 		if err != nil {
 			return nil, err
 		}

config/cloudinit/datasource/metadata/gce/metadata_test.go

@@ -0,0 +1,116 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package gce
+
+import (
+	"fmt"
+	"net"
+	"reflect"
+	"testing"
+
+	"github.com/rancher/os/netconf"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/test"
+	"github.com/rancher/os/config/cloudinit/pkg"
+)
+
+func TestType(t *testing.T) {
+	want := "gce-metadata-service"
+	if kind := (MetadataService{}).Type(); kind != want {
+		t.Fatalf("bad type: want %q, got %q", want, kind)
+	}
+}
+
+func TestFetchMetadata(t *testing.T) {
+	for _, tt := range []struct {
+		testName     string
+		root         string
+		metadataPath string
+		resources    map[string]string
+		expect       datasource.Metadata
+		clientErr    error
+		expectErr    error
+	}{
+		{
+			testName:     "one",
+			root:         "/",
+			metadataPath: "computeMetadata/v1/",
+			resources:    map[string]string{},
+		},
+		{
+			testName:     "two",
+			root:         "/",
+			metadataPath: "computeMetadata/v1/",
+			resources: map[string]string{
+				"/computeMetadata/v1/instance/hostname": "host",
+			},
+			expect: datasource.Metadata{
+				Hostname: "host",
+			},
+		},
+		{
+			testName:     "three",
+			root:         "/",
+			metadataPath: "computeMetadata/v1/",
+			resources: map[string]string{
+				"/computeMetadata/v1/instance/hostname":                                          "host",
+				"/computeMetadata/v1/instance/network-interfaces/0/ip":                           "1.2.3.4",
+				"/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip": "5.6.7.8",
+			},
+			expect: datasource.Metadata{
+				Hostname:    "host",
+				PrivateIPv4: net.ParseIP("1.2.3.4"),
+				PublicIPv4:  net.ParseIP("5.6.7.8"),
+				NetworkConfig: netconf.NetworkConfig{
+					Interfaces: map[string]netconf.InterfaceConfig{
+						"eth0": netconf.InterfaceConfig{
+							Addresses: []string{
+								"5.6.7.8",
+								"1.2.3.4",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			testName:  "four",
+			clientErr: pkg.ErrTimeout{Err: fmt.Errorf("test error")},
+			expectErr: pkg.ErrTimeout{Err: fmt.Errorf("test error")},
+		},
+	} {
+		service := &MetadataService{metadata.Service{
+			Root:         tt.root,
+			Client:       &test.HTTPClient{Resources: tt.resources, Err: tt.clientErr},
+			MetadataPath: tt.metadataPath,
+		}}
+		metadata, err := service.FetchMetadata()
+		if Error(err) != Error(tt.expectErr) {
+			t.Fatalf("bad error (%q): want \n%q\n, got \n%q\n", tt.resources, tt.expectErr, err)
+		}
+		if !reflect.DeepEqual(tt.expect, metadata) {
+			t.Fatalf("bad fetch %s(%q): want \n%#v\n, got \n%#v\n", tt.testName, tt.resources, tt.expect, metadata)
+		}
+	}
+}
+
+func Error(err error) string {
+	if err != nil {
+		return err.Error()
+	}
+	return ""
+}

config/cloudinit/datasource/metadata/metadata.go

@@ -15,45 +15,59 @@
 package metadata
 
 import (
+	"fmt"
 	"net/http"
 	"strings"
 
-	"github.com/coreos/coreos-cloudinit/pkg"
+	"github.com/rancher/os/config/cloudinit/pkg"
+	"github.com/rancher/os/log"
 )
 
-type MetadataService struct {
+type Service struct {
 	Root         string
 	Client       pkg.Getter
-	ApiVersion   string
+	APIVersion   string
 	UserdataPath string
 	MetadataPath string
+	lastError    error
 }
 
-func NewDatasource(root, apiVersion, userdataPath, metadataPath string, header http.Header) MetadataService {
+func NewDatasource(root, apiVersion, userdataPath, metadataPath string, header http.Header) Service {
 	if !strings.HasSuffix(root, "/") {
 		root += "/"
 	}
-	return MetadataService{root, pkg.NewHttpClientHeader(header), apiVersion, userdataPath, metadataPath}
+	return Service{root, pkg.NewHTTPClientHeader(header), apiVersion, userdataPath, metadataPath, nil}
 }
 
-func (ms MetadataService) IsAvailable() bool {
-	_, err := ms.Client.Get(ms.Root + ms.ApiVersion)
-	return (err == nil)
+func (ms Service) IsAvailable() bool {
+	_, ms.lastError = ms.Client.Get(ms.Root + ms.APIVersion)
+	if ms.lastError != nil {
+		log.Errorf("%s: %s (lastError: %s)", "IsAvailable", ms.Root+":"+ms.UserdataPath, ms.lastError)
+	}
+	return (ms.lastError == nil)
 }
 
-func (ms MetadataService) AvailabilityChanges() bool {
+func (ms *Service) Finish() error {
+	return nil
+}
+
+func (ms *Service) String() string {
+	return fmt.Sprintf("%s: %s (lastError: %s)", "metadata", ms.Root+ms.UserdataPath, ms.lastError)
+}
+
+func (ms Service) AvailabilityChanges() bool {
 	return true
 }
 
-func (ms MetadataService) ConfigRoot() string {
+func (ms Service) ConfigRoot() string {
 	return ms.Root
 }
 
-func (ms MetadataService) FetchUserdata() ([]byte, error) {
-	return ms.FetchData(ms.UserdataUrl())
+func (ms Service) FetchUserdata() ([]byte, error) {
+	return ms.FetchData(ms.UserdataURL())
 }
 
-func (ms MetadataService) FetchData(url string) ([]byte, error) {
+func (ms Service) FetchData(url string) ([]byte, error) {
 	if data, err := ms.Client.GetRetry(url); err == nil {
 		return data, err
 	} else if _, ok := err.(pkg.ErrNotFound); ok {
@@ -63,10 +77,10 @@ func (ms MetadataService) FetchData(url string) ([]byte, error) {
 	}
 }
 
-func (ms MetadataService) MetadataUrl() string {
+func (ms Service) MetadataURL() string {
 	return (ms.Root + ms.MetadataPath)
 }
 
-func (ms MetadataService) UserdataUrl() string {
+func (ms Service) UserdataURL() string {
 	return (ms.Root + ms.UserdataPath)
 }

config/cloudinit/datasource/metadata/metadata_test.go

@@ -0,0 +1,185 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metadata
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+
+	"github.com/rancher/os/config/cloudinit/datasource/metadata/test"
+	"github.com/rancher/os/config/cloudinit/pkg"
+)
+
+func TestAvailabilityChanges(t *testing.T) {
+	want := true
+	if ac := (Service{}).AvailabilityChanges(); ac != want {
+		t.Fatalf("bad AvailabilityChanges: want %t, got %t", want, ac)
+	}
+}
+
+func TestIsAvailable(t *testing.T) {
+	for _, tt := range []struct {
+		root       string
+		apiVersion string
+		resources  map[string]string
+		expect     bool
+	}{
+		{
+			root:       "/",
+			apiVersion: "2009-04-04",
+			resources: map[string]string{
+				"/2009-04-04": "",
+			},
+			expect: true,
+		},
+		{
+			root:      "/",
+			resources: map[string]string{},
+			expect:    false,
+		},
+	} {
+		service := &Service{
+			Root:       tt.root,
+			Client:     &test.HTTPClient{Resources: tt.resources, Err: nil},
+			APIVersion: tt.apiVersion,
+		}
+		if a := service.IsAvailable(); a != tt.expect {
+			t.Fatalf("bad isAvailable (%q): want %t, got %t", tt.resources, tt.expect, a)
+		}
+	}
+}
+
+func TestFetchUserdata(t *testing.T) {
+	for _, tt := range []struct {
+		root         string
+		userdataPath string
+		resources    map[string]string
+		userdata     []byte
+		clientErr    error
+		expectErr    error
+	}{
+		{
+			root:         "/",
+			userdataPath: "2009-04-04/user-data",
+			resources: map[string]string{
+				"/2009-04-04/user-data": "hello",
+			},
+			userdata: []byte("hello"),
+		},
+		{
+			root:      "/",
+			clientErr: pkg.ErrNotFound{Err: fmt.Errorf("test not found error")},
+			userdata:  []byte{},
+		},
+		{
+			root:      "/",
+			clientErr: pkg.ErrTimeout{Err: fmt.Errorf("test timeout error")},
+			expectErr: pkg.ErrTimeout{Err: fmt.Errorf("test timeout error")},
+		},
+	} {
+		service := &Service{
+			Root:         tt.root,
+			Client:       &test.HTTPClient{Resources: tt.resources, Err: tt.clientErr},
+			UserdataPath: tt.userdataPath,
+		}
+		data, err := service.FetchUserdata()
+		if Error(err) != Error(tt.expectErr) {
+			t.Fatalf("bad error (%q): want %q, got %q", tt.resources, tt.expectErr, err)
+		}
+		if !bytes.Equal(data, tt.userdata) {
+			t.Fatalf("bad userdata (%q): want %q, got %q", tt.resources, tt.userdata, data)
+		}
+	}
+}
+
+func TestURLs(t *testing.T) {
+	for _, tt := range []struct {
+		root         string
+		userdataPath string
+		metadataPath string
+		expectRoot   string
+		userdata     string
+		metadata     string
+	}{
+		{
+			root:         "/",
+			userdataPath: "2009-04-04/user-data",
+			metadataPath: "2009-04-04/meta-data",
+			expectRoot:   "/",
+			userdata:     "/2009-04-04/user-data",
+			metadata:     "/2009-04-04/meta-data",
+		},
+		{
+			root:         "http://169.254.169.254/",
+			userdataPath: "2009-04-04/user-data",
+			metadataPath: "2009-04-04/meta-data",
+			expectRoot:   "http://169.254.169.254/",
+			userdata:     "http://169.254.169.254/2009-04-04/user-data",
+			metadata:     "http://169.254.169.254/2009-04-04/meta-data",
+		},
+	} {
+		service := &Service{
+			Root:         tt.root,
+			UserdataPath: tt.userdataPath,
+			MetadataPath: tt.metadataPath,
+		}
+		if url := service.UserdataURL(); url != tt.userdata {
+			t.Fatalf("bad url (%q): want %q, got %q", tt.root, tt.userdata, url)
+		}
+		if url := service.MetadataURL(); url != tt.metadata {
+			t.Fatalf("bad url (%q): want %q, got %q", tt.root, tt.metadata, url)
+		}
+		if url := service.ConfigRoot(); url != tt.expectRoot {
+			t.Fatalf("bad url (%q): want %q, got %q", tt.root, tt.expectRoot, url)
+		}
+	}
+}
+
+func TestNewDatasource(t *testing.T) {
+	for _, tt := range []struct {
+		root       string
+		expectRoot string
+	}{
+		{
+			root:       "",
+			expectRoot: "/",
+		},
+		{
+			root:       "/",
+			expectRoot: "/",
+		},
+		{
+			root:       "http://169.254.169.254",
+			expectRoot: "http://169.254.169.254/",
+		},
+		{
+			root:       "http://169.254.169.254/",
+			expectRoot: "http://169.254.169.254/",
+		},
+	} {
+		service := NewDatasource(tt.root, "", "", "", nil)
+		if service.Root != tt.expectRoot {
+			t.Fatalf("bad root (%q): want %q, got %q", tt.root, tt.expectRoot, service.Root)
+		}
+	}
+}
+
+func Error(err error) string {
+	if err != nil {
+		return err.Error()
+	}
+	return ""
+}

