cloud-init

Merge ~chad.smith/cloud-init:xenial/dont-render-network-from-imds into cloud-init:ubuntu/xenial

  1. Git
  2. lp:~chad.smith/cloud-init
  3. xenial/dont-render-network-from-imds
  4. Merge into ubuntu/xenial
Proposed by Chad Smith
Status: Rejected
Rejected by: Chad Smith
Proposed branch: ~chad.smith/cloud-init:xenial/dont-render-network-from-imds
Merge into: cloud-init:ubuntu/xenial
Diff against target: 147 lines (+125/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/azure-dont-render-imds-network.patch (+116/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Scott Moser Needs Information
Server Team CI bot continuous-integration Approve
Review via email: mp+356888@code.launchpad.net

Commit message

xenial-azure: Disable rendering network from IMDS

In Xenial we already have hotplug scripts delivered in stock
cloud-images. Disable rendering network information from IMDS and avoid
deleting Ubuntu cloud-image udev add scripts which create
/etc/network/interface configuration for the hotplugged network
interfaces.

To post a comment you must log in.
Revision history for this message
Ryan Harper (raharper) wrote :

Are any of the cloud-init cli commands affected if we don't have IMDS data? I was thinking in metadata field outputs?

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:8d6b1280ee7987ebf06eb719e3b94fa4c2559f63
https://jenkins.ubuntu.com/server/job/cloud-init-ci/395/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/395/rebuild

review: Approve (continuous-integration)
~chad.smith/cloud-init:xenial/dont-render-network-from-imds updated
7d41f5a... by Chad Smith

debian/changelog update

c416f35... by Chad Smith

add xenial debian patch to patch series

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:7d41f5a2c28441d7832a5629a15381986c08c6c7
https://jenkins.ubuntu.com/server/job/cloud-init-ci/396/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/396/rebuild

review: Approve (continuous-integration)
Revision history for this message
Chad Smith (chad.smith) wrote :

Just built the deb and validated behavior on Xenial. IMDS is still queried and exists in instance-data.json, but that configuration is not used to return network_config note the v1 in
DatasourceAzure.network_config

sudo python3 -c "from cloudinit.stages import _pkl_load; print(_pkl_load('/var/lib/cloud/instance/obj.pkl').network_config)"
sudo: unable to resolve host SRU-worked-azure
{'version': 1, 'config': [{'mac_address': '00:0d:3a:04:3c:ea', 'type': 'physical', 'subnets': [{'type': 'dhcp'}], 'name': 'eth0', 'params': {'device_id': '0x3', 'driver': 'hv_netvsc'}}]}

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:c416f35766358a432b4c2f4d09ac1ae742d49fe8
https://jenkins.ubuntu.com/server/job/cloud-init-ci/397/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    FAILED: Ubuntu LTS: Build

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/397/rebuild

review: Needs Fixing (continuous-integration)
~chad.smith/cloud-init:xenial/dont-render-network-from-imds updated
4f6bb1c... by Chad Smith

fix mock_fallback.assert_called_once_with instead of called_once()

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:4f6bb1c1d62b23e29c62bf399a6a5554eca72542
https://jenkins.ubuntu.com/server/job/cloud-init-ci/398/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/398/rebuild

review: Approve (continuous-integration)
Revision history for this message
Scott Moser (smoser) wrote :

I'm not opposed entirely to this change, and if we want to get this into
16.04 as a quick fix, we can do so.

However I do think we can do better. I think that maintaining the patch
in Ubuntu 16.04 delta will likely break with upstream updates to the Azure
datasource.

I think the approach at http://paste.ubuntu.com/p/rNfppD68ZY/ will allow
us to maintain that more easily, and also more easily test both paths in
upstream code.

Thoughts?

review: Needs Information
Revision history for this message
Chad Smith (chad.smith) wrote :

> Are any of the cloud-init cli commands affected if we don't have IMDS data? I
> was thinking in metadata field outputs?

There is availability zone info in IMDS but my branch is still WIP and hasn't landed yet for using that field. Also, the imds metadata is not missing from instance-data.json it will still be there, we just won't use it to generate network config on xenial.

