cloud-init

Merge ~amzn-cmiller/cloud-init:ec2-metadatasrv-route-eexist into cloud-init:master

  1. Git
  2. lp:~amzn-cmiller/cloud-init
  3. ec2-metadatasrv-route-eexist
  4. Merge into master
Proposed by Chad
Status: Work in progress
Proposed branch: ~amzn-cmiller/cloud-init:ec2-metadatasrv-route-eexist
Merge into: cloud-init:master
Diff against target: 75 lines (+27/-6)
2 files modified
cloudinit/config/cc_disable_ec2_metadata.py (+9/-5)
cloudinit/config/tests/test_disable_ec2_metadata.py (+18/-1)
Reviewer Review Type Date Requested Status
Ryan Harper Needs Fixing
Server Team CI bot continuous-integration Approve
Andrew Jorgensen (community) Approve
Scott Moser Approve
Review via email: mp+360082@code.launchpad.net

Commit message

Allow route already to exist for disable-ec2-metadata

Try CHANGE route to metadata service, not just ADD route.

Linux doesn't allow two routes with the same match characteristics.
If an explicit route already exists, then ip-route "add" will fail.
Now, "change" first, and only "add" if it failed.

To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) :
review: Approve
Reply
Revision history for this message
Andrew Jorgensen (ajorgens) :
review: Approve
Reply
Revision history for this message
Chad (amzn-cmiller) wrote :

ping?

Reply
Revision history for this message
Ryan Harper (raharper) wrote :

I've pointed our CI at this branch.

Reply
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:2f26e6e278ceb7ec564857c2a2fdeec882868714
No commit message was specified in the merge proposal. Click on the following link and set the commit message (if you want a jenkins rebuild you need to trigger it yourself):
https://code.launchpad.net/~amzn-cmiller/cloud-init/+git/cloud-init/+merge/360082/+edit-commit-message

https://jenkins.ubuntu.com/server/job/cloud-init-ci/666/
Executed test runs:
    FAILED: Checkout

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/666/rebuild

review: Needs Fixing (continuous-integration)
Reply
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:2f26e6e278ceb7ec564857c2a2fdeec882868714
No commit message was specified in the merge proposal. Click on the following link and set the commit message (if you want a jenkins rebuild you need to trigger it yourself):
https://code.launchpad.net/~amzn-cmiller/cloud-init/+git/cloud-init/+merge/360082/+edit-commit-message

https://jenkins.ubuntu.com/server/job/cloud-init-ci/667/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/667/rebuild

review: Needs Fixing (continuous-integration)
Reply
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:2f26e6e278ceb7ec564857c2a2fdeec882868714
https://jenkins.ubuntu.com/server/job/cloud-init-ci/688/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/688/rebuild

review: Approve (continuous-integration)
Reply
Revision history for this message
Ryan Harper (raharper) wrote :

Was there an upstream bug or just cleaning things up?

A few inline comment typo/adjustments requested.

review: Needs Fixing
Reply

Unmerged commits

305804e... by Chad

Fix grammar in comment about ip-route assumptions

2f26e6e... by Chad

Allow route already to exist for disable-ec2-metadata

Try CHANGE route to metadata service, not just ADD route.