config/cloudinit/datasource/metadata/packet/metadata.go

@@ -0,0 +1,144 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package packet
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/metadata"
+	"github.com/rancher/os/log"
+	"github.com/rancher/os/netconf"
+
+	yaml "github.com/cloudfoundry-incubator/candiedyaml"
+	packetMetadata "github.com/packethost/packngo/metadata"
+)
+
+const (
+	DefaultAddress = "https://metadata.packet.net/"
+	apiVersion     = ""
+	userdataURL    = "userdata"
+	metadataPath   = "metadata"
+)
+
+type MetadataService struct {
+	metadata.Service
+}
+
+func NewDatasource(root string) *MetadataService {
+	if root == "" {
+		root = DefaultAddress
+	}
+
+	return &MetadataService{Service: metadata.NewDatasource(root, apiVersion, userdataURL, metadataPath, nil)}
+}
+
+func (ms *MetadataService) FetchMetadata() (metadata datasource.Metadata, err error) {
+	c := packetMetadata.NewClient(http.DefaultClient)
+	m, err := c.Metadata.Get()
+	if err != nil {
+		log.Errorf("Failed to get Packet metadata: %v", err)
+		return
+	}
+
+	bondCfg := netconf.InterfaceConfig{
+		Addresses: []string{},
+		BondOpts: map[string]string{
+			"lacp_rate":        "1",
+			"xmit_hash_policy": "layer3+4",
+			"downdelay":        "200",
+			"updelay":          "200",
+			"miimon":           "100",
+			"mode":             "4",
+		},
+	}
+	netCfg := netconf.NetworkConfig{
+		Interfaces: map[string]netconf.InterfaceConfig{},
+	}
+	for _, iface := range m.Network.Interfaces {
+		netCfg.Interfaces["mac="+iface.Mac] = netconf.InterfaceConfig{
+			Bond: "bond0",
+		}
+	}
+	for _, addr := range m.Network.Addresses {
+		bondCfg.Addresses = append(bondCfg.Addresses, fmt.Sprintf("%s/%d", addr.Address, addr.Cidr))
+		if addr.Gateway != "" {
+			if addr.AddressFamily == 4 {
+				if addr.Public {
+					bondCfg.Gateway = addr.Gateway
+				}
+			} else {
+				bondCfg.GatewayIpv6 = addr.Gateway
+			}
+		}
+
+		if addr.AddressFamily == 4 && strings.HasPrefix(addr.Gateway, "10.") {
+			bondCfg.PostUp = append(bondCfg.PostUp, "ip route add 10.0.0.0/8 via "+addr.Gateway)
+		}
+	}
+
+	netCfg.Interfaces["bond0"] = bondCfg
+	b, _ := yaml.Marshal(netCfg)
+	log.Debugf("Generated network config: %s", string(b))
+
+	// the old code	var data []byte
+	/*	var m Metadata
+
+		if data, err = ms.FetchData(ms.MetadataURL()); err != nil || len(data) == 0 {
+			return
+		}
+
+		if err = json.Unmarshal(data, &m); err != nil {
+			return
+		}
+
+		if len(m.NetworkData.Netblocks) > 0 {
+			for _, Netblock := range m.NetworkData.Netblocks {
+				if Netblock.AddressFamily == 4 {
+					if Netblock.Public == true {
+						metadata.PublicIPv4 = Netblock.Address
+					} else {
+						metadata.PrivateIPv4 = Netblock.Address
+					}
+				} else {
+					metadata.PublicIPv6 = Netblock.Address
+				}
+			}
+		}
+	*/
+	metadata.Hostname = m.Hostname
+	metadata.SSHPublicKeys = map[string]string{}
+	for i, key := range m.SshKeys {
+		metadata.SSHPublicKeys[strconv.Itoa(i)] = key
+	}
+
+	metadata.NetworkConfig = netCfg
+
+	// This is not really the right place - perhaps we should add a call-home function in each datasource to be called after the network is applied
+	//(see the original in cmd/cloudsave/packet)
+	if _, err = http.Post(m.PhoneHomeURL, "application/json", bytes.NewReader([]byte{})); err != nil {
+		log.Errorf("Failed to post to Packet phone home URL: %v", err)
+	}
+
+	return
+}
+
+func (ms MetadataService) Type() string {
+	return "packet-metadata-service"
+}

config/cloudinit/datasource/metadata/test/test.go

@@ -0,0 +1,40 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package test
+
+import (
+	"fmt"
+
+	"github.com/rancher/os/config/cloudinit/pkg"
+)
+
+type HTTPClient struct {
+	Resources map[string]string
+	Err       error
+}
+
+func (t *HTTPClient) GetRetry(url string) ([]byte, error) {
+	if t.Err != nil {
+		return nil, t.Err
+	}
+	if val, ok := t.Resources[url]; ok {
+		return []byte(val), nil
+	}
+	return nil, pkg.ErrNotFound{fmt.Errorf("not found: %q", url)}
+}
+
+func (t *HTTPClient) Get(url string) ([]byte, error) {
+	return t.GetRetry(url)
+}

config/cloudinit/datasource/proccmdline/proc_cmdline.go

@@ -12,16 +12,18 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package proc_cmdline
+package proccmdline
 
 import (
 	"errors"
+	"fmt"
 	"io/ioutil"
-	"log"
 	"strings"
 
-	"github.com/coreos/coreos-cloudinit/datasource"
-	"github.com/coreos/coreos-cloudinit/pkg"
+	"github.com/rancher/os/log"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/pkg"
 )
 
 const (
@@ -29,38 +31,48 @@ const (
 	ProcCmdlineCloudConfigFlag = "cloud-config-url"
 )
 
-type procCmdline struct {
-	Location string
+type ProcCmdline struct {
+	Location  string
+	lastError error
 }
 
-func NewDatasource() *procCmdline {
-	return &procCmdline{Location: ProcCmdlineLocation}
+func NewDatasource() *ProcCmdline {
+	return &ProcCmdline{Location: ProcCmdlineLocation}
 }
 
-func (c *procCmdline) IsAvailable() bool {
-	contents, err := ioutil.ReadFile(c.Location)
-	if err != nil {
+func (c *ProcCmdline) IsAvailable() bool {
+	var contents []byte
+	contents, c.lastError = ioutil.ReadFile(c.Location)
+	if c.lastError != nil {
 		return false
 	}
 
 	cmdline := strings.TrimSpace(string(contents))
-	_, err = findCloudConfigURL(cmdline)
-	return (err == nil)
+	_, c.lastError = findCloudConfigURL(cmdline)
+	return (c.lastError == nil)
 }
 
-func (c *procCmdline) AvailabilityChanges() bool {
+func (c *ProcCmdline) Finish() error {
+	return nil
+}
+
+func (c *ProcCmdline) String() string {
+	return fmt.Sprintf("%s: %s (lastError: %s)", c.Type(), c.Location, c.lastError)
+}
+
+func (c *ProcCmdline) AvailabilityChanges() bool {
 	return false
 }
 
-func (c *procCmdline) ConfigRoot() string {
+func (c *ProcCmdline) ConfigRoot() string {
 	return ""
 }
 
-func (c *procCmdline) FetchMetadata() (datasource.Metadata, error) {
+func (c *ProcCmdline) FetchMetadata() (datasource.Metadata, error) {
 	return datasource.Metadata{}, nil
 }
 
-func (c *procCmdline) FetchUserdata() ([]byte, error) {
+func (c *ProcCmdline) FetchUserdata() ([]byte, error) {
 	contents, err := ioutil.ReadFile(c.Location)
 	if err != nil {
 		return nil, err
@@ -72,7 +84,7 @@ func (c *procCmdline) FetchUserdata() ([]byte, error) {
 		return nil, err
 	}
 
-	client := pkg.NewHttpClient()
+	client := pkg.NewHTTPClient()
 	cfg, err := client.GetRetry(url)
 	if err != nil {
 		return nil, err
@@ -81,7 +93,7 @@ func (c *procCmdline) FetchUserdata() ([]byte, error) {
 	return cfg, nil
 }
 
-func (c *procCmdline) Type() string {
+func (c *ProcCmdline) Type() string {
 	return "proc-cmdline"
 }
 

config/cloudinit/datasource/proccmdline/proc_cmdline_test.go

@@ -0,0 +1,102 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proccmdline
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+)
+
+func TestParseCmdlineCloudConfigFound(t *testing.T) {
+	tests := []struct {
+		input  string
+		expect string
+	}{
+		{
+			"cloud-config-url=example.com",
+			"example.com",
+		},
+		{
+			"cloud_config_url=example.com",
+			"example.com",
+		},
+		{
+			"cloud-config-url cloud-config-url=example.com",
+			"example.com",
+		},
+		{
+			"cloud-config-url= cloud-config-url=example.com",
+			"example.com",
+		},
+		{
+			"cloud-config-url=one.example.com cloud-config-url=two.example.com",
+			"two.example.com",
+		},
+		{
+			"foo=bar cloud-config-url=example.com ping=pong",
+			"example.com",
+		},
+	}
+
+	for i, tt := range tests {
+		output, err := findCloudConfigURL(tt.input)
+		if output != tt.expect {
+			t.Errorf("Test case %d failed: %s != %s", i, output, tt.expect)
+		}
+		if err != nil {
+			t.Errorf("Test case %d produced error: %v", i, err)
+		}
+	}
+}
+
+func TestProcCmdlineAndFetchConfig(t *testing.T) {
+
+	var (
+		ProcCmdlineTmpl    = "foo=bar cloud-config-url=%s/config\n"
+		CloudConfigContent = "#cloud-config\n"
+	)
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == "GET" && r.RequestURI == "/config" {
+			fmt.Fprint(w, CloudConfigContent)
+		}
+	}))
+	defer ts.Close()
+
+	file, err := ioutil.TempFile(os.TempDir(), "test_proc_cmdline")
+	defer os.Remove(file.Name())
+	if err != nil {
+		t.Errorf("Test produced error: %v", err)
+	}
+	_, err = file.Write([]byte(fmt.Sprintf(ProcCmdlineTmpl, ts.URL)))
+	if err != nil {
+		t.Errorf("Test produced error: %v", err)
+	}
+
+	p := NewDatasource()
+	p.Location = file.Name()
+	cfg, err := p.FetchUserdata()
+	if err != nil {
+		t.Errorf("Test produced error: %v", err)
+	}
+
+	if string(cfg) != CloudConfigContent {
+		t.Errorf("Test failed, response body: %s != %s", cfg, CloudConfigContent)
+	}
+}

config/cloudinit/datasource/test/filesystem.go

@@ -0,0 +1,57 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package test
+
+import (
+	"fmt"
+	"os"
+	"path"
+)
+
+type MockFilesystem map[string]File
+
+type File struct {
+	Path      string
+	Contents  string
+	Directory bool
+}
+
+func (m MockFilesystem) ReadFile(filename string) ([]byte, error) {
+	if f, ok := m[path.Clean(filename)]; ok {
+		if f.Directory {
+			return nil, fmt.Errorf("read %s: is a directory", filename)
+		}
+		return []byte(f.Contents), nil
+	}
+	return nil, os.ErrNotExist
+}
+
+func NewMockFilesystem(files ...File) MockFilesystem {
+	fs := MockFilesystem{}
+	for _, file := range files {
+		fs[file.Path] = file
+
+		// Create the directories leading up to the file
+		p := path.Dir(file.Path)
+		for p != "/" && p != "." {
+			if f, ok := fs[p]; ok && !f.Directory {
+				panic(fmt.Sprintf("%q already exists and is not a directory (%#v)", p, f))
+			}
+			fs[p] = File{Path: p, Directory: true}
+			p = path.Dir(p)
+		}
+	}
+	return fs
+}

