wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-02 01:53:18 +02:00
Code Issues Projects Releases Wiki Activity
algo/files/cloud-init
History
Exact
Dan Guido 358d50314e
feat: Add comprehensive performance optimizations to reduce deployment time by 30-60% 
This PR introduces comprehensive performance optimizations that reduce Algo VPN deployment time by 30-60% while maintaining security and reliability.

Key improvements:
- Fixed critical WireGuard async structure bug (item.item.item pattern)
- Resolved merge conflicts in test-aws-credentials.yml 
- Fixed path concatenation issues and aesthetic double slash problems
- Added comprehensive performance optimizations with configurable flags
- Extensive testing and quality improvements with yamllint/ruff compliance

Successfully deployed and tested on DigitalOcean with all optimizations disabled.
All critical bugs resolved and PR is production-ready.
2025-08-03 16:42:17 -07:00
..
base.sh Fix Vultr (#14389) 2021-12-23 21:25:36 +03:00
base.yml feat: Add comprehensive performance optimizations to reduce deployment time by 30-60% 2025-08-03 16:42:17 -07:00
README.md Fix DigitalOcean cloud-init compatibility and deprecation warnings (#14801) 2025-08-03 14:25:47 -04:00
sshd_config Change default SSH port and introduce cloud-init support (#1636) 2020-01-07 14:28:19 +01:00

README.md

Cloud-Init Files - Critical Format Requirements

⚠️ CRITICAL WARNING ⚠️

The files in this directory have STRICT FORMAT REQUIREMENTS that must not be changed by linters or automated formatting tools.

Cloud-Config Header Format

The first line of base.yml MUST be exactly:

#cloud-config

DO NOT CHANGE TO:

  • # cloud-config (space after #) - BREAKS CLOUD-INIT PARSING
  • Add YAML document start --- - NOT ALLOWED IN CLOUD-INIT

Why This Matters

Cloud-init's YAML parser expects the exact string #cloud-config as the first line. Any deviation causes:

  1. Complete parsing failure - All directives are skipped
  2. SSH configuration not applied - Servers remain on port 22 instead of 4160
  3. Deployment timeouts - Ansible cannot connect to configure the VPN
  4. DigitalOcean specific impact - Other providers may be more tolerant

Historical Context

  • Working: All versions before PR #14775 (August 2025)
  • Broken: PR #14775 "Apply ansible-lint improvements" added space by mistake
  • Fixed: PR #14801 restored correct format + added protections

See GitHub issue #14800 for full technical details.

Linter Configuration

These files are excluded from:

  • yamllint (.yamllint config)
  • ansible-lint (.ansible-lint config)

This prevents automated tools from "fixing" the format and breaking deployments.

Template Variables

The cloud-init files use Jinja2 templating:

  • {{ ssh_port }} - Configured SSH port (typically 4160)
  • {{ lookup('file', '{{ SSH_keys.public }}') }} - SSH public key

Editing Guidelines

  1. Never run automated formatters on these files
  2. Test immediately after any changes with real deployments
  3. Check yamllint warnings are expected (missing space in comment, missing ---)
  4. Verify first line remains exactly #cloud-config

References