cloud-init

Merge ~raharper/cloud-init:fix/netplan-accept-ra-off into cloud-init:master

  1. Git
  2. lp:~raharper/cloud-init
  3. fix/netplan-accept-ra-off
  4. Merge into master
Proposed by Ryan Harper
Status: Work in progress
Proposed branch: ~raharper/cloud-init:fix/netplan-accept-ra-off
Merge into: cloud-init:master
Diff against target: 158 lines (+20/-0)
3 files modified
cloudinit/net/netplan.py (+3/-0)
tests/unittests/test_distros/test_netconfig.py (+6/-0)
tests/unittests/test_net.py (+11/-0)
Reviewer Review Type Date Requested Status
Server Team CI bot continuous-integration Approve
Chad Smith Approve
Review via email: mp+339437@code.launchpad.net

Description of the change

netplan: disable IPV6 RA mode unless configuring ipv6

On distros using netplan and systemd-networkd the default configuration
is to enable solicitation of of IPV6 Router Advertisments. This incurs
a significant delay during boot, approximately 10 seconds if the network
does not contain any IPV6 routers. If the network configuration that
cloud-init renders is not explicitly configuring IPV6, then disable IPV6 RA
on the interfaces in the configuration.

To post a comment you must log in.
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:f59bca50f8c24f18a892f937ec18c3bb640baf01
https://jenkins.ubuntu.com/server/job/cloud-init-ci/788/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    SUCCESS: MAAS Compatability Testing
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/788/rebuild

review: Approve (continuous-integration)
Reply
Revision history for this message
Scott Moser (smoser) wrote :

So this *will* cause a change in behavior in all lxd guests.

$ lxd file pull b1/var/lib/cloud/seed/nocloud-net/network-config -
version: 1
config:
    - type: physical
      name: eth0
      subnets:
          - type: dhcp
            control: auto

nothing there says we *should* have ipv6, yet I do have ipv6 enabled.

$ lxc network show lxdbr0
config:
  ipv4.address: 10.145.210.1/24
  ipv4.nat: "true"
  ipv6.address: fd42:6470:c1cd:249f::1/64
  ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/containers/a1
- /1.0/containers/b1
- /1.0/containers/b2
- /1.0/containers/bb
- /1.0/containers/x1
managed: true

$ lxc list | grep b1
| b1 | RUNNING | 10.145.210.39 (eth0) | fd42:6470:c1cd:249f:216:3eff:fe95:9c7c (eth0) | PERSISTENT | 0 |

Related bugs
 https://bugs.launchpad.net/ubuntu/+source/nplan/+bug/1732002

Reply
Revision history for this message
Ryan Harper (raharper) wrote :

If anything, this is fallout due to the bug you mention.

LXD should be explicit; as should cloud-init.

On Mon, Feb 26, 2018 at 10:07 AM, Scott Moser <email address hidden>
wrote:

> So this *will* cause a change in behavior in all lxd guests.
>
> $ lxd file pull b1/var/lib/cloud/seed/nocloud-net/network-config -
> version: 1
> config:
> - type: physical
> name: eth0
> subnets:
> - type: dhcp
> control: auto
>
>
> nothing there says we *should* have ipv6, yet I do have ipv6 enabled.
>
> $ lxc network show lxdbr0
> config:
> ipv4.address: 10.145.210.1/24
> ipv4.nat: "true"
> ipv6.address: fd42:6470:c1cd:249f::1/64
> ipv6.nat: "true"
> description: ""
> name: lxdbr0
> type: bridge
> used_by:
> - /1.0/containers/a1
> - /1.0/containers/b1
> - /1.0/containers/b2
> - /1.0/containers/bb
> - /1.0/containers/x1
> managed: true
>
> $ lxc list | grep b1
> | b1 | RUNNING | 10.145.210.39 (eth0) | fd42:6470:c1cd:249f:216:3eff:fe95:9c7c
> (eth0) | PERSISTENT | 0 |
>
>
> Related bugs
> https://bugs.launchpad.net/ubuntu/+source/nplan/+bug/1732002
>
> --
> https://code.launchpad.net/~raharper/cloud-init/+git/
> cloud-init/+merge/339437
> You are the owner of ~raharper/cloud-init:fix/netplan-accept-ra-off.
>

Reply
Revision history for this message
Chad Smith (chad.smith) wrote :

Looks good. Minor inline comments that can be thrown away if you disagree.

review: Approve
Reply
Revision history for this message
Ryan Harper (raharper) :
Reply
Revision history for this message
Ryan Harper (raharper) wrote :

W.r.t @smoser comment on ipv6; this change does not affect ipv6 link-local; that comes up fine even with accept-ra: False; rather this is whether or not networkd/networkmanager (things which netplan configures) do solicitation of IPV6 router-advertisements. Accept-ra: False disables this solicitation (and the timeouts associated with waiting for a response).

Reply
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:305d67dd86d3c6057d527a0bd5ec353b08de0f87
https://jenkins.ubuntu.com/server/job/cloud-init-ci/794/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    SUCCESS: MAAS Compatability Testing
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/794/rebuild

review: Approve (continuous-integration)
Reply
Revision history for this message
Ryan Harper (raharper) wrote :

I'm going to mark this branch WIP; I believe we need some changes to netplan.io to allow accept-ra to be unset, which indicates that networkd will defer to the kernel configuration w.r.t RouterAdvertisments.