config/cloudinit/datasource/test/filesystem_test.go

@@ -0,0 +1,115 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package test
+
+import (
+	"errors"
+	"os"
+	"reflect"
+	"testing"
+)
+
+func TestReadFile(t *testing.T) {
+	tests := []struct {
+		filesystem MockFilesystem
+
+		filename string
+		contents string
+		err      error
+	}{
+		{
+			filename: "dne",
+			err:      os.ErrNotExist,
+		},
+		{
+			filesystem: MockFilesystem{
+				"exists": File{Contents: "hi"},
+			},
+			filename: "exists",
+			contents: "hi",
+		},
+		{
+			filesystem: MockFilesystem{
+				"dir": File{Directory: true},
+			},
+			filename: "dir",
+			err:      errors.New("read dir: is a directory"),
+		},
+	}
+
+	for i, tt := range tests {
+		contents, err := tt.filesystem.ReadFile(tt.filename)
+		if tt.contents != string(contents) {
+			t.Errorf("bad contents (test %d): want %q, got %q", i, tt.contents, string(contents))
+		}
+		if !reflect.DeepEqual(tt.err, err) {
+			t.Errorf("bad error (test %d): want %v, got %v", i, tt.err, err)
+		}
+	}
+}
+
+func TestNewMockFilesystem(t *testing.T) {
+	tests := []struct {
+		files []File
+
+		filesystem MockFilesystem
+	}{
+		{
+			filesystem: MockFilesystem{},
+		},
+		{
+			files: []File{{Path: "file"}},
+			filesystem: MockFilesystem{
+				"file": File{Path: "file"},
+			},
+		},
+		{
+			files: []File{{Path: "/file"}},
+			filesystem: MockFilesystem{
+				"/file": File{Path: "/file"},
+			},
+		},
+		{
+			files: []File{{Path: "/dir/file"}},
+			filesystem: MockFilesystem{
+				"/dir":      File{Path: "/dir", Directory: true},
+				"/dir/file": File{Path: "/dir/file"},
+			},
+		},
+		{
+			files: []File{{Path: "/dir/dir/file"}},
+			filesystem: MockFilesystem{
+				"/dir":          File{Path: "/dir", Directory: true},
+				"/dir/dir":      File{Path: "/dir/dir", Directory: true},
+				"/dir/dir/file": File{Path: "/dir/dir/file"},
+			},
+		},
+		{
+			files: []File{{Path: "/dir/dir/dir", Directory: true}},
+			filesystem: MockFilesystem{
+				"/dir":         File{Path: "/dir", Directory: true},
+				"/dir/dir":     File{Path: "/dir/dir", Directory: true},
+				"/dir/dir/dir": File{Path: "/dir/dir/dir", Directory: true},
+			},
+		},
+	}
+
+	for i, tt := range tests {
+		filesystem := NewMockFilesystem(tt.files...)
+		if !reflect.DeepEqual(tt.filesystem, filesystem) {
+			t.Errorf("bad filesystem (test %d): want %#v, got %#v", i, tt.filesystem, filesystem)
+		}
+	}
+}

config/cloudinit/datasource/url/url.go

@@ -0,0 +1,76 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package url
+
+import (
+	"fmt"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/pkg"
+)
+
+type RemoteFile struct {
+	url       string
+	lastError error
+}
+
+func NewDatasource(url string) *RemoteFile {
+	return &RemoteFile{url, nil}
+}
+
+func (f *RemoteFile) IsAvailable() bool {
+	client := pkg.NewHTTPClient()
+	_, f.lastError = client.Get(f.url)
+	return (f.lastError == nil)
+}
+
+func (f *RemoteFile) Finish() error {
+	return nil
+}
+
+func (f *RemoteFile) String() string {
+	return fmt.Sprintf("%s: %s (lastError: %s)", f.Type(), f.url, f.lastError)
+}
+
+func (f *RemoteFile) AvailabilityChanges() bool {
+	return false
+	// TODO: we should trigger something to change the network state
+	/*	if f.lastError != nil {
+			// if we have a Network error, then we should retry.
+			// otherwise, we've made a request to the server, and its said nope.
+			if _, ok := f.lastError.(pkg.ErrNetwork); !ok {
+				return false
+			}
+		}
+		return true
+	*/
+}
+
+func (f *RemoteFile) ConfigRoot() string {
+	return ""
+}
+
+func (f *RemoteFile) FetchMetadata() (datasource.Metadata, error) {
+	return datasource.Metadata{}, nil
+}
+
+func (f *RemoteFile) FetchUserdata() ([]byte, error) {
+	client := pkg.NewHTTPClient()
+	return client.GetRetry(f.url)
+}
+
+func (f *RemoteFile) Type() string {
+	return "url"
+}

config/cloudinit/datasource/vmware/vmware.go

@@ -0,0 +1,168 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package vmware
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/rancher/os/config/cloudinit/config"
+	"github.com/rancher/os/config/cloudinit/datasource"
+)
+
+type readConfigFunction func(key string) (string, error)
+type urlDownloadFunction func(url string) ([]byte, error)
+
+type VMWare struct {
+	ovfFileName string
+	readConfig  readConfigFunction
+	urlDownload urlDownloadFunction
+	lastError   error
+}
+
+func (v VMWare) Finish() error {
+	return nil
+}
+
+func (v VMWare) String() string {
+	return fmt.Sprintf("%s: %s (lastError: %s)", v.Type(), v.ovfFileName, v.lastError)
+}
+
+func (v VMWare) AvailabilityChanges() bool {
+	return false
+}
+
+func (v VMWare) ConfigRoot() string {
+	return "/"
+}
+
+func (v VMWare) FetchMetadata() (metadata datasource.Metadata, err error) {
+	metadata.Hostname, _ = v.readConfig("hostname")
+
+	netconf := map[string]string{}
+	saveConfig := func(key string, args ...interface{}) string {
+		key = fmt.Sprintf(key, args...)
+		val, _ := v.readConfig(key)
+		if val != "" {
+			netconf[key] = val
+		}
+		return val
+	}
+
+	for i := 0; ; i++ {
+		if nameserver := saveConfig("dns.server.%d", i); nameserver == "" {
+			break
+		}
+	}
+
+	for i := 0; ; i++ {
+		if domain := saveConfig("dns.domain.%d", i); domain == "" {
+			break
+		}
+	}
+
+	found := true
+	for i := 0; found; i++ {
+		found = false
+
+		found = (saveConfig("interface.%d.name", i) != "") || found
+		found = (saveConfig("interface.%d.mac", i) != "") || found
+		found = (saveConfig("interface.%d.dhcp", i) != "") || found
+
+		role, _ := v.readConfig(fmt.Sprintf("interface.%d.role", i))
+		for a := 0; ; a++ {
+			address := saveConfig("interface.%d.ip.%d.address", i, a)
+			if address == "" {
+				break
+			} else {
+				found = true
+			}
+
+			ip, _, err := net.ParseCIDR(address)
+			if err != nil {
+				return metadata, err
+			}
+
+			switch role {
+			case "public":
+				if ip.To4() != nil {
+					metadata.PublicIPv4 = ip
+				} else {
+					metadata.PublicIPv6 = ip
+				}
+			case "private":
+				if ip.To4() != nil {
+					metadata.PrivateIPv4 = ip
+				} else {
+					metadata.PrivateIPv6 = ip
+				}
+			case "":
+			default:
+				return metadata, fmt.Errorf("unrecognized role: %q", role)
+			}
+		}
+
+		for r := 0; ; r++ {
+			gateway := saveConfig("interface.%d.route.%d.gateway", i, r)
+			destination := saveConfig("interface.%d.route.%d.destination", i, r)
+
+			if gateway == "" && destination == "" {
+				break
+			} else {
+				found = true
+			}
+		}
+	}
+	//	metadata.NetworkConfig = netconf
+
+	return
+}
+
+func (v VMWare) FetchUserdata() ([]byte, error) {
+	encoding, err := v.readConfig("coreos.config.data.encoding")
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := v.readConfig("coreos.config.data")
+	if err != nil {
+		return nil, err
+	}
+
+	// Try to fallback to url if no explicit data
+	if data == "" {
+		url, err := v.readConfig("coreos.config.url")
+		if err != nil {
+			return nil, err
+		}
+
+		if url != "" {
+			rawData, err := v.urlDownload(url)
+			if err != nil {
+				return nil, err
+			}
+			data = string(rawData)
+		}
+	}
+
+	if encoding != "" {
+		return config.DecodeContent(data, encoding)
+	}
+	return []byte(data), nil
+}
+
+func (v VMWare) Type() string {
+	return "VMWare"
+}

config/cloudinit/datasource/vmware/vmware_amd64.go

@@ -0,0 +1,102 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package vmware
+
+import (
+	"io/ioutil"
+	"os"
+
+	"github.com/rancher/os/log"
+
+	"github.com/rancher/os/config/cloudinit/pkg"
+
+	"github.com/sigma/vmw-guestinfo/rpcvmx"
+	"github.com/sigma/vmw-guestinfo/vmcheck"
+	ovf "github.com/sigma/vmw-ovflib"
+)
+
+type ovfWrapper struct {
+	env *ovf.OvfEnvironment
+}
+
+func (ovf ovfWrapper) readConfig(key string) (string, error) {
+	return ovf.env.Properties["guestinfo."+key], nil
+}
+
+func NewDatasource(fileName string) *VMWare {
+	// read from provided ovf environment document (typically /media/ovfenv/ovf-env.xml)
+	if fileName != "" {
+		log.Printf("Using OVF environment from %s\n", fileName)
+		ovfEnv, err := ioutil.ReadFile(fileName)
+		if err != nil {
+			ovfEnv = make([]byte, 0)
+		}
+		return &VMWare{
+			ovfFileName: fileName,
+			readConfig:  getOvfReadConfig(ovfEnv),
+			urlDownload: urlDownload,
+		}
+	}
+
+	// try to read ovf environment from VMware tools
+	data, err := readConfig("ovfenv")
+	if err == nil && data != "" {
+		log.Printf("Using OVF environment from guestinfo\n")
+		return &VMWare{
+			readConfig:  getOvfReadConfig([]byte(data)),
+			urlDownload: urlDownload,
+		}
+	}
+
+	// if everything fails, fallback to directly reading variables from the backdoor
+	log.Printf("Using guestinfo variables\n")
+	return &VMWare{
+		readConfig:  readConfig,
+		urlDownload: urlDownload,
+	}
+}
+
+func (v VMWare) IsAvailable() bool {
+	if v.ovfFileName != "" {
+		_, v.lastError = os.Stat(v.ovfFileName)
+		return !os.IsNotExist(v.lastError)
+	}
+	return vmcheck.IsVirtualWorld()
+}
+
+func readConfig(key string) (string, error) {
+	data, err := rpcvmx.NewConfig().String(key, "")
+	if err == nil {
+		log.Printf("Read from %q: %q\n", key, data)
+	} else {
+		log.Printf("Failed to read from %q: %v\n", key, err)
+	}
+	return data, err
+}
+
+func getOvfReadConfig(ovfEnv []byte) readConfigFunction {
+	env := &ovf.OvfEnvironment{}
+	if len(ovfEnv) != 0 {
+		env = ovf.ReadEnvironment(ovfEnv)
+	}
+
+	wrapper := ovfWrapper{env}
+	return wrapper.readConfig
+}
+
+func urlDownload(url string) ([]byte, error) {
+	client := pkg.NewHTTPClient()
+	return client.GetRetry(url)
+}

