| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
It was only used by Hyper-V which now has a filtering
mechanism that does not require the use of a denylist.
This exposed some issues with tests misspelling "hv_netvsc"
and using unmatched mac addresses. This fixes those to work
with the current filter that does not rely on the driver name.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Azure is introducing a new VF ("MANA") that will initially behave
similarly to mlx4/5 but cannot be denylisted in the same manner.
This is because the synthetic interface (hv_netvsc) will no longer
be required to function in the future which means we must
intelligently filter the VFs out instead of relying solely on the
driver name.
- Isolate filtering logic for Hyper-V's SR-IOV/VFs when used
with synthetic hv_netvsc interfaces.
- Move the filter up to get_interfaces() from
get_interfaces_by_mac_on_linux() to increase coverage of the
filter. With this in place, we should be able to purge the
"blacklist_drivers" across the codebase as it will no longer be
necessary unless there are other paths to be considered.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Much of the filtering logic used in get_interfaces() is duplicated in
find_candidate_nics_on_linux(). Consolidate the two interfaces by
updating find_candidate_nics_on_linux() to use get_interfaces() and
provide boolean toggles to maintain existing behavior.
The following parameters have been added to get_interfaces():
log_filtered_reasons: bool = False
filter_openvswitch_internal: bool = True
filter_vlan: bool = True
filter_without_own_mac: bool = True
filter_zero_mac: bool = True
It may be that these deltas are unwanted or harmless, but the toggles
could be removed independently with more deliberate consideration.
Similarly, logging could be extended if desired for
log_filtered_reasons.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
| |
|
|
|
| |
* Fix logger, use instance rather than module function
* add dunder names
|
| |
|
|
|
|
|
| |
Google wants to allow users to make changes on nics while the instance
is stopped. Activate network discovery on every boot.
Additionally, skip the call to `netplan generate` if the rendered
config is the same on subsequent boots.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move isc-dhclient code to dhcp.py
In support of the upcoming deprecation of
isc-dhcp-client, this code refactors current
dhcp code into classes in dhcp.py. The
primary user-visible change should be the
addition of the following log:
dhcp.py[DEBUG]: DHCP client selected: dhclient
This code lays groundwork to enable
alternate implementations to live side by
side in the codebase to be selected with
distro-defined priority fallback. Note that
maybe_perform_dhcp_discovery() now selects
which dhcp client to call, and then runs the
corresponding client's dhcp_discovery()
method. Currently only class IscDhclient is
implemented, however a yet-to-be-implemented
class Dhcpcd exists to test fallback behavior
and this will be implemented in part two of
this series.
Part of this refactor includes shifting
dhclient service management from hardcoded
calls to the distro-defined manage_service()
method in the *BSDs. Future work is required
in this area to support multiple clients via
select_dhcp_client().
|
| |
|
|
|
| |
If an exception occurs during EphemeralIPv4Network setup, any routes
that were setup need to be torn down. This wasn't happening, and this
commit adds the teardown.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some variants of dhclient will exit with non-zero codes on lease
failure. For example, on RHEL 8.7:
```
[cpatterson@test-rhel87 ~]$ sudo /usr/sbin/dhclient -1 -v -lf /tmp/my.lease -pf /tmp/my.pid bridge2nowhere -sf /bin/true
Internet Systems Consortium DHCP Client 4.3.6
Copyright 2004-2017 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/bridge2nowhere/42:ef:d5:38:1d:19
Sending on LPF/bridge2nowhere/42:ef:d5:38:1d:19
Sending on Socket/fallback
Created duid "\000\004E<\225X\232\304J\337\243\026T\324\243O\270\177".
DHCPDISCOVER on bridge2nowhere to 255.255.255.255 port 67 interval 4 (xid=0x777bc142)
DHCPDISCOVER on bridge2nowhere to 255.255.255.255 port 67 interval 7 (xid=0x777bc142)
DHCPDISCOVER on bridge2nowhere to 255.255.255.255 port 67 interval 13 (xid=0x777bc142)
DHCPDISCOVER on bridge2nowhere to 255.255.255.255 port 67 interval 6 (xid=0x777bc142)
No DHCPOFFERS received.
Unable to obtain a lease on first try. Exiting.
[cpatterson@test-rhel87 ~]$ echo $?
2
```
This results in an unhandled subp.ProcessExecutionError exception.