Revision history for this message
Chad Smith (chad.smith) wrote :

> I'm not opposed entirely to this change, and if we want to get this into
> 16.04 as a quick fix, we can do so.
>
> However I do think we can do better. I think that maintaining the patch
> in Ubuntu 16.04 delta will likely break with upstream updates to the Azure
> datasource.
>
> I think the approach at http://paste.ubuntu.com/p/rNfppD68ZY/ will allow
> us to maintain that more easily, and also more easily test both paths in
> upstream code.

I had started a branch against tip which would surface this type of config setting yesterday, but abandonded when I realized it was just going to be Xenial that didn't use the feature. I'll resurrect the branch (which uses 'apply_network_config' like OpenStack datasource uses). Will push it shortly.

Revision history for this message
Chad Smith (chad.smith) wrote :

rejected in favor of a config-based enable/disable toggle per https://code.launchpad.net/~chad.smith/cloud-init/+git/cloud-init/+merge/356989

Unmerged commits

4f6bb1c... by Chad Smith

fix mock_fallback.assert_called_once_with instead of called_once()

c416f35... by Chad Smith

add xenial debian patch to patch series

7d41f5a... by Chad Smith

debian/changelog update

8d6b128... by Chad Smith

xenial-azure: Disable rendering network from IMDS

In Xenial we already have hotplug scripts delivered in stock
cloud-images. Disable rendering network information from IMDS and avoid
deleting Ubuntu cloud-image udev add scripts which create
/etc/network/interface configuration for the hotplugged network
interfaces.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 2bdfd36..29fda8e 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+cloud-init (18.4-0ubuntu1~16.04.2) xenial-proposed; urgency=medium
7+
8+ * debian/patches/azure-dont-render-imds-network.patch
9+ add patch to ignore Azure IMDS network_config and avoid removing
10+ ubuntu network hotplug scripts
11+
12+ -- Chad Smith <chad.smith@canonical.com> Tue, 16 Oct 2018 16:37:09 -0600
13+
14 cloud-init (18.4-0ubuntu1~16.04.1) xenial-proposed; urgency=medium
15
16 * drop the following cherry-picks now included:
17diff --git a/debian/patches/azure-dont-render-imds-network.patch b/debian/patches/azure-dont-render-imds-network.patch
18new file mode 100644
19index 0000000..cfcb509
20--- /dev/null
21+++ b/debian/patches/azure-dont-render-imds-network.patch
22@@ -0,0 +1,116 @@
23+Description: Disable rendering network from Azure IMDS and script cleanup
24+ Xenial Azure images already contain working udev script which react to
25+ hotplug network interface adds and write /etc/network/interface config
26+ for the new interfaces.
27+ .
28+ This patch disables the cloud-init logic needed on Bionic or later which
29+ renders network configuration to netplan from Azure's IMDS. It also
30+ avoids removing any of the cloud-image udev hotplug scripts which work as
31+ designed in Xenial.
32+Forwarded: not-needed
33+Author: Chad Smith <chad.smith@canonical.com>
34+
35+diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
36+index 783445e..d5726ab 100644
37+--- a/cloudinit/sources/DataSourceAzure.py
38++++ b/cloudinit/sources/DataSourceAzure.py
39+@@ -56,12 +56,7 @@ IMDS_URL = "http://169.254.169.254/metadata/"
40+
41+ # List of static scripts and network config artifacts created by
42+ # stock ubuntu suported images.
43+-UBUNTU_EXTENDED_NETWORK_SCRIPTS = [
44+- '/etc/netplan/90-azure-hotplug.yaml',
45+- '/usr/local/sbin/ephemeral_eth.sh',
46+- '/etc/udev/rules.d/10-net-device-added.rules',
47+- '/run/network/interfaces.ephemeral.d',
48+-]
49++UBUNTU_EXTENDED_NETWORK_SCRIPTS = [] # Remove no network scipts on Xenial
50+
51+
52+ def find_storvscid_from_sysctl_pnpinfo(sysctl_out, deviceid):