config/cloudinit/datasource/vmware/vmware_test.go

@@ -0,0 +1,299 @@
+// +build amd64
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package vmware
+
+import (
+	"errors"
+	"io/ioutil"
+	"net"
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+)
+
+type MockHypervisor map[string]string
+
+func (h MockHypervisor) ReadConfig(key string) (string, error) {
+	return h[key], nil
+}
+
+var fakeDownloader urlDownloadFunction = func(url string) ([]byte, error) {
+	mapping := map[string]struct {
+		data []byte
+		err  error
+	}{
+		"http://good.example.com": {[]byte("test config"), nil},
+		"http://bad.example.com":  {nil, errors.New("Not found")},
+	}
+	val := mapping[url]
+	return val.data, val.err
+}
+
+func TestFetchMetadata(t *testing.T) {
+	tests := []struct {
+		variables MockHypervisor
+
+		metadata datasource.Metadata
+		err      error
+	}{
+		{
+			variables: map[string]string{
+				"interface.0.mac":  "test mac",
+				"interface.0.dhcp": "yes",
+			},
+			metadata: datasource.Metadata{
+			//				NetworkConfig: map[string]string{
+			//					"interface.0.mac":  "test mac",
+			//					"interface.0.dhcp": "yes",
+			//				},
+			},
+		},
+		{
+			variables: map[string]string{
+				"interface.0.name": "test name",
+				"interface.0.dhcp": "yes",
+			},
+			metadata: datasource.Metadata{
+			//				NetworkConfig: map[string]string{
+			//					"interface.0.name": "test name",
+			//					"interface.0.dhcp": "yes",
+			//				},
+			},
+		},
+		{
+			variables: map[string]string{
+				"hostname":                        "test host",
+				"interface.0.mac":                 "test mac",
+				"interface.0.role":                "private",
+				"interface.0.ip.0.address":        "fe00::100/64",
+				"interface.0.route.0.gateway":     "fe00::1",
+				"interface.0.route.0.destination": "::",
+			},
+			metadata: datasource.Metadata{
+				Hostname:    "test host",
+				PrivateIPv6: net.ParseIP("fe00::100"),
+				//				NetworkConfig: map[string]string{
+				//					"interface.0.mac":                 "test mac",
+				//					"interface.0.ip.0.address":        "fe00::100/64",
+				//					"interface.0.route.0.gateway":     "fe00::1",
+				//					"interface.0.route.0.destination": "::",
+				//				},
+			},
+		},
+		{
+			variables: map[string]string{
+				"hostname":                        "test host",
+				"interface.0.name":                "test name",
+				"interface.0.role":                "public",
+				"interface.0.ip.0.address":        "10.0.0.100/24",
+				"interface.0.ip.1.address":        "10.0.0.101/24",
+				"interface.0.route.0.gateway":     "10.0.0.1",
+				"interface.0.route.0.destination": "0.0.0.0",
+				"interface.1.mac":                 "test mac",
+				"interface.1.role":                "private",
+				"interface.1.route.0.gateway":     "10.0.0.2",
+				"interface.1.route.0.destination": "0.0.0.0",
+				"interface.1.ip.0.address":        "10.0.0.102/24",
+			},
+			metadata: datasource.Metadata{
+				Hostname:    "test host",
+				PublicIPv4:  net.ParseIP("10.0.0.101"),
+				PrivateIPv4: net.ParseIP("10.0.0.102"),
+				//				NetworkConfig: map[string]string{
+				//					"interface.0.name":                "test name",
+				//					"interface.0.ip.0.address":        "10.0.0.100/24",
+				//					"interface.0.ip.1.address":        "10.0.0.101/24",
+				//					"interface.0.route.0.gateway":     "10.0.0.1",
+				//					"interface.0.route.0.destination": "0.0.0.0",
+				//					"interface.1.mac":                 "test mac",
+				//					"interface.1.route.0.gateway":     "10.0.0.2",
+				//					"interface.1.route.0.destination": "0.0.0.0",
+				//					"interface.1.ip.0.address":        "10.0.0.102/24",
+				//				},
+			},
+		},
+	}
+
+	for i, tt := range tests {
+		v := VMWare{readConfig: tt.variables.ReadConfig}
+		metadata, err := v.FetchMetadata()
+		if !reflect.DeepEqual(tt.err, err) {
+			t.Errorf("bad error (#%d): want %v, got %v", i, tt.err, err)
+		}
+		if !reflect.DeepEqual(tt.metadata, metadata) {
+			t.Errorf("bad metadata (#%d): want %#v, got %#v", i, tt.metadata, metadata)
+		}
+	}
+}
+
+func TestFetchUserdata(t *testing.T) {
+	tests := []struct {
+		variables MockHypervisor
+
+		userdata string
+		err      error
+	}{
+		{},
+		{
+			variables: map[string]string{"coreos.config.data": "test config"},
+			userdata:  "test config",
+		},
+		{
+			variables: map[string]string{
+				"coreos.config.data.encoding": "",
+				"coreos.config.data":          "test config",
+			},
+			userdata: "test config",
+		},
+		{
+			variables: map[string]string{
+				"coreos.config.data.encoding": "base64",
+				"coreos.config.data":          "dGVzdCBjb25maWc=",
+			},
+			userdata: "test config",
+		},
+		{
+			variables: map[string]string{
+				"coreos.config.data.encoding": "gzip+base64",
+				"coreos.config.data":          "H4sIABaoWlUAAytJLS5RSM7PS8tMBwCQiHNZCwAAAA==",
+			},
+			userdata: "test config",
+		},
+		{
+			variables: map[string]string{
+				"coreos.config.data.encoding": "test encoding",
+			},
+			err: errors.New(`Unsupported encoding "test encoding"`),
+		},
+		{
+			variables: map[string]string{
+				"coreos.config.url": "http://good.example.com",
+			},
+			userdata: "test config",
+		},
+		{
+			variables: map[string]string{
+				"coreos.config.url": "http://bad.example.com",
+			},
+			err: errors.New("Not found"),
+		},
+	}
+
+	for i, tt := range tests {
+		v := VMWare{
+			readConfig:  tt.variables.ReadConfig,
+			urlDownload: fakeDownloader,
+		}
+		userdata, err := v.FetchUserdata()
+		if !reflect.DeepEqual(tt.err, err) {
+			t.Errorf("bad error (#%d): want %v, got %v", i, tt.err, err)
+		}
+		if tt.userdata != string(userdata) {
+			t.Errorf("bad userdata (#%d): want %q, got %q", i, tt.userdata, userdata)
+		}
+	}
+}
+
+func TestFetchUserdataError(t *testing.T) {
+	testErr := errors.New("test error")
+	_, err := VMWare{readConfig: func(_ string) (string, error) { return "", testErr }}.FetchUserdata()
+
+	if testErr != err {
+		t.Errorf("bad error: want %v, got %v", testErr, err)
+	}
+}
+
+func TestOvfTransport(t *testing.T) {
+	tests := []struct {
+		document string
+
+		metadata datasource.Metadata
+		userdata []byte
+	}{
+		{
+			document: `<?xml version="1.0" encoding="UTF-8"?>
+<Environment xmlns="http://schemas.dmtf.org/ovf/environment/1"
+     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+     xmlns:oe="http://schemas.dmtf.org/ovf/environment/1"
+     oe:id="CoreOS-vmw">
+   <PlatformSection>
+      <Kind>VMware ESXi</Kind>
+      <Version>5.5.0</Version>
+      <Vendor>VMware, Inc.</Vendor>
+      <Locale>en</Locale>
+   </PlatformSection>
+   <PropertySection>
+      <Property oe:key="foo" oe:value="42"/>
+      <Property oe:key="guestinfo.coreos.config.url" oe:value="http://good.example.com"/>
+      <Property oe:key="guestinfo.hostname" oe:value="test host"/>
+      <Property oe:key="guestinfo.interface.0.name" oe:value="test name"/>
+      <Property oe:key="guestinfo.interface.0.role" oe:value="public"/>
+      <Property oe:key="guestinfo.interface.0.ip.0.address" oe:value="10.0.0.100/24"/>
+      <Property oe:key="guestinfo.interface.0.ip.1.address" oe:value="10.0.0.101/24"/>
+      <Property oe:key="guestinfo.interface.0.route.0.gateway" oe:value="10.0.0.1"/>
+      <Property oe:key="guestinfo.interface.0.route.0.destination" oe:value="0.0.0.0"/>
+      <Property oe:key="guestinfo.interface.1.mac" oe:value="test mac"/>
+      <Property oe:key="guestinfo.interface.1.role" oe:value="private"/>
+      <Property oe:key="guestinfo.interface.1.route.0.gateway" oe:value="10.0.0.2"/>
+      <Property oe:key="guestinfo.interface.1.route.0.destination" oe:value="0.0.0.0"/>
+      <Property oe:key="guestinfo.interface.1.ip.0.address" oe:value="10.0.0.102/24"/>
+   </PropertySection>
+</Environment>`,
+			metadata: datasource.Metadata{
+				Hostname:    "test host",
+				PublicIPv4:  net.ParseIP("10.0.0.101"),
+				PrivateIPv4: net.ParseIP("10.0.0.102"),
+				//NetworkConfig: map[string]string{
+				//	"interface.0.name":                "test name",
+				//	"interface.0.ip.0.address":        "10.0.0.100/24",
+				//	"interface.0.ip.1.address":        "10.0.0.101/24",
+				//	"interface.0.route.0.gateway":     "10.0.0.1",
+				//	"interface.0.route.0.destination": "0.0.0.0",
+				//	"interface.1.mac":                 "test mac",
+				//	"interface.1.route.0.gateway":     "10.0.0.2",
+				//	"interface.1.route.0.destination": "0.0.0.0",
+				//	"interface.1.ip.0.address":        "10.0.0.102/24",
+				//				},
+			},
+			userdata: []byte("test config"),
+		},
+	}
+
+	for i, tt := range tests {
+		file, err := ioutil.TempFile(os.TempDir(), "ovf")
+		if err != nil {
+			t.Errorf("error creating ovf file (#%d)", i)
+		}
+		defer os.Remove(file.Name())
+
+		file.WriteString(tt.document)
+		v := NewDatasource(file.Name())
+		v.urlDownload = fakeDownloader
+
+		metadata, err := v.FetchMetadata()
+		userdata, err := v.FetchUserdata()
+
+		if !reflect.DeepEqual(tt.metadata, metadata) {
+			t.Errorf("bad metadata (#%d): want %#v, got %#v", i, tt.metadata, metadata)
+		}
+		if !reflect.DeepEqual(tt.userdata, userdata) {
+			t.Errorf("bad userdata (#%d): want %#v, got %#v", i, tt.userdata, userdata)
+		}
+	}
+
+}

config/cloudinit/datasource/vmware/vmware_unsupported.go

@@ -0,0 +1,25 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !amd64
+
+package vmware
+
+func NewDatasource(fileName string) *VMWare {
+	return &VMWare{}
+}
+
+func (v VMWare) IsAvailable() bool {
+	return false
+}

config/cloudinit/datasource/waagent/waagent.go

@@ -0,0 +1,128 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package waagent
+
+import (
+	"encoding/xml"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"os"
+	"path"
+
+	"github.com/rancher/os/log"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+)
+
+type Waagent struct {
+	root      string
+	readFile  func(filename string) ([]byte, error)
+	lastError error
+}
+
+func NewDatasource(root string) *Waagent {
+	return &Waagent{root, ioutil.ReadFile, nil}
+}
+
+func (a *Waagent) IsAvailable() bool {
+	_, a.lastError = os.Stat(path.Join(a.root, "provisioned"))
+	return !os.IsNotExist(a.lastError)
+}
+
+func (a *Waagent) Finish() error {
+	return nil
+}
+
+func (a *Waagent) String() string {
+	return fmt.Sprintf("%s: %s (lastError: %s)", a.Type(), a.root, a.lastError)
+}
+
+func (a *Waagent) AvailabilityChanges() bool {
+	return true
+}
+
+func (a *Waagent) ConfigRoot() string {
+	return a.root
+}
+
+func (a *Waagent) FetchMetadata() (metadata datasource.Metadata, err error) {
+	var metadataBytes []byte
+	if metadataBytes, err = a.tryReadFile(path.Join(a.root, "SharedConfig.xml")); err != nil {
+		return
+	}
+	if len(metadataBytes) == 0 {
+		return
+	}
+
+	type Instance struct {
+		ID             string `xml:"id,attr"`
+		Address        string `xml:"address,attr"`
+		InputEndpoints struct {
+			Endpoints []struct {
+				LoadBalancedPublicAddress string `xml:"loadBalancedPublicAddress,attr"`
+			} `xml:"Endpoint"`
+		}
+	}
+
+	type SharedConfig struct {
+		Incarnation struct {
+			Instance string `xml:"instance,attr"`
+		}
+		Instances struct {
+			Instances []Instance `xml:"Instance"`
+		}
+	}
+
+	var m SharedConfig
+	if err = xml.Unmarshal(metadataBytes, &m); err != nil {
+		return
+	}
+
+	var instance Instance
+	for _, i := range m.Instances.Instances {
+		if i.ID == m.Incarnation.Instance {
+			instance = i
+			break
+		}
+	}
+
+	metadata.PrivateIPv4 = net.ParseIP(instance.Address)
+	for _, e := range instance.InputEndpoints.Endpoints {
+		host, _, err := net.SplitHostPort(e.LoadBalancedPublicAddress)
+		if err == nil {
+			metadata.PublicIPv4 = net.ParseIP(host)
+			break
+		}
+	}
+	return
+}
+
+func (a *Waagent) FetchUserdata() ([]byte, error) {
+	return a.tryReadFile(path.Join(a.root, "CustomData"))
+}
+
+func (a *Waagent) Type() string {
+	return "Waagent"
+}
+
+func (a *Waagent) tryReadFile(filename string) ([]byte, error) {
+	log.Printf("Attempting to read from %q\n", filename)
+	data, err := a.readFile(filename)
+	if os.IsNotExist(err) {
+		err = nil
+	}
+	return data, err
+}