https://bugs.launchpad.net/ubuntu/+source/nplan/+bug/1732002

Reply

Unmerged commits

305d67d... by Ryan Harper

netplan: disable IPV6 RA mode unless configuring ipv6

On distros using netplan and systemd-networkd the default configuration
is to enable solicitation of of IPV6 Router Advertisments. This incurs
a significant delay (up to 10 seconds) during boot if the network
does not contain any IPV6 routers. If the network configuration that
cloud-init renders is not explicitly configuring IPV6, then disable IPV6 RA
on the interfaces in the configuration. Note, this does not affect IPV6
link-local addresses.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/cloudinit/net/netplan.py b/cloudinit/net/netplan.py
2index d3788af..d0f8977 100644
3--- a/cloudinit/net/netplan.py
4+++ b/cloudinit/net/netplan.py
5@@ -65,6 +65,7 @@ def _extract_addresses(config, entry):
6 {'set-name': 'interface0',
7 'match': {'macaddress': '52:54:00:12:34:00'},
8 'mtu': 1501,
9+ 'accept-ra': True,
10 'address': ['192.168.1.2/24', '2001:4800:78ff:1b:be76:4eff:fe06:1000"],
11 'mtu6': 1480}
12
13@@ -92,6 +93,7 @@ def _extract_addresses(config, entry):
14 if sn_type == 'dhcp':
15 sn_type += '4'
16 entry.update({sn_type: True})
17+ entry['accept-ra'] = sn_type == 'dhcp6'
18 elif sn_type in ['static']:
19 addr = "%s" % subnet.get('address')
20 if 'prefix' in subnet:
21@@ -102,6 +104,7 @@ def _extract_addresses(config, entry):
22 entry.update({'gateway6': gateway})
23 else:
24 entry.update({'gateway4': gateway})
25+ entry['accept-ra'] = ':' in addr
26 if 'dns_nameservers' in subnet:
27 nameservers += _listify(subnet.get('dns_nameservers', []))
28 if 'dns_search' in subnet:
29diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py
30index 1c2e45f..e9105f1 100644
31--- a/tests/unittests/test_distros/test_netconfig.py
32+++ b/tests/unittests/test_distros/test_netconfig.py
33@@ -126,19 +126,23 @@ network:
34 version: 2
35 ethernets:
36 eth0:
37+ accept-ra: false
38 addresses:
39 - 192.168.1.5/24
40 gateway4: 192.168.1.254
41 eth1:
42+ accept-ra: false
43 dhcp4: true
44 """
45
46 V2_NET_CFG = {
47 'ethernets': {
48 'eth7': {
49+ 'accept-ra': False,
50 'addresses': ['192.168.1.5/24'],
51 'gateway4': '192.168.1.254'},
52 'eth9': {
53+ 'accept-ra': True,
54 'dhcp4': True}
55 },
56 'version': 2
57@@ -154,10 +158,12 @@ V2_TO_V2_NET_CFG_OUTPUT = """
58 network:
59 ethernets:
60 eth7:
61+ accept-ra: false
62 addresses:
63 - 192.168.1.5/24
64 gateway4: 192.168.1.254
65 eth9:
66+ accept-ra: true
67 dhcp4: true
68 version: 2
69 """
70diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
71index ac33e8e..de082cb 100644
72--- a/tests/unittests/test_net.py
73+++ b/tests/unittests/test_net.py
74@@ -403,6 +403,7 @@ NETWORK_CONFIGS = {
75 - wark.maas
76 set-name: eth1
77 eth99:
78+ accept-ra: false
79 addresses:
80 - 192.168.21.3/24
81 dhcp4: true
82@@ -495,6 +496,7 @@ NETWORK_CONFIGS = {
83 version: 2
84 ethernets:
85 iface0:
86+ accept-ra: true
87 dhcp4: true
88 dhcp6: true
89 """).rstrip(' '),
90@@ -528,6 +530,7 @@ NETWORK_CONFIGS = {
91 version: 2
92 ethernets:
93 iface0:
94+ accept-ra: true
95 addresses:
96 - 192.168.14.2/24
97 - 2001:1::1/64
98@@ -719,6 +722,7 @@ pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 11.0.0.1 metric 3 || true
99 - foobar.maas
100 set-name: eth4
101 eth5:
102+ accept-ra: false
103 dhcp4: true
104 match:
105 macaddress: 98:bb:9f:2c:e8:8a
106@@ -734,6 +738,7 @@ pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 11.0.0.1 metric 3 || true
107 set-name: eth5
108 bonds:
109 bond0:
110+ accept-ra: true
111 dhcp6: true
112 interfaces:
113 - eth1
114@@ -744,6 +749,7 @@ pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 11.0.0.1 metric 3 || true
115 transmit-hash-policy: layer3+4
116 bridges:
117 br0:
118+ accept-ra: true
119 addresses:
120 - 192.168.14.2/24
121 - 2001:1::1/64
122@@ -765,10 +771,12 @@ pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 11.0.0.1 metric 3 || true
123 via: 2001:4800:78ff:1b::1
124 vlans:
125 bond0.200:
126+ accept-ra: false
127 dhcp4: true
128 id: 200
129 link: bond0
130 eth0.101:
131+ accept-ra: false
132 addresses:
133 - 192.168.0.2/24
134 - 192.168.2.10/24
135@@ -1081,6 +1089,7 @@ pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 11.0.0.1 metric 3 || true
136 set-name: bond0s1
137 bonds:
138 bond0:
139+ accept-ra: true
140 addresses:
141 - 192.168.0.2/24
142 - 192.168.1.2/24
143@@ -1378,6 +1387,7 @@ pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 11.0.0.1 metric 3 || true
144 version: 2
145 ethernets:
146 eth0:
147+ accept-ra: false
148 addresses:
149 - 192.168.1.2/24
150 match:
151@@ -1973,6 +1983,7 @@ network:
152 version: 2
153 ethernets:
154 eth1000:
155+ accept-ra: false
156 dhcp4: true
157 match:
158 macaddress: 07-1c-c6-75-a4-be

Subscribers

People subscribed via source and target branches