Catch these failures and re-raise as NoDHCPLeaseError.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
|
| |
|
|
|
|
|
| |
Set permissions if file doesn't exist. Leave them if it does.
LP: #2011783
Co-authored-by: Chad Smith <chad.smith@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Another physical modem which has duplicate MAC addresses.
Cloud-init needs to ignore the subordinate devices which are
associated with the qmi_wwan driver.
Fixes network rendering for the following modems:
Quectel EG25
Quectel RM510Q-GLHA
Sierra Wireless MC7455
LP: #2008888
|
| |
|
|
|
|
|
|
|
| |
Sending dhclient command failed for InfiniBand ports because
dhcp-client-identifier is not specified.
So, providing this patch to allow send dhcp-client-identifier hardware
with the dhclient command for InfiniBand ports.
Signed-off-by: waleedm <waleedm@nvidia.com>
|
| |
|
|
| |
- remove too broad exceptions
- ignore dynamic base types in templater
|
| | |
|
| |
|
| |
Usage was dropped in de7851b93c5a2d4658.
|
| |
|
|
|
| |
- Add deprecation log level
- Add deprecation utilities for structured format and messaging
- Update existing deprecation log sites, add deprecated versions
|
| | |
|
| |
|
|
|
| |
Retain existing config file permissions when those permissions are
more strict than the default permissions set on
/etc/netplan/50-cloud-init.yaml.
|
| |
|
|
|
|
|
| |
mscc_felix and fsl_enetc are drivers representing a switch that is
expected to have duplicate macs. If we encounter either of these
drivers, we should not raise the duplicate mac exception.
LP: #1997922
|
| |
|
|
|
|
| |
::/0 would get rendered as ::/64 rather than ::/0 across all renderers
using ipv6 in a v2 config.
LP: #2003562
|
| |
|
|
|
|
|
|
| |
network/netplan: add gateways as on-link when necessary
When the gateway isn't part of the subnet's network, the "on-link" flag
is required for the route to get added.
LP: #2000596
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To make retaining original behavior in stable downstreams easier,
provide a feature flag NETPLAN_CONFIG_ROOT_READ_ONLY so
/etc/netplan/50-cloud-init.yaml config can remain unchanged as
world-readable.
Set this flag False to ensure world-readable 50-cloud-init.yaml.
Add tests.integration_tests.util.get_feature_flag to extract
feature values from cloudinit.features on test system.
Co-authored-by: James Falcon <james.falcon@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On netplan systems, network v2 is passed directly though and written
to /etc/netplan/50-cloud-init.yaml without validation. Current
netplan configuration provides the ability to configure sensitive
information such as `wifi:access-points:password`.
Limit permissions for /etc/network/50-cloud-init.yaml as read-only
for root (600). Since configuration or modification or netplan config
needs to be performed by an admin user this permission restriction
aligns with netplan tooling.
Set root read-only only always and not just 'if' sensitive material
exists within custom config because it will add confusion to have
two expected modes for this file based on external conditions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Networkd supports multiple [Route] sections within the same file.
Currently all [Route] section tags are squashed into one and if there
is a default gateway it means defining a device route is not possible
as the target is set to the default gateway.
This patch adds support for multiple [Route] sections allowing us to
support device routes. This is done by tracking each route in the route
list individually and ensuring the key-value pairs are maintained within
their respective [Route] section. This both maintains backwards
compatibility with previous behavior and allows the specification of
routes with no destination IP, causing the destination to be added with
a device target.
|
| | |
|
| |
|
| |
Currently, FreeBSD ignores IPv6 addresses. This PR adds support for static IPv6 addresses
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When accelerated network is enabled on Azure, the host presents
two network interfaces with the same mac address to the VM:
a synthetic nic (netvsc) and a VF nic, which is enslaved to the synthetic
nic.
The net module is already excluding slave nics when enumerating
interfaces. However, if cloud-init starts enumerating after the kernel
makes the VF visible to userspace, but before the enslaving has finished,
cloud-init will see two nics with duplicate mac.
This change will skip the duplicate mac error if one of the two nics
with duplicate mac is a netvsc nic
LP: #1844191
|
| |
|
|
|
|
|
| |
- Do not render gateway{4,6} when transforming from network config v1 to v2.
- Issue a warning if gateway{4,6} is present in network config v2.
This warning is not issued if a passthrough to netplan is performed.