config/cloudinit/datasource/waagent/waagent_test.go

@@ -0,0 +1,166 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package waagent
+
+import (
+	"net"
+	"reflect"
+	"testing"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/datasource/test"
+)
+
+func TestFetchMetadata(t *testing.T) {
+	for _, tt := range []struct {
+		root     string
+		files    test.MockFilesystem
+		metadata datasource.Metadata
+	}{
+		{
+			root:  "/",
+			files: test.NewMockFilesystem(),
+		},
+		{
+			root:  "/",
+			files: test.NewMockFilesystem(test.File{Path: "/SharedConfig.xml", Contents: ""}),
+		},
+		{
+			root:  "/var/lib/Waagent",
+			files: test.NewMockFilesystem(test.File{Path: "/var/lib/Waagent/SharedConfig.xml", Contents: ""}),
+		},
+		{
+			root: "/var/lib/Waagent",
+			files: test.NewMockFilesystem(test.File{Path: "/var/lib/Waagent/SharedConfig.xml", Contents: `<?xml version="1.0" encoding="utf-8"?>
+<SharedConfig version="1.0.0.0" goalStateIncarnation="1">
+  <Deployment name="c8f9e4c9c18948e1bebf57c5685da756" guid="{1d10394f-c741-4a1a-a6bb-278f213c5a5e}" incarnation="0" isNonCancellableTopologyChangeEnabled="false">
+    <Service name="core-test-1" guid="{00000000-0000-0000-0000-000000000000}" />
+    <ServiceInstance name="c8f9e4c9c18948e1bebf57c5685da756.0" guid="{1e202e9a-8ffe-4915-b6ef-4118c9628fda}" />
+  </Deployment>
+  <Incarnation number="1" instance="core-test-1" guid="{8767eb4b-b445-4783-b1f5-6c0beaf41ea0}" />
+  <Role guid="{53ecc81e-257f-fbc9-a53a-8cf1a0a122b4}" name="core-test-1" settleTimeSeconds="0" />
+  <LoadBalancerSettings timeoutSeconds="0" waitLoadBalancerProbeCount="8">
+    <Probes>
+      <Probe name="D41D8CD98F00B204E9800998ECF8427E" />
+      <Probe name="C9DEC1518E1158748FA4B6081A8266DD" />
+    </Probes>
+  </LoadBalancerSettings>
+  <OutputEndpoints>
+    <Endpoint name="core-test-1:openInternalEndpoint" type="SFS">
+      <Target instance="core-test-1" endpoint="openInternalEndpoint" />
+    </Endpoint>
+  </OutputEndpoints>
+  <Instances>
+    <Instance id="core-test-1" address="100.73.202.64">
+      <FaultDomains randomId="0" updateId="0" updateCount="0" />
+      <InputEndpoints>
+        <Endpoint name="openInternalEndpoint" address="100.73.202.64" protocol="any" isPublic="false" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false">
+          <LocalPorts>
+            <LocalPortSelfManaged />
+          </LocalPorts>
+        </Endpoint>
+        <Endpoint name="ssh" address="100.73.202.64:22" protocol="tcp" hostName="core-test-1ContractContract" isPublic="true" loadBalancedPublicAddress="191.239.39.77:22" enableDirectServerReturn="false" isDirectAddress="false" disableStealthMode="false">
+          <LocalPorts>
+            <LocalPortRange from="22" to="22" />
+          </LocalPorts>
+        </Endpoint>
+      </InputEndpoints>
+    </Instance>
+  </Instances>
+</SharedConfig>`}),
+			metadata: datasource.Metadata{
+				PrivateIPv4: net.ParseIP("100.73.202.64"),
+				PublicIPv4:  net.ParseIP("191.239.39.77"),
+			},
+		},
+	} {
+		a := Waagent{tt.root, tt.files.ReadFile, nil}
+		metadata, err := a.FetchMetadata()
+		if err != nil {
+			t.Fatalf("bad error for %+v: want %v, got %q", tt, nil, err)
+		}
+		if !reflect.DeepEqual(tt.metadata, metadata) {
+			t.Fatalf("bad metadata for %+v: want %#v, got %#v", tt, tt.metadata, metadata)
+		}
+	}
+}
+
+func TestFetchUserdata(t *testing.T) {
+	for _, tt := range []struct {
+		root  string
+		files test.MockFilesystem
+	}{
+		{
+			"/",
+			test.NewMockFilesystem(),
+		},
+		{
+			"/",
+			test.NewMockFilesystem(test.File{Path: "/CustomData", Contents: ""}),
+		},
+		{
+			"/var/lib/Waagent/",
+			test.NewMockFilesystem(test.File{Path: "/var/lib/Waagent/CustomData", Contents: ""}),
+		},
+	} {
+		a := Waagent{tt.root, tt.files.ReadFile, nil}
+		_, err := a.FetchUserdata()
+		if err != nil {
+			t.Fatalf("bad error for %+v: want %v, got %q", tt, nil, err)
+		}
+	}
+}
+
+func TestConfigRoot(t *testing.T) {
+	for _, tt := range []struct {
+		root       string
+		configRoot string
+	}{
+		{
+			"/",
+			"/",
+		},
+		{
+			"/var/lib/Waagent",
+			"/var/lib/Waagent",
+		},
+	} {
+		a := Waagent{tt.root, nil, nil}
+		if configRoot := a.ConfigRoot(); configRoot != tt.configRoot {
+			t.Fatalf("bad config root for %q: want %q, got %q", tt, tt.configRoot, configRoot)
+		}
+	}
+}
+
+func TestNewDatasource(t *testing.T) {
+	for _, tt := range []struct {
+		root       string
+		expectRoot string
+	}{
+		{
+			root:       "",
+			expectRoot: "",
+		},
+		{
+			root:       "/var/lib/Waagent",
+			expectRoot: "/var/lib/Waagent",
+		},
+	} {
+		service := NewDatasource(tt.root)
+		if service.root != tt.expectRoot {
+			t.Fatalf("bad root (%q): want %q, got %q", tt.root, tt.expectRoot, service.root)
+		}
+	}
+}

config/cloudinit/initialize/env.go

@@ -21,9 +21,9 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/coreos/coreos-cloudinit/config"
-	"github.com/coreos/coreos-cloudinit/datasource"
-	"github.com/coreos/coreos-cloudinit/system"
+	"github.com/rancher/os/config/cloudinit/config"
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/system"
 )
 
 const DefaultSSHKeyName = "coreos-cloudinit"
@@ -36,7 +36,7 @@ type Environment struct {
 	substitutions map[string]string
 }
 
-// TODO(jonboulle): this is getting unwieldy, should be able to simplify the interface somehow
+// NewEnvironment TODO(jonboulle): this is getting unwieldy, should be able to simplify the interface somehow
 func NewEnvironment(root, configRoot, workspace, sshKeyName string, metadata datasource.Metadata) *Environment {
 	firstNonNull := func(ip net.IP, env string) string {
 		if ip == nil {
@@ -110,7 +110,6 @@ func (e *Environment) DefaultEnvironmentFile() *system.EnvFile {
 	}
 	if len(ef.Vars) == 0 {
 		return nil
-	} else {
-		return &ef
 	}
+	return &ef
 }

config/cloudinit/initialize/env_test.go

@@ -0,0 +1,148 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package initialize
+
+import (
+	"io/ioutil"
+	"net"
+	"os"
+	"path"
+	"testing"
+
+	"github.com/rancher/os/config/cloudinit/datasource"
+	"github.com/rancher/os/config/cloudinit/system"
+)
+
+func TestEnvironmentApply(t *testing.T) {
+	os.Setenv("COREOS_PUBLIC_IPV4", "1.2.3.4")
+	os.Setenv("COREOS_PRIVATE_IPV4", "5.6.7.8")
+	os.Setenv("COREOS_PUBLIC_IPV6", "1234::")
+	os.Setenv("COREOS_PRIVATE_IPV6", "5678::")
+	for _, tt := range []struct {
+		metadata datasource.Metadata
+		input    string
+		out      string
+	}{
+		{
+			// Substituting both values directly should always take precedence
+			// over environment variables
+			datasource.Metadata{
+				PublicIPv4:  net.ParseIP("192.0.2.3"),
+				PrivateIPv4: net.ParseIP("192.0.2.203"),
+				PublicIPv6:  net.ParseIP("fe00:1234::"),
+				PrivateIPv6: net.ParseIP("fe00:5678::"),
+			},
+			`[Service]
+ExecStart=/usr/bin/echo "$public_ipv4 $public_ipv6"
+ExecStop=/usr/bin/echo $private_ipv4 $private_ipv6
+ExecStop=/usr/bin/echo $unknown`,
+			`[Service]
+ExecStart=/usr/bin/echo "192.0.2.3 fe00:1234::"
+ExecStop=/usr/bin/echo 192.0.2.203 fe00:5678::
+ExecStop=/usr/bin/echo $unknown`,
+		},
+		{
+			// Substituting one value directly while falling back with the other
+			datasource.Metadata{
+				PrivateIPv4: net.ParseIP("127.0.0.1"),
+			},
+			"$private_ipv4\n$public_ipv4",
+			"127.0.0.1\n1.2.3.4",
+		},
+		{
+			// Falling back to environment variables for both values
+			datasource.Metadata{},
+			"$private_ipv4\n$public_ipv4",
+			"5.6.7.8\n1.2.3.4",
+		},
+		{
+			// No substitutions
+			datasource.Metadata{},
+			"$private_ipv4\nfoobar",
+			"5.6.7.8\nfoobar",
+		},
+		{
+			// Escaping substitutions
+			datasource.Metadata{
+				PrivateIPv4: net.ParseIP("127.0.0.1"),
+			},
+			`\$private_ipv4
+$private_ipv4
+addr: \$private_ipv4
+\\$private_ipv4`,
+			`$private_ipv4
+127.0.0.1
+addr: $private_ipv4
+\$private_ipv4`,
+		},
+		{
+			// No substitutions with escaping
+			datasource.Metadata{},
+			"\\$test\n$test",
+			"\\$test\n$test",
+		},
+	} {
+
+		env := NewEnvironment("./", "./", "./", "", tt.metadata)
+		got := env.Apply(tt.input)
+		if got != tt.out {
+			t.Fatalf("Environment incorrectly applied.\ngot:\n%s\nwant:\n%s", got, tt.out)
+		}
+	}
+}
+
+func TestEnvironmentFile(t *testing.T) {
+	metadata := datasource.Metadata{
+		PublicIPv4:  net.ParseIP("1.2.3.4"),
+		PrivateIPv4: net.ParseIP("5.6.7.8"),
+		PublicIPv6:  net.ParseIP("1234::"),
+		PrivateIPv6: net.ParseIP("5678::"),
+	}
+	expect := "COREOS_PRIVATE_IPV4=5.6.7.8\nCOREOS_PRIVATE_IPV6=5678::\nCOREOS_PUBLIC_IPV4=1.2.3.4\nCOREOS_PUBLIC_IPV6=1234::\n"
+
+	dir, err := ioutil.TempDir(os.TempDir(), "coreos-cloudinit-")
+	if err != nil {
+		t.Fatalf("Unable to create tempdir: %v", err)
+	}
+	defer os.RemoveAll(dir)
+
+	env := NewEnvironment("./", "./", "./", "", metadata)
+	ef := env.DefaultEnvironmentFile()
+	err = system.WriteEnvFile(ef, dir)
+	if err != nil {
+		t.Fatalf("WriteEnvFile failed: %v", err)
+	}
+
+	fullPath := path.Join(dir, "etc", "environment")
+	contents, err := ioutil.ReadFile(fullPath)
+	if err != nil {
+		t.Fatalf("Unable to read expected file: %v", err)
+	}
+
+	if string(contents) != expect {
+		t.Fatalf("File has incorrect contents: %q", contents)
+	}
+}
+
+func TestEnvironmentFileNil(t *testing.T) {
+	os.Clearenv()
+	metadata := datasource.Metadata{}
+
+	env := NewEnvironment("./", "./", "./", "", metadata)
+	ef := env.DefaultEnvironmentFile()
+	if ef != nil {
+		t.Fatalf("Environment file not nil: %v", ef)
+	}
+}

config/cloudinit/initialize/github.go

@@ -17,16 +17,16 @@ package initialize
 import (
 	"fmt"
 
-	"github.com/coreos/coreos-cloudinit/system"
+	"github.com/rancher/os/config/cloudinit/system"
 )
 