Linux doesn't allow two routes with the same match characteristics. If an
explicit route already exists, then ip-route "add" will fail. Now, "change"
first, and only "add" if it failed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/cloudinit/config/cc_disable_ec2_metadata.py b/cloudinit/config/cc_disable_ec2_metadata.py
2index 885b313..5db76f0 100644
3--- a/cloudinit/config/cc_disable_ec2_metadata.py
4+++ b/cloudinit/config/cc_disable_ec2_metadata.py
5@@ -33,22 +33,26 @@ from cloudinit.settings import PER_ALWAYS
6 frequency = PER_ALWAYS
7
8 REJECT_CMD_IF = ['route', 'add', '-host', '169.254.169.254', 'reject']
9-REJECT_CMD_IP = ['ip', 'route', 'add', 'prohibit', '169.254.169.254']
10+REJECT_CMD_IPRTADD = ['ip', 'route', 'add', 'prohibit', '169.254.169.254']
11+REJECT_CMD_IPRTCHG = ['ip', 'route', 'change', 'prohibit', '169.254.169.254']
12
13
14 def handle(name, cfg, _cloud, log, _args):
15 disabled = util.get_cfg_option_bool(cfg, "disable_ec2_metadata", False)
16 if disabled:
17- reject_cmd = None
18 if util.which('ip'):
19- reject_cmd = REJECT_CMD_IP
20+ # ip-route-add requires that no route already exist and
21+ # ip-route-change requires that a route already exists. EAFP.
22+ try:
23+ util.subp(REJECT_CMD_IPRTCHG, capture=False)
24+ except util.ProcessExecutionError:
25+ util.subp(REJECT_CMD_IPRTADD, capture=False)
26 elif util.which('ifconfig'):
27- reject_cmd = REJECT_CMD_IF
28+ util.subp(REJECT_CMD_IF, capture=False)
29 else:
30 log.error(('Neither "route" nor "ip" command found, unable to '
31 'manipulate routing table'))
32 return
33- util.subp(reject_cmd, capture=False)
34 else:
35 log.debug(("Skipping module named %s,"
36 " disabling the ec2 route not enabled"), name)
37diff --git a/cloudinit/config/tests/test_disable_ec2_metadata.py b/cloudinit/config/tests/test_disable_ec2_metadata.py
38index 67646b0..a6421dd 100644
39--- a/cloudinit/config/tests/test_disable_ec2_metadata.py
40+++ b/cloudinit/config/tests/test_disable_ec2_metadata.py
41@@ -29,9 +29,16 @@ class TestEC2MetadataRoute(CiTestCase):
42
43 @mock.patch('cloudinit.config.cc_disable_ec2_metadata.util.which')
44 @mock.patch('cloudinit.config.cc_disable_ec2_metadata.util.subp')
45- def test_disable_ip(self, m_subp, m_which):
46+ def test_disable_ip_route_is_new(self, m_subp, m_which):
47 """Set the route if ip command is available"""
48 m_which.side_effect = lambda x: x if x == 'ip' else None
49+
50+ def subp(cmd, **kwargs):
51+ if cmd[2] == 'change':
52+ raise ec2_meta.util.ProcessExecutionError("Oh noes")
53+ return None, None
54+ m_subp.side_effect = subp
55+
56 ec2_meta.handle('foo', DISABLE_CFG, None, LOG, None)
57 m_subp.assert_called_with(
58 ['ip', 'route', 'add', 'prohibit', '169.254.169.254'],
59@@ -39,6 +46,16 @@ class TestEC2MetadataRoute(CiTestCase):
60
61 @mock.patch('cloudinit.config.cc_disable_ec2_metadata.util.which')
62 @mock.patch('cloudinit.config.cc_disable_ec2_metadata.util.subp')
63+ def test_disable_ip_route_already_exists(self, m_subp, m_which):
64+ """Set the route if ip command is available"""
65+ m_which.side_effect = lambda x: x if x == 'ip' else None
66+ ec2_meta.handle('foo', DISABLE_CFG, None, LOG, None)
67+ m_subp.assert_called_with(
68+ ['ip', 'route', 'change', 'prohibit', '169.254.169.254'],
69+ capture=False)
70+
71+ @mock.patch('cloudinit.config.cc_disable_ec2_metadata.util.which')
72+ @mock.patch('cloudinit.config.cc_disable_ec2_metadata.util.subp')
73 def test_disable_no_tool(self, m_subp, m_which):
74 """Log error when neither route nor ip commands are available"""
75 m_which.return_value = None # Find neither ifconfig nor ip

Subscribers

People subscribed via source and target branches