LP: #1992512
|
| |
|
| |
Sponsored by: FreeBSD Foundation
|
| | |
|
| |
|
|
| |
Signed-off-by: Aidan Obley <aobley@vmware.com>
Co-authored-by: Tyler Schultz <tschultz@vmware.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit drops the sandboxing requirement by
invoking dhclient using pid and lease files that
apparmor already allows[1].
This is desirable as relocating the dhclient binary
has led to bug fixes[2].
[1] dhclient's apparmor profile allow writing to:
/{,var/}run/dhclient*.pid lrw,
/{,var/}run/dhclient*.lease* lrw,
[2] fix hashes:
db86753f81af
919e22dc1d77
|
| |
|
| |
As we do not support python2 anymore, we can remove those 8 chars.
|
| |
|
|
|
|
|
|
| |
In the case cloudinit.temp_utils points to a fs mounted as noexec
and needs_exe=True, fallback to use
os.join.path(Distro.usr_lib_exec, "cloud-init/clouddir) that
will be mounted with exec perms.
LP: #1962343
|
| |
|
|
|
|
| |
Commit af40478 added a regression. When parsing v2 config, matching can
fail when no MAC is available. This commit fixes that behavior.
LP: #1986551
|
| |
|
| |
Execute ipv4 and ipv6 setup in the correct order.
|
| |
|
|
|
|
| |
Fix that given a cloud-init network config with multiple addresses for
an interface the networkd backend outputs an invalid networkd service
config. According to the `man` page of `systemd-networkd` only one
`Address=` field per `[Address]` section is allowed.
|
| |
|
|
|
|
|
| |
Adhere to Netplan Passthrough documented behavior,
not limiting v2 netplan configs to the subset of
props that cloud-init supports.
LP: #1978543
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This problem is found after below bug fix, ipv6 is not workable after launching a new instance.
[Bug 2056964](https://bugzilla.redhat.com/show_bug.cgi?id=2056964) - [RHEL-9]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles
we can see log "Not bringing up newly configured network interfaces" in /var/log/cloud-init.log
2022-06-17 02:15:22,191 - __init__.py[DEBUG]: Selected renderer 'network-manager' from priority list: ['netplan', 'network-manager', 'networkd', 'sysconfig', 'eni']
2022-06-17 02:15:22,192 - util.py[DEBUG]: Writing to /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection - wb: [600] 376 bytes
2022-06-17 02:15:22,193 - util.py[DEBUG]: Restoring selinux mode for /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection (recursive=False)
2022-06-17 02:15:22,194 - util.py[DEBUG]: Restoring selinux mode for /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection (recursive=False)
2022-06-17 02:15:22,194 - __init__.py[DEBUG]: Not bringing up newly configured network interfaces
On Azure, ping6 gets Network is unreachable.
$ ping6 ace:cab:deca::fe -c 1
ping6: connect: Network is unreachable
# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
ace:cab:deca::4 dev eth0 proto kernel metric 100 pref medium
fe80::/64 dev eth0 proto kernel metric 1024 pref medium
cat /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection
# Generated by cloud-init. Changes will be lost.
[connection]
id=cloud-init eth0
uuid=1dd9a779-d327-56e1-8454-c65e2556c12c
type=ethernet
[user]
org.freedesktop.NetworkManager.origin=cloud-init
[ethernet]
mac-address=00:0D:3A:58:0F:B3
[ipv4]
method=auto
may-fail=false
[ipv6]
method=dhcp
may-fail=false
addr-gen-mode=stable-privacy
On Openstack, ping6 error is a little bit different, but unreachable either.
# ping6 2620:52:0:88:f816:3eff:fe23:e623 -c 1
PING 2620:52:0:88:f816:3eff:fe23:e623(2620:52:0:88:f816:3eff:fe23:e623) 56 data bytes
From 2620:52:0:88:ef7e:b597:1cc8:32df icmp_seq=1 Destination unreachable: Address unreachable
--- 2620:52:0:88:f816:3eff:fe23:e623 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
$ ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2620:52:0:88::/64 dev eth0 proto ra metric 100 pref medium