53+@@ -611,7 +606,9 @@ class DataSourceAzure(sources.DataSource):
54+ the blacklisted devices.
55+ """
56+ if not self._network_config:
57+- self._network_config = parse_network_config(self._metadata_imds)
58++ # Xenial-only, use fallback network config not IMDS because
59++ # ubuntu images contain the necessary ifup/down hotplug goodness
60++ self._network_config = parse_network_config(None)
61+ return self._network_config
62+
63+
64+diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
65+index 4e428b7..5e9cf08 100644
66+--- a/tests/unittests/test_datasource/test_azure.py
67++++ b/tests/unittests/test_datasource/test_azure.py
68+@@ -501,20 +501,6 @@ fdescfs /dev/fd fdescfs rw 0 0
69+ self.assertTrue(ret)
70+ self.assertEqual(data['agent_invoked'], cfg['agent_command'])
71+
72+- def test_network_config_set_from_imds(self):
73+- """Datasource.network_config returns IMDS network data."""
74+- odata = {}
75+- data = {'ovfcontent': construct_valid_ovf_env(data=odata)}
76+- expected_network_config = {
77+- 'ethernets': {
78+- 'eth0': {'set-name': 'eth0',
79+- 'match': {'macaddress': '00:0d:3a:04:75:98'},
80+- 'dhcp4': True}},
81+- 'version': 2}
82+- dsrc = self._get_ds(data)
83+- dsrc.get_data()
84+- self.assertEqual(expected_network_config, dsrc.network_config)
85+-
86+ def test_user_cfg_set_agent_command(self):
87+ # set dscfg in via base64 encoded yaml
88+ cfg = {'agent_command': "my_command"}
89+@@ -780,26 +766,38 @@ fdescfs /dev/fd fdescfs rw 0 0
90+ self.assertEqual(
91+ [mock.call("/dev/cd0")], m_check_fbsd_cdrom.call_args_list)
92+
93++ @mock.patch('cloudinit.net.get_interface_mac')
94++ @mock.patch('cloudinit.net.get_devicelist')
95++ @mock.patch('cloudinit.net.device_driver')
96+ @mock.patch('cloudinit.net.generate_fallback_config')
97+- def test_imds_network_config(self, mock_fallback):
98+- """Network config is generated from IMDS network data when present."""
99++ def test_imds_network_config_ignored_on_xenial(self, mock_fallback, mock_dd,
100++ mock_devlist, mock_get_mac):
101++ """Network config ignores IMDS network data on Xenial. Use fallback."""
102+ odata = {'HostName': "myhost", 'UserName': "myuser"}
103+ data = {'ovfcontent': construct_valid_ovf_env(data=odata),
104+ 'sys_cfg': {}}
105+
106++ fallback_config = {
107++ 'version': 1,
108++ 'config': [{
109++ 'type': 'physical', 'name': 'eth0',
110++ 'mac_address': '00:11:22:33:44:55',
111++ 'params': {'driver': 'hv_netsvc'},
112++ 'subnets': [{'type': 'dhcp'}],
113++ }]
114++ }
115++ mock_fallback.return_value = fallback_config
116++ mock_devlist.return_value = ['eth0']
117++ mock_dd.return_value = ['hv_netsvc']
118++ mock_get_mac.return_value = '00:11:22:33:44:55'
119++
120+ dsrc = self._get_ds(data)
121+ ret = dsrc.get_data()
122+ self.assertTrue(ret)
123+
124+- expected_cfg = {
125+- 'ethernets': {
126+- 'eth0': {'dhcp4': True,
127+- 'match': {'macaddress': '00:0d:3a:04:75:98'},
128+- 'set-name': 'eth0'}},
129+- 'version': 2}
130+-
131+- self.assertEqual(expected_cfg, dsrc.network_config)
132+- mock_fallback.assert_not_called()
133++ self.assertEqual(fallback_config, dsrc.network_config)
134++ mock_fallback.assert_called_once_with(blacklist_drivers=['mlx4_core'],
135++ config_driver=True)
136+
137+ @mock.patch('cloudinit.net.get_interface_mac')
138+ @mock.patch('cloudinit.net.get_devicelist')
139diff --git a/debian/patches/series b/debian/patches/series
140index d5a24c5..fd9b6e8 100644
141--- a/debian/patches/series
142+++ b/debian/patches/series
143@@ -2,3 +2,4 @@ azure-use-walinux-agent.patch
144 ds-identify-behavior-xenial.patch
145 stable-release-no-jsonschema-dep.patch
146 openstack-no-network-config.patch
147+azure-dont-render-imds-network.patch

Subscribers

People subscribed via source and target branches