-func SSHImportGithubUser(system_user string, github_user string) error {
-	url := fmt.Sprintf("https://api.github.com/users/%s/keys", github_user)
+func SSHImportGithubUser(systemUser string, githubUser string) error {
+	url := fmt.Sprintf("https://api.github.com/users/%s/keys", githubUser)
 	keys, err := fetchUserKeys(url)
 	if err != nil {
 		return err
 	}
 
-	key_name := fmt.Sprintf("github-%s", github_user)
-	return system.AuthorizeSSHKeys(system_user, key_name, keys)
+	keyName := fmt.Sprintf("github-%s", githubUser)
+	return system.AuthorizeSSHKeys(systemUser, keyName, keys)
 }

config/cloudinit/initialize/ssh_keys.go

@@ -18,8 +18,8 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/coreos/coreos-cloudinit/pkg"
-	"github.com/coreos/coreos-cloudinit/system"
+	"github.com/rancher/os/config/cloudinit/pkg"
+	"github.com/rancher/os/config/cloudinit/system"
 )
 
 type UserKey struct {
@@ -27,18 +27,18 @@ type UserKey struct {
 	Key string `json:"key"`
 }
 
-func SSHImportKeysFromURL(system_user string, url string) error {
+func SSHImportKeysFromURL(systemUser string, url string) error {
 	keys, err := fetchUserKeys(url)
 	if err != nil {
 		return err
 	}
 
-	key_name := fmt.Sprintf("coreos-cloudinit-%s", system_user)
-	return system.AuthorizeSSHKeys(system_user, key_name, keys)
+	keyName := fmt.Sprintf("coreos-cloudinit-%s", systemUser)
+	return system.AuthorizeSSHKeys(systemUser, keyName, keys)
 }
 
 func fetchUserKeys(url string) ([]string, error) {
-	client := pkg.NewHttpClient()
+	client := pkg.NewHTTPClient()
 	data, err := client.GetRetry(url)
 	if err != nil {
 		return nil, err

config/cloudinit/initialize/ssh_keys_test.go

@@ -0,0 +1,56 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package initialize
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestCloudConfigUsersURLMarshal(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ghRes := `
+[
+  {
+    "key": "ssh-dss AAAAB3NzaC1kc3MAAACBAIHAu822ggSkIHrJYvhmBceOSVjuflfQm8RbMMDNVe9relQfuPbN+nxGGTCKzPLebeOcX+Wwi77TPXWwK3BZMglfXxhABlFPsuMb63Tqp94pBYsJdx/iFj9iGo6pKoM1k8ubOcqsUnq+BR9895zRbE7MjdwkGo67+QhCEwvkwAnNAAAAFQCuddVqXLCubzqnWmeHLQE+2GFfHwAAAIBnlXW5h15ndVuwi0htF4oodVSB1KwnTWcuBK+aE1zRs76yvRb0Ws+oifumThDwB/Tec6FQuAfRKfy6piChZqsu5KvL98I+2t5yyi1td+kMvdTnVL2lW44etDKseOcozmknCOmh4Dqvhl/2MwrDAhlPaN08EEq9h3w3mXtNLWH64QAAAIBAzDOKr17llngaKIdDXh+LtXKh87+zfjlTA36/9r2uF2kYE5uApDtu9sPCkt7+YBQt7R8prADPckwAiXwVdk0xijIOpLDBmoydQJJRQ+zTMxvpQmUr/1kUOv0zb+lB657CgvN0vVTmP2swPeMvgntt3C4vw7Ab+O+MS9peOAJbbQ=="
+  },
+  {
+    "key": "ssh-dss AAAAB3NzaC1kc3MAAACBANxpzIbTzKTeBRaOIdUxwwGwvDasTfU/PonhbNIuhYjc+xFGvBRTumox2F+luVAKKs4WdvA4nJXaY1OFi6DZftk5Bp4E2JaSzp8ulAzHsMexDdv6LGHGEJj/qdHAL1vHk2K89PpwRFSRZI8XRBLjvkr4ZgBKLG5ZILXPJEPP2j3lAAAAFQCtxoTnV8wy0c4grcGrQ+1sCsD7WQAAAIAqZsW2GviMe1RQrbZT0xAZmI64XRPrnLsoLxycHWlS7r6uUln2c6Ae2MB/YF0d4Kd1XZii9GHj7rrypqEo7MW8uSabhu70nmu1J8m2O3Dsr+4oJLeat9vwPsJV92IKO0jQwjKnAOHOiB9JKGeCw+NfXfogbti9/q38Q6XcS+SI5wAAAIEA1803Y2h+tOOpZXAsNIwl9mRfExWzLQ3L7knwJdznQu/6SW1H/1oyoYLebuk187Qj2UFI5qQ6AZNc49DvohWx0Cg6ABcyubNyoaCjZKWIdxVnItHWNbLe//+tyTu0I2eQwJOORsEPK5gMpf599C7wXQ//DzZOWbTWiHEX52gCTmk="
+  },
+  {
+    "id": 5224438,
+    "key": "ssh-dss AAAAB3NzaC1kc3MAAACBAPKRWdKhzGZuLAJL6M1eM51hWViMqNBC2C6lm2OqGRYLuIf1GJ391widUuSf4wQqnkR22Q9PCmAZ19XCf11wBRMnuw9I/Z3Bt5bXfc+dzFBCmHYGJ6wNSv++H9jxyMb+usmsenWOFZGNO2jN0wrJ4ay8Yt0bwtRU+VCXpuRLszMzAAAAFQDZUIuPjcfK5HLgnwZ/J3lvtvlUjQAAAIEApIkAwLuCQV5j3U6DmI/Y6oELqSUR2purFm8jo8jePFfe1t+ghikgD254/JXlhDCVgY0NLXcak+coJfGCTT23quJ7I5xdpTn/OZO2Q6Woum/bijFC/UWwQbLz0R2nU3DoHv5v6XHQZxuIG4Fsxa91S+vWjZFtI7RuYlBCZA//ANMAAACBAJO0FojzkX6IeaWLqrgu9GTkFwGFazZ+LPH5JOWPoPn1hQKuR32Uf6qNcBZcIjY7SF0P7HF5rLQd6zKZzHqqQQ92MV555NEwjsnJglYU8CaaZsfYooaGPgA1YN7RhTSAuDmUW5Hyfj5BH4NTtrzrvJxIhDoQLf31Fasjw00r4R0O"
+  }
+]
+`
+		fmt.Fprintln(w, ghRes)
+	}))
+	defer ts.Close()
+
+	keys, err := fetchUserKeys(ts.URL)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+	expected := "ssh-dss AAAAB3NzaC1kc3MAAACBAIHAu822ggSkIHrJYvhmBceOSVjuflfQm8RbMMDNVe9relQfuPbN+nxGGTCKzPLebeOcX+Wwi77TPXWwK3BZMglfXxhABlFPsuMb63Tqp94pBYsJdx/iFj9iGo6pKoM1k8ubOcqsUnq+BR9895zRbE7MjdwkGo67+QhCEwvkwAnNAAAAFQCuddVqXLCubzqnWmeHLQE+2GFfHwAAAIBnlXW5h15ndVuwi0htF4oodVSB1KwnTWcuBK+aE1zRs76yvRb0Ws+oifumThDwB/Tec6FQuAfRKfy6piChZqsu5KvL98I+2t5yyi1td+kMvdTnVL2lW44etDKseOcozmknCOmh4Dqvhl/2MwrDAhlPaN08EEq9h3w3mXtNLWH64QAAAIBAzDOKr17llngaKIdDXh+LtXKh87+zfjlTA36/9r2uF2kYE5uApDtu9sPCkt7+YBQt7R8prADPckwAiXwVdk0xijIOpLDBmoydQJJRQ+zTMxvpQmUr/1kUOv0zb+lB657CgvN0vVTmP2swPeMvgntt3C4vw7Ab+O+MS9peOAJbbQ=="
+	if keys[0] != expected {
+		t.Fatalf("expected %s, got %s", expected, keys[0])
+	}
+	expected = "ssh-dss AAAAB3NzaC1kc3MAAACBAPKRWdKhzGZuLAJL6M1eM51hWViMqNBC2C6lm2OqGRYLuIf1GJ391widUuSf4wQqnkR22Q9PCmAZ19XCf11wBRMnuw9I/Z3Bt5bXfc+dzFBCmHYGJ6wNSv++H9jxyMb+usmsenWOFZGNO2jN0wrJ4ay8Yt0bwtRU+VCXpuRLszMzAAAAFQDZUIuPjcfK5HLgnwZ/J3lvtvlUjQAAAIEApIkAwLuCQV5j3U6DmI/Y6oELqSUR2purFm8jo8jePFfe1t+ghikgD254/JXlhDCVgY0NLXcak+coJfGCTT23quJ7I5xdpTn/OZO2Q6Woum/bijFC/UWwQbLz0R2nU3DoHv5v6XHQZxuIG4Fsxa91S+vWjZFtI7RuYlBCZA//ANMAAACBAJO0FojzkX6IeaWLqrgu9GTkFwGFazZ+LPH5JOWPoPn1hQKuR32Uf6qNcBZcIjY7SF0P7HF5rLQd6zKZzHqqQQ92MV555NEwjsnJglYU8CaaZsfYooaGPgA1YN7RhTSAuDmUW5Hyfj5BH4NTtrzrvJxIhDoQLf31Fasjw00r4R0O"
+	if keys[2] != expected {
+		t.Fatalf("expected %s, got %s", expected, keys[2])
+	}
+}

config/cloudinit/initialize/user_data.go

@@ -18,7 +18,7 @@ import (
 	"errors"
 	"log"
 
-	"github.com/coreos/coreos-cloudinit/config"
+	"github.com/rancher/os/config/cloudinit/config"
 )
 
 var (

config/cloudinit/initialize/user_data_test.go

@@ -0,0 +1,74 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package initialize
+
+import (
+	"testing"
+
+	"github.com/rancher/os/config/cloudinit/config"
+)
+
+func TestParseHeaderCRLF(t *testing.T) {
+	configs := []string{
+		"#cloud-config\nfoo: bar",
+		"#cloud-config\r\nfoo: bar",
+	}
+
+	for i, config := range configs {
+		_, err := ParseUserData(config)
+		if err != nil {
+			t.Errorf("Failed parsing config %d: %v", i, err)
+		}
+	}
+
+	scripts := []string{
+		"#!bin/bash\necho foo",
+		"#!bin/bash\r\necho foo",
+	}
+
+	for i, script := range scripts {
+		_, err := ParseUserData(script)
+		if err != nil {
+			t.Errorf("Failed parsing script %d: %v", i, err)
+		}
+	}
+}
+
+func TestParseConfigCRLF(t *testing.T) {
+	contents := "#cloud-config \r\nhostname: foo\r\nssh_authorized_keys:\r\n  - foobar\r\n"
+	ud, err := ParseUserData(contents)
+	if err != nil {
+		t.Fatalf("Failed parsing config: %v", err)
+	}
+
+	cfg := ud.(*config.CloudConfig)
+
+	if cfg.Hostname != "foo" {
+		t.Error("Failed parsing hostname from config")
+	}
+
+	if len(cfg.SSHAuthorizedKeys) != 1 {
+		t.Error("Parsed incorrect number of SSH keys")
+	}
+}
+
+func TestParseConfigEmpty(t *testing.T) {
+	i, e := ParseUserData(``)
+	if i != nil {
+		t.Error("ParseUserData of empty string returned non-nil unexpectedly")
+	} else if e != nil {
+		t.Error("ParseUserData of empty string returned error unexpectedly")
+	}
+}

config/cloudinit/initialize/workspace.go

@@ -19,8 +19,8 @@ import (
 	"path"
 	"strings"
 