fe80::/64 dev eth0 proto kernel metric 1024 pref medium
default proto static metric 100 pref medium
nexthop via 2620:52:0:88::3fe dev eth0 weight 1
nexthop via fe80::4e16:fc01:d8c:98ed dev eth0 weight 1
nexthop via fe80::4e16:fc01:d83:88aa dev eth0 weight 1
cat /etc/NetworkManager/system-connections/cloud-init-eth0.nmconnection
# Generated by cloud-init. Changes will be lost.
[connection]
id=cloud-init eth0
uuid=1dd9a779-d327-56e1-8454-c65e2556c12c
type=ethernet
[user]
org.freedesktop.NetworkManager.origin=cloud-init
[ethernet]
mtu=1500
mac-address=FA:16:3E:CE:97:C9
[ipv4]
method=auto
may-fail=false
[ipv6]
method=auto
may-fail=false
addr-gen-mode=stable-privacy
route1=::/0,2620:52:0:88::3fe
dhcp6 mode should be "auto" and addr-gen-mode=stable-privacy should be removed.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
RHBZ: 2098501
|
| |
|
| |
LP: #1983516
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support overriding network activators in cloud.cfg system_info
on disk.
Default cloud-init activators are used either during hot-plug or
for datasources that are detected during init-network stage when
basic networking has already been setup by the OS.a
Activators are discovered in the following priority order and
determined based on the presence of related network tools:
system_info:
network:
activators: [eni, netplan, network-manager, networkd]
On some systems where multiple network config tools are installed
it is necessary to override the priority order of detection to ensure
one activator is chosen over the other. This is done by providing
the a custom cloud config snippet in a /etc/cloud/cloud.cfg.d/*cfg.
Surface configured Distro.network_activator from system_info
so that the hotplug hook has visibility to the configured
distribution network activator during interface bring_up and
tear_down.
Add typing hints to net.activators search_activator and
select_activator functions.
LP: #1958377
|
| |
|
|
|
|
|
| |
- broken in bf94945fb855c40c5188cef5fb
- factor out a reusable helper function
- stylistic change for Python's new match keyword
LP: #1979877
|
| |
|
| |
Signed-off-by: Bernhard Rosenkränzer <bero@lindev.ch>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also refactor network context managers into net.ephemeral
Currently EC2 is the only IMDS to make use of this.
IPv6 requires a link local address on interfaces. A
link local address is sufficient for the EC2 IMDS,
so no dhcp6 assignment is required for early boot
IMDS queries.
The kernel assigns this address using RFC 4291 [1]
during link initialization, so all cloud-init needs
to do is ensure that link is up.
This means that even if dhcp4 fails, an ipv6-enabled
instance may still succeed at crawling metadata.
[1] https://datatracker.ietf.org/doc/html/rfc4291#section-2.5.6
|
| |
|
|
|
| |
net: refactor network_validator and ip-related utility functions
sources/vmw: reuse cloudinit.net code
sources/rbx: replace homegrown IP address code with stdlib
|
| |
|
|
|
|
| |
- Remove references and dead code to Xenial, Eoan, Python < 3.7
- cc_ubuntu_drivers: Use python3-debconf instead of shell script
- add integration test for ubuntu_drivers
- bump pycloudlib for OCI subnet/jammy fixes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For primary network config:
- Use `iSCSI` config if some `/run/net*` file exists, even if
`/run/initramfs/open-iscsi.interface` does not.
- If the instance is not an `iSCSI` one, then crawl the network
config from `IMDS` instead of falling back to "best guess".
- Remove unnecessary conditional use of dhcp.EphemeralDHCPv4
and use it always to crawl `IMDS`.
- Migrate tests to pytest.
- Extend unit test coverage.
- Add some types for mypy.
LP: #1967942
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When debugging python's NetworkState intance we cannot use
safeyaml.dumps because that leverages the yaml.SafeDumper which
does not allow rendering python objects.
Use yamls.dump instead.
* Additional fix for networkd renderer to create /etc/systemd/network if
it does not exist
LP: #1975907
|
| |
|
|
|
|
|
|
|
| |
- Add types to let mypy pass.
- Add mypy flags:
- detect unused ignores
- redundant casts
- Drop support of `ConfigParser` in Python 2
- Harden DataSourceLXD.network_config
- Convert old-style commented types to proper types.
|
| |
|
|
|
|
|
|
|
| |
Fix network-manager activator availability and order
The current network-manager activator availability check is too broad.
It triggers as available if chrony is installed. Its priority is also
higher than netplan, which means it can activate even if netplan config
has been rendered. This commit reverts the network-manager check to its
previous state and orders netplan above network-manager in priority.
|