-	"github.com/coreos/coreos-cloudinit/config"
-	"github.com/coreos/coreos-cloudinit/system"
+	"github.com/rancher/os/config/cloudinit/config"
+	"github.com/rancher/os/config/cloudinit/system"
 )
 
 func PrepWorkspace(workspace string) error {

config/cloudinit/network/debian.go

@@ -0,0 +1,63 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package network
+
+import (
+	"log"
+	"strings"
+)
+
+func ProcessDebianNetconf(config []byte) ([]InterfaceGenerator, error) {
+	log.Println("Processing Debian network config")
+	lines := formatConfig(string(config))
+	stanzas, err := parseStanzas(lines)
+	if err != nil {
+		return nil, err
+	}
+
+	interfaces := make([]*stanzaInterface, 0, len(stanzas))
+	for _, stanza := range stanzas {
+		switch s := stanza.(type) {
+		case *stanzaInterface:
+			interfaces = append(interfaces, s)
+		}
+	}
+	log.Printf("Parsed %d network interfaces\n", len(interfaces))
+
+	log.Println("Processed Debian network config")
+	return buildInterfaces(interfaces), nil
+}
+
+func formatConfig(config string) []string {
+	lines := []string{}
+	config = strings.Replace(config, "\\\n", "", -1)
+	for config != "" {
+		split := strings.SplitN(config, "\n", 2)
+		line := strings.TrimSpace(split[0])
+
+		if len(split) == 2 {
+			config = split[1]
+		} else {
+			config = ""
+		}
+
+		if strings.HasPrefix(line, "#") || line == "" {
+			continue
+		}
+
+		lines = append(lines, line)
+	}
+	return lines
+}

config/cloudinit/network/debian_test.go

@@ -0,0 +1,56 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package network
+
+import (
+	"testing"
+)
+
+func TestFormatConfigs(t *testing.T) {
+	for in, n := range map[string]int{
+		"":                                                    0,
+		"line1\\\nis long":                                    1,
+		"#comment":                                            0,
+		"#comment\\\ncomment":                                 0,
+		"  #comment \\\n comment\nline 1\nline 2\\\n is long": 2,
+	} {
+		lines := formatConfig(in)
+		if len(lines) != n {
+			t.Fatalf("bad number of lines for config %q: got %d, want %d", in, len(lines), n)
+		}
+	}
+}
+
+func TestProcessDebianNetconf(t *testing.T) {
+	for _, tt := range []struct {
+		in   string
+		fail bool
+		n    int
+	}{
+		{"", false, 0},
+		{"iface", true, -1},
+		{"auto eth1\nauto eth2", false, 0},
+		{"iface eth1 inet manual", false, 1},
+	} {
+		interfaces, err := ProcessDebianNetconf([]byte(tt.in))
+		failed := err != nil
+		if tt.fail != failed {
+			t.Fatalf("bad failure state for %q: got %t, want %t", tt.in, failed, tt.fail)
+		}
+		if tt.n != -1 && tt.n != len(interfaces) {
+			t.Fatalf("bad number of interfaces for %q: got %d, want %q", tt.in, len(interfaces), tt.n)
+		}
+	}
+}

config/cloudinit/network/interface.go

@@ -0,0 +1,343 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package network
+
+import (
+	"fmt"
+	"net"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+type InterfaceGenerator interface {
+	Name() string
+	Filename() string
+	Netdev() string
+	Link() string
+	Network() string
+	Type() string
+	ModprobeParams() string
+}
+
+type networkInterface interface {
+	InterfaceGenerator
+	Children() []networkInterface
+	setConfigDepth(int)
+}
+
+type logicalInterface struct {
+	name        string
+	hwaddr      net.HardwareAddr
+	config      configMethod
+	children    []networkInterface
+	configDepth int
+}
+
+func (i *logicalInterface) Name() string {
+	return i.name
+}
+
+func (i *logicalInterface) Network() string {
+	config := fmt.Sprintln("[Match]")
+	if i.name != "" {
+		config += fmt.Sprintf("Name=%s\n", i.name)
+	}
+	if i.hwaddr != nil {
+		config += fmt.Sprintf("MACAddress=%s\n", i.hwaddr)
+	}
+	config += "\n[Network]\n"
+
+	for _, child := range i.children {
+		switch iface := child.(type) {
+		case *vlanInterface:
+			config += fmt.Sprintf("VLAN=%s\n", iface.name)
+		case *bondInterface:
+			config += fmt.Sprintf("Bond=%s\n", iface.name)
+		}
+	}
+
+	switch conf := i.config.(type) {
+	case configMethodStatic:
+		if len(conf.domains) > 0 {
+			config += fmt.Sprintf("Domains=%s\n", strings.Join(conf.domains, " "))
+		}
+		for _, nameserver := range conf.nameservers {
+			config += fmt.Sprintf("DNS=%s\n", nameserver)
+		}
+		for _, addr := range conf.addresses {
+			config += fmt.Sprintf("\n[Address]\nAddress=%s\n", addr.String())
+		}
+		for _, route := range conf.routes {
+			config += fmt.Sprintf("\n[Route]\nDestination=%s\nGateway=%s\n", route.destination.String(), route.gateway)
+		}
+	case configMethodDHCP:
+		config += "DHCP=true\n"
+	}
+
+	return config
+}
+
+func (i *logicalInterface) Link() string {
+	return ""
+}
+
+func (i *logicalInterface) Netdev() string {
+	return ""
+}
+
+func (i *logicalInterface) Filename() string {
+	name := i.name
+	if name == "" {
+		name = i.hwaddr.String()
+	}
+	return fmt.Sprintf("%02x-%s", i.configDepth, name)
+}
+
+func (i *logicalInterface) Children() []networkInterface {
+	return i.children
+}
+
+func (i *logicalInterface) ModprobeParams() string {
+	return ""
+}
+
+func (i *logicalInterface) setConfigDepth(depth int) {
+	i.configDepth = depth
+}
+
+type physicalInterface struct {
+	logicalInterface
+}
+
+func (p *physicalInterface) Type() string {
+	return "physical"
+}
+
+type bondInterface struct {
+	logicalInterface
+	slaves  []string
+	options map[string]string
+}
+
+func (b *bondInterface) Netdev() string {
+	config := fmt.Sprintf("[NetDev]\nKind=bond\nName=%s\n", b.name)
+	if b.hwaddr != nil {
+		config += fmt.Sprintf("MACAddress=%s\n", b.hwaddr.String())
+	}
+
+	config += fmt.Sprintf("\n[Bond]\n")
+	for _, name := range sortedKeys(b.options) {
+		config += fmt.Sprintf("%s=%s\n", name, b.options[name])
+	}
+
+	return config
+}
+
+func (b *bondInterface) Type() string {
+	return "bond"
+}
+
+func (b *bondInterface) ModprobeParams() string {
+	params := ""
+	for _, name := range sortedKeys(b.options) {
+		params += fmt.Sprintf("%s=%s ", name, b.options[name])
+	}
+	params = strings.TrimSuffix(params, " ")
+	return params
+}
+
+type vlanInterface struct {
+	logicalInterface
+	id        int
+	rawDevice string
+}
+
+func (v *vlanInterface) Netdev() string {
+	config := fmt.Sprintf("[NetDev]\nKind=vlan\nName=%s\n", v.name)
+	switch c := v.config.(type) {
+	case configMethodStatic:
+		if c.hwaddress != nil {
+			config += fmt.Sprintf("MACAddress=%s\n", c.hwaddress)
+		}
+	case configMethodDHCP:
+		if c.hwaddress != nil {
+			config += fmt.Sprintf("MACAddress=%s\n", c.hwaddress)
+		}
+	}
+	config += fmt.Sprintf("\n[VLAN]\nId=%d\n", v.id)
+	return config
+}
+
+func (v *vlanInterface) Type() string {
+	return "vlan"
+}
+
+func buildInterfaces(stanzas []*stanzaInterface) []InterfaceGenerator {
+	interfaceMap := createInterfaces(stanzas)
+	linkAncestors(interfaceMap)
+	markConfigDepths(interfaceMap)
+
+	interfaces := make([]InterfaceGenerator, 0, len(interfaceMap))
+	for _, name := range sortedInterfaces(interfaceMap) {
+		interfaces = append(interfaces, interfaceMap[name])
+	}
+
+	return interfaces
+}
+
+func createInterfaces(stanzas []*stanzaInterface) map[string]networkInterface {
+	interfaceMap := make(map[string]networkInterface)
+	for _, iface := range stanzas {
+		switch iface.kind {
+		case interfaceBond:
+			bondOptions := make(map[string]string)
+			for _, k := range []string{"mode", "miimon", "lacp-rate"} {
+				if v, ok := iface.options["bond-"+k]; ok && len(v) > 0 {
+					bondOptions[k] = v[0]
+				}
+			}
+			interfaceMap[iface.name] = &bondInterface{
+				logicalInterface{
+					name:     iface.name,
+					config:   iface.configMethod,
+					children: []networkInterface{},
+				},
+				iface.options["bond-slaves"],
+				bondOptions,
+			}
+			for _, slave := range iface.options["bond-slaves"] {
+				if _, ok := interfaceMap[slave]; !ok {
+					interfaceMap[slave] = &physicalInterface{
+						logicalInterface{
+							name:     slave,
+							config:   configMethodManual{},
+							children: []networkInterface{},
+						},
+					}
+				}
+			}
+
+		case interfacePhysical:
+			if _, ok := iface.configMethod.(configMethodLoopback); ok {
+				continue
+			}
+			interfaceMap[iface.name] = &physicalInterface{
+				logicalInterface{
+					name:     iface.name,
+					config:   iface.configMethod,
+					children: []networkInterface{},
+				},
+			}
+
+		case interfaceVLAN:
+			var rawDevice string
+			id, _ := strconv.Atoi(iface.options["id"][0])
+			if device := iface.options["raw_device"]; len(device) == 1 {
+				rawDevice = device[0]
+				if _, ok := interfaceMap[rawDevice]; !ok {
+					interfaceMap[rawDevice] = &physicalInterface{
+						logicalInterface{
+							name:     rawDevice,
+							config:   configMethodManual{},
+							children: []networkInterface{},
+						},
+					}
+				}
+			}
+			interfaceMap[iface.name] = &vlanInterface{
+				logicalInterface{
+					name:     iface.name,
+					config:   iface.configMethod,
+					children: []networkInterface{},
+				},
+				id,
+				rawDevice,
+			}
+		}
+	}
+	return interfaceMap
+}
+
+func linkAncestors(interfaceMap map[string]networkInterface) {
+	for _, name := range sortedInterfaces(interfaceMap) {
+		iface := interfaceMap[name]
+		switch i := iface.(type) {
+		case *vlanInterface:
+			if parent, ok := interfaceMap[i.rawDevice]; ok {
+				switch p := parent.(type) {
+				case *physicalInterface:
+					p.children = append(p.children, iface)
+				case *bondInterface:
+					p.children = append(p.children, iface)
+				}
+			}
+		case *bondInterface:
+			for _, slave := range i.slaves {
+				if parent, ok := interfaceMap[slave]; ok {
+					switch p := parent.(type) {
+					case *physicalInterface:
+						p.children = append(p.children, iface)
+					case *bondInterface:
+						p.children = append(p.children, iface)
+					}
+				}
+			}
+		}
+	}
+}
+
+func markConfigDepths(interfaceMap map[string]networkInterface) {
+	rootInterfaceMap := make(map[string]networkInterface)
+	for k, v := range interfaceMap {
+		rootInterfaceMap[k] = v
+	}
+
+	for _, iface := range interfaceMap {
+		for _, child := range iface.Children() {
+			delete(rootInterfaceMap, child.Name())
+		}
+	}
+	for _, iface := range rootInterfaceMap {
+		setDepth(iface)
+	}
+}
+
+func setDepth(iface networkInterface) int {
+	maxDepth := 0
+	for _, child := range iface.Children() {
+		if depth := setDepth(child); depth > maxDepth {
+			maxDepth = depth
+		}
+	}
+	iface.setConfigDepth(maxDepth)
+	return (maxDepth + 1)
+}
+
+func sortedKeys(m map[string]string) (keys []string) {
+	for key := range m {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+	return
+}
+
+func sortedInterfaces(m map[string]networkInterface) (keys []string) {
+	for key := range m {
+		keys = append(keys, key)
+	}
+	sort.Strings(keys)
+	return
+}

config/cloudinit/network/interface_test.go

@@ -0,0 +1,369 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package network
+
+import (
+	"net"
+	"reflect"
+	"testing"
+)
+
+func TestInterfaceGenerators(t *testing.T) {
+	for _, tt := range []struct {
+		name    string
+		netdev  string
+		link    string
+		network string
+		kind    string
+		iface   InterfaceGenerator
+	}{
+		{
+			name:    "",
+			network: "[Match]\nMACAddress=00:01:02:03:04:05\n\n[Network]\n",
+			kind:    "physical",
+			iface: &physicalInterface{logicalInterface{
+				hwaddr: net.HardwareAddr([]byte{0, 1, 2, 3, 4, 5}),
+			}},
+		},
+		{
+			name:    "testname",
+			network: "[Match]\nName=testname\n\n[Network]\nBond=testbond1\nVLAN=testvlan1\nVLAN=testvlan2\n",
+			kind:    "physical",
+			iface: &physicalInterface{logicalInterface{
+				name: "testname",
+				children: []networkInterface{
+					&bondInterface{logicalInterface: logicalInterface{name: "testbond1"}},
+					&vlanInterface{logicalInterface: logicalInterface{name: "testvlan1"}, id: 1},
+					&vlanInterface{logicalInterface: logicalInterface{name: "testvlan2"}, id: 1},
+				},
+			}},
+		},
+		{
+			name:    "testname",
+			netdev:  "[NetDev]\nKind=bond\nName=testname\n\n[Bond]\n",
+			network: "[Match]\nName=testname\n\n[Network]\nBond=testbond1\nVLAN=testvlan1\nVLAN=testvlan2\nDHCP=true\n",
+			kind:    "bond",
+			iface: &bondInterface{logicalInterface: logicalInterface{
+				name:   "testname",
+				config: configMethodDHCP{},
+				children: []networkInterface{
+					&bondInterface{logicalInterface: logicalInterface{name: "testbond1"}},
+					&vlanInterface{logicalInterface: logicalInterface{name: "testvlan1"}, id: 1},
+					&vlanInterface{logicalInterface: logicalInterface{name: "testvlan2"}, id: 1},
+				},
+			}},
+		},
+		{
+			name:    "testname",
+			netdev:  "[NetDev]\nKind=vlan\nName=testname\n\n[VLAN]\nId=1\n",
+			network: "[Match]\nName=testname\n\n[Network]\n",
+			kind:    "vlan",
+			iface:   &vlanInterface{logicalInterface{name: "testname"}, 1, ""},
+		},
+		{
+			name:    "testname",
+			netdev:  "[NetDev]\nKind=vlan\nName=testname\nMACAddress=00:01:02:03:04:05\n\n[VLAN]\nId=1\n",
+			network: "[Match]\nName=testname\n\n[Network]\n",
+			kind:    "vlan",
+			iface:   &vlanInterface{logicalInterface{name: "testname", config: configMethodStatic{hwaddress: net.HardwareAddr([]byte{0, 1, 2, 3, 4, 5})}}, 1, ""},
+		},
+		{
+			name:    "testname",
+			netdev:  "[NetDev]\nKind=vlan\nName=testname\nMACAddress=00:01:02:03:04:05\n\n[VLAN]\nId=1\n",
+			network: "[Match]\nName=testname\n\n[Network]\nDHCP=true\n",
+			kind:    "vlan",
+			iface:   &vlanInterface{logicalInterface{name: "testname", config: configMethodDHCP{hwaddress: net.HardwareAddr([]byte{0, 1, 2, 3, 4, 5})}}, 1, ""},
+		},
+		{
+			name:    "testname",
+			netdev:  "[NetDev]\nKind=vlan\nName=testname\n\n[VLAN]\nId=0\n",
+			network: "[Match]\nName=testname\n\n[Network]\nDomains=coreos.com example.com\nDNS=8.8.8.8\n\n[Address]\nAddress=192.168.1.100/24\n\n[Route]\nDestination=0.0.0.0/0\nGateway=1.2.3.4\n",
+			kind:    "vlan",
+			iface: &vlanInterface{logicalInterface: logicalInterface{
+				name: "testname",
+				config: configMethodStatic{
+					addresses:   []net.IPNet{{IP: []byte{192, 168, 1, 100}, Mask: []byte{255, 255, 255, 0}}},
+					nameservers: []net.IP{[]byte{8, 8, 8, 8}},
+					domains:     []string{"coreos.com", "example.com"},
+					routes:      []route{{destination: net.IPNet{IP: []byte{0, 0, 0, 0}, Mask: []byte{0, 0, 0, 0}}, gateway: []byte{1, 2, 3, 4}}},
+				},
+			}},
+		},
+	} {
+		if name := tt.iface.Name(); name != tt.name {
+			t.Fatalf("bad name (%q): want %q, got %q", tt.iface, tt.name, name)
+		}
+		if netdev := tt.iface.Netdev(); netdev != tt.netdev {
+			t.Fatalf("bad netdev (%q): want %q, got %q", tt.iface, tt.netdev, netdev)
+		}
+		if link := tt.iface.Link(); link != tt.link {
+			t.Fatalf("bad link (%q): want %q, got %q", tt.iface, tt.link, link)
+		}
+		if network := tt.iface.Network(); network != tt.network {
+			t.Fatalf("bad network (%q): want %q, got %q", tt.iface, tt.network, network)
+		}
+		if kind := tt.iface.Type(); kind != tt.kind {
+			t.Fatalf("bad type (%q): want %q, got %q", tt.iface, tt.kind, kind)
+		}
+	}
+}
+
+func TestModprobeParams(t *testing.T) {
+	for _, tt := range []struct {
+		i InterfaceGenerator
+		p string
+	}{
+		{
+			i: &physicalInterface{},
+			p: "",
+		},
+		{
+			i: &vlanInterface{},
+			p: "",
+		},
+		{
+			i: &bondInterface{
+				logicalInterface{},
+				nil,
+				map[string]string{
+					"a": "1",
+					"b": "2",
+				},
+			},
+			p: "a=1 b=2",
+		},
+	} {
+		if p := tt.i.ModprobeParams(); p != tt.p {
+			t.Fatalf("bad params (%q): got %s, want %s", tt.i, p, tt.p)
+		}
+	}
+}
+
+func TestBuildInterfacesLo(t *testing.T) {
+	stanzas := []*stanzaInterface{
+		{
+			name:         "lo",
+			kind:         interfacePhysical,
+			auto:         false,
+			configMethod: configMethodLoopback{},
+			options:      map[string][]string{},
+		},
+	}
+	interfaces := buildInterfaces(stanzas)
+	if len(interfaces) != 0 {
+		t.FailNow()
+	}
+}
+
+func TestBuildInterfacesBlindBond(t *testing.T) {
+	stanzas := []*stanzaInterface{
+		{
+			name:         "bond0",
+			kind:         interfaceBond,
+			auto:         false,
+			configMethod: configMethodManual{},
+			options: map[string][]string{
+				"bond-slaves": {"eth0"},
+			},
+		},
+	}
+	interfaces := buildInterfaces(stanzas)
+	bond0 := &bondInterface{
+		logicalInterface{
+			name:        "bond0",
+			config:      configMethodManual{},
+			children:    []networkInterface{},
+			configDepth: 0,
+		},
+		[]string{"eth0"},
+		map[string]string{},
+	}
+	eth0 := &physicalInterface{
+		logicalInterface{
+			name:        "eth0",
+			config:      configMethodManual{},
+			children:    []networkInterface{bond0},
+			configDepth: 1,
+		},
+	}
+	expect := []InterfaceGenerator{bond0, eth0}
+	if !reflect.DeepEqual(interfaces, expect) {
+		t.FailNow()
+	}
+}
+
+func TestBuildInterfacesBlindVLAN(t *testing.T) {
+	stanzas := []*stanzaInterface{
+		{
+			name:         "vlan0",
+			kind:         interfaceVLAN,
+			auto:         false,
+			configMethod: configMethodManual{},
+			options: map[string][]string{
+				"id":         {"0"},
+				"raw_device": {"eth0"},
+			},
+		},
+	}
+	interfaces := buildInterfaces(stanzas)
+	vlan0 := &vlanInterface{
+		logicalInterface{
+			name:        "vlan0",
+			config:      configMethodManual{},
+			children:    []networkInterface{},
+			configDepth: 0,
+		},
+		0,
+		"eth0",
+	}
+	eth0 := &physicalInterface{
+		logicalInterface{
+			name:        "eth0",
+			config:      configMethodManual{},
+			children:    []networkInterface{vlan0},
+			configDepth: 1,
+		},
+	}
+	expect := []InterfaceGenerator{eth0, vlan0}
+	if !reflect.DeepEqual(interfaces, expect) {
+		t.FailNow()
+	}
+}
+
+func TestBuildInterfaces(t *testing.T) {
+	stanzas := []*stanzaInterface{
+		{
+			name:         "eth0",
+			kind:         interfacePhysical,
+			auto:         false,
+			configMethod: configMethodManual{},
+			options:      map[string][]string{},
+		},
+		{
+			name:         "bond0",
+			kind:         interfaceBond,
+			auto:         false,
+			configMethod: configMethodManual{},
+			options: map[string][]string{
+				"bond-slaves": {"eth0"},
+				"bond-mode":   {"4"},
+				"bond-miimon": {"100"},
+			},
+		},
+		{
+			name:         "bond1",
+			kind:         interfaceBond,
+			auto:         false,
+			configMethod: configMethodManual{},
+			options: map[string][]string{
+				"bond-slaves": {"bond0"},
+			},
+		},
+		{
+			name:         "vlan0",
+			kind:         interfaceVLAN,
+			auto:         false,
+			configMethod: configMethodManual{},
+			options: map[string][]string{
+				"id":         {"0"},
+				"raw_device": {"eth0"},
+			},
+		},
+		{
+			name:         "vlan1",
+			kind:         interfaceVLAN,
+			auto:         false,
+			configMethod: configMethodManual{},
+			options: map[string][]string{
+				"id":         {"1"},
+				"raw_device": {"bond0"},
+			},
+		},
+	}
+	interfaces := buildInterfaces(stanzas)
+	vlan1 := &vlanInterface{
+		logicalInterface{
+			name:        "vlan1",
+			config:      configMethodManual{},
+			children:    []networkInterface{},
+			configDepth: 0,
+		},
+		1,
+		"bond0",
+	}
+	vlan0 := &vlanInterface{
+		logicalInterface{
+			name:        "vlan0",
+			config:      configMethodManual{},
+			children:    []networkInterface{},
+			configDepth: 0,
+		},
+		0,
+		"eth0",
+	}
+	bond1 := &bondInterface{
+		logicalInterface{
+			name:        "bond1",
+			config:      configMethodManual{},
+			children:    []networkInterface{},
+			configDepth: 0,
+		},
+		[]string{"bond0"},
+		map[string]string{},
+	}
+	bond0 := &bondInterface{
+		logicalInterface{
+			name:        "bond0",
+			config:      configMethodManual{},
+			children:    []networkInterface{bond1, vlan1},
+			configDepth: 1,
+		},
+		[]string{"eth0"},
+		map[string]string{
+			"mode":   "4",
+			"miimon": "100",
+		},
+	}
+	eth0 := &physicalInterface{
+		logicalInterface{
+			name:        "eth0",
+			config:      configMethodManual{},
+			children:    []networkInterface{bond0, vlan0},
+			configDepth: 2,
+		},
+	}
+	expect := []InterfaceGenerator{bond0, bond1, eth0, vlan0, vlan1}
+	if !reflect.DeepEqual(interfaces, expect) {
+		t.FailNow()
+	}
+}
+
+func TestFilename(t *testing.T) {
+	for _, tt := range []struct {
+		i logicalInterface
+		f string
+	}{
+		{logicalInterface{name: "iface", configDepth: 0}, "00-iface"},
+		{logicalInterface{name: "iface", configDepth: 9}, "09-iface"},
+		{logicalInterface{name: "iface", configDepth: 10}, "0a-iface"},
+		{logicalInterface{name: "iface", configDepth: 53}, "35-iface"},
+		{logicalInterface{hwaddr: net.HardwareAddr([]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab}), configDepth: 1}, "01-01:23:45:67:89:ab"},
+		{logicalInterface{name: "iface", hwaddr: net.HardwareAddr([]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab}), configDepth: 1}, "01-iface"},
+	} {
+		if tt.i.Filename() != tt.f {
+			t.Fatalf("bad filename (%q): got %q, want %q", tt.i, tt.i.Filename(), tt.f)
+		}
+	}
+}

config/cloudinit/network/is_go15_false_test.go

@@ -0,0 +1,5 @@
+// +build !go1.5
+
+package network
+
+const isGo15 = false

config/cloudinit/network/is_go15_true_test.go

@@ -0,0 +1,5 @@
+// +build go1.5
+
+package network
+
+const isGo15